Asus RT-N16:Enforcing passwords in ssh & http page

My router has open ssh port so that I can connect from Internet to home, and recently I’ve noticed in logs that someone is scanning my ports:

Jun 5 15:13:49 dropbear[745]: login attempt for nonexistent user from 187.141.73.66:47311
Jun 5 15:13:50 dropbear[745]: exit before auth: Disconnect received

It seems like some one is looking for vulnerabilities. But why – you ask? It could be worm which is infecting mipsel routers running under Linux. That’s life, devices become more powerful, they become like servers and if infected they could pose a big threat.

There are a few rules on how protect yourself from being hacked.

1. First, share as minimum ports as possible.

2. Use non standard login names. Default is admin/admin. So it has to be changed into something different. Luckily Oleg’s firmware & DD-WRT allows to change user name

3. Make passwords more complex for ssh and| or http administration page.

4. Use Brute Force Attack protection for ssh / http page. I use 1 hit count per 600 seconds.

Now, the most interesting thing. In oleg’s firmware you can change the user name, and password. But it seems like the password changes affects only http configuration page. The ssh daemon still uses old password. In order to solve this problem login to router via ssh and run:

passwd

It will ask you to enter new password and confirm it.Afterwards you will have to store the password using:

flashfs save && flashfs commit && flashfs enable
reboot

I also hit another bug when changing password in http page 🙂 It’s length is limited to 17 characters. If you specify longer password it just cuts. It is hard then to understand why you can’t login and why the previous password does not work.

4,034 views

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Identify yourself * Time limit is exhausted. Please reload CAPTCHA.