Telnet/SSH and the command line
From DD-WRT Wiki
| Revision as of 03:51, 22 May 2005 (edit) Sveasoft (Talk | contribs) (→More Advanced Commands) ← Previous diff |
Revision as of 04:21, 22 May 2005 (edit) (undo) Sveasoft (Talk | contribs) (→More Advanced Commands - added ifconfig. Last added ifup) Next diff → |
||
| Line 140: | Line 140: | ||
| The [[scp command]]<br> | The [[scp command]]<br> | ||
| The [[ifup command]]<br> | The [[ifup command]]<br> | ||
| + | The [[ifconfig command]]<br> | ||
| ==Scripting== | ==Scripting== | ||
Revision as of 04:21, 22 May 2005
You are here: Main Page/DD-WRT Docu (EN)/Telnet/SSH and the Command Line
Contents |
Telnet
Telnet is an easy way to access the Command Line (Shell) of your WRT54G and access configuration not available in the web interface. Telnet operates on port 23 and an ASCII protocol, so it is vulnerable to sniffing attacks. ie, Passwords and commands are not encrypted.
Setting Up
From the Web Interface
-Click on the Administration tab
-Check Enabled in the Telnet section
-Click Save Settings
Use
-Open your favorite Telnet client
-connect to <Router_LAN_IP>
-When asked for the username, enter root
-When asked for the password, enter your routers password
On Windows, you can use Start: Run: telnet <Router_LAN_IP>
SSH
Overview
SSH, or Secure Shell, is an encrypted protocol and associated program intended to replace telnet. It can also be used for creating secure tunnels, somewhat akin to Virtual Private Networks. Unless changed, everything SSH operates on port 22.
SSH operates on a Public/Private key infastructure. For this to work, a small public key is given to the server and the server gives your client it's public key. Your client encrpyts information to the server using the servers public key and the server encrypts information sent to you using your public key. Private keys are never exhanged, and are used to decrpyt the information encrypted with the associated public key.
The DD-WRT firmware only allows connections from clients whose public keys are manually entered via the web interface. Multiple keys can be entered by placing them on seperate lines.
Setting Up
First you should generate a Public/Private key pair on your desktop machine. This can be done through the "Puttygen" utility if you're using either Putty or WinSCP as clients. Copy the public key to the clipboard and save the private key somewhere on your computer. There is no need to save the public key. If you forget it, you can instruct Puttygen to open your private key file rather than generating a new key pair and it will tell you your public key. It is recommened that you don't secure your key pair with a password, as this will make things easier for you, although somewhat less secure.
From the [Web Interface]
-Click on the Administration tab
-Mark Enabled in the SSHD section to enable the SSH daemon
-Click the Save Settings button
-Click the Continue button
-Paste your public key in the authorized key of the SSHD section that has now expanded. You will need to generate this on your desktop if you don't have one yet.
SSH Telnet
Provides a secure alternative to standard telnet.
A good Windows Client to use is Putty
Configure the client to use the Private Key you saved earlier.
SCP
Secure Copy (SCP) allows one to copy files to and from the router and a remote host--usually a desktop machine.
A good Windows client to use is WinSCP
Configure the client to use the Private Key you saved earlier.
Remember: only the /tmp and /jffs partitions are writable!
Drop Bear
DropBear is an SSH client/server installed by default on the WRT54G. DropBear allows one to connect from the WRT54G to a remote SSH server for scp, etc. I don't believe SSHD needs to be enabled through the Web Interface in order to use the client portion of DropBear.
If you have an SSH server on your desktop machine (such as OpenSSH) you pull files from your desktop machine using the scp command. This can be used to copy files from your desktop machine in a Startup Script
The DD-WRT Command Line
aka the DD-WRT Linux shell
Basic Syntax
The Linux Shell is not dos.
/ (and not \) is used to seperate directories in a path, just like the interweb.
In order to execute a command, the path for that command must be provided. This may either be a full path or a relative path.
Relative Path Operators
There are two relative path operators.
. The current path .. One directory above the current path
Examples
1) If you are in the /jffs/usr/bin directory and wish to run the /jffs/usr/bin/noip command use:
/jffs/usr/bin # /jffs/usr/bin/noip
or
/jffs/usr/bin # ./noip
2) If you are in the /jffs/usr/bin directory and wish to run the /jffs/usr/kismet command use:
/jffs/usr/bin # /jffs/usr/kismet
or
/jffs/usr/bin # ../kismet
or
/jffs/usr/bin # cd .. /jffs/usr # ./kismet
3) Relative path's can also be used as arguments. If you installed the noip package, you'd notice that the command is installed as /jffs/usr/bin/noip but it's configuration file is installed as /jffs/etc/no-ip.conf When running noip, it is thus required to give it the path to it's configuration file with the -c command. This can be done like:
/jffs/usr/bin # ./noip -c /jffs/etc/no-ip.conf
or
/jffs/usr/bin # ./noip -c ../../etc/noip.conf
notice that the first ../ brings us to /jffs/usr/. The second ../ brings us to /jffs/, and then the rest of the path can be appended.
4) While the other examples all showed how to save typing, you can also really screw around with relative paths. To launch the noip command in example 1, you could also use
/jffs/usr/bin # ../../../jffs/./usr/./bin/././../bin/././noip
Here we browse all the way back to the root / directory, then climb back up to /jffs/usr/bin, drop back down to /jffs/usr and then climb back up to /jffs/usr/bin.
Current path references of /./ are thrown in spuratically just to mix things up. See how /./ always references the then current path, not the origional path of the shell when the command was entered.
Pipes and Redirects
The output of commands can be piped through other commands or redirected to devices and files.
< and > are the redirect operators. < Takes input from a device or file and routes it as input to the command given. > Takes output from a command and redirects it as input for a device or file. Ex: If you don't want to see the output of a command, redirect it to the null device:
command > /dev/null
| is the pipe character, and pipes the output through another command (for formatting, etc) Ex: the most command use of the pipe is to limit the output of a command:
command | more
This is extrememly useful for commands like nvram show which list some 800-1200 lines. nvram show | more will list the results 1 page at a time.
Background processes
It is possible to run programs in the background (returning you to the command prompt immediately) by terminating your command with the & character. ex:
command &
Make sure you add a space between your command and the ampersand or you will result with a File not found error.
Basic Commands
<command> -h The -h flag almost always provides help on a command. Use it! ls list the contents of the current directory cd <directory or full path> Change to that directory or path cp <source> <desination> Copy the source file to the destination mkdir <directory name> Create a new directory wget <URI> Download the file at the given URI to the current path tar -xz -f <file> un-gzip and un-tar the given *.tgz or *.tar.gz file rm <file> Delete the file rm -r <directory> Delete the directory and all contents killall <program name> Kill all running processes of the program
More Advanced Commands
These commands warrent their own wikis!
The wl command
The iptables command
The ip command
The tc command
The scp command
The ifup command
The ifconfig command
Scripting
External Resources
You are here: Main Page/DD-WRT Docu (EN)/Telnet/SSH and the Command Line