熊孩子程序员
0%

DX4600开启ssh

发表于
本文字数: 3.7k 阅读时长 ≈ 3 分钟

突破绿联系统的限制,彻底掌握自己的设备。

使用浏览器获取 API Token

随便用客户端创建个 Docker 容器,在浏览器开发者模式查看网络连接,获取Token:

1
http://192.168.50.155:9999/containers/create?name=hack&ugreen_nas_model=docker&api_token=xxxxGJkMTIyMzM0Y2YxYTBlZTJmZGI2MDhlODE0YjM4YzhiODhkYg%3D%3D

Token 示例:

1
xxxxGJkMTIyMzM0Y2YxYTBlZTJmZGI2MDhlODE0YjM4YzhiODhkYg%3D%3D

创建 Hack 容器

创建容器配置 container.json

container.json 文件内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
  "_query": {
    "name": "hack"
  },
  "name": "hack",
  "AttachStdout": false,
  "AttachStderr": false,
  "ExposedPorts": {},
  "Tty": true,
  "OpenStdin": true,
  "Env": [
    "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  ],
  "Cmd": [
    "/bin/sh"
  ],
  "Healthcheck": {},
  "Image": "alpine:latest",
  "Volumes": null,
  "Entrypoint": null,
  "OnBuild": null,
  "Labels": null,
  "HostConfig": {
    "PidMode": "host",
    "Privileged": true,
    "Devices": [
      {
        "CgroupPermissions": "mrw",
        "PathInContainer": "/dev/dri/renderD128",
        "PathOnHost": "/dev/dri/renderD128"
      },
      {
        "CgroupPermissions": "mrw",
        "PathInContainer": "/dev/dri/card0",
        "PathOnHost": "/dev/dri/card0"
      }
    ],
    "NetworkMode": "host",
    "PortBindings": {},
    "RestartPolicy": {
      "Name": "always"
    },
    "LogConfig": {},
    "Sysctls": {},
    "Mounts": [
      {
        "Target": "/host",
        "Source": "/",
        "ReadOnly": false,
        "Type": "bind",
        "Consistency": "default",
        "Mode": "RW"
      }
    ],
    "Links": []
  },
  "NetworkingConfig": {
    "EndpointsConfig": {}
  }
}

创建容器

自行替换 api_token 内容

1
2
3
4
5
6
7
8
9
10
#!/bin/bash
curl --compressed \
    -H 'Host: 192.168.50.155:9999' \
    -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) UGREEN_Nas/3.9.0 Chrome/91.0.4472.164 Electron/13.3.0 Safari/537.36' \
    -H 'Content-Type: application/json' \
    -H 'Accept: */*' \
    -H 'Referer: http://192.168.50.155:9999/service/web/' \
    -H 'Accept-Language: en-US' \
    --data-binary @container.json \
    'http://192.168.50.155:9999/containers/create?name=hack&ugreen_nas_model=docker&api_token=xxxxxJkMTIyMzM0Y2YxYTBlZTJmZGI2MDhlODE0YjM4YzhiODhkYg%3D%3D'

开启ssh登录

进入绿联的docker应用,找到刚刚创建的hack容器,进入shell。执行如下命令进入绿联系统。

1
nsenter -t 1 -m /bin/sh

进入系统后执行下面的命令创建 ssh 登录。绿联系统开机会杀死sshd进程,所以把sshd复制一份改名,才能做到开机自启动。修改/etc/ssh/sshd_configPubkeyAuthenticationyes,开启密钥登录。添加自己的公钥到 /root/.ssh/authorized_keys

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
cp /usr/sbin/sshd /usr/sbin/sshdpk
ssh-keygen -A
chmod go-w /root
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
cat > /etc/init.d/sshdpk <<EOF
#!/bin/sh /etc/rc.common
START=99
STOP=10
USE_PROCD=1
PROG=/usr/sbin/sshdpk
mkdir -p /var/empty
start_service() {
    procd_open_instance
    procd_set_param command "$PROG" -D
    procd_close_instance
}
EOF
chmod +x /etc/init.d/sshd
service sshd enable
sed -i '/PubkeyAuthentication/ s/no/yes/g' /etc/ssh/sshd_config

默认的端口是 922,如果不是通过/etc/ssh/sshd_config文件确认。

1
ssh -p 922 root@192.168.50.155

如果想使用普通用户登录ssh,直接使用普通用户的本地密码,或者添加ssh公钥到普通用户的.ssh/authorized_keys文件。root用户执行usermod -aG docker **username** 将普通用户加入docker组,这样普通用户也可以执行docker命令。

参考