OpenWrt Forum Archive

Topic: [Howto] enable telnet for logging in

The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
candlerb
2 Aug 2007, 08:38

Suppose you have set a root password, and for whatever reason you wish to continue to use telnet to access the unit rather than being forced to use ssh. Here's how to do it.

(1) Download the source from subversion (tested here with Kamikaze 7.07). 'make menuconfig' and enable the 'login' component of busybox, by selecting Base System -> Busybox Configuration -> Login/Password Management Utilities -> login

Use 'make' to build the firmware image, and then flash it onto your unit. (Or you could just upload the busybox package, but that would waste flash space)

(2) Modify /etc/init.d/telnet so that it always starts telnetd. It should look like this:

#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
START=50

start() {
        telnetd -l /bin/login
}

stop() {
        killall telnetd
}

(3) Replace /bin/login with a symlink to busybox

cd /bin
rm login
ln -s busybox login

That's it. Note, there is a security problem: you won't be prompted for a password if you give an invalid username, so it's very easy for an attacker to probe for valid usernames. But any attacker probably knows that your main login username is 'root'; and if you care about security, you'll probably want to stick with ssh anyway.

Post #2
candlerb
14 Aug 2007, 08:46

DANGER: make sure you set a root password first - or if building a complete image to reflash, include a root password in /etc/passwd.

Otherwise, you will find yourself completely locked out. Even "Failsafe" mode won't work; you'll just get a login prompt which you can't login at. You will be forced to use whatever TFTP-mode reflashing or recovery disk that your platform provides.

(The problem here is that in etc/preinit in failsafe mode, it still just runs telnetd -l bin/login. Suggestion to OpenWrt developers: maybe this should be changed to point to a script which is specific to failsafe mode, and won't be broken if the user compiles login support to busybox)

(Last edited by candlerb on 14 Aug 2007, 09:49)

The discussion might have continued from here.