D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-320L => Topic started by: milanraf on December 26, 2013, 01:56:00 PM

Title: Lock SSH access
Post by: milanraf on December 26, 2013, 01:56:00 PM

Hi All.

Got this NAS 1 month ago.
Upgraded to 1-02b07. (1-03 still not on my country D-Link website).

Very astonished to found that I can access the NAS thru SSH as root and WITHOUT PASSWORD! :o
Once logged in, I can change password with passwd, but it's lost after reboot.

Surely I'm missing something...it's absurd this is by design. :P

Thanx

Raf

Title: Re: Lock SSH access
Post by: milanraf on December 28, 2013, 10:45:57 AM

Ok, SSH is enabled only if Remote Backup service is enabled.

Nontheless, to let root login without a password is a HUGE SECURITY BREACH!!  >:(

This is THE next bug to be fixed, DEFINITELY!

Raf

Title: Re: Lock SSH access
Post by: koadrian on December 28, 2013, 04:02:33 PM

try to use fun_plug that may help for ssh.

Title: Re: Lock SSH access
Post by: boza2 on January 01, 2014, 02:22:51 PM

Hi,
any update on this? This bug still seems to be present on 1.03b04.

What's currently the "correct" procedure for installing the fun_plug scripts? Do they interfere with the default servers (ssh, rsyncd)? I really like the rsync feature...

However, it's mentioned here http://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/ (http://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/) that the Remote Backup Services should be deactivated.

Is that still right?

cheers,
boza

Title: Re: Lock SSH access
Post by: pizzaking on January 02, 2014, 06:38:41 AM

I used the same tutorial install fun_plug, and it works well. SSH and rsync still works after the install.

If you don't want to use fun_plug, but still want to secure SSH with a root password, you could properly use part of the tutorial as well. Especially the Change root password section (http://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/#Change_root_password (http://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/#Change_root_password)). Here he has a script to store the root password on the NAS, so it's still set after a reboot. Start using the tutorial from the passwd command

My guess is that this will work fine without installing fun_plug.

Edit: After looking at the script I see the you need to change the interpreter from #!/ffp/bin/sh to #!/bin/sh if you didn't install fun_plug