What's new

schedule "SSH" switching from "Lan" to "Lan & Wan" (using a script)?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Skillz

Occasional Visitor
Hi,

I would like to be able change the option (Administration/System) "Enable SSH" - from "LAN" to "LAN & WAN" at scheduled times. I'm guessing this option can be manipulated using a specific "nvram set ..." command.

Does anyone know if a solution for this already exist? Would someone be willing/able to help me out on maybe creating a custom script for this that can be triggered on a schedule?

I have no clue where to begin....
 
You will get a lot of good advice to setup an OpenVPN server instead of enabling SSH on the WAN.

But if you really want to, you can switch with these commands:
Code:
nvram set sshd_enable=1
nvram commit
service restart_sshd
1=LAN&WAN
2=LAN

But instead, spend the time setting up OpenVPN.
 
You will get a lot of good advice to setup an OpenVPN server instead of enabling SSH on the WAN.

But if you really want to, you can switch with these commands:
Code:
nvram set sshd_enable=1
nvram commit
service restart_sshd
1=LAN&WAN
2=LAN

But instead, spend the time setting up OpenVPN.
Thanks for the quick reply :) Is wan ssh really that bad if you're using key-based ssh access (with additional passphrase), different port and password login disabled? Just genuinely wondering.
 
Thanks for the quick reply :) Is wan ssh really that bad if you're using key-based ssh access (with additional passphrase), different port and password login disabled? Just genuinely wondering.
Dropbear SSH hasn’t had an update since October 2020. Either it is really well-written and secure, insecure but not updated, or something in between. I don’t personally expect Dropbear to be as robust as a full-fledged OpenSSH server or an OpenVPN server.

I don’t use either (no remote WAN access).
 
As @dave14305 has alluded to, the issue is that these various services on the router are often "lightweight" versions of http, ssh, and other various servers. They are NOT sufficiently hardened and under the kind of scrutiny that you're going to find w/ the big boys (Apache, OpenSSH, etc.). They're perfectly fine within the confines of your private network. But exposing them directly to the internet is probably best avoided.

Also, for *all* these services, no matter how good they are, and well intentioned the developers, security is always a secondary concern. That's why something like RDP gets hacked over and over again, despite MS's best efforts to stop the bleeding. But for something like OpenVPN, it's the *primary* concern, and the only reason it exists! Better to put your faith and trust in it whenever possible.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top