SSH remote access with guest (non-root) account and P/P Keys

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
chopel
DD-WRT Novice


Joined: 24 May 2012
Posts: 5

PostPosted: Thu May 24, 2012 16:50    Post subject: SSH remote access with guest (non-root) account and P/P Keys Reply with quote
Hi all,
First of all, thanks for this excelent firmware!
Second, my issue. I did search the forum for this issue with no luck. While there were some posts, none of them had a clear solution. I hope I can wrap up all my findings with this.

Objective: The idea is to tunnel traffic through my home connection when surfing in public hotspots and share this with relatives and friends.

Status: I'm trying to create a guest account to login remotely using SSH to my router using public/private keys (not password authentication - to be 99% sure it is secure). However, I don't want people logging in to my router's shell with full root rights. This is the reason for creating a guest account to access via ssh and tunnel its traffic.

Specs: I'm using linskys WRT54G2 v1, running dd-wrt v24sp2 (02/02/09) micro plus ssh (I don't think I can push it any more, can I?)

Context: I'm currently able to login remotely to the router and tunnel traffic through it. Both via password and Public/Private keys using the root user. No luck with my custom created guest user.
I'm not an expert neither in Linux/Unix nor DD-WRT, but I think I managed to create the guest account: I can both telnet and password-login remotely via ssh with guest account. I attached this code to the startup scripts to avoid losing it after rebooting the router:
Code:
mkdir -p /tmp/guest
chmod 777 /tmp/guest
chmod 755 /tmp/etc/
echo -e "guest:x:1:guest" >> /tmp/etc/group
echo -e "guest:[backslashed_encrypted_password]:1:1:Guest User,,,:/tmp/guest:/bin/sh" >> /tmp/etc/passwd


I'm not 100% sure of all the variables involved there, but I think I understand most of it. The part I don't understand is why guest is repeated so many times and there's a "Guest User" part I don't completely get what role it plays.

Problem: When I try to log in remotely with public/private keys with my newly created GUEST user, putty outputs:"server refused our key".
I'm obviously using the same key I use for root. I'm using "guest" as the user.
After that, I tried attaching to the previous startup code the following lines to copy root's keys into guest's keys:
Code:
mkdir -p /tmp/guest/.ssh
cp /tmp/root/.ssh/* /tmp/guest/.ssh/


However, the problem persists after adding those lines and rebooting.

Questions:
1) Is this a reasonable way to achieve my objective?
2) Can anyone provide some help with my current problem?
3) Suggestions on workarounds/alternatives?

Any help will be appreciated,
Thanks a lot
Chopel
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17638
Location: Hesse/Germany

PostPosted: Sat May 26, 2012 18:40    Post subject: Reply with quote
workaround:

dump this piece of bullshit hw and buy a new router capable of openvpn and u will be happy ever after...

_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
chopel
DD-WRT Novice


Joined: 24 May 2012
Posts: 5

PostPosted: Sat May 26, 2012 18:58    Post subject: Reply with quote
Thanks dude. I just needed someone to tell me that... but after so much effort I just couldn't ask! Maybe I was doing a cumbersome & complicated thing that had another easy solution. You provided one.
chopel
DD-WRT Novice


Joined: 24 May 2012
Posts: 5

PostPosted: Mon May 28, 2012 11:56    Post subject: Reply with quote
Isn't there a way to convert the router into a "proxy" server? I seems to be exactly what I need but without the encryption that I might be able to handle with https... On the other hand, openvpn doesn't seem an elegant solution. I think it would be more complicated to implement and client-side configuration much more complicated if I'm not mistaken... (am I?)

Does the mega build allow you to authenticate with different users?
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum