dropbear - allow remote forwards

[anonymous]

Any chance for an option in the gui to allow remote forwards? Using -R in ssh binds the sshd session to 127.0.0.1 on the router. If an option cannot be added to the gui, could dropbear be compiled to allow remote forwards?

[BrainSlayer]

what do you mean with remote forwards?

the ssh is reachable from lan as well from wan if remote management is enabled

[anonymous]

Replying to BrainSlayer:

what do you mean with remote forwards?

the ssh is reachable from lan as well from wan if remote management is enabled

Remote forwards are the ability to create a tunnel to pass traffic through. If you issue the following in with ssh

ssh2 -R 1234:client:23 username@host

all traffic which comes to port 1234 on the server (host) will be forwarded to port 23 on the client (client). This is useful to tunnel things like rdp(remote desktop) through an encrypted ssh tunnel over the internet. Currently if you use the -R to set up a remote forward a dropbear session is bound to 127.0.0.1

tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN

This tunnel is only accessable to the router via localhost. If it was bound to the routers internal address(192.168.1.1 in my case) or 0.0.0.0(all interfaces) then the tunnel can be used by external resources.

If you had

clientA <-> router <-> internet <-> clientB

clientB running rdp on port 3389 clientB issues ssh -R 5555:clientBip:3389

clientA can use the rdp client to connect to port 5555 on the router and this would create a ssh tunnel which will connect clientA to port 3389 on clientB.

The router is restricted to using 127.0.0.1 when using remote forwards(-R in client) which does not allow clientA to connect. This may be an option in config.h for dropbear, I will see if I can find how to bind to a specific address or all addresses.

[anonymous]

found the option for this.

if you include -a while starting dropbear it will bind forwards to *(0.0.0.0)

dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22 -s -a

[rkozola]

this could be done similar to the checkbox for 'Password Login' option on the services tab and sshd.c

if checked it would set an nvram variable and code in sshd.c would include the '-a' parameter when starting dropbear.

[BrainSlayer]

fixed in r8836

[anonymous]

I am very new to DD-WRT I would like to know how to apply this patch? Procedure or best method.

[anonymous]

​电子地磅解码器,吨位遥控器/本吨位遥控器引进日本先进技术研制而成，完全采用数字式集成电路技术，采用万能解码数据处理线路，适用于10----150吨以下吨位，无须对地磅作任何改动 具有防拦截，防扫描等优点，解码器安装于车上或离地磅8米以内，在电子称旁40米或60米以内，能控制电子称的数码数据，最小值20公斤，规格10 /15/20，此产品主要产生电子磁场干扰和控制，从而使吨位变大或变小，性能稳定可靠，体积小，遥控主机 解码处理器 如烟盒大小，遥控器配两种型号，隐蔽性强，附件含使用光盘一套，