DD-WRT: Samba Startup Script / Reconfigure Dropbear SSHd

Yep, still working with DD-WRT :).. I wanted to make some changes to the router config but these changes aren’t available in DD-WRT’s control panel. Since we’re working with Linux here, I figured there had to be SOME way to hack it up.. Well, I was correct! The firmware has some features that make it pretty simple to execute a script at startup. You have some options, one is to enable JFFS and physically store a script on the router. Another is to mount a Samba share on startup and keep your script there. I opted for the Samba share because it can store your script as well as allow you to upload files (via scp for instance) directly to a computer on your network through your SSHd.

The script I’m creating is only useful if you have your router configured for remote SSH management (see DD-WRT: SSH Remote Management with Public Key Authentication for my how-to). The configuration process applies to setting up any startup script on a Samba share.

The script I want to execute on startup is going to change the configuration of the Dropbear SSHd. By default, when you connect to the router via SSH, you’re presented with a pre-login prompt advertising the firmware’s version. I prefer not sharing that info with anyone (not in such a blatant fashion at any rate), so I need to kill off the dropbear process and restart it without the banner flag. You might be wondering why I don’t just edit dropbear’s config file on the router… The simple answer is that there isn’t one. :)

I’m going to be using a Samba share I’ve created just for DD-WRT on the machine named ubuntu (also my desktop). The local path is ~/ddwrt and the network path is smb://ubuntu/ddwrt

Create the script:

Create a script on your Samba share named dd-wrt-startup.sh. One way to create the file is to enter the commands below in a terminal.

cd ~/ddwrt
touch dd-wrt-startup.sh

Open ~/ddwrt/dd-wrt-startup.sh with your editor of choice and add the text below (each command should be on its own line):

#!/bin/sh
## kill/restart dropbear; remove pre-logon message
killall dropbear
dropbear -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22 -s

Be sure that when you specify the port (-p 22), you use the same port that you have configured in the DD-WRT control panel.

The difference between the command to launch dropbear that I wrote, and the command the router defaults to, is that I’ve removed the banner file flag (-b [path to loginprompt]). If you want to see what the exact command line is on your router before you make the change, SSH in and enter a ps, someplace in the process list you’ll see the dropbear command line.

Configure Samba FS Automount:

Before going on, be sure that the Samba server has a static IP or (better yet) a static DHCP address. If you don’t use static DHCP, you may want to use the machine’s IP address instead of its name when configuring the share below. Check out the DD-WRT DNSMasq wiki page for more info.

Log into the DD-WRT Control Panel, Click Administration then select the Management tab. Scroll down to the Samba FS Automount section and configure as follows:

  • SMB Filesystem: Enable
  • Share: //ubuntu/ddwrt
  • User Name: [valid smb user]
  • Password: [smb user's password]
  • Startscript: dd-wrt-startup.sh

Now all you need to do is click Save Settings and Reboot Router. The next time you SSH in, you’ll notice that no information about the router is given until you’ve provided your credentials and successfully authenticated. You will also notice that entering the mount command will show you that your Samba share is mounted to /tmp/smbshare.

Tags: , , , ,

4 Responses to “DD-WRT: Samba Startup Script / Reconfigure Dropbear SSHd”

  1. dude says:

    This is great but I am ending up with two dropbear processes running for some reason. Is this normal?

    # ps
    PID Uid VmSize Stat Command
    1 root 492 S /sbin/init noinitrd
    2 root SW [keventd]
    3 root SWN [ksoftirqd_CPU0]
    4 root SW [kswapd]
    5 root SW [bdflush]
    6 root SW [kupdated]
    11 root SW [mtdblockd]
    72 root 324 S resetbutton
    144 root 292 S /sbin/wland
    210 root 328 S /tmp/ppp/redial 30
    214 root 364 S pppoecd vlan1 -u XXX@sbcglobal.net -p XXX
    388 root 492 S /sbin/syslogd -R 10.0.0.2
    390 root 448 S /sbin/klogd
    419 root 620 S dnsmasq –conf-file /tmp/dnsmasq.conf
    489 root 356 S process_monitor
    494 root 280 S /usr/sbin/cron
    541 root 832 S smbmount //ubuntu/public /tmp/smbshare -o username sa
    548 root 520 S dropbear /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_
    551 root 668 S httpd
    564 root 804 R dropbear /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_
    614 root 588 S -sh
    626 root 460 R ps
    ~ #

  2. Darek says:

    Or you could put this in the Administration -> Commands

    echo ”> /tmp/loginprompt

    and press “Save Startup”

  3. M@ says:

    Well… ummm… yeah! I guess you could do that too..

    Thanks Darek :)

  4. M@ says:

    @dude – That is normal. One instance is the server listening for new connections and the other is your connection to the modem.

Leave a Reply