Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[milanraf]

Hi All.

Got this NAS 1 month ago.
Upgraded to 1-02b07. (1-03 still not on my country D-Link website).

Very astonished to found that I can access the NAS thru SSH as root and WITHOUT PASSWORD!
Once logged in, I can change password with passwd, but it's lost after reboot.

Surely I'm missing something...it's absurd this is by design.

Thanx

Raf

[milanraf]

Ok, SSH is enabled only if Remote Backup service is enabled.

Nontheless, to let root login without a password is a HUGE SECURITY BREACH!! 

This is THE next bug to be fixed, DEFINITELY!

Raf

[koadrian]

try to use fun_plug that may help for ssh.

[boza2]

Hi,
any update on this? This bug still seems to be present on 1.03b04.

What's currently the "correct" procedure for installing the fun_plug scripts? Do they interfere with the default servers (ssh, rsyncd)? I really like the rsync feature...

However, it's mentioned here http://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/ that the Remote Backup Services should be deactivated.

Is that still right?

cheers,
boza

[pizzaking]

I used the same tutorial install fun_plug, and it works well. SSH and rsync still works after the install.

If you don't want to use fun_plug, but still want to secure SSH with a root password, you could properly use part of the tutorial as well. Especially the Change root password section (http://nas-tweaks.net/371/hdd-installation-of-the-fun_plug-0-7-on-nas-devices/#Change_root_password). Here he has a script to store the root password on the NAS, so it's still set after a reboot. Start using the tutorial from the passwd command

My guess is that this will work fine without installing fun_plug.

Edit: After looking at the script I see the you need to change the interpreter from #!/ffp/bin/sh to #!/bin/sh if you didn't install fun_plug