[HamWAN PSDR] hamwan.net DDNS [was: hostname on ampr.org?]
charles at thefnf.org
charles at thefnf.org
Mon Mar 31 14:37:00 PDT 2014
On 2014-03-31 13:51, Tom Hayward wrote:
> On Mon, Mar 31, 2014 at 11:02 AM, Bill Vodall <wa7nwp at gmail.com> wrote:
>> SSH had cipher=none. They disabled it. They removed it because
>> somebody might accidentally use it.
>>
>> The High Performance SSH folks put it back.
>>
>> https://launchpad.net/~w-rouesnel/+archive/openssh-hpn
>>
>> I'd start there if (when) I get back to 44 net use.
>
> We started here, or at least are aware of it.
Excellent! I will make heavy use of this. I have a site to site VPN with
the FNF colocation center, and hate the double overhead. Very cool
stuff.
>
> The problem is that we don't know how to replace the SSH daemon that's
> built into ROS. Sure, we could run OpenWRT in a metarouter on the
> modem, then normal SSH from the metarouter to ROS (all within the CPU,
> encryption doesn't matter). A better solution would be to distribute a
> .npk that you can upload to your modem to replace the built-in SSH.
> Mikrotik does not provide an SDK for this, so we're trying to reverse
> engineer their package format to see if we can generate our own.
Hmmmm. Interesting.
Is
https://github.com/lqez/npk
the same npk that mikrotik uses?
Also I stumbled across:
http://ayufan.eu/projects/openwrt-rb951g/
There are few possible ways to get the OpenWrt to the device. The most
simple way is to use fixed MikroTik’s Netinstall. I modified the binary
to allow install unsigned and custom built NPK files (MikroTik’s
RouterOS Package Files).
Read this page: http://wiki.mikrotik.com/wiki/Manual:Netinstall
Instead of Netinstall provided by MikroTik use the fixed one:
netinstall-5.23-fixed
Select and install OpenWrt package: openwrt-r35489-13.0alpha1-mipsbe
Switch the cable from port 1 into any other. Wait for reboot and
telnet 192.168.1.1.
There are different methods, but they require to setup own DHCP and TFTP
server and configure BOOTP protocol. All the files required to install
using bootp can be found here: rb951g-raw-bin
So maybe you can package up a whole distro image (including your
customized sshd) and reflash?
>
> In the meantime, I'll accept your argument that there's no obscuring
> of intent when using SSH for administration. And there's always
> telnet.
>
Yes with sufficient ACLs and other security mechanisms, you can operate
a completely safe and secure network without any encryption.
More information about the PSDR
mailing list