1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VNC over SSH & users other than root

Discussion in 'DD-WRT Firmware' started by foq99, Jul 21, 2005.

  1. foq99

    foq99 Network Guru Member

    I've got VNC over SSH working on the router locally, but cannot seem to get connected from the outside world. Is the ssh connection only open on the internal IP address? dropbear has two instances running that look identical, so I would figure one of those to be on the external IP.

    Also, I'd like to be able to use a user other than root for security. Is it possible to create other users and groups, and if so would it provide more security? Because busybox is a stripped down version of linux, I am thinking that maybe it doesn't have the ability to limit users' privledges the way that a larger distro might.

    Thanks in advance.
     
  2. littlewhoo

    littlewhoo Network Guru Member

    By default, you can't access SSH or any other service form the outside. You'll have to add additional iptables rules to be able to do this.
    Please see my SSH tutorial here http://www.hetos.de/sshtut.html
    There I'm describing how to remotely access services like VNC on your WRT54G through a SSH tunnel.

    I don't think, that you can create additional users, because the user information is part of the firmware image (which is of course write-only). Probably you can add other users, when building your own image of the firmware from source.

    But I don't think, that it's really neccessary to create additional non-root users. You can't compare the WRT54G with a desktop computer runnin linux. Most of the stuff on the WRT54G is write-only anyway. And there are less possibilities to gain access to the router, than to a normal computer. Basically it's only SSH/Telnet or the Webinterface. If you have a good WLAN encryption (WPA), a secure password for the webinterface and not too many ports open to the WAN side (preferably no ports at all, or only SSH), that's secure enough.
     
  3. foq99

    foq99 Network Guru Member

    Thanks for the good info and quick reply. I'll set that up this afternoon. One of the coolest things ever is accessing Windows file shares over an SSH tunnel. This lets me play my mp3s anywhere I have a decent net connection without having to mount an ftp server as a shared drive or something equally as cumbersome.
     

Share This Page