Jump to content


Photo

Remote ssh/sftp Access to VU+ or Zgemma running Openpli


  • Please log in to reply
12 replies to this topic

#1 zwdpacjent

  • Member
  • 10 posts

+1
Neutral

Posted 24 December 2023 - 12:48

Hi All,

 

I'm looking for best method of enabling remote sftp/ssh access to another STB box running openpli. My mum lives 2000 miles away from me, I would like be able to make changes to the oscam config files, update the channel list & software itself. Its difficult to explain it to 75 year old as you imagine.

 

Can someone please advise ? I can donate again to OpenPLi for good advice here or direct messenger :)

 

Thank you !



Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #2 littlesat

  • PLi® Core member
  • 57,384 posts

+708
Excellent

Posted 24 December 2023 - 13:22

I would consider to use ssh an open the port. And do this without password, use keys. There is guaranteed info about this on our wiki.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #3 littlesat

  • PLi® Core member
  • 57,384 posts

+708
Excellent

Posted 24 December 2023 - 13:23

Fyi https://wiki.openpli...Tips_and_Tweaks
http://www.milosoftw...p?body=dropbear

Edited by littlesat, 24 December 2023 - 13:26.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #4 littlesat

  • PLi® Core member
  • 57,384 posts

+708
Excellent

Posted 24 December 2023 - 13:27

For the type of key you need a specific type as we now have a requirement to put it at a higher level.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #5 zwdpacjent

  • Member
  • 10 posts

+1
Neutral

Posted 3 January 2024 - 23:41

Thanks, Im following the guide but when attempting to use the key Im getting reject from the stb as below

 

Using username "root".
Server refused our key
root@192.168.xx.XXX's password:
 
Seems there is a difference between latest Putty I've downloaded and one shared in the guide. I've tried with RSA & SSH-1 (RSA) so far. Any logs I can find why this is happening ? Cant see anything in dmesg


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #6 zwdpacjent

  • Member
  • 10 posts

+1
Neutral

Posted 4 January 2024 - 11:45

For the type of key you need a specific type as we now have a requirement to put it at a higher level.

Please advise on the above, I would like to test this as soon as possible. Many Thanks !!!



Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #7 WanWizard

  • PLi® Core member
  • 70,762 posts

+1,830
Excellent

Posted 4 January 2024 - 13:59

I don't really undestand what the problem is.

 

I can copy my existing key from my laptop to a box, add it to authorized_keys, and it just works?

 

The issue might be RSA and SSH-1, both are considered insecure. I'll check later what key I use at the moment.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #8 WanWizard

  • PLi® Core member
  • 70,762 posts

+1,830
Excellent

Posted 4 January 2024 - 14:29

I checked, I have a

  • 256 bit RSA key, SHA256
  • 256 bit ECDSA key, SHA256
  • 2048 bit ED25519 key, SHA256

and all three work when using SSH into a box without password ( when the .pub is added to the authorized_keys file ).


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #9 zwdpacjent

  • Member
  • 10 posts

+1
Neutral

Posted 4 January 2024 - 15:43

I checked, I have a

  • 256 bit RSA key, SHA256
  • 256 bit ECDSA key, SHA256
  • 2048 bit ED25519 key, SHA256

and all three work when using SSH into a box without password ( when the .pub is added to the authorized_keys file ).

 

I will re-check again with different keys and brand new stb with fresh OpenPli flash to it tonight. Ill let you know. Thank you for the support so far.



Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #10 WanWizard

  • PLi® Core member
  • 70,762 posts

+1,830
Excellent

Posted 4 January 2024 - 18:11

The Milo tutorial is quite outdated, it was made in the time of the DM8000.

 

Some key changes: make the minimum key 1024 (or better 2048) bits, and use SHA256, when generating a key.

 

I don't use Windows, key generation on linux works differently, but uses the same parameters.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #11 littlesat

  • PLi® Core member
  • 57,384 posts

+708
Excellent

Posted 4 January 2024 - 20:55

In the latest putty gen choose the one wanwizard indicates. When you don’t you get indeed the mentioned issue.

Edited by littlesat, 4 January 2024 - 20:56.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #12 420f00f3

  • Senior Member
  • 49 posts

0
Neutral

Posted 5 January 2024 - 18:02

I checked, I have a

  • 256 bit RSA key, SHA256
  • 256 bit ECDSA key, SHA256
  • 2048 bit ED25519 key, SHA256

and all three work when using SSH into a box without password ( when the .pub is added to the authorized_keys file ).

I would recommend not to open up the SSH port on the BOX to the whole world, but hide it behind VPN (have a VPN running on the router itself).

 

WireGuard is generally recommended and all MikroTik devices support it and are cheap and available in all sizes and price range.

 

See an article over here as well
https://www.world-of...ll=1#post447298

 

I have been using RSA and ECDSA keys, but recently changed to ED25519 on my PC,

but have been unable to log in without a password (with key only) on my box running OpenPLi 8.3-release (2023-06-25-release-8.3) as well ...

Could be that the version of the DropBear is bit out of date:
 

root@vuduo4kse:~# dropbear -v
Invalid option -v
Dropbear server v2019.78 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile  Display the contents of bannerfile before user login
    (default: none)
-r keyfile  Specify hostkeys (repeatable)
    defaults:
    dss /etc/dropbear/dropbear_dss_host_key
    rsa /etc/dropbear/dropbear_rsa_host_key
    ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-R    Create hostkeys as required
-F    Don't fork into background
-E    Log to stderr rather than syslog
-w    Disallow root logins
-G    Restrict logins to members of specified group
-s    Disable password logins
-g    Disable password logins for root
-B    Allow blank password logins
-T    Maximum authentication tries (default 10)
-j    Disable local port forwarding
-k    Disable remote port forwarding
-a    Allow connections to forwarded ports from any host
-c command  Force executed command
-p [address:]port
    Listen on specified tcp port (and optionally address),
    up to 10 can be specified
    (default port is 22 if none specified)
-P PidFile  Create pid file PidFile
    (default /var/run/dropbear.pid)
-i    Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version
https://matt.ucc.asn.au/dropbear/dropbear.html
Download
Latest is 2022.83
14 November 2022
dropbear‑2022.83.tar.bz2

 


Vu+ Duo4K SE with 45308X FBC and BCM3466 running OpenPLi 8.3-release (2023-06-25-release-8.3)
Vu+ Ultimo4K with BCM3148, 45208 FBC and TT3L10 running OpenPLi 8.3-release (2023-06-25-release-8.3)


Re: Remote ssh/sftp Access to VU+ or Zgemma running Openpli #13 WanWizard

  • PLi® Core member
  • 70,762 posts

+1,830
Excellent

Posted 5 January 2024 - 18:08

I would recommend not to open up the SSH port on the BOX to the whole world, but hide it behind VPN (have a VPN running on the router itself).

 

Obvously, but that is not related to the desire to want to use a key instead of a password. I have nothing exposed (and a real firewall with default deny all), but still use SSH keys everywhere.

 

I have been using RSA and ECDSA keys, but recently changed to ED25519 on my PC,

but have been unable to log in without a password (with key only) on my box running OpenPLi 8.3-release (2023-06-25-release-8.3) as well ...

 

8.3-release is no longer maintained, like all releases before it.

 

The current maintained release is 9.0, and it has no problem with my ED25519 SHA256 key...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users