Smoothwall Firewall project

Tuesday, 8 September 2009

Setting up the SSH daemon on your Netgear 1100 NAS server



After having installed one of these units for a small project , I wanted to get passed the web interface to have a look at the detailed error logs on this NAS unit.

I had a look on the Netgear forums and there are several add-ons you can apply to the unit to enhance or modify what it is capable of doing. As this is basically Linux running on Sparc, you will be able to do pretty much anything you like. It would appear that virtually every appliance these days runs Linux or BSD, and getting an SSH CLi onto these units gives you a lot more granular control.

When you have a look around the configuration on this unit, the company that actually built these devices before Netgear bought them - Infrant - has it's fingerprints all over the place. When you look at the processor for instance, it reports itself as an:

Infrant Technologies, INC - neon version: 0

When you dig around in the kernel libraries it becomes clear that this is a sparc CPU.

Anyway, back to the project in hand. You need to download these two files:

ToggleSSH_1.0.bin and
EnableRootSSH_1.0.bin


You then need to install them one at a time using the software update screen - below - and reboot the unit after each install. Why they are bin files is not obvious, as a simple script file would have been sufficient, but it may be to do with the extension install mechanism. It would appear all they do, is enable the SSH daemon in /etc/init.d and configure the file /etc/ssh/sshd_config to allow root access.



Once you have re-booted for the second time, point your favourite SSH client at the IP address of the NAS server and log in as root, like so:

SSH root@192.168.1.1 - or whatever your IP address is

voila!

2 comments:

John said...

I disabled ssh root login by tweaking the sshd config for extra security, added my own user with home directory, and installed sudo on my Synology NAS running a PowerPC cpu. I also have a repository via ipkg to install packages already compiled for powerpc.

Codfather said...

That's a good idea if the unit is in a more sensitive area. Once you are logged in , you have full access, and can do whatever you like. It's interesting to see the processors these units use, as I suspect they can be bought more cheaply than their Intel counterparts.