tech log on gentoo, linux, and random stuff

Archive for August 9th, 2010

adding an ssh tunneling account to dd-wrt

with 2 comments

A server I helped to setup recently has its OS re-installed, and I
know that because I can no longer log onto it. I used to have an
ssh-tunneling account set up on that server too for people who need to
reach outside a certain great firewall, and it’s also gone with the
revamp–my father being one of the users. So I decided to add an
ssh-tunneling account to my router (with dd-wrt)

What I need is the public key of whoever is going to use it, in this
case my father’s–alternatively I can also make a pair of
private/public keys and distribute the private key to the target
users, but that kind of defies the purpose of a “private” key.

All I need to do is to put the following snippet into my router’s
startup script, which can be modified from the web interface of
dd-wrt: administration -> commands.

The code goes as

mkdir -p /tmp/tunnel/.ssh
# somehow, /bin/false doesn't work
echo "tunnel:*:401:10:User,,,:/tmp/tunnel:/bin/sh" >> /tmp/etc/passwd
echo "public-key-content" >> /tmp/tunnel/.ssh/authorized_keys

and replace public-key-content with the content of a
desired public key (or several).

And the last thing is to ask the end user to log onto your server once
in case the server’s key fingerprint is not yet in
his/her ~/.ssh/known_hosts

Now conjure up the magical ssh -Nf -D9999

Written by zsh

August 9, 2010 at 5:30 pm

Posted in no cat is good cat

Tagged with ,