How to turn of Telnet in Jac2b tutorial needed?

Discussion in 'Cisco/Linksys Network Storage Devices' started by Jonesy_sa, Jun 9, 2009.

  1. Jonesy_sa

    Jonesy_sa Addicted to LI Member

    I have a NAS200 which is conected to my wirless router and i read that its not safe to have Telnet activated. I dont think ill need dropbear, ssh or telnet and thus would like to disable Telnet. I read on Jac2b's thread about disabling it but is there a more in-depth tutorial or how exactly would i go about do it?

  2. alejandro_liu

    alejandro_liu Addicted to LI Member

    If you don't need dropbear, ssh or telnet you might as well go back to the linksys original firmware.
  3. Jonesy_sa

    Jonesy_sa Addicted to LI Member

    I would use it to take advantage of Twonky upgrade and some bug fixes...
  4. jackito

    jackito LI Guru Member

    You can write a very simple script and put it in the rc.d dir inside your harddisk volume (/harddisk/volume_X/data/rc.d/ -where X depends on your harddrive(s) configuration, for instance 3 for RAID1, 1 for one disk-).

    For example:

    sleep 300
    echo "ftp     stream  tcp     nowait  root    /usr/sbin/bftpd" > /etc/inetd.conf
    Then restart your NAS200 and from now on 5 minutes after every reboot SSH and TELNET will be disabled.
    If you want your TELNET/SSH back, just remove the script and reboot.

    This is just an idea. If you want only to disable TELNET you can find a very simple way explained very clear in Jac´s jac2b firmware release post. :)
  5. Jonesy_sa

    Jonesy_sa Addicted to LI Member

    I'm excited, i looked on the net about Telnet and found nothning except you can access it from cmd prompt. Ran cmd prompt and tried typing a few things, i named my NAS200, NAS200 so typed telnet nas200 and suddenly i was in. I doubt anyone at all on my netowkr would ever know this but think i should disable it. Dont think ill need ssh/drop bear as i only plan to update twonky at this stage.

    The jac2b tutorial says:

    "The Jac2b firmware will search for the first file that matches /harddisk/volume_*/data/rc.d/twonky*/twonkymediaserver as seen from a Telnet or SSH session, or DISK ?/rc.d/twonky*/twonkymediaserver as seen from a Samba or FTP session (by default -- any changes to the scriptdirs.txt file will also have an effect on the search for a Twonky update). This means you should create an rc.d directory in the root of your first hard disk, then create a subdirectory from there called anything that starts with "twonky"

    Can this all be done from within the linksys GUI or windows explorer. Ie if i open explorer and find my 'public disk 1' folder and create a folder in that titled 'rc.d' then a folder within called 'twonky'; would this work? Or is the 'root' only accessible from ftp, ssh or something.

    I had a look at SSH and Dropbear. My understanding is these are used for transferring files over the internet to a remote location and SSH is more safer to use than Telnet. i would not need to access my nas outside of home so i dont think ill need them?
    Either way the tutorial had me lost, yes it looks simple enough to copy and paste but im lost with what that all acheives, it also states:
    "That means the easiest way to change the root password to something that's known is to use the Web GUI. However this also resets all other accounts in the system.
    [Edit]To reset the root password to "root" without changing any other accounts, connect via Telnet and paste the following commands:"

    How does one go about creating the new SSH password in the GUI which i assume i can disable telnet afterwards? When you say resets other accounts, the only two ill ever have a the guest and admin which have public access enabled as i trust everyone on my network.

    I will be transferring some files of around 7gig so what is best procedure for this, i have been using explorer.

    If i never will need ssh/dropbear etc i may as well follow the jac2b tutorial:
    "The Telnet daemon uses the /dev/pts/* device nodes to get a terminal. The recommended method to disable Telnet is to log in through an SSH shell and move the /dev/pts directory (e.g. mv /dev/pts /dev/pts_offline)."
    The only thing is, i assume i need to set up the ssh pssword first, i also have no idea how to log into ssh but found this:
    The tutorial makes it look simple once you have 'putty' installed and i assume have created the ssh password.
    thanks so much guys
  6. jac_goudsmit

    jac_goudsmit Super Moderator Staff Member Member

    The way your script works is that it rewrites the configuration file from scratch and then restarts rc.xinetd. I see several important problems:
    • Any other script that gets executed after this, also has to wait 5 minutes. Booting will take 5 minutes longer.
    • Any other script that changes the configuration before this script, won't work because this script undoes the other scripts' changes after 5 minutes

    The intended way to disable Telnet is:
    1. Log in to Telnet
    2. Type the command: touch /harddisk/volume_1/conf/no_telnetd
    3. Reboot by typing /etc/rc.d/rc.reboot

    After this, you can re-enable Telnet by deleting the file /harddisk/volume_1/conf/no_telnetd. The file's location is unreachable from the network so you will need to use SSH to log in and do it from the command line. If you didn't set your root password before you disabled Telnet or if you forgot your password so you can't log in through SSH, you can write a short script in rc.d that deletes the file at startup or you can use the script from the first post in the Jac2b thread to reset your root password.


  7. jac_goudsmit

    jac_goudsmit Super Moderator Staff Member Member

    If your wireless network is properly protected, I don't think there's any danger in leaving both Telnet and SSH running, but the question is: what is "properly protected". You can set a strong password on your router, use WPA2 on your wireless etc but if one of your computers gets infected with a program that lets the Bad Guys in, they'll be able to do anything you can do on your network anyway.

    If your computers and all other users in your house are trustworthy and smart enough, you can decide to leave Telnet running and not worry about it. But if you leave your wireless network unprotected, you are asking for trouble. A simple network scan will find all your computers and the NAS in no time and the Bad Guys can probably cause serious damage, especially if they find the Telnet port which is probably one of the first things they'll try. Telnet will let them access all your files without the need for them to guess any passwords, all that someone has to do to make all your files go away is rm -rf /harddisk. SSH/Dropbear would also let them do that but then they still have to guess the root password and you should use a strong password for root, one that's hard to guess.

    The root directory (not to be confused with the "root" login account) of your first harddisk is the "DISK 1" share, not the "PUBLIC DISK 1" share. You can create the rc.d directory in "DISK 1" from a PC using a file explorer.

    Telnet and SSH are both ways to get shell access, otherwise known as command line access, to the NAS over the network. The NAS won't care if the incoming Telnet or SSH connection comes from your local network or from the Internet but unless you open ports 22 (SSH) or 23 (telnet) on your router, the bad guys can't get to it unless they find a way onto your network. Keep in mind that the wireless network is part of your internal network so if you leave your wireless network open, you make all your computers and your NAS vulnerable.

    With command line access you can make the NAS do anything you want (if you know what the commands are of course). SSH is encrypted but Telnet is not (even the password is transmitted as-you-type). Furthermore SSH allows you to "tunnel" other protocols through the secure connection, such as the SCP (Secure CoPy) protocol which lets you use programs like WinSCP to access your files. Telnet won't let you do that, at least not in any easy way. On the NAS200, Telnet is configured so that it doesn't ask for a user ID or password, but SSH does require a user ID and password. The reason for this is that the default root account password is unknown.

    You can probably ignore that remark on the page, but read the part under the following "[Edit]" to reset your root password.

    That's the easiest way. Transferring files through WinSCP and SSH is only necessary if you're outside your network. You could use FTP for that too but in most cases if you have a simple home gateway FTP will be difficult or impossible to set up because home gateways are usually not compatible with FTP servers on the LAN side.

    This will disable telnet until the next reboot. The method I mentioned above (touch /harddisk/volume_1/conf/no_telnetd) will permanently disable it -- at least until you delete the file that the touch command creates, either through SSH or through a script which you can find in the Jac2b post.

    If you have a PC running Windows, you can install PuTTY to log in to SSH. And yes you have to change the root password via Telnet first, before you can log in through SSH.

    Hope this helps!

  8. Jonesy_sa

    Jonesy_sa Addicted to LI Member

    Yes it helps immensely, not only does it help solve my issues but it contributes to my learning curve. Having been made redundant due to economy it's meant buying a cheap nas and having the time to mess around and learn a little bit inbetween job searching. Thanks for coming on board and answering such amateur questions.

    Here's what i have managed thus far. While my vid collection was transferring i booted my laptop and tried to map a drive with the linksys software. Strangely it did not find my NAS200 (this is the title ive given it) so i used the Windows 'Tools - Map Network Drive' method instead. Gave it same drive letter 'W' and replicated all the itunes settings from my desktop sofware to the version installed on my laptop and it worked fine. I received your 2nd to last post on this page and as i could not find '/Disk 1' in windows explorer i thought i would have a go at Telnet and SSH/Dropbear. (i know know you can access it through linksys GUI, but still cant find it in windows).

    My exact actions were:
    Start > Run 'telnet nas200'
    #copied and pasted:

    egrep "^root:" /etc.default/passwd >/etc/x
    egrep -v "^root:" /etc/passwd >>/etc/x
    mv /etc/x /etc/passwd
    for x in /harddisk/volume_*/conf;do cp /etc/passwd $x;done

    #then typed this:

    To be honest the first time i didn't reboot after pasting that stuff i tried to login with WinSCP which failed so assumed it needed to be booted?

    After reboot i tried logging in via WinSCP. All i did was add:
    Host Name: nas200 (also tried ip address)
    UN: root PW: root
    File protocol: SCP
    (changed nor added anything else)
    and hit enter.

    This failed and i received a message: "Network error: Connection Refused"

    At this point i thought i would try Filezilla to see if i could locate the 'disk 1' file in that, i tried useing Nas200 and my nas log in details but that also rejected.
    Tried to log into the user interface from my browsers which failed and after stuffing around figured out my NAS was assigned a new ip at some stage. This hadn't happened before but i assumed as i had never rebooted with my laptop also connected on the network as well it jumbled up the ip's and went from '' to '.5'. I went back and retried with my new ip and still no luck with any of the software's as far as logging in to ssh or ftp.

    Some questions:
    - Did i do anything wrong in telnet or when trying to log into ssh?
    -what is the preferred method to reach and add folders to 'disk 1' (ie its not visable under windows explorer)?
    EDIT: I believe i found 'Disk 1' by typing "\\Nas200". Nothing says 'disk 1' but that folder contains my "Media share and Public Disk 1" which to my knowlege are located in "Disk 1" when i look in the linksys GUI.

    - What should i do about the ip address thing. I used linksys software to map a drive which appeared as media on ''' w:" on my desktop where as on my laptop when mapping through windows appears as 'W: media' or something and i don't think it is 'ip' based. I say this as even after my NAS changed to' my laptop still showed the mapped shares and they were accessible where as the desktop didn't.
    Should i map network drives differently? Is a fixed ip better?

    EDIT: Not sure what the best way to map drives is but today i set up the fixed ip on my nas200 and now my desktop can access my files and my laptop.
    To now access my nas' GUI i have to type the full ip address in the address bar of firefox, in the past i just typed NAS200 to access the gui. I tried to ping NAS200 from cmd prompt and it failed.
    -Is this an issue at all?
    -will it affect any uPnP functionality if its only recognised via the ip and not the server name?


    You guys are real lifesavers.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice