Skip navigation

Default SSH authentication used in Public versions or old versions (before 0.2.14-r8):
Login: root
Password: 930920
Port: 22

Attention!!! Beginning from version 0.2.14-r8 the changes were implemented in security system.

SSH is locked - In Factory version (versions provided by Manufacturer on your own web server for auto update and manual update from Embedded portal).
SSH is open at standard TCP port (22) - In Public versions from Manufacturer (which are provided in Releases at soft.infomir.com).
For image versions cteated by operators can be disabled/enabled SSH.

Operators Utilities and instructions for building STB software image
Software update MAG250/254/270
Software update MAG256
Software Update MAG322/324/349/351

Port configuration

Default TCP port value used for SSH (22) can be changed in working STB or during image building.

MAG2xx (STMicroelectronics chipsets based)

  • Open in rootfs next file (in edit mode): /etc/openssh/sshd_config
  • Make changes to #Port line. For examle to change port value to 2222: #Port 2222

  • Save changes.
    Note. To enable new settings in working STB, reset STB after reconfiguring.
  Example. MAG2xx. Changing port value for SSH connection. New value: 2222

# vi etc/openssh/sshd_config
# $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#Port 2222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/openssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/openssh/ssh_host_rsa_key
#HostKey /etc/openssh/ssh_host_dsa_key
#HostKey /etc/openssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in /etc/openssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes

# This is a modification for the default installation of the STLinux
# Distribution. You should never ship a real system in this state.
PermitEmptyPasswords yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options

MAG-3xx (Broadcom chipsets based)

  • Open in rootfs next file (in edit mode): /etc/rc.d/rcS.d/S60netsrv
  • Make changes to the line dropbear. For examle to change port value to 2222:
    dropbear -p 2222

  • Save changes.
    Note. To enable new settings in working STB, reset STB after reconfiguring.
  Example. MAG3xx. Changing port value for SSH connection. New value: 2222

# vi /etc/rc.d/rcS.d/S60netsrv
#!/bin/sh

. /etc/init.d/splash-utils.sh

${SPLASH} prg 40
${SPLASH} clear_log
${SPLASH} log "Starting network services..."

#portmap &
#telnetd

if [ -e /sbin/dropbear ]; then
if [ ! -e /etc/dropbear/dropbear_rsa_host_key ]; then
mkdir -p /etc/dropbear
dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
fi
dropbear -p 2222
fi

How to change SSH password for image making

  • Login via SSH on STB
  • Run passwd and change password.

  • Copy contents of the next file:

    • For MAG250/254/270 - /etc/shadow

    • For MAG256, 322/324/349/351 - /etc/passwd

  • Insert (substitute) copied contents into the body of the same file that is part of the RootFS for further building the image.

How to disable/enable SSH

To disable SHH:

  • MAG2xx - delete script files etc/rcS.d/S30ssh and /usr/sbin/sshd
  • MAG3хх - comment string dropbear in script file /etc/rc.d/rcS.d/S60netsrv:
  Example. MAG322. Disabling SSH
#!/bin/sh
. /etc/rc.d/init.d/splash-utils.sh

${SPLASH} prg 40
${SPLASH} clear_log
${SPLASH} log "Starting network services..."

#portmap &
#telnetd

if [ -e /sbin/dropbear ]; then
        if [ ! -e /etc/dropbear/dropbear_rsa_host_key ]; then
                mkdir -p /etc/dropbear
                dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
                dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
        fi
#       dropbear
fi

To enable SHH in new image versions, restore initial state of the specified files (provided in Release).


Need Help

Dave is an expert on the MAG STB and the author of this article.

Was this article helpful?

Yes No

Sorry to hear that.
How can we improve this article?

We use cookies in order to optimise our website, provide you with the best possible user experience and help us promote our products. Please read our Cookie Policy to find out how we use cookies and how you can control cookies.
By using this website or closing this message, you acknowledge our Privacy Policy and agree to our use of cookies as described in our Cookie Policy.