Discussion:
Add a user/password interface for a Telnet and ftp connect
Alexis Guilloteau
2015-03-18 14:50:40 UTC
Permalink
Hi,

Right now i can run a Telnet daemon on one of my board using the command
"/usb/sbin/telnet -l /bin/sh" and run a ftp daemon thanks to inetd.conf but
each of the connection are anonymous (well, it ask for a user name but not
for a password...)
After looking at the help of the ftpd function in busybox i know that the
main function is to create an anonymous ftp server so i was not surprised
with the lack but do you think there would be a solution for that ? I would
think it would be to work into the .c file of the function but maybe you
have another idea.
And pretty much the same thing for telnetd. Right now the only user on the
board is the root with no password.

Kind regards,
AG
Harald Becker
2015-03-18 15:12:55 UTC
Permalink
Post by Alexis Guilloteau
After looking at the help of the ftpd function in busybox i know that
the main function is to create an anonymous ftp server so i was not
surprised with the lack but do you think there would be a solution for
that ?
Busybox ftpd is an anonymous ftpd, without access restrictions. I
suggest putting the files to be served in a separate directory, using a
chroot and running ftpd with a low privileged user (not as root), so ftp
access goes not to system related files.

... else you need a full ftpd package (not Busybox ftpd).
And pretty much the same thing for telnetd.
If login to telnetd is done the usual way, it should use /bin/login,
which shall ask for user name and password, but beware all those
information is send in clear (readable) text on the net.
Right now the only user on the board is the root with no password.
May be that's your problem. Have you set up your password system correct
/etc/passwd, /etc/shadow, /etc/group ?

... and based on information from your mail: Is your inetd running in
the right directory? Has it access to the other commands (especially
when your BB is not installed at /bin/busybox)?
Michael Conrad
2015-03-18 16:21:27 UTC
Permalink
Post by Alexis Guilloteau
Hi,
Right now i can run a Telnet daemon on one of my board using the
command "/usb/sbin/telnet -l /bin/sh" and run a ftp daemon thanks to
inetd.conf but each of the connection are anonymous (well, it ask for
a user name but not for a password...)
After looking at the help of the ftpd function in busybox i know that
the main function is to create an anonymous ftp server so i was not
surprised with the lack but do you think there would be a solution for
that ? I would think it would be to work into the .c file of the
function but maybe you have another idea.
And pretty much the same thing for telnetd. Right now the only user on
the board is the root with no password.
If you do want any sort of security, you are better off using ssh and
sftp. Telnet and ftp don't really offer any security even with
passwords, so there is little interest in adding support for permissions
to those applets. The most popular ssh for embedded is 'dropbear':
https://matt.ucc.asn.au/dropbear/dropbear.html

-Mike

Continue reading on narkive:
Loading...