Keyboardless SSH auth
17 September, 2010 - 17:36
Hi guys, after testing the HAH for myself, I'll be installing it into a couple of Villas we own in Cyprus.
The main purpose will be to reduce electricity costs over there while we manage the properties remotely.
I've been trying to research how to configure dropbear which as I understand it allows for X11 tunneling.
I'm pretty sure this would allow me to use SSH to create a tunnel that would allow me to access the HAH from remote.
To make this uber-secure, I should be able to use keys to even remove the need to login using username/pass with a client like putty.
I was just wondering if these features of dropbear has been included in the HAH firmware?
And wondering where the dropbear conf file was?
Thanks
Gary
17 September, 2010 - 22:59
#2
The keys I believe you are
The keys I believe you are looking for are in /etc/dropbear/
Why not either NAT export the HTTP or SSH server of the HAH? This is what I do when I need to view my HAH from afar. Alternatively I'd setup PPTP/OPENVPN to your router. I run DD-WRT on my linksys router and the PPTP server works well for allowing me remote access into my LAN when I'm away.
I'm not sure where you are going with X11 as the HAH unit does not use any X11 at all.
Brett
20 September, 2010 - 22:40
#4
Modifying /etc/init.d files
To modify the /etc/init.d/ssh file you need to remove the linkage and replace it with the contents from /etc_ro_fs.
# rm /etc/init.d/ssh
# cp /etc_ro_fs/init.d/ssh /etc/init.d/ssh
# vi /etc/init.d/ssh
Then your changes will persist including surviving a firmware auto update.
Brett
21 September, 2010 - 08:23
#5
Putty config.
To setup my firewall, I setup port forwarding for SSH to the local IP address of the HAH
(actually I setup outside port 24 forwarding to inside port 22 I find this reduces the amount of connection attempts)
(Of course you then need to setup Putty to point to port 24 instead of 22)
To setup Putty, I did the following:
SSH/Auth
SSH/X11
SSH/Tunnels
Once this session has been saved, I can then make a connection with putty from any remote location, fire up my browser and point it to //localhost:82 which will bring up the Web UI of the Hah.
Any attempt by anyone to login to my ssh port without the key, will result in their connection being dropped.
Hope this helps.
Gary.
21 September, 2010 - 19:03
#6
Holes to Control
Hi Gary,
That looks really interesting, and something I'll be giving a go. You just need to chage the second picture in your post, you haven't linked to the correct Flickr X11 picture.
I assume that you managed to make the changes Brett suggested to make the startup script changes permanent.
thanks for sharing,
Karl
21 September, 2010 - 21:45
#7
Hi Karl,I can't see how to
Hi Karl,
I can't see how to edit the post, so here's the other pic:
22 September, 2010 - 13:45
#8
Which Router
Which router are you using Gary? And is it cable or ADSL? I can't seem to map an external port to a different internal port on any of my routers. I know Brett is using DD-WRT, but I've been told that this only works on cable modems NOT ADSL routers, which is what I have.
I'm not sure if this is what you're looking for but I think it comes close. I haven't tried it myself but I like the idea :- http://www.nslu2-linux.org/wiki/HowTo/UseDropBearForRemoteAccess Let us know how you get on. What are you controlling remotely? I'm looking for things to do around the house with the HAH and would be interested in learning how best to control appliances or anything else. Karl