In my last post I wrote how to make the MV2 a secure proxy/gateway. The one thing I didn't like about it was I had to use the root account. I wanted to give other uses the ability to ssh into the vault and use it as a proxy/gateway. (I think it will also work very nice with WinSCP)
So after a lot of playing around, and a lot of emails I got it working.
Users of the Vault can now start an SSH session using their own name and it'll drop them into their own share.
So...should I tell you how I did it? Ok..lets start!
Add Users to SSH
First install a few packages
ipkg install coreutils adduser diffutils nano bash
edit /etc/passwd
nano /etc/passwd
For each user that you want to have ssh access, change the line that looks something like this:
joeuser:x:502:502:Linux User,,,:/:/bin/nologin
to something that looks like below
joeuser:x:502:502:Linux User,,,/:/share/1000/joeuser:/bin/sh
For more information on the format of the passwd file look here
Note: the joeuser in /share/1000/joeuser:/bin/sh is a share name that will become the home directory for that user.
create the script below and name it restore-etc-files
place it in /share/1000/
#!/bin/sh
save_to=/share/ 1000/Documents/ saved-etc
mkdir -p ${save_to}
cp -pf /etc/passwd ${save_to}
cp -pf /etc/group ${save_to}
Make the restore-etc-files executable
chmod +x /share/1000/restore-etc-files
Create a file called "shells" and place the following two lines in it.
/bin/sh
/opt/bin/bash
Save shells in /etc
edit the /etc/init.d/rcS and add to the bottom before the exit 0
saved_etc=/share/ 1000/Documents/ saved-etc
[ -e ${saved_etc} /passwd ] && cp -f
${saved_etc} /passwd /etc/
[ -e ${saved_etc} /group ] && cp -f
${saved_etc} /group /etc/
Once all is set, ssh onto the MV2 and re-set the passwords for the users you want to have SSH access.
passwd username
Once you do this, log out and try to ssh in to your MV2 with the username you just set the password to.
I would like to thank the folks over at http://nslu2-linux.org/ for maintaining all the software that makes hacking the MV2 so fun and easy. I would also especially like to thank Brian Zhou for creating the scripts/code (and for the most part this how to) and most of all helping me through countless emails getting all this to work!
Showing posts with label proxy. Show all posts
Showing posts with label proxy. Show all posts
Tuesday, October 21, 2008
Monday, October 20, 2008
Use The MV2120/5150 as a proxy......well more like a Secure Gateway
Have you ever had problem of not being able to access one of your favorite websites when your on public Wifi?
Have you ever needed to access something personal on public Wifi but didnt trust passing your personal information through it?
If you said yes....well I'v got some good news for you.
If you have remote access to your MediaVault you can tunnel all your web browsing through ssh.
A few Needed Things
ssh (Should be on most Linux Distros) For windows go here
If you use the windows version of ssh you only need to install the client. If ssh should fail check your firewall.
A proxy addon for Firefox called FoxyProxy
Install
If you install ssh on a windows machine, you will only need the client.
Install FoxyProxy with Firefox
If you already ssh into you vault remotely this will be cake! I will explain how to do this with Firefox.
So lets begin!
Configure Firefox
Once FoxyProxy is installed, do the following:
Open FoxyProxy in Firefox. Tools-FoxyProxy-Options
Click on the "Proxies" tab.
Highlight the Default proxy that is listed and click the "EditSelection" button
Click on the "Manual Proxy Configuration"
In the "Host Name" field enter "localhost" with out the ""
Set the port to "8080"
Place a check box in the "SOCKS proxy?"
Click "ok"
Click on the "Global Settings" Tab
Under "Miscellaneous" click on "Use SOCKS proxy for DNS lookups"
Click "Close"
Run SSH
I will be using the default ports for the proxy and ssh in this example
(To start ssh on a windows machine open a cmd and type the command below)
(If you have problems, you may need to be in the path of ssh and then execute the command below)
"cd C:\Program Files\OpenSSH\bin"
ssh -D 8080 -p 22 root@IP or URL
Note: ip is the external IP address of your router. URL would be for services like dyndns.
What the above command does is:
ssh runs ssh
-D is to set the local port (So we are setting the local port to 8080 in this example.)
-p 22 is telling ssh what port to use on the remote machine. (22 is the default port for ssh.)
If you have port forwarding on your router, you could set it to 2200 and have the router forward all traffic on that port to the vault on 22. That would make it a little more secure....kinda. With this set up your command would look like this ssh -D 8080 -p 2200 root@ip or url
Once your logged in the ssh session minimise the ssh window.
Lets test it out!
To enable your new HP MV proxy right click on "FoxyProxy" in the tray of firefox and select "Use proxy "Default" for all URLs"
To dissable the proxy right click on "FoxyProxy" in the tray of firefox and select "Completlely disable FoxyProxy"
Have you ever needed to access something personal on public Wifi but didnt trust passing your personal information through it?
If you said yes....well I'v got some good news for you.
If you have remote access to your MediaVault you can tunnel all your web browsing through ssh.
A few Needed Things
ssh (Should be on most Linux Distros) For windows go here
If you use the windows version of ssh you only need to install the client. If ssh should fail check your firewall.
A proxy addon for Firefox called FoxyProxy
Install
If you install ssh on a windows machine, you will only need the client.
Install FoxyProxy with Firefox
If you already ssh into you vault remotely this will be cake! I will explain how to do this with Firefox.
So lets begin!
Configure Firefox
Once FoxyProxy is installed, do the following:
Open FoxyProxy in Firefox. Tools-FoxyProxy-Options
Click on the "Proxies" tab.
Highlight the Default proxy that is listed and click the "EditSelection" button
Click on the "Manual Proxy Configuration"
In the "Host Name" field enter "localhost" with out the ""
Set the port to "8080"
Place a check box in the "SOCKS proxy?"
Click "ok"
Click on the "Global Settings" Tab
Under "Miscellaneous" click on "Use SOCKS proxy for DNS lookups"
Click "Close"
Run SSH
I will be using the default ports for the proxy and ssh in this example
(To start ssh on a windows machine open a cmd and type the command below)
(If you have problems, you may need to be in the path of ssh and then execute the command below)
"cd C:\Program Files\OpenSSH\bin"
ssh -D 8080 -p 22 root@IP or URL
Note: ip is the external IP address of your router. URL would be for services like dyndns.
What the above command does is:
ssh runs ssh
-D is to set the local port (So we are setting the local port to 8080 in this example.)
-p 22 is telling ssh what port to use on the remote machine. (22 is the default port for ssh.)
If you have port forwarding on your router, you could set it to 2200 and have the router forward all traffic on that port to the vault on 22. That would make it a little more secure....kinda. With this set up your command would look like this ssh -D 8080 -p 2200 root@ip or url
Once your logged in the ssh session minimise the ssh window.
Lets test it out!
To enable your new HP MV proxy right click on "FoxyProxy" in the tray of firefox and select "Use proxy "Default" for all URLs"
To dissable the proxy right click on "FoxyProxy" in the tray of firefox and select "Completlely disable FoxyProxy"
Subscribe to:
Posts (Atom)