User:Murraykj709
Best wishes from Moncton Newbrunswick canada.
( VO1KJM/VE9 )
internal photos of ens1750/ews660ap
// DEBUG usage only //
1. Enable CLI
First, log into the web interface on the EAP600. Then click on the "CLI Settings" link from the "Management" section of the left-hand navigation bar. Click on the radio button for "On" and then press the "Save/Apply" button. If it is already "On", skip this step. 2. Log in via telnet
Telnet into the device and login with your web credentials. After you do this successfully, you will see a menu and a eap600> prompt:
- Hi admin, welcome to use cli(V-1.8.10) ***
---========= Commands Help =========---
stat -- Status sys -- System wless2 -- 2.4G-Wireless wless5 -- 5G-Wireless mgmt -- Management tree -- Tree help -- Help reboot -- Reboot logout -- Logout
eap600>
3. Type in the magic command
Instead of typing in any of the commands from the menu, type in the magic command 1d68d24ea0d9bb6e19949676058f1b93 and press enter. You should then be at a root shell:
eap600>1d68d24ea0d9bb6e19949676058f1b93
BusyBox v1.19.4 (2015-10-01 07:56:17 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M KAMIKAZE (bleeding edge, r20146) ------------------ * 10 oz Vodka Shake well with ice and strain * 10 oz Triple sec mixture into 10 shot glasses. * 10 oz lime juice Salute! ---------------------------------------------------
root@EAP600:/#
4. Generate root keys
Before we can enable dropbear (the SSH server that is included in the EAP600 firmware), we need to generate our host keys. You can do that by copying and pasting the following lines into the root shell and pressing enter:
[ -s /etc/dropbear/dropbear_rsa_host_key ] || \
{ rm -f /etc/dropbear/dropbear_rsa_host_key ; \ dropbearkey -t rsa -s 2048 -f /etc/dropbear/dropbear_rsa_host_key ; } ; \
[ -s /etc/dropbear/dropbear_dss_host_key ] || \
{ rm -f /etc/dropbear/dropbear_dss_host_key ; \ dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key ; }
5. Copy over your ssh authorized_keys
Dropbear expects the authorized_keys file to be in /etc/dropbear/authorized_keys. You can either edit this file with vi or you can do the following steps:
Type in the command cat > /etc/dropbear/authorized_keys <<EOF Copy the contents of your id_rsa.pub or authorized_keys file to your clipboard. Paste the contents of your clipboard into the terminal. Press enter, type EOF, and press enter again. At this point you should be back at the root shell prompt.
Then you should make sure that the permissions are set properly on everything in /etc/dropbear with the following command line:
chmod 600 /etc/dropbear/* ; chmod 700 /etc/dropbear
6. Enable dropbear
Enabling the dropbear service, so that it will start automatically after every boot, is as easy as typing in the following command:
/etc/init.d/dropbear enable /etc/init.d/dropbear start
7. Reboot
At this point we should reboot so that we can verify that everything is working as expected. This can take a minute or two. Just start pinging the device until it starts responding, then wait another minute or two for dropbear to get started. To reboot, just type reboot into the command line and press enter. 8. Log in with ssh
After waiting a while, you should be able to ssh into your EAP-600 as root:
ssh root@<WAP-IP-ADDRESS>
You should now be greeted with a root prompt. w00t! 9. Security hardening
Now that you've got SSH up and running, lets take a few moments to make sure that we lock down the security of the device. Disable dropbear password authentication
It turns out that the EAP-600 runs a really old version of OpenWRT. Because of that, we can use the uci command to turn off password authentication for dropbear:
uci set dropbear.@dropbear[0].PasswordAuth=off uci commit /etc/init.d/dropbear restart
After doing this, it is a good idea to verify that it is indeed working as expected. We can do this pretty easily by trying to log into the device using the admin account---which by default has the password 1234.
To check that password authentication is indeed disabled, you simply log out of the root shell and then try to logging back into the device as the user admin:
ssh -o "PubkeyAuthentication no" admin@<WAP-IP-ADDRESS>
You shouldn't even get a password prompt, it should just say Permission denied (publickey).. If you do get a password prompt, type in 1234 and press enter. If it successfully logs you in as the user admin, then something has gone horribly wrong. Disable IPv6 (!?!)
The SSID-VLAN isolation feature of the EAP-600 has a really bad bug: it doesn't turn off IPv6 (or even SLAAC!) on the individual bridge interfaces. This makes it impossible to prevent users from gaining access to the management web interface using the IPv6 link-local address of the access point.
The easiest, safest, and least fragile way to fix this quickly is simply to disable IPv6 entirely. This kinda sucks, but in practice it is not really that big of a deal---IPv6 still works for hosts, you just have to use IPv4 to access the configuration page or to SSH into the access point if you need to reconfigure it.
To disable IPv6, we once again use the uci command, followed by a reboot:
uci set system.system.ipv6=0 uci commit reboot
Wait for the AP to come back online and then proceed below to disabling telnet. Disable telnet
Now that we've got our dropbear daemon set up and tested, we can turn off telnet since we won't be needing it anymore.
/etc/init.d/telnet stop /etc/init.d/telnet disable
Disable dnsmasq
For some reason, the software on the EAP-600 always runs dnsmasq. This is entirely inappropriate for a wireless access point, which should be just a bridge. You can easily disable it by typing in the following commands:
/etc/init.d/dnsmasq stop /etc/init.d/dnsmasq disable