Jump to content

Good real-world instructional for SSH to DDWRT?


NegativeSpace
 Share

Recommended Posts

I've learned a lot in the past few years. Some if it is pretty useful but I don't usually learn for that purpose. In this case I want to learn to SSH to server on my DDWRT router and actually use it in the wild. I have been reading tutorial after tutorial on various websites but none have given me the whole story. My immediate desire is to SSH to my router over LAN as I figure that by accomplishing this I will understand the process pretty well or at least well enough to start trying it over the internet.

Question One -- Where is a non theoretical, can actually teach a person to do the thing, doesn't assume lots of stuff, SSH to DDWRT tutorial? Or, if there is someone who wants to walk me through it, either real time or by email, I would much prefer that since I can't ask any questions of a tutorial.

I've watched every episode of HAK5 and I remember seeing lots of material about SSH to the Pineapple OS server but I don't remember exactly which episodes those were or if they would help me. If you do know which episodes those were I wouldn't mind watching them again.

Question Two -- How does all of the traffic that is generated by various software on a laptop get encrypted before it goes out to the network and to the home server over the internet? I understand the concept of the RSA public key encryption method and that we can use math to make sure a 'message' can not be read by anyone without knowledge of the private key. .......... Well it seems I'm having trouble explaining this........ How can a computers traffic, addressed to their home server, be encrypted before it leaves the computers network interface just by having a SSH connection to that home server? Is all of the data processed and encrypted after it leaves the web browser (or chat software or email client or chat software or where ever the data was generated) but before it leaves the network interface? How does this work? What takes the data generated from various sources on a computer and encrypts it? Or is this even what really happens? Maybe the better question is, does anyone even know what the hell I'm talking about at this point haha?

So to reiterate -- Where/How can I learn to SSH to my DDWRT router on my LAN (just to manage the router for now until I learn more)? When I want privacy on public wifi, should I use SSH and, if so, what software is actually responsible for making sure that all of my traffic is encrypted between my machine and my home server?

Link to comment
Share on other sites

Hak5 did a really good series that takes you through the whole process of SSH. It starts on season 11, episode 8. This series taught me pretty much everything I needed to know about the subject and goes into a lot of detail without supposing too much prior knowledge. Starting here may be your best bet.

http://hak5.org/episodes/hak5-1108

Link to comment
Share on other sites

Question 1: dd-wrt has a pretty good wiki page. If you wanted to setup a server, you would have to install the package and modify it's config file. It is just like any other linux based OS in that regard. Keep in mind SSH will be enabled with a password after you telnet to it and run passwd.

Question 2: It is a difference between SSH tunnel and VPN. SSH tunnels will only encrypt traffic that you use localhost:port for your proxy in the program. VPN will encrypt all traffic to the VPN server, but then is no longer encrypted (other than it's normal traffic encryption like https) when it goes out from there. Google search key terms like "VPN" and "SSH tunnel" in Google with "Hak5" and you should find the episodes.

Link to comment
Share on other sites

Hak5 did a really good series that takes you through the whole process of SSH. It starts on season 11, episode 8. This series taught me pretty much everything I needed to know about the subject and goes into a lot of detail without supposing too much prior knowledge. Starting here may be your best bet.

http://hak5.org/episodes/hak5-1108

I guess ill be checking out this episode. Hopefully I can learn enough to figure it out.

Link to comment
Share on other sites

Question 1: dd-wrt has a pretty good wiki page. If you wanted to setup a server, you would have to install the package and modify it's config file. It is just like any other linux based OS in that regard. Keep in mind SSH will be enabled with a password after you telnet to it and run passwd.

Question 2: It is a difference between SSH tunnel and VPN. SSH tunnels will only encrypt traffic that you use localhost:port for your proxy in the program. VPN will encrypt all traffic to the VPN server, but then is no longer encrypted (other than it's normal traffic encryption like https) when it goes out from there. Google search key terms like "VPN" and "SSH tunnel" in Google with "Hak5" and you should find the episodes.

Question one -- I'm a little confused about your answer to question one. Or, that is, I am confused about the DDWRT SSH server. Why is it necessary to install an SSH server on DDWRT if it already supports remote management by SSH?

What I've done so far is, under the DDWRT services tab I enable SSHd. I then use a terminal on a laptop to generate an SSH keypair. I copy that pairs public key into the DDWRT machines authorized keys. I change the port from default, and TCP forwarding and password login are disabled. When I try to SSH to DDWRT over LAN I get "permission denied (publickey)". I assume this error is caused by the fact that my client laptop does not have the DDWRT's public key. Do I need to use DDWRT to generate a keypair? (Which I don't quite know how to do, or what directory to copy it to on my client machine)

Question two -- What is the difference in purpose of SSH and VPN? If a person wants security while using open public wifi he would want to connect to a trusted VPN, right (as in an Open VPN server installed on his DDWRT router)? What is the practical purpose of SSH? I know I can manage a remote router with it, and there are obviously many other uses for it, so what can I use it for?

Link to comment
Share on other sites

Question one -- I'm a little confused about your answer to question one. Or, that is, I am confused about the DDWRT SSH server. Why is it necessary to install an SSH server on DDWRT if it already supports remote management by SSH?

What I've done so far is, under the DDWRT services tab I enable SSHd. I then use a terminal on a laptop to generate an SSH keypair. I copy that pairs public key into the DDWRT machines authorized keys. I change the port from default, and TCP forwarding and password login are disabled. When I try to SSH to DDWRT over LAN I get "permission denied (publickey)". I assume this error is caused by the fact that my client laptop does not have the DDWRT's public key. Do I need to use DDWRT to generate a keypair? (Which I don't quite know how to do, or what directory to copy it to on my client machine)

Question two -- What is the difference in purpose of SSH and VPN? If a person wants security while using open public wifi he would want to connect to a trusted VPN, right (as in an Open VPN server installed on his DDWRT router)? What is the practical purpose of SSH? I know I can manage a remote router with it, and there are obviously many other uses for it, so what can I use it for?

1) The ddwrt will be running the server, you will connect to it as a client. You will have to read the ddwrt wiki to see options for managing it.

2) ssh tunnel is great but some programs do not allow proxy. VPN's will encrypt everything, I run a VPN server on a VM.

Link to comment
Share on other sites

1) The ddwrt will be running the server, you will connect to it as a client. You will have to read the ddwrt wiki to see options for managing it.

2) ssh tunnel is great but some programs do not allow proxy. VPN's will encrypt everything, I run a VPN server on a VM.

Thanks for trying, but this doesn't really answer my questions.

Link to comment
Share on other sites

I have read so many wiki pages and forum threads and tutorials and this and that but none of them are complete enough to actually teach me to do this stuff. Every one of them leaves one step or another out, or assumes who ever is reading it knows things that people who haven't done the procedure before won't know. Sometimes I feel like these resources were all made for fun or entertainment and not actually for education/instruction. It's not this way for just this case but for all kinds of other things computer related. If I want to learn to actually, in real life, do some non-standard non-average-user stuff with my computer, it seems like I literally always end up having to figure out most of it myself, which I can't always do. So now I'm left with no more ability to use SSH than a week ago when I started trying to learn to do it.

None of what I read mentioned the need to telnet and run passwd (which, when I tried it, the command was not recognized by ddwrt). I still don't understand if I do need a password to SSH to my router, or if I don't need a password to SSH to my router. If I do, I don't know how to make it, unless the correct way is to telnet to it and run passwd, which doesn't work for me.

Doesn't anyone else need, literally, step by step instructions in order to learn to do this kind of thing or am I the only one who finds bits a pieces of instructional information fucking useless? Maybe I'm just learning impaired but it seems to me that, when trying to learn things that I know very little about, only complete information is of any use what so ever! I'm tired of trying to learn new things and having to give up after wasting so much time because of the lack of correctly composed information.

Link to comment
Share on other sites

Dude, you are in need of chill.

1) Do you know the IP of your router? If you don't know the IP of your router and your running windows (as I assume you are, I tldr'd your post man, sorry). Hold down windows key and press the "r" button. Type in: cmd Type in ipconfig in your command window. If you're plugged into your network with a cable, look for Local Area Connection. Note the "Default Gateway". If you're connected via wifi, look for Wireless Lan Adapter and note the Default gateway. That is your routers IP address.

Download putty and in the big Host Name field, type in the IP of your router and click Open

Thats it.

2) ssh tunneling is a proxy. Other proxies might be specialized computers on an enterprise network. In this case, the proxy is on your computer. All proxies sit in between your browser (thats properly configured to use the proxy) and the internet. So with ssh tunnels, all the packets that make up you going to a webpage in your browser are encrypted on your computer before they hit the wire.

Anyways, ssh is really really really easy for those of us who've been using linux for years. Its like, the most basic of things. If you've really watched every episode of hak5 AND paid attention, you'd know this stuff. The series of episodes on ssh spell it out in gory detail. Anyways, good luck

telot

Edited by telot
Link to comment
Share on other sites

Dude, you are in need of chill.

1) Do you know the IP of your router? If you don't know the IP of your router and your running windows (as I assume you are, I tldr'd your post man, sorry). Hold down windows key and press the "r" button. Type in: cmd Type in ipconfig in your command window. If you're plugged into your network with a cable, look for Local Area Connection. Note the "Default Gateway". If you're connected via wifi, look for Wireless Lan Adapter and note the Default gateway. That is your routers IP address.

Download putty and in the big Host Name field, type in the IP of your router and click Open

Thats it.

2) ssh tunneling is a proxy. Other proxies might be specialized computers on an enterprise network. In this case, the proxy is on your computer. All proxies sit in between your browser (thats properly configured to use the proxy) and the internet. So with ssh tunnels, all the packets that make up you going to a webpage in your browser are encrypted on your computer before they hit the wire.

Anyways, ssh is really really really easy for those of us who've been using linux for years. Its like, the most basic of things. If you've really watched every episode of hak5 AND paid attention, you'd know this stuff. The series of episodes on ssh spell it out in gory detail. Anyways, good luck

telot

I do know the ip of my router. I would have no business attempting to learn the ins and outs of the SSH protocol if I didn't. My SSH client is running in Ubuntu 12.04. I have given my SSH server my public key and used ssh -l <my user name> -p <my SSH port> <my ip address> and connected to the server before. I had some WiFi module problems and had to take a break from learning SSH to fix that. Now the problem is that I don't remember exactly all of the correct steps to the procedure, and something has changed.

When I try to SSH to my router over LAN I get a key fingerprint that does not match the one of the new key that I just copied to my SSH server. Now I am at a loss of why a server on my LAN has apparentely been compromised. I generated a new key pair several times, changed the SSH port, and even connected t the router by ethernet, and I keep getting the same key fingerprint, even after I change the routers RSA key.

I watched every episode of HAK5 and paid attention. That does not mean I remember everything I saw or that I understood everything that happened. It has been coming on several years since I watched many of the episodes and at the time I wasn't thinking "I should try to remember everything they say about SSH so that when I'm trying to learn it in the future I will already know most of the answers to questions that might come up". I understand what SSH is supposed to do. I know the concept of proxying web traffic. I just don't know exactly how it happens. I am the kind of person that doesn't believe I really know something unless I understand everything about it. I don't know if you meant to say that you think I was lying and that's why I had to ask these questions, but it's pretty insulting either way. I doubt SSH is really really really easy for every person who has been using Linux for years. That is ridiculous. If it is so easy, then please explain, exactly, the steps that I need to take in order to establish a connection, using the Gnome Terminal command line, with my SSH server running on DDWRT over LAN from the OpenSSH client on my Ubuntu laptop.

Edited by NegativeSpace
Link to comment
Share on other sites

That is ridiculous. If it is so easy, then please explain, exactly, the steps that I need to take in order to establish a connection, using the Gnome Terminal command line, with my SSH server running on DDWRT over LAN from the OpenSSH client on my Ubuntu laptop.

ssh user@host

Thats it. If you're switching ports and using keys, you're skipping to intermediate level without doing the beginner stuff. The most basic form of ssh is just what I put in above. That is where you should start if you're struggling. If you absolutely have to change the ssh port (and I don't blame you for a second), it'll look like this: ssh -p 8088 root@192.168.1.1 except with the port number you selected after the -p and your routers IP address after the @. I'm assuming that the router only has a root user as well - I'm not vividly familiar with dd-wrt. Enjoy!

telot

Edited by telot
Link to comment
Share on other sites

I understand that some topics may be aggravating to understand, but let's keep emotions out of it. Keep in mind there is a lot of underlying basics (networking, NAT, etc.) that need to be understood. Episodes are not meant to be a formal education, but more of an overview of concepts and possibilities.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...