Posted 24 December 2023 - 12:48
Hi All,
I'm looking for best method of enabling remote sftp/ssh access to another STB box running openpli. My mum lives 2000 miles away from me, I would like be able to make changes to the oscam config files, update the channel list & software itself. Its difficult to explain it to 75 year old as you imagine.
Can someone please advise ? I can donate again to OpenPLi for good advice here or direct messenger 
Thank you !
Posted 24 December 2023 - 13:22
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Posted 24 December 2023 - 13:23
Edited by littlesat, 24 December 2023 - 13:26.
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Posted 24 December 2023 - 13:27
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Posted 3 January 2024 - 23:41
Thanks, Im following the guide but when attempting to use the key Im getting reject from the stb as below
Posted 4 January 2024 - 11:45
For the type of key you need a specific type as we now have a requirement to put it at a higher level.
Please advise on the above, I would like to test this as soon as possible. Many Thanks !!!
Posted 4 January 2024 - 13:59
I don't really undestand what the problem is.
I can copy my existing key from my laptop to a box, add it to authorized_keys, and it just works?
The issue might be RSA and SSH-1, both are considered insecure. I'll check later what key I use at the moment.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 4 January 2024 - 14:29
I checked, I have a
and all three work when using SSH into a box without password ( when the .pub is added to the authorized_keys file ).
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 4 January 2024 - 15:43
I checked, I have a
- 256 bit RSA key, SHA256
- 256 bit ECDSA key, SHA256
- 2048 bit ED25519 key, SHA256
and all three work when using SSH into a box without password ( when the .pub is added to the authorized_keys file ).
I will re-check again with different keys and brand new stb with fresh OpenPli flash to it tonight. Ill let you know. Thank you for the support so far.
Posted 4 January 2024 - 18:11
The Milo tutorial is quite outdated, it was made in the time of the DM8000.
Some key changes: make the minimum key 1024 (or better 2048) bits, and use SHA256, when generating a key.
I don't use Windows, key generation on linux works differently, but uses the same parameters.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 4 January 2024 - 20:55
Edited by littlesat, 4 January 2024 - 20:56.
WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W
Posted 5 January 2024 - 18:02
I checked, I have a
- 256 bit RSA key, SHA256
- 256 bit ECDSA key, SHA256
- 2048 bit ED25519 key, SHA256
and all three work when using SSH into a box without password ( when the .pub is added to the authorized_keys file ).
I would recommend not to open up the SSH port on the BOX to the whole world, but hide it behind VPN (have a VPN running on the router itself).
WireGuard is generally recommended and all MikroTik devices support it and are cheap and available in all sizes and price range.
See an article over here as well
https://www.world-of...ll=1#post447298
I have been using RSA and ECDSA keys, but recently changed to ED25519 on my PC,
but have been unable to log in without a password (with key only) on my box running OpenPLi 8.3-release (2023-06-25-release-8.3) as well ...
Could be that the version of the DropBear is bit out of date:
root@vuduo4kse:~# dropbear -v Invalid option -v Dropbear server v2019.78 https://matt.ucc.asn.au/dropbear/dropbear.html Usage: dropbear [options] -b bannerfile Display the contents of bannerfile before user login (default: none) -r keyfile Specify hostkeys (repeatable) defaults: dss /etc/dropbear/dropbear_dss_host_key rsa /etc/dropbear/dropbear_rsa_host_key ecdsa /etc/dropbear/dropbear_ecdsa_host_key -R Create hostkeys as required -F Don't fork into background -E Log to stderr rather than syslog -w Disallow root logins -G Restrict logins to members of specified group -s Disable password logins -g Disable password logins for root -B Allow blank password logins -T Maximum authentication tries (default 10) -j Disable local port forwarding -k Disable remote port forwarding -a Allow connections to forwarded ports from any host -c command Force executed command -p [address:]port Listen on specified tcp port (and optionally address), up to 10 can be specified (default port is 22 if none specified) -P PidFile Create pid file PidFile (default /var/run/dropbear.pid) -i Start for inetd -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB) -K <keepalive> (0 is never, default 0, in seconds) -I <idle_timeout> (0 is never, default 0, in seconds) -V Version
https://matt.ucc.asn.au/dropbear/dropbear.html Download Latest is 2022.83 14 November 2022 dropbear‑2022.83.tar.bz2
Vu+ Duo4K SE with 45308X FBC and BCM3466 running OpenPLi 8.3-release (2023-06-25-release-8.3)
Vu+ Ultimo4K with BCM3148, 45208 FBC and TT3L10 running OpenPLi 8.3-release (2023-06-25-release-8.3)
Posted 5 January 2024 - 18:08
I would recommend not to open up the SSH port on the BOX to the whole world, but hide it behind VPN (have a VPN running on the router itself).
Obvously, but that is not related to the desire to want to use a key instead of a password. I have nothing exposed (and a real firewall with default deny all), but still use SSH keys everywhere.
I have been using RSA and ECDSA keys, but recently changed to ED25519 on my PC,
but have been unable to log in without a password (with key only) on my box running OpenPLi 8.3-release (2023-06-25-release-8.3) as well ...
8.3-release is no longer maintained, like all releases before it.
The current maintained release is 9.0, and it has no problem with my ED25519 SHA256 key...
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
0 members, 0 guests, 0 anonymous users
