Voxel Netgear Orbi RBK50v2 and RBS50v1 problems

[pixel_crash]

Hi, I'm reasonably technical and managed to update my RBK50v2 to Voxel's firmware.

Problem 1 RBR50v2 has no storage
My RBR50v2, per its model, has no USB so has not permanent storage, which makes using the system next to useless if I can't get persistence with Entware, actually the ssh for root is using no password (instead of using the router's password) and I can't persist a password, and I also can't persist turning off the bloatware. I know there's a file location where scripts can be hosted though I'd not be sure there'd be enough space for Entware etc... maybe just for simple scripts? Are there any practical ways around RBR50v2 having no storage (crazy, but can I solder a USB port on somewhere maybe??)

Problem 2 RBS50v1s brick with Voxel
I successfully flashed an RBR50v2 and RBS50v2 but I've got another two RBS50v1s and those simply refuse to flash. One RBS50v1 I managed to recover using the TFTP recovery, tried flashing again with Voxel and another soft brick. My second RBS50v1 seems to be unrecoverable, I've flashed now twice with TFTP and after upload/install is complete I get a red ring.
Is there any "safer" version of Voxel I can otherwise try that's known good for older kits? I've been trying RBS50-V9.2.5.2.39SF-HW.img

For now I'm going back to the Orbi firmware, but if anyone know ways about these problems please LMK! Thanks

 

[pixel_crash]

@Voxel any help on the above please? If anything would probably be good to get that vulnerability in SSH fixed up. Thanks for taking a look

 

[Voxel]

@Voxel any help on the above please? If anything would probably be good to get that vulnerability in SSH fixed up. Thanks for taking a look

For your RBRv2, almost the only option is to use a remote network drive using the SMB protocol. For example, by connecting the network disk of a Windows computer. Using the program mount.cifs. See QuickStart.txt for how to do this.

For your RBSv1, you must first flash it, e.g. via TFTP with the stock firmware

https://www.downloads.netgear.com/files/GDC/RBK50/RBS50-V2.5.2.4.zip

It is necessary that RBS is not connected to RBR (e.g. move it as far away from RBR as possible), otherwise, after flashing the stock 2.5.2.4 it will be automatically updated to a newer version. And after that you can flash any version of my firmware. Even the latest one. The main thing is to avoid automatic update of your RBS, i.e. that it is not connected to the Internet.

Voxel.

 

[pixel_crash]

Great, thanks for the reply Voxel, Will give it a go

 

[Voxel]

actually the ssh for root is using no password (instead of using the router's password) and I can't persist a password, and I also can't persist turning off the bloatware.

Also, I'm not quite sure what you meant with ssh. If you are worried about security in using dropbear i.e. ssh, then use your scheme to run dropbear under RBR50v2.

QuickStart.txt describes how to run your own rc.user script for RBR50v2/RBS50v2. In this script you can replace the initial script /etc/init.d/dropbear with a slightly modified version and restart updated /etc/init.d/dropbear

So, for example, for me I change the line to start the dropbear ssh server in this script to

$DROPBEAR -p $PORT -a -s -P $PIDFILE

where the '-s' option disables password login. And only key authorization can be used. It's not that hard if you understand what and how.

Voxel.

 

[pixel_crash]

Good advice @Voxel, yeah I've set up passwordless login using ssh keys before, I suppose what I mean, to quote the QuickStart.txt file:

3. Setting up ssh access to the router and satellite.

After flashing and your settings you may need to have SSH access to router (e.g. if you
wish to use Entware). SSH daemon dropbear in Orbi uses port 22 and accepts root login
with your WebGUI password.

Where it says "accepts root login with your WebGUI password.", when I tested SSHing into my RBR50v2 I tried using the WebGUI password for the root user, this did not work, if I simply hit enter for a blank password it let me log in. If I then set a password for the root user running passwd root then it'll set the ssh password for root but only until I reboot the router, then the password is blanked. I'd imagine that the reason for this is the /etc/passwd file has an empty password for the root user, I think I checked this.

I've not tried, but my concern would be that if I then try to set up passwordless login with ssh keys that also may not save, but this may also mean I need to set up a SAMBA mount from my NFS or something for persistence.

I would say that given what's happening is different to the documentation in QuickStart it's probably worthwhile either fixing it so that the root password is the same as the WebGUI password, or update the docs saying that there's no SSH or Root password set and to follow XYZ steps to persist a password as blank passwords would be a bit of a concern.

 

[Voxel]

Good advice @Voxel, yeah I've set up passwordless login using ssh keys before, I suppose what I mean, to quote the QuickStart.txt file:



Where it says "accepts root login with your WebGUI password.", when I tested SSHing into my RBR50v2 I tried using the WebGUI password for the root user, this did not work, if I simply hit enter for a blank password it let me log in. If I then set a password for the root user running passwd root then it'll set the ssh password for root but only until I reboot the router, then the password is blanked. I'd imagine that the reason for this is the /etc/passwd file has an empty password for the root user, I think I checked this.

I've not tried, but my concern would be that if I then try to set up passwordless login with ssh keys that also may not save, but this may also mean I need to set up a SAMBA mount from my NFS or something for persistence.

I would say that given what's happening is different to the documentation in QuickStart it's probably worthwhile either fixing it so that the root password is the same as the WebGUI password, or update the docs saying that there's no SSH or Root password set and to follow XYZ steps to persist a password as blank passwords would be a bit of a concern.

This may be a feature of RBR50v2, but for RBR50v1 the root user password is identical to the WebGUI password. I don't have RBR50/RBS50v2 to check. But I checked again with v1 and the root password is identical to the WebGUI password.

Voxel.

 

[pixel_crash]

Yeah I'd very much imagine that to be the case for RBR50v2. I think it's probably worthy of a mention in the QuickStart.txt though

 

[pixel_crash]

@Voxel I got everything working, thanks for your guidance.

I'm wondering for mounting the SAMBA directory, what's the process for an RBR50v2?

Am I supposed to copy everything from /overlay/* to the samba mount, then set up share to mount on boot over /overlay/ and then I'll have persistence?

Or is there another place I should be targeting for the filesystem to mount on boot?

 

[Voxel]

I'm not quite sure what you're trying to do.

For RBR50v2/RBS50v2 without USB port, you can only use the rc.user script. See QuickStart.txt:

. . .
12. Custom script to run (for Orbi v2 owners, units w/o USB port).

You can create you own script to execute it after every reboot. Script should be placed
to /mnt/ntgr directory or/and /mnt/bitdefender/ or/and /tmp/dal/rc.user (internal nand)
with name: rc.user. I.e.

/mnt/ntgr/rc.user

or/and

/mnt/bitdefender/rc.user

or/and

/tmp/dal/rc.user
. . .
I can't say where it is better to have the rc.user script because v2 differs from v1 by the size of internal nand and it happens that these blocks are cleaned during reboot. I talked to the owner of v2 quite a long time ago, a few years ago. I can't say where it's better. I don't have a v2 to test.

Copying everything from /overlay is not a good idea.

It all depends on what you do in your custom script and any additional files in the specified areas of nand above.

Voxel.