Pineapple-flavored Turtle Soup - How To Guide

[telot]

Hey all - I got my Lan Turtle + Wifi Pineapple NANO remix finally (mostly) working. Goal of the project was to incorporate lan turtley goodness into the NANO so I could drop it on a target network and have it have full access to the LAN, ssh relay to my vps (including gui), and do up the PineAP badassness. Heres how I did it:

Power up NANO with USB wall wart.

Connect to NANO over wifi from computer.

Connect usb to ethernet adapter to NANO and the network.

ifconfig eth1 up
udhcpc -i eth1
ping www.google.com

If you're getting ping responses, you've just confirmed all is working well.

Make a backup of your network config:

cp /etc/config/network /root/network.bkup

Then edit the network config file:

nano /etc/config/network

To make it so that your PineAP will use eth1 for internet access (instead of relying on a PC / eth0), change the following:

config interface 'lan'

option ifname 'eth1'

option type 'bridge'

option proto 'dhcp'

option dns '8.8.8.8, 8.8.4.4'

Then edit the rc.local so your eth1 adapter comes up on boot up and grabs a dhcp address and creates a tunnel for ssh and the GUI:

nano /etc/rc.local

add in the following above the line:

ifconfig eth1 up

udhcpc -i eth1

autossh -M 20000 -R 2223:localhost:22 -R 1471:localhost:1471 example.com

Then you can ssh into your vps and type: ssh -p 2223 root@localhost for ssh access and go to example.com:1471 for GUI access.

SOME ISSUES:

**I'm having some issues with this build and I'd love your input.**

1. The LED blinks constantly. No idea why.

2. The "reboot" command via ssh no longer reboots it

3. Sometimes for some reason the autossh doesn't work on boot up.

I'm thinking the /etc/config/network modifications aren't ideal - somethings up with that and I'll continue to play with it.

Other than that, it works! Drop that Pineapple flavored turtle soup on a network and walk away!

Hope you enjoyed

telot

[Foxtrot]

SOME ISSUES:

**I'm having some issues with this build and I'd love your input.**

1. The LED blinks constantly. No idea why.

2. The "reboot" command via ssh no longer reboots it

3. Sometimes for some reason the autossh doesn't work on boot up.

I'm thinking the /etc/config/network modifications aren't ideal - somethings up with that and I'll continue to play with it.

1. The LED on the pineapple, or lan turtle?

2. Hmm, not sure for certain, but I have a hunch that reboot is disabled to avoid the tunnel closing.

3. Perhaps this is what you are looking for.

Edited January 12, 2016 by Foxtrot

[telot]

Sorry - to clear up: Theres no lan-turtle - merely the functionality of the lan turtle is brought to the NANO with this hack. Being able to drop this on a network, get a shell AND have pineapple powers at your disposal. Sorry for the confusion :S

1. LED on the NANO

2. That could be! I will check into it

3. I'll read up more on autossh. I suspect perhaps it's trying to execute the command before udhcpc is done receiving its address from the router, and therefore fails?

Thanks Foxtrot

telot

Edited January 12, 2016 by telot

[Foxtrot]

My bad for misunderstanding!

The LED on the Pineapple (and other routers with openwrt) work with triggers. Currently, the trigger for the blue LED is:

none timer default-on [netdev] phy0rx phy0tx phy0assoc phy0radio phy0tpt phy1rx phy1tx phy1assoc phy1radio phy1tpt

AKA, monitoring network activity. For RX, TX and other stuff(like associations, specifically), you can use the other triggers. You can disable the LED by setting brightness to zero, or maybe you can use a trigger described in the first link to customize it.

As for your SSH issues, sorry I can't help more yet. Good luck!

EDIT- Actually, the better way to disable the LED and manage it is to edit the 'led' block inside of /etc/config/system.

config led
        option name     'wlan0'
        option sysfs    'pineapple:blue:system'
        option trigger  'netdev'
        option dev      'wlan0'
        option mode     'link tx rx'

Edited January 12, 2016 by Foxtrot

[audibleblink]

Try configuring autossh from /etc/config/autossh and then running:

/etc/init.d/autossh enable
/etc/init.d/autossh start

I was having a similar problem before using the built in autossh. Also, autossh polls for connection every 10 minutes. That's too long if you're testing things out. You can set it to a shorter time by creating an environment variable in /etc/profile

export AUTOSSH_POLL=30

Edited January 12, 2016 by audibleblink

[telot]

Thanks for the clarification on the LEDs foxtrot - looks like your digging turned out some other cool stuff (green LED? pretty sweet)!

And thanks for the pointers on the autossh service audibleblink. I configured it in /etc/config/autossh, and /etc/init.d/autossh enable /etc/init.d/autossh start works - creates the tunnel for both ssh and gui just fine. However, when I try and add it to /etc/rc.local, it won't connect on boot up.

I've tried

/etc/init.d/autossh start

/etc/init.d/autossh enable

/etc/init.d/autossh start

and

/etc/init.d/autossh reload

And none of them seem to link up to my vps upon boot up. Any ideas where I can put this so it will connect without me having to ssh in and run the commands manually?

Many thanks!

telot

[audibleblink]

You shouldn't have to add it to rc.local. By running `/etc/init.d/autossh enable`, you've registered the script with the sysvinit service manager which means it will run on boot automatically. Try rebooting and then sshing in and running `ps | grep ssh`. You should see at least two things, the autossh process and the ssh process that it spawned

[telot]

Yep its there - but most unfortunately theres no connection to my vps.

root@Pineapple:~# ps | grep ssh

1441 root 3292 S /usr/sbin/sshd -D

1544 root 788 S /usr/sbin/autossh -M 20000 -i /etc/dropbear/id_rsa -N -T -R 2223:localhost:22 -R 1471:localhost:1471 telot@telots.vps -p 2024

1547 root 3268 S /usr/bin/ssh -L 20000:127.0.0.1:20000 -R 20000:127.0.0.1:20001 -i /etc/dropbear/id_rsa -N -T -R 2223:localhost:22 -R 1471:localhost:1471 -p 2024 telot@telots.vps

1739 root 5868 S sshd: root@pts/0

1747 root 1376 S grep ssh

Yet theres nothing in nestat on the vps:

telot@telots.vps:~$ netstat -l

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 *:20001 *:* LISTEN

tcp 0 0 *:2024 *:* LISTEN

tcp 0 0 *:2222 *:* LISTEN

tcp 0 0 *:48371 *:* LISTEN

tcp 0 0 *:19999 *:* LISTEN

tcp6 0 0 [::]:2024 [::]:* LISTEN

raw6 0 0 tropic.urts.i:ipv6-icmp [::]:* 7

Active UNIX domain sockets (only servers)

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 483440100 /dev/log

unix 2 [ ACC ] STREAM LISTENING 483439704 @/com/ubuntu/upstart

(note: my vps is on port 2024. The NANO forwards port 2223 (NOT 2222 as default - my lan turtle already uses that one)

Now after I run /etc/init.d/reload manually:

root@Pineapple:~# ps | grep ssh

1441 root 3292 S /usr/sbin/sshd -D

1739 root 5880 S sshd: root@pts/0

1768 root 788 S /usr/sbin/autossh -M 20000 -i /etc/dropbear/id_rsa -N -T -R 2223:localhost:22 -R 1471:localhost:1471 telot@telots.vps -p 2024

1769 root 3268 S /usr/bin/ssh -L 20000:127.0.0.1:20000 -R 20000:127.0.0.1:20001 -i /etc/dropbear/id_rsa -N -T -R 2223:localhost:22 -R 1471:localhost:1471 -p 2024 telot@telots.vps

1773 root 1376 S grep ssh

and netstat -l:

telot@telots.vps:~$ netstat -l

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 *:20001 *:* LISTEN

tcp 0 0 *:2024 *:* LISTEN

tcp 0 0 *:2222 *:* LISTEN

tcp 0 0 *:2223 *:* LISTEN

tcp 0 0 *:48371 *:* LISTEN

tcp 0 0 *:1471 *:* LISTEN

tcp 0 0 *:19999 *:* LISTEN

tcp 0 0 *:20000 *:* LISTEN

tcp6 0 0 [::]:2024 [::]:* LISTEN

raw6 0 0 tropic.urts.i:ipv6-icmp [::]:* 7

Active UNIX domain sockets (only servers)

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 483440100 /dev/log

unix 2 [ ACC ] STREAM LISTENING 483439704 @/com/ubuntu/upstart

Bizarre eh?

telot

[audibleblink]

I had a similar experience when I firt got the nano. I ended up writing my own script to make it work. Unsatisfied with getting autossh working by itself, I kept looking and discovered the path for the `-i` flag in the autossh config was off by 1 character. Your problem has all the same symptoms as mine did.

Is your id_rsa actually in /etc/dropbear and do they have the right permissions? Strange that it fails to connect when left to its own devices but you can manually connect once ssh'd in. Unless you're forwarding your agent somehow.

Perhaps you could find a way to stick a -vv flag in the autossh config and pipe the output to a log file? That way you have a log of what is happeneing when it fails.

Edit: I'm not using the script anymore because I found the issue, but here is my post about it incase you justt need something that will work in a pinch. https://forums.hak5.org/index.php?/topic/37246-autossh-to-relay-server/#entry270330

Edited January 13, 2016 by audibleblink

[telot]

Many thanks audibleblink! It was absolutely an extra whitespace in the command in /etc/config/autossh. Boom! Connects right away upon boot up. Thank you so much for your assistance!

telot