Request: populate a user.asp with a terminal

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Make WiFi Great Again

Regular Contributor
As I understand it the Merlin firmware once upon a time contained a little command prompt located next to Tools - Other Settings. Wouldnt that be so nice to have again? with nearly 15 still open and empty user.asp's maybe someone would consider populating one of them with a command prompt so we dont have to SSH every time someone wants to play with the guts an squishy parts'. A lot of the "other" alternative to stock firmwares have this feature, so maybe its time to bring this back, as an optional addon?
 

ColinTaylor

Part of the Furniture
It was deliberately removed for security.
 

Jack Yaz

Part of the Furniture
Horrifically insecure given the holes in the WebUI's security (and people just love opening it to the WAN). SSH is much more secure, and faster and full featured for command line "guts"
 

RMerlin

Asuswrt-Merlin dev
It can`t be added by an addon because it would require the httpd server to be able to run any arbitrary command, which it won`t for obvious security reasons.
 

Make WiFi Great Again

Regular Contributor
So as i understand it the option to use http non secure web access is still there the option to use telnet is still there. The option to use un encrypted wifi is still there. The optin to keep admin admin for un pw is still there for atleast johns fork. But the option to enable a command prompt was taken out because it is too insecure? What happened to open source giving people more options? The way i see it we should at least have the option to enable a disabled prompt. Even with a reg flag warning which imo needs to be on telnet more then anything. I know this firmware isnt fully gpl but it would be nice if the gpl parts remained full of options . i guess i am barking up the wrong tree if it cant be done via a user.asp then it cant be done. I know merlin has stated in the past he wont consider bringing it back. Thats why i posted this in the addons. Hoping someone else would bring it back. I guess this thread is finito.
 

Jack Yaz

Part of the Furniture
So as i understand it the option to use http non secure web access is still there the option to use telnet is still there. The option to use un encrypted wifi is still there. The optin to keep admin admin for un pw is still there for atleast johns fork. But the option to enable a command prompt was taken out because it is too insecure? What happened to open source giving people more options? The way i see it we should at least have the option to enable a disabled prompt. Even with a reg flag warning which imo needs to be on telnet more then anything. I know this firmware isnt fully gpl but it would be nice if the gpl parts remained full of options . i guess i am barking up the wrong tree if it cant be done via a user.asp then it cant be done. I know merlin has stated in the past he wont consider bringing it back. Thats why i posted this in the addons. Hoping someone else would bring it back. I guess this thread is finito.
You're right it is open source, so patches welcome :)
 

JGrana

Very Senior Member
Maybe create a new user.asp with shellinabox. It's available from Entware.
 

RMerlin

Asuswrt-Merlin dev
So as i understand it the option to use http non secure web access is still there the option to use telnet is still there. The option to use un encrypted wifi is still there. The optin to keep admin admin for un pw is still there for atleast johns fork. But the option to enable a command prompt was taken out because it is too insecure? What happened to open source giving people more options?

Yes, it was taken away because it was a major security risk, allowing any malicious website to potentially run code with root privileges on your router just by having you visit a malicious website while you have an active session with your router. None of the other things you mention can allow that type of security exploit.

Just open an authenticated SSH session, like every other serious security appliances requires you to do out there.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top