So, I’ve been accessing my NSLU2 via SSH for quite a while now (open SSH server) using putty, and I’ve made my SSH server available via the internet by mapping the SSH port (22) in my ADSL router through to the SSH port on the NSLU2.
This opens up all kinds of possibilities. I can access my NSLU2 from anywhere in the world via the internet, and also, I can use SSH tunnels to access my Windows PC via remote desktop if its turned on.
To install OpenSSH, I used the guide found here: http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess
I also followed the guide to set up the SSH server for public key access – anyone who wants to log into my NSLU via the internet will need the private key file that matches the public key provided during SSH logon. The one change I did make – I didn’t allow root to access via SSH, I setup another user on the box and gave that user SSH access. Once I’m logged in as that user, I either ‘su’ to root, or use ‘sudo’ (available via ipkg) to run anything that requires root access.
I can’t stress how important this is if you are going to put your NSLU2 on the internet. Within a few hours of my NSLU2 being on the internet there had already been a number of brute force hack attempts to gain entry to the server via SSH. Since they didn’t have a key, they couldn’t get in, but it doesn’t stop most of them from trying as its likely to be a script they are running to connect via SSH with password/users from a dictionary file.
You can spot the hack attempts easily in the /var/log/messages file. They look something like:
Apr 10 16:07:41 NASSERVER auth.info sshd[3012]: Invalid user newsroom from 216.167.162.253
Apr 10 16:07:46 NASSERVER auth.info sshd[3016]: Invalid user magazine from 216.167.162.253
Apr 10 16:07:51 NASSERVER auth.info sshd[3020]: Invalid user research from 216.167.162.253
Apr 10 16:07:55 NASSERVER auth.info sshd[3024]: Invalid user cjohnson from 216.167.162.253
Apr 10 16:08:00 NASSERVER auth.info sshd[3028]: Invalid user export from 216.167.162.253
Of course, they can be trying for quite a while so inorder to deal with these sort of hack attempts, I’d recommend installation of the denyhosts package through ipkg. Deny Hosts monitors the /var/log/messages file, and after a configurable number of failed attempts to login, it will take the IP address and add it to the hosts.deny file, preventing the user from further accessing the system.
The hosts.deny file on the latest unslung can be found in /opt/etc/hosts.deny
So far the IP addresses that have been blocked (to name and shame) are as follows:
IP Address |
Host Name |
212.55.199.242 |
svrnat.stepx.ch |
190.144.35.210 |
190.144.35.210 |
80.203.202.130 |
130.80-203-202.nextgentel.com |
193.151.12.36 |
jabber.alba.ua |
59.120.182.211 |
fsd.com.tw |
209.104.200.6 |
200-104-209.galaxyvisions.com |
66.48.73.107 |
66.48.73.107 |
219.239.105.51 |
219.239.105.51 |
208.71.208.190 |
208.71.208.190 |
89.41.197.113 |
pc197113.static.is.airbites.ro |
69.60.115.14 |
cantsitstill.com.115.60.69.in-addr.arpa |
88.176.20.140 |
vil93-12-88-176-20-140.fbx.proxad.net |
219.93.25.93 |
219.93.25.93 |
216.133.192.20 |
npu20.npu.edu |
203.94.8.149 |
203.94.8.149 |
220.68.74.168 |
220.68.74.168 |
203.199.212.36 |
illchn-static-203.199.212.36.vsnl.net.in |
202.143.136.2 |
202.143.136.2 |
121.180.100.15 |
121.180.100.15 |
59.144.174.187 |
dsl-del-static-187.174.144.59.airtelbroadband.in |
61.34.78.200 |
61.34.78.200 |
213.251.184.171 |
ks35220.kimsufi.com |
85.14.168.78 |
85.14.168.78 |
202.134.91.60 |
static-ip-60-91-134-202.rev.dyxnet.com |
195.38.107.55 |
aquila.euroexpert.tvnet.hu |
83.14.125.114 |
eav114.internetdsl.tpnet.pl |
87.106.210.109 |
s15285217.onlinehome-server.info |
210.212.176.20 |
210.212.176.20 |
76.76.15.121 |
unknown.carohosting.net |
216.167.162.253 |
nts-253.162-167-216.nts-online.net |
If you do manage to lock yourself out of the NSLU via SSH for whatever reason, you’ll need to login to the web interface, enable telnet access, and then remove your IP address from the hosts.deny file.
I connect to my NSLU2 using putty, and set up quite a few tunnelled ports to access the HTTP servers/etc that aren’t exposed to the internet, e.g.
Port |
Application |
9000 |
Twonkyvision |
631 |
CUPS (Printer server) |
80 |
NSLU2 Admin Interface |
2370 |
CTorrent Web Interface |
To name a few. To access my Windows PC via an SSH tunnel, I setup a tunnel on port 3389 to my Windows PC’s ip address on the same port. This then means that once I’m logged into the NSLU2, I can remote desktop to my PC.