How to to get sftp access with dropbear

Printable View

28-04-2007, 09:02
velovite

How to to get sftp access with dropbear

This is done on top of Kfurge's firmware, with dropbear installed according to his instructions from the optware/oleg repository. This already gives you secure file transfer through scp, but I needed sftp too. This seems easy, but there is a trick : read through the end.

sftp-server is in the openssh package. The easy way to install it is

sudo ipkg update
sudo ipkg install openssh

is also requires openssl and zlib, so :

sudo ipkg install openssl
sudo ipkg install zlib

Now the trick to make it work:

WARNING : Before you do this trick, it's really wise to reactivate telnet access in rc.local, just in case you screw up your dropbear and lock yourself out of your router...

The dropbear version I which got installed following the instructions (0.48.1-1) is hard-coded to launch sftp-server from /usr/libexec while it gets installed on the hdd in /opt/libexec (the standard "optware" path, hence the name). I did not feel like setting up a development environment to recompile my own dropbear version. I did it the lazy and dirty way, simply changing "usr" to "opt" right in the binary, and it worked!

To do this, I transfered the dropbear binary (/opt/sbin/dropbearmulti ; dropbear is just a link to this file) to my Ubuntu pc and used sed:

sed 's/\/usr\/libexe/\/opt\/libexe/g' dropbearmulti > dropbearmod

and then replaced the original binary by the new file, with proper rights.

I saw afterwards that sed comes with busybox, so you should be able to do this trick in place. I didn't try.
09-11-2007, 12:06
pvarela

Openssh wants to overwrite dropbear exectables

Hi,

I've followed your instructions. However, when I try to install openssh it warns me that it wants to overwrite some dropbear executables, namely ssh.

How should I proceed? Uninstall dropbear, install openssh and re-install dropbear with -force-overwrite so that it can install its own executables?

Regards,

PVarela
09-11-2007, 16:57
al37919

Actually, IMHO dropbear and sshd are two options to have ssh server. I don't see the reason why you want to keep both.

At least on wl500gp if you want to have sftp-server with dropbear, it is enough just to ipkg install dropbear. You obtain executable on the hdd which replaces the one in the firmware, and it runs /opt/libexec/sftp-server correctly.
12-11-2007, 19:05
pvarela

Solved!

Hi,

As far as I was able to look dropbear doesn't include sftp-server. So, what I did to get sftp working with dropbear was:

1 - uninstalled dropbear : sudo ipkg remove dropbear (FIRST enable telnet login, otherwise you'll be locked out of the router).

2 - installed openssh : sudo ipkg install openssh

3 - copy /opt/libexec/sftp-server to sftp-server.backup

4 - uninstall openssh : sudo ipkg remove openssh

5 - re-install dropbear : ipkg install dropbear

6 - patch /opt/sbin/dropbearmulti to enable access to /opt/libexec/sftp-server by following velovite instructions.

Probably it is not the most elegant solution to the problem but it worked.

Regards,

PVarela
12-11-2007, 20:21
al37919

good that you found solution yourself. Unfortunately my previous message contained misinformation.

I checked that I run built-in dropbear, and I have openssh installed. External dropbear is not installed. However, /opt/libexec/sftp-server is started correctly when incoming request comes without special set up... :confused:
04-05-2008, 21:33
xtin

There's a package

openssh-sftp-server

Just install this, patch dropbear as described, that's it.

In full:

Code:

ipkg install openssh-sftp-server ipkg install sed cd /opt/sbin cp dropbearmulti dropbearmulti.bk sed 's/\/usr\/libexe/\/opt\/libexe/g' dropbearmulti > dropbearmod mv dropbearmod dropbearmulti chmod 755 dropbearmulti chown root:root dropbearmulti reboot

That's all.
08-06-2008, 04:24
shinji257

I didn't even have to do that. On my wl500g router all I did was install openssh-sftp-server and it worked immediately with no hacking. I am using the stock dropbear server however. On the other hand if you are using dropbearmulti then I assume it will be required to hack the binary so it points to the correct location. ;)
14-12-2008, 17:59
nanomir

problem with sftp / wl500g ??

Hi all,

Sorry to open up an old thread, but I also have a wl-500g:

Quote:

Originally Posted by shinji257

I didn't even have to do that. On my wl500g router all I did was install openssh-sftp-server and it worked immediately ....

This is what I get via telnet session:

Code:

$ ipkg update Downloading http://wl500g.dyndns.org/ipkg/Packages Updated list of available packages in /opt/lib/ipkg/lists/wl500g Downloading http://ipkg.nslu2-linux.org/feeds/unslung/wl500g/Packages Updated list of available packages in /opt/lib/ipkg/lists/unslung Successfully terminated. $ ipkg install openssh-sftp-server Nothing to be done An error ocurred, return value: 4. Collected errors: Cannot find package openssh-sftp-server. Check the spelling or perhaps run 'ipkg update'

Is this package gone now? Using firmware 1.9.2.7-9...

Thanks...

EDIT: Fixed as per pvarela's instructions in #4, except no patching was needed for me (/usr/sbin/dropbear already pointed to /opt/libexec/sftp-server) :)
14-12-2008, 20:29
shinji257

Actually your update reveals that ipkg is pointing to the wrong ipkg list. That is the old location. here was the output from my search list.

Quote:

[shinji@WL-XXXXXXXXXXXX root]$ ipkg update
Downloading http://ipkg.nslu2-linux.org/feeds/op...table/Packages
.gz
Inflating http://ipkg.nslu2-linux.org/feeds/op...ble/Packages.g
z
Updated list of available packages in /opt/lib/ipkg/lists/optware
Successfully terminated.
[shinji@WL-XXXXXXXXXXXX root]$ ipkg list | grep openssh-sftp-server
openssh-sftp-server - 5.1p1-1 - sftp-server only from a FREE version of the SSH
protocol suite of network connectivity tools.
[shinji@WL-XXXXXXXXXXXX root]$ ipkg list_installed | grep openssh
openssh - 5.1p1-1 - a FREE version of the SSH protocol suite of network connecti
vity tools.
openssh-sftp-server - 5.1p1-1 - sftp-server only from a FREE version of the SSH
protocol suite of network connectivity tools.

Yours is pointing to http://ipkg.nslu2-linux.org/feeds/un...l500g/Packages but mine is pointing to the newer http://ipkg.nslu2-linux.org/feeds/op...le/Packages.gz. I think you were supposed to install ipkg-opt early on so it points to the new repository. I found that note in the changelog for 1.9.2.7-8. I have 1.9.2.7-10 installed right now.
06-01-2009, 00:25
nanomir

Hi Shinji,

Thanks for your answer ! You're absolutely right, seems in the meantime I managed to somehow update (maybe via ipkg-opt? cannot remember), so now I have ipkg list link shown same as yours..

Part of my problem could have been that:

Quote:

Originally Posted by shinji257

..... I have 1.9.2.7-10 installed right now.

And I think WL500g users are supposed to stop at ..-9:

Quote:

Originally Posted by ASUS WL-500g custom firmware page, [url

http://oleg.wl500g.info/[/url] ]
WL-500g/WL-300g/WL-500b/WL-500bv2/WL-HDD units are no longer supported in new firmware builds: use 1.9.2.7-9 as latest.

But, I'm glad all is fine now :)

Thanks,
Cheers !
20-03-2009, 02:56
demck85

i got the latest firmware x.x.10
i just installed openssh-sftp-server
found it, and started it up
no config to either dropbear or sftp, just works