z·eeki·sh

tech log on gentoo, linux, and random stuff

Posts Tagged ‘dd-wrt

dd-wrt ssh port forwarding quirky

leave a comment »

I guess it is more of a web-gui quirky. Anyway, here is what I desire: I want to move the ssh port of the router itself to say 9999, and forward port 22 to a workstation connected to the router.

What I did, which is wrong:
1) dd-wrt -> services -> services: change port of ssh to 9999
2) dd-wrt -> NAT/QoS -> port forwarding: add port from 22 to workstation-ip:22

What I now have, which is correct thanks to this post, is:
1) dd-wrt -> services -> services: change port of ssh back to 22
2) dd-wrt -> NAT/QoS -> port forwarding: add port from 22 to workstation-ip:22
3) dd-wrt -> administration -> management: change [ssh remote port] to 9999

Advertisements

Written by zsh

February 17, 2012 at 12:27 pm

adding an ssh tunneling account to dd-wrt

with 2 comments

A server I helped to setup recently has its OS re-installed, and I
know that because I can no longer log onto it. I used to have an
ssh-tunneling account set up on that server too for people who need to
reach outside a certain great firewall, and it’s also gone with the
revamp–my father being one of the users. So I decided to add an
ssh-tunneling account to my router (with dd-wrt)

What I need is the public key of whoever is going to use it, in this
case my father’s–alternatively I can also make a pair of
private/public keys and distribute the private key to the target
users, but that kind of defies the purpose of a “private” key.

All I need to do is to put the following snippet into my router’s
startup script, which can be modified from the web interface of
dd-wrt: administration -> commands.

The code goes as

mkdir -p /tmp/tunnel/.ssh
# somehow, /bin/false doesn't work
echo "tunnel:*:401:10:User,,,:/tmp/tunnel:/bin/sh" >> /tmp/etc/passwd
echo "public-key-content" >> /tmp/tunnel/.ssh/authorized_keys

and replace public-key-content with the content of a
desired public key (or several).

And the last thing is to ask the end user to log onto your server once
in case the server’s key fingerprint is not yet in
his/her ~/.ssh/known_hosts

Now conjure up the magical ssh -Nf -D9999

Written by zsh

August 9, 2010 at 5:30 pm

Posted in no cat is good cat

Tagged with ,