In my last post I wrote how to make the MV2 a secure proxy/gateway. The one thing I didn't like about it was I had to use the root account. I wanted to give other uses the ability to ssh into the vault and use it as a proxy/gateway. (I think it will also work very nice with WinSCP)
So after a lot of playing around, and a lot of emails I got it working.
Users of the Vault can now start an SSH session using their own name and it'll drop them into their own share.
So...should I tell you how I did it? Ok..lets start!
Add Users to SSH
First install a few packages
ipkg install coreutils adduser diffutils nano bash
edit /etc/passwd
nano /etc/passwd
For each user that you want to have ssh access, change the line that looks something like this:
joeuser:x:502:502:Linux User,,,:/:/bin/nologin
to something that looks like below
joeuser:x:502:502:Linux User,,,/:/share/1000/joeuser:/bin/sh
For more information on the format of the passwd file look here
Note: the joeuser in /share/1000/joeuser:/bin/sh is a share name that will become the home directory for that user.
create the script below and name it restore-etc-files
place it in /share/1000/
#!/bin/sh
save_to=/share/ 1000/Documents/ saved-etc
mkdir -p ${save_to}
cp -pf /etc/passwd ${save_to}
cp -pf /etc/group ${save_to}
Make the restore-etc-files executable
chmod +x /share/1000/restore-etc-files
Create a file called "shells" and place the following two lines in it.
/bin/sh
/opt/bin/bash
Save shells in /etc
edit the /etc/init.d/rcS and add to the bottom before the exit 0
saved_etc=/share/ 1000/Documents/ saved-etc
[ -e ${saved_etc} /passwd ] && cp -f
${saved_etc} /passwd /etc/
[ -e ${saved_etc} /group ] && cp -f
${saved_etc} /group /etc/
Once all is set, ssh onto the MV2 and re-set the passwords for the users you want to have SSH access.
passwd username
Once you do this, log out and try to ssh in to your MV2 with the username you just set the password to.
I would like to thank the folks over at http://nslu2-linux.org/ for maintaining all the software that makes hacking the MV2 so fun and easy. I would also especially like to thank Brian Zhou for creating the scripts/code (and for the most part this how to) and most of all helping me through countless emails getting all this to work!
No comments:
Post a Comment