This is useful if you don't mind security and you don't have enough space or resources for dropbear in your device.
To get this feature being enabled, building a custom firmware is required. Tested succesfully in OpenWrt Backfire 10.03.2 and LEDE 17.01
Index: package/base-files/files/bin/login.sh =================================================================== --- a/package/base-files/files/bin/login.sh (revision: 33603) +++ b/package/base-files/files/bin/login.sh (copia de trabajo) @@ -2,15 +2,14 @@ # Copyright (C) 2006-2010 OpenWrt.org if grep -qs '^root:[^!]' /etc/passwd /etc/shadow && [ -z "$FAILSAFE" ]; then - echo "Login failed." - exit 0 + echo "WARNING: telnet is a security risk" + busybox login else cat << EOF === IMPORTANT ============================ Use 'passwd' to set your login password - this will disable telnet and enable SSH + this will enable telnet login with password ------------------------------------------ EOF +exec /bin/ash --login fi - -exec /bin/ash --login
b. LEDE 17.01
diff --git a/package/base-files/files/bin/login.sh b/package/base-files/files/bin/login.sh new file mode 100755 index 0000000..87eae2d --- /dev/null +++ b/package/base-files/files/bin/login.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Copyright (C) 2006-2011 OpenWrt.org + +if ( ! grep -qs '^root:[!x]\?:' /etc/shadow || \ + ! grep -qs '^root:[!x]\?:' /etc/passwd ) && \ + [ -z "$FAILSAFE" ] +then + echo "WARNING: telnet is a security risk" + busybox login +else +cat << EOF + === IMPORTANT ============================ + Use 'passwd' to set your login password + this will enable telnet login with password + ------------------------------------------ +EOF +exec /bin/ash --login +fi + diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login index 3147cdc..3c398dd 100644 --- a/package/base-files/files/lib/preinit/99_10_failsafe_login +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login @@ -3,8 +3,7 @@ # Copyright (C) 2010 Vertical Communications failsafe_netlogin () { - dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key - dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 + telnetd -l /bin/login.sh <> /dev/null 2>&1 } failsafe_shell() { diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in index 1977e7f..d4446c5 100644 --- a/package/utils/busybox/Config-defaults.in +++ b/package/utils/busybox/Config-defaults.in @@ -2289,19 +2289,19 @@ config BUSYBOX_DEFAULT_TCPSVD default n config BUSYBOX_DEFAULT_TELNET bool - default n + default y config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE bool - default n + default y config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN bool default n config BUSYBOX_DEFAULT_TELNETD bool - default n + default y config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE bool - default n + default y config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT bool default n diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index 40bddd6..2e643f6 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -119,6 +119,7 @@ define Package/busybox/install $(INSTALL_DIR) $(1)/etc/init.d $(CP) $(PKG_INSTALL_DIR)/* $(1)/ $(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron + $(INSTALL_BIN) ./files/telnet $(1)/etc/init.d/telnet $(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd $(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug -rm -rf $(1)/lib64 diff --git a/package/utils/busybox/files/telnet b/package/utils/busybox/files/telnet new file mode 100755 index 0000000..a1d1cdf --- /dev/null +++ b/package/utils/busybox/files/telnet @@ -0,0 +1,38 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2011 OpenWrt.org + +START=50 + +USE_PROCD=1 +PROG=/usr/sbin/telnetd + +has_root_pwd() { + local pwd=$([ -f "$1" ] && cat "$1") + pwd="${pwd#*root:}" + pwd="${pwd%%:*}" + + test -n "${pwd#[\!x]}" +} + +get_root_home() { + local homedir=$([ -f "$1" ] && cat "$1") + homedir="${homedir#*:*:0:0:*:}" + + echo "${homedir%%:*}" +} + +has_ssh_pubkey() { + ( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \ + ( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys ) +} + +start_service() { + if ( ! has_ssh_pubkey && \ + ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \ + ( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null ); + then + procd_open_instance + procd_set_param command "$PROG" -F -l /bin/login.sh + procd_close_instance + fi +}
Copy the above content to a file into the build root with the name: telnet_enable.patch. And patch your build tree
patch -p1 -i telnet_enable.patch
Ensure the login.sh file has execution permissions
chmod +x package/base-files/files/bin/login.sh
make menuconfig
Enable login at Location:
-> Base system
-> busybox
-> Configuration
-> Login/Password Management Utilities
┌──────────────────────── Login/Password Management Utilities ────────────────────────┐ │ ┌─────────────────────────────────────────────────────────────────────────────────┐ │ │ │ [ ] Support for shadow passwords │ │ │ │ [ ] Use internal password and group functions rather than system functions │ │ │ │ [ ] Use internal crypt functions │ │ │ │ [ ] addgroup │ │ │ │ [ ] delgroup │ │ │ │ [ ] adduser │ │ │ │ [ ] deluser │ │ │ │ [ ] getty │ │ │ │ [ ] Support utmp file (NEW) │ │ │ │ [ ] Support wtmp file (NEW) │ │ │ │ [*] login │ │ │ │ [ ] Support for PAM (Pluggable Authentication Modules) (NEW) │ │ │ │ [ ] Support for login scripts (NEW) │ │ │ │ [ ] Support for /etc/nologin (NEW) │ │ │ │ [ ] Support for /etc/securetty (NEW) │ │ │ │ [*] passwd │ │ │ │ [ ] Check new passwords for weakness │ │ │ │ [ ] cryptpw │ │ │ └─v(+)────────────────────────────────────────────────────────────────────────────┘ │ ├─────────────────────────────────────────────────────────────────────────────────────┤ │ <Select> < Exit > < Help > │ └─────────────────────────────────────────────────────────────────────────────────────┘
Disable dropbear at Location:
-> Base system
┌──────────────────────────────────── Base system ────────────────────────────────────┐ │ ┌─────────────────────────────────────────────────────────────────────────────────┐ │ │ │ <*> base-files................................... Base filesystem for OpenWrt │ │ │ │ < > block-hotplug...................... Automount and autocheck block devices │ │ │ │ < > br2684ctl.................... ATM Ethernet bridging configuration utility │ │ │ │ < > bridge........................... Ethernet bridging configuration utility │ │ │ │ <*> busybox................................ Core utilities for embedded Linux -│ │ │ │ < > dnsmasq................................ A lightweight DNS and DHCP server │ │ │ │ < > dropbear........................................ Small SSH2 client/server │ │ │ │ < > ead.............................................. Emergency Access Daemon │ │ │ │ < > firewall................................................ OpenWrt firewall │ │ │ │ <*> hotplug2 │ │ │ │ <*> libc........................................................... C library │ │ │ │ <*> libgcc............................................... GCC support library │ │ │ │ --- libpthread.......................................... POSIX thread library │ │ │ │ --- librt................................ POSIX.1b RealTime extension library │ │ │ │ < > libstdcpp.................................... GNU Standard C++ Library v3 │ │ │ │ <*> mtd............................... Update utility for trx firmware images │ │ │ │ <*> opkg...................................... opkg package management system │ │ │ └─v(+)────────────────────────────────────────────────────────────────────────────┘ │ ├─────────────────────────────────────────────────────────────────────────────────────┤ │ <Select> < Exit > < Help > │ └─────────────────────────────────────────────────────────────────────────────────────┘
make V=s