dpomponi DD-WRT Novice
Joined: 03 Apr 2020 Posts: 6
|
Posted: Sun May 17, 2020 18:16 Post subject: Replace dropbear ssh with openssh |
|
Dear community,
I'm configuring my router in order to run sshuttle (python package) because I'd like to forward part of the traffic from my local network to a remote server transparently
This is the command I'm running
Quote: | sshuttle -v -l 0.0.0.0 --dns -vr user@remoteserver 10.10.10.0/24 |
Basically all the traffic with target 10.10.10.0/24 is forwarded through the remote server. Everything is working, it automatically generate all the rules for the firewall and indeed all the hosts connected to the network are able to reach the hosts in 10.10.10.0/24.
Since everything is working I wanted to run sshuttle in backround using the following script
Code: | #!/bin/sh
case $1 in
connect)
sshuttle -v -l 0.0.0.0 --dns -vr user@remoteserver 10.10.10.0/24 --daemon --pidfile /tmp/root/sshuttle.pid
shift
;;
disconnect)
kill `cat /tmp/root/sshuttle.pid`
shift
;;
*)
# unknown option
;;
esac |
It's really a simple script which accept two parameters: connect or disconnect.
Unfortunately here I started to have trouble due to the flag --daemon, sshuttle stop just after asking the password for the remote server.
The flag --daemon is used to run sshuttle in foreground, following some debug using strace I noticed that sshuttle start the process and when it arrive to the point to open the ssh connection to the remote server it clone the process and it generate a child calling the default ssh client provided by dropbear. (this doesn't happen when you lunch sshuttle without --deamon)
Quote: | getsockname(9, {sa_family=AF_UNIX}, [128->2]) = 0
getsockname(10, {sa_family=AF_UNIX}, [128->2]) = 0
fcntl64(9, F_DUPFD_CLOEXEC, 0) = 11
fcntl64(9, F_DUPFD_CLOEXEC, 0) = 12
close(9) = 0
write(2, "c : executing: ['ssh', 'username"..., 270) = 270
pipe2([9, 13], O_CLOEXEC) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb6fe3828) =7998
close(13) = 0
read(9, "", 50000) = 0
close(9) = 0
close(11) = 0
close(12) = 0
send(10, "import sys\nimport zlib\nimport im"..., 1106, 0) = 1106
send(10, "sshuttle\n7\nx\1\0\0\0\377\377sshuttle.cmdli"..., 13012, 0) = 13012
write(2, "c : > channel=0 cmd=PING len=7 "..., 45) = 45
recv(10, Password: |
Quote: | root@DD-WRT-R9000:~# cat /proc/7998/cmdline
user@remoteserver--exec /bin/sh -c 'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=2; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1106), "assembler.py", "exec"))'"'"'' |
Following some test I understood that SSHUTTLE doesn't like SSH provided by dropbear, indeed If I modify the the command generated by sshuttle specifying to use openssh and bash everything works as it should:
Quote: | /opt/bin/ssh user@remoteserver -exec /bin/bash -c 'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=2; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1106), "assembler.py", "exec"))'"'"''
|
Following all this explanation my question is:
How can I replace dropbear ssh with openssh?
When I say replace I want to say that the system has to use openssh by default instead of dropbear, otherwise when the process get cloned it will always fail.
Thanks for your support!
Router ModelNetgear Nighthawk X10
Firmware Version DD-WRT v3.0-r43099 std (05/09/20)
Kernel VersionLinux 4.9.222 #449 SMP armv7l
Regards,
Daniele |
|
stacecom DD-WRT Novice
Joined: 04 Nov 2020 Posts: 1
|
Posted: Wed Nov 04, 2020 0:39 Post subject: Thanks for posting this |
|
This is quite relevant to what I'm trying to do, but can you share how you got sshuttle installed? I've been pursuing a few paths, but they seem to be dead ends.
This is on a Netgear ARM-based device, not sure if that's a difference-maker. |
|