schedule "SSH" switching from "Lan" to "Lan & Wan" (using a script)?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Skillz

Occasional Visitor
Hi,

I would like to be able change the option (Administration/System) "Enable SSH" - from "LAN" to "LAN & WAN" at scheduled times. I'm guessing this option can be manipulated using a specific "nvram set ..." command.

Does anyone know if a solution for this already exist? Would someone be willing/able to help me out on maybe creating a custom script for this that can be triggered on a schedule?

I have no clue where to begin....
 

dave14305

Part of the Furniture
You will get a lot of good advice to setup an OpenVPN server instead of enabling SSH on the WAN.

But if you really want to, you can switch with these commands:
Code:
nvram set sshd_enable=1
nvram commit
service restart_sshd
1=LAN&WAN
2=LAN

But instead, spend the time setting up OpenVPN.
 

Skillz

Occasional Visitor
You will get a lot of good advice to setup an OpenVPN server instead of enabling SSH on the WAN.

But if you really want to, you can switch with these commands:
Code:
nvram set sshd_enable=1
nvram commit
service restart_sshd
1=LAN&WAN
2=LAN

But instead, spend the time setting up OpenVPN.
Thanks for the quick reply :) Is wan ssh really that bad if you're using key-based ssh access (with additional passphrase), different port and password login disabled? Just genuinely wondering.
 

dave14305

Part of the Furniture
Thanks for the quick reply :) Is wan ssh really that bad if you're using key-based ssh access (with additional passphrase), different port and password login disabled? Just genuinely wondering.
Dropbear SSH hasn’t had an update since October 2020. Either it is really well-written and secure, insecure but not updated, or something in between. I don’t personally expect Dropbear to be as robust as a full-fledged OpenSSH server or an OpenVPN server.

I don’t use either (no remote WAN access).
 

eibgrad

Very Senior Member
As @dave14305 has alluded to, the issue is that these various services on the router are often "lightweight" versions of http, ssh, and other various servers. They are NOT sufficiently hardened and under the kind of scrutiny that you're going to find w/ the big boys (Apache, OpenSSH, etc.). They're perfectly fine within the confines of your private network. But exposing them directly to the internet is probably best avoided.

Also, for *all* these services, no matter how good they are, and well intentioned the developers, security is always a secondary concern. That's why something like RDP gets hacked over and over again, despite MS's best efforts to stop the bleeding. But for something like OpenVPN, it's the *primary* concern, and the only reason it exists! Better to put your faith and trust in it whenever possible.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top