Posted: Sat Nov 20, 2021 19:57 Post subject: Execute shell script from wlan
Hi
Hope someone can help. This should not be so difficult.
I am trying to execute a .sh script from the outside world.
I have jffs enable and have a test script in the /nocat folder (/jffs/nocat).
The script (test.sh) is very simple:
#!/bin/sh
echo "Hello world"
I have two routers. Main router and the second router which I have open ported (on 5280) to the main router.
Now, being used to raspberry pi, I should be able to execute this script by typing http://xxx.xxx.x.xx:5280/test.sh where the x's are the external ip address.
Joined: 08 May 2018 Posts: 14125 Location: Texas, USA
Posted: Sun Nov 21, 2021 20:20 Post subject:
Your Raspberry Pi probably already includes the implementation of the information in those links... whereas DD-WRT probably does not, save and except for the webUI commands page... _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Tue Nov 23, 2021 13:02 Post subject:
What egc said exactly.
DD-WRT is a router FW, a Rpi or any other machine just running a web server, may allow anything and their mothers by default.
I can say for sure without examining all the firewall rules or security mechanisms in place in the FW, that prevent httpd from doing this by default, I have a sneaking suspicion that's the cause for the failure as you noted.
I wouldn't expect my router accessible to the outside world, with default configs to allow execution of scripts somewhere in its directories, and if the router just allowed this by default, I would consider it insecure and security issue ripe for abuse.
Via SSH you are essentially the root user, and its up to you to understand the implications of opening yourself up to what that entails.
You also have a built in light http server in the FW, you can also enable that allow it outside access and perhaps the webinterface restrictions wont apply there (again idk what restrictions are in place of the top of my head) and you maybe able to reproduce your Rpi scenario that way too.
Joined: 04 Aug 2018 Posts: 1444 Location: Appalachian mountains, USA
Posted: Tue Nov 23, 2021 18:25 Post subject:
Yeah, what they said.
Set up ssh with key authorization (NOT user/pass), get everything working first from inside your network, and only then try doing things from the WAN. If you are coming from a linux box you'll want to use ssh-agent to streamline access.
Anyway, the key here is that the ssh client on that friendly linux box (at least on my old Fedora system) can take an argument that is a command to be run on the ssh server's system. This can be a many-line command in quotes or a short command to run what you have in /opt. You can write a few short scripts or bash functions on that linux box to streamline things. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
I understand the security implications, however I think if I can work out how to execute a script remotely via a specific port, then I should also be able to work out how to add some username/password authentication to said port/directory to prevent unauthorised access.
I would like to use php on my server to execute a script on the router (just in case my question was not clear in the first instance - if anyone else has done something like that).
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Mon Nov 29, 2021 8:29 Post subject: Re: Execute shell script from wlan
feichter wrote:
I am trying to execute a .sh script from the outside world.
I have jffs enable and have a test script in the /nocat folder (/jffs/nocat).
The script (test.sh) is very simple:
#!/bin/sh
echo "Hello world"
I have two routers. Main router and the second router which I have open ported (on 5280) to the main router.
Now, being used to raspberry pi, I should be able to execute this script by typing http://xxx.xxx.x.xx:5280/test.sh where the x's are the external ip address.
So I looked up "raspberry pi port 5280" in Google, and got this result:
I believe you need to setup NetCat in DD-WRT that listens to port 5280, then execute a script accordingly. For that, you need to install Entware. Also, you have to consider security and firewall issues.
DropBear SSH of DD-WRT supports remote command execution! Look it up via Google. It's installed by default. I believe Raspberry Pi's Linux distribution has OpenSSH as well.
Lastly, the following query had some interesting results: