1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

command line from web gui?

Discussion in 'Tomato Firmware' started by Mangix, Aug 27, 2012.

  1. Mangix

    Mangix Networkin' Nut Member

    Is there a way to use the command line from the web interface? When I was using dd-wrt, it was a really convenient feature to have on systems that didn't have Telnet/SSH(looking at you WIndows...)

    Using the latest toastman builds.

    edit: I answered my own question. I swear I looked...

    edit2: here's an interesting one. I'm using 1.28.7500.4 toastman modand I can't start dropbear using the "Start Now" button on the web interface. Here's the relevant nvram:
    for some reason, dropbear is not making any host keys. Rebooting doesn't help either(ssh at boot is enabled as well.) Any ideas?
  2. leandroong

    leandroong Addicted to LI Member

    Yes, there is. Go to Tools->System menu
  3. Mangix

    Mangix Networkin' Nut Member

    yeah I kinda found it. Now what about the second issue.

    Wish this forum would support changing the title...

    edit: i tried running 'dropbear -p 2222' and it responded by saying that dropbear is not found. wth? MiniIPV6 builds don't have ssh? then why the configuration in the web interface?
  4. leandroong

    leandroong Addicted to LI Member

    running top shows
    321    1 root    S    1716  6%  0% klogd
        1    0 root    S    1412  5%  0% /sbin/init noinitrd
      314    1 root    S    1396  5%  0% buttons
      624    1 root    S    1376  5%  0% dnscrypt-proxy -d -P 40
      316    1 root    S    1364  5%  0% console
    11536  575 root    S    1260  4%  0% dropbear -p 22 -a
      594    1 root    S    1196  4%  0% nas
      575    1 root    S    1196  4%  0% dropbear -p 22 -a
      607    1 nobody  S    1124  4%  0% dnsmasq -c 1500 --log-async
      643    1 root    S    1032  4%  0% rstats
      591    1 root    S    1016  3%  0% eapd
      648    1 root    S    1012  3%  0% cstats
      276    1 root    S      752  3%  0% hotplug2 --persistent --no-coldplug
    Well, not sure, if I understand your question. To be able to use "ssh, winscp or scp" you will need to install optware "openssh-sftp-server". I too, would like that optware built-in to the router instead of optware. BTW, I'm using Shibby FW.
  5. jyavenard

    jyavenard Network Guru Member

    SSH was removed from MiniIPv6 Toastman build in order to have it fit in 4MB router.
    You'll have to use telnet or another build
  6. Mangix

    Mangix Networkin' Nut Member

    thank you for the response. I've now updated to the Ext build and all is well.
  7. thunderforce

    thunderforce Networkin' Nut Member

    I was under the impression using Telnet under any circumstances was a mortal sin against computing, given its insecurity.
  8. koitsu

    koitsu Network Guru Member

    There is nothing volatile about telnet. Many protocols on the Internet you use every day are in plaintext -- guess which one is the most common? SMTP, a.k.a. Email delivery (between servers, or a client sending mail to a server) (and for those wanting to troll please don't bring up TLS + SMTPS, because that involves a whole multitude of nonsense that I don't even want to get into in this thread). I'll note that classic (non-SSL) POP3 also uses plaintext username/passwords. However:

    The main difference between SMTP and telnet is that telnet is what it's used for -- telnet is historically used as a protocol that involves authentication. The concern is legitimate. But again, however:

    Telnet over the Internet is where the main concern lies. The concern being that your username and password are transmitted in plaintext, and since there is no key exchange, MITM (man-in-the-middle) attacks are easy with telnet, and sniffing telnet traffic (if someone has access to the client or server) is always a possibility.

    However, use of telnet on a private network like between machines on your LAN (e.g. Windows desktop telnetting to your router), is completely 100% reasonable. Furthermore, telnetting to your router's WAN IP is not permitted by the default firewall ruleset -- it only works on the LAN. IMO, telnet is perfectly fine for this purpose. Hell, I use telnet in my own co-location when connecting from one machine to our HP ProCurve managed switch (across a dedicated non-public network). This is quite common even in the corporate world.

    The security concern pertains to traffic going across the Internet, and not so much LANs.
  9. Mangix

    Mangix Networkin' Nut Member

    unless your wireless network gets hacked through reaver or capturing the WPA2 handshake and brute forcing it. then telnet is an indispensable utility to a hacker. there was actually a black hat talk about this sort of stuff recently. see: http://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Cutlip

    that being said, most people leave the user/pass combo default in my experience so a reaver attack may be all you really need to do malicious stuff like flashing the firmware to dd-wrt/tomato and modifying the traffic through ARP spoofing or what have you.

    ugh getting side-tracked again. my point is, using ssh instead of telnet will definitely make a hacker who is on the network's job much harder.
  10. jyavenard

    jyavenard Network Guru Member

    If someone manage to hack your WPA2 network, telnet vs ssh is the least of your worries...
    You would have the same level of access to the admin web interface anyway.

    ssh under these circumstances make no difference whatsoever provided you access it using the same username/password as the web interface.
    koitsu likes this.

Share This Page