1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Daily Change of Wireless Password

Discussion in 'Tomato Firmware' started by HexImaL, Mar 3, 2010.

  1. HexImaL

    HexImaL LI Guru Member

    I want to ward off the pesky neighbors leeching from our cafe's free wifi connection. RADIUS and a captive portal is an overkill to setup and maintain for such a trivial task, and I also have to print vouchers.

    I was thinking more in the line of automatically changing the password daily using cron. But I need the password to be random and to be uploaded to another server, from where the pass can be made available to the customers (plain text format).

    I'm really new when it comes to scripting, so I will need the help of the pros in the forum. I can figure out that I should use nvram get wl_wpa_psk and nvram set wl_wpa_psk=password, which should be put as daily entries in "/tmp/var/spool/cron/crontabs/root", since cru doesn't save after reboot.

    But how can I generate a random number to enter in the crontab, and then transfer the new pass to another PC?
     
  2. rhester72

    rhester72 Network Guru Member

    Random 8-character case-sensitive alphanumeric password (adjust to taste):

    echo `</dev/urandom tr -dc A-Za-z0-9 | head -c8`

    (redirect to target file via crontab)

    To pass it to another PC, either export a Windows share on the target and mount via the Tomato CIFS client and blast it directly or find a way to scp it from the target (if it's a Linux/Mac box).

    Rodney
     
  3. HexImaL

    HexImaL LI Guru Member

    That's great! Can I echo that in the crontab file or should I include it otherwise? Can you give me an example? Newbie here, so thank you for your time and effort!
     
  4. alien3456

    alien3456 Addicted to LI Member

    I was bored tonight and gave this a shot. It could definitely be made smaller, more efficient, and include some error checking. But I've never done bash scripts for Tomato, so hopefully one of the gurus here will check it out. :boxing:

    This will make a new password and save it to the logfiles, plus "/tmp/wanKey.txt" for retrieval. I made that file as a preliminary to FTP/CIFS uploading which could easily be added.

    Put this in "Scripts -> WAN Up". It will change the password when the cron activates.
    Code:
    # Local path to store a copy of the new password
    PWPATH="/tmp/wanKey.txt"
    # Length of the new password
    PWLENGTH=8
    
    if [ $MKNEWPW -eq 1 ] ; then
     OLDPW=$(nvram get wl_wpa_psk)
     NEWPW=$(</dev/urandom tr -dc A-Za-z0-9 | head -c$PWLENGTH)
     chmod 777 $PWPATH
     echo $NEWPW > $PWPATH
     service wan stop
     sleep 2
     nvram set wl_wpa_psk=$NEWPW
     service wan start
     logger Wireless key changed from \" $OLDPW \" to \" $NEWPW \" and saved to \"$PWPATH\"
     MKNEWPW=0
    fi ;
    
    This will change the password daily at 1AM. Put the following in "Scripts -> Init".
    Code:
    # Password doesn't change until cron makes this = 1
    MKNEWPW=0
    cru a DailyPwReset "0 1 * * * MKNEWPW=1"
    
    EDIT: seemed like functions weren't working, changed script to if statement.
     
  5. HexImaL

    HexImaL LI Guru Member

    Wow, alien3456, this is a lot more help than I expected, thank you!

    Ok, I've tried the script (only modified the time to 40 12 * * *, while I was testing), but it doesn't seem to work. Ideas?
     
  6. alien3456

    alien3456 Addicted to LI Member

    You need the "<" before /dev/urandom to get it to output the text string.

    I'm fairly certain the main script works as it should, but I didn't test the cron so it could be bunk. Also, I have Victek 1.25 ND on my router: http://www.linksysinfo.org/forums/showthread.php?t=62248
     
  7. HexImaL

    HexImaL LI Guru Member

    Yes, I figured it out and edited my post. So what you are saying is that it may be a problem due to different firmware? Can you please test if cron is OK when you have time and post back, I am at a complete loss here?

    Thank you for your time!
     
  8. HexImaL

    HexImaL LI Guru Member

    I just viewed the log, seems like cron works fine:

    Mar 4 16:20:02 ApartmentRouter cron.err crond[224]: USER root pid 495 cmd MKNEWPW=1

    But the password remains the same and there is no wankey file in /tmp.

    Could it be that the script is not invoked properly?
     
  9. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    It looks like that setup will only work if the WAN is restarted by some other means every time you want to change the password.

    I think a better way would be to echo the script to some file in the Init script, and call it directly from the cron entry (and get rid of the MKNEWPW business so it changes every time it is run).
     
  10. HexImaL

    HexImaL LI Guru Member

    I was having some thought about that, but since I don't understand scripting much I rely on the pros' help :)

    If I'm not mistaking, I can manually start the script in /tmp by typing "sh script_wanup.sh", which then outputs:

    # sh script_wanup.sh
    [: 1: unknown operand

    I suppose there's a problem with the script?
     
  11. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Better would be to place the following in your init script (nothing in the WAN up script):

    Code:
    echo "
    #!/bin/sh
    
    # Local path to store a copy of the new password
    PWPATH=\"/tmp/wanKey.txt\"
    # Length of the new password
    PWLENGTH=8
    
    OLDPW=$(nvram get wl_wpa_psk)
    NEWPW=$(</dev/urandom tr -dc A-Za-z0-9 | head -c$PWLENGTH)
    chmod 777 $PWPATH
    echo $NEWPW > $PWPATH
    service wan stop
    sleep 2
    nvram set wl_wpa_psk=$NEWPW
    service wan start
    logger Wireless key changed from \\\" $OLDPW \\\" to \\\" $NEWPW \\\" and saved to \\\"$PWPATH\\\"
    " > /tmp/chgPass.sh
    chmod +x /tmp/chgPass.sh
    
    cru a DailyPwReset "0 1 * * * /tmp/chgPass.sh"
    
     
  12. HexImaL

    HexImaL LI Guru Member

    There must be a syntax error somewhere, the file /tmp/chgPass.sh looks like this upon reboot:

    Code:
    # cat /tmp/chgPass.sh
    
    #!/bin/sh
    
    # Local path to store a copy of the new password
    PWPATH="/tmp/wanKey.txt"
    # Length of the new password
    PWLENGTH=8
    
    OLDPW=QzMjGF4m
    NEWPW=
    chmod 777
    echo  >
    service wan stop
    sleep 2
    nvram set wl_wpa_psk=
    service wan start
    logger Wireless key changed from \"  \" to \"  \" and saved to \"\"
    
    I was trying to make something similar, but on a JFFS partition to survive reboots - your implementation is much more elegant.
     
  13. alien3456

    alien3456 Addicted to LI Member

    Looks like that echo didn't store the script as intended. I'm not at home now so I can't check where it went wrong. But I like having it stored as a .sh file, much easier to use when wanted. Assign it to the button on your router, and you can reset the password instantly if you see someone shady using your net!

    Try this. Everything between WritePwScript will be written as a literal character, so the quotes and variables will appear as you want them to be run from the script, not as they need to be interpreted just to save to the script.
    Code:
    cat <<'WritePwScript' >/tmp/chgPass.sh
    #!/bin/sh
    
    # Local path to store new password
    PWPATH="/tmp/wanKey.txt"
    # Length of the new password
    PWLENGTH=8
    
    OLDPW=$(nvram get wl_wpa_psk)
    NEWPW=$(</dev/urandom tr -dc A-Za-z0-9 | head -c$PWLENGTH)
    echo $NEWPW > $PWPATH
    
    service wan stop
    sleep 2
    nvram set wl_wpa_psk=$NEWPW
    service wan start
    
    logger Wireless key changed from $OLDPW to $NEWPW and saved to \"$PWPATH\"
    WritePwScript
    
    chmod +x /tmp/chgPass.sh
    cru a DailyPwReset "0 1 * * * /tmp/chgPass.sh"
    
     
  14. HexImaL

    HexImaL LI Guru Member

    Thank you, but what I did was save the script to the jffs partition, since I also need a second script*. It will be too messy to have a couple of scripts and their cron jobs in Init (now I only have cron jobs there).

    * As I've said in my original post, I also need the new password to be sent to another computer, from where it will be printed using one of the connected cashier's printers, but it has to be in a certain format to be recognized. The printer driver actually monitors a folder on the computer and prints anything from there. The following script formats the file in the way required by the cashier's printer, but leaves leading and trailing spaces. How can I remove them? Here it is:

    Code:
    WANPASS=$(cat /jffs/wanpass.txt)
    echo "
    #02
    0027WiFi $WANPASS 00000002000010001
    #E1
    " > bon0.bon
    cp /jffs/bon0.bon /cifs1
    
    There shouldn't be anything before #02 and after #E1.

    Thank you, your help has been invaluable so far!
     
  15. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    With the delete key on your keyboard :wink:
    Everything between the "s is being echoed, and you were starting and ending with empty lines.
    Code:
    WANPASS=$(cat /jffs/wanpass.txt)
    echo "#02
    0027WiFi $WANPASS 00000002000010001
    #E1" > bon0.bon
    cp /jffs/bon0.bon /cifs1
     
  16. HexImaL

    HexImaL LI Guru Member

    You must be laughing now, but I thought I tried it and it didn't work - I concluded that using "# together was the problem. Works now, so I guess I was trying something else. Thanks again guys, your help was indispensable!
     
  17. alien3456

    alien3456 Addicted to LI Member

    Ya it looks good now. Getting the script working and saving it manually is definitely the best solution, but most of the scripts here are made for people to copy and paste in their Tomato admin page, so I just mirrored those methods.

    Hope it works out!
     
  18. HexImaL

    HexImaL LI Guru Member

    It works like a charm, thank you very much! :) Saved me the trouble of maintaining a linux box, which I can now use somewhere else.
     
  19. HexImaL

    HexImaL LI Guru Member

    Here are both scripts combined, if anyone is interested. The script generates a new password and then outputs it in the format required by the cashier's printer. The script is placed in the jffs partition and is called by crond when required.

    Code:
    # Local path to store a copy of the new password
    
    PWPATH="/jffs/bon0.bon"
    
    # Length of the new password
    PWLENGTH=8
    
    # Generating new password and bon file
    NEWPW=$(</dev/urandom tr -dc a-z0-9 | head -c$PWLENGTH)
    OLDPW=$(nvram get wl_wpa_psk)
    echo "#02
    0027IT $NEWPW 00000002000010001
    #E1" > $PWPATH
    service wan stop
    sleep 2
    nvram set wl_wpa_psk=$NEWPW
    service wan start	
    logger Wireless key changed from \" $OLDPW \" to \" $NEWPW \" and saved to \"$PWPATH\"
    
    I will make a .bat file, which will use pscp to copy the file from the router to the computer, to the directory monitored by the printer. This will allow the waitresses to simply double click the bat file and give the current WiFi password to the clients.

    Many thanks to both alien3456 and SgtPepperKSU for saving me time and effort and also helping me learn something new :)
     
  20. sranweiler

    sranweiler Networkin' Nut Member

    Sorry to resurrect this thread but it is the closest thing that I have that resembles my issue.

    I currently have a WRT54GL router and have installed Tomato firmware on it. I was wondering instead of using the JFFS partition if it could be done like some of the earlier posts in the thread using the init scripts and just restarting the router everytime we need a password change.

    I know relatively little about the firmware itself, but it is a very useful replacement to the original GUI, so any help that I can get with this would be appreciated!
     
  21. fineghal

    fineghal LI Guru Member

    I'm running Tomato-USB but Administration->Scheduler should get you where you're going. Modify your paths or remove them as necessary. Either copy+paste into the custom command section to run at a given time. If you get errors or character limits (which is likely) you should be able to put the script in the "Wan Up" section of scripts. Then go to Scheduler and configure your daily/timed "Reconnect" settings. This should create a Wan Down/Up and run the script. Or set a daily reboot and put it in "Init" - which might be better depending on your purposes.

    Caveats: I haven't tested this, and bear in mind that you will lock yourself out of the wifi if you're not physically connected. That isn't really a problem with the as-is script - it's being stored and printed elsewhere. Once you've modified it however, the only place containing that new password is in the logs.
     
  22. sranweiler

    sranweiler Networkin' Nut Member

    EDIT: Nevermind, I got it to work, just need to find a system to get the key. Thanks fineghal for that, I never thought of using the scheduler. Worked like a charm.

    This is the current code that I am using to reset it everyday. Just use the scheduler and the script will fit into the code segment you can use.

    Code:
    # Local path to store a copy of the new password
    
    PWPATH="/jffs/wpaKey.txt"
    
    # Length of the new password
    PWLENGTH=8
    
    # Generating new password and bon file
    NEWPW=$(</dev/urandom tr -dc a-z0-9 | head -c$PWLENGTH)
    OLDPW=$(nvram get wl_wpa_psk)
    echo "$NEWPW" > $PWPATH
    
    service wan stop
    sleep 2
    nvram set wl_wpa_psk=$NEWPW
    service wan start
    
    logger Wireless key changed from \" $OLDPW \" to \" $NEWPW \" and saved to \"$PWPATH\"
     
  23. ATardio

    ATardio Networkin' Nut Member

    Is there a way to email the password daily rather than save it to a folder location?
     

Share This Page