Adding non-root user to Tomato for proxy?

Discussion in 'Tomato Firmware' started by Demonlapin, Apr 26, 2010.

  1. Demonlapin

    Demonlapin Networkin' Nut Member

    I want to be able to allow a friend to proxy via my router. I trust him in my network, but I don't want to hand out the password to root on the router.

    Is there a simple way to add a user so that he can SSH in under his own name? Alternatively, is there any other proxy method that can authenticate but doesn't need to authenticate as root? I've searched high and low without success.
  2. rhester72

    rhester72 Network Guru Member

    You'll have to manually add an entry to /etc/passwd (and make it survive reboots!). I had the same issue with srelay authentication - no valid home directory or shell is required, it only uses the login and password information. (Note that due to the way things are compiled, the mkcrypt-encoded password MUST appear in /etc/passwd, NOT /etc/shadow!)

  3. Demonlapin

    Demonlapin Networkin' Nut Member

    So how can I do this? Putting what would be the appropriate commands in the init scripts section of administration doesn't put the user in the /tmp/etc/passwd and /tmp/etc/shadow files.
  4. rhester72

    rhester72 Network Guru Member

    I used cryptpw (built into the busybox binary on my site) to generate a password, then manually added the appropriate entries to /jffs/passwd and /jffs/shadow (you can put them on any permanent store you like) and softlinked them back to /etc/passwd. After that, you need to create a home directory for the user (if you do it in Init and create it in /tmp/home you should be fine, but remember you can't chown the home directory until after the links to /etc/passwd and /etc/shadow are built!) and chmod it. Test, reboot, test again.

    Basically, imagine the process for creating a user under Linux *without* benefit of the useradd or passwd commands and you've got the general idea...well, that, and the fact you have to go pretty far out of your way to make it persistent. ;)

    If for some reason you need the home directory to persist, consider that (and more softlinks) when you create it and put it on /cifsX, /jffs, or some other more permanent mountpoint.

    I wish I could give you more specific directions, but given that a) this involves passwords, which you SHOULD NOT give me and b) I don't know the specifics of your setup or objectives very well, generalities are about as well as I can do at the moment. :)

  5. vibe666

    vibe666 Network Guru Member

    sorry to hijack the thread, but how did you manage to get proxying working via ssh?

    i tried to set it up several times, but i always ended up using some kind of proxy software ona PC on the remote side of the tunnel as i could never get tomato to forward web traffic on is own without using a pc running proxy software to pass the web traffic back out again from the LAN.

    i wouldn't mind quite so much if i didn't just find out that a mate using ddwrt (who i'd been trying to convince to switch to tomato) set it up himself on his router with a simple click on a 'proxy' tickbox in ddwrt. :(
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice