Login on your dreambox 7025, 800 or 800 without a password

1: Ingredients

Start by downloading what we need. That's not much:

Just install.

2: First Logon

Start PuTTY (from the start menu). PuTTY is also a good telnet client, and if the Dreambox is fresh from its box or you just flashed a new image, SSH will not function because you'll need to set a non-blank password first. So good old telnet is first.

Pick "telnet" connection type, and enter the address for the dreambox. Before continuing, create and save a PuTTY session first. Type a session name and hit the "Save session" button.

Now select Open and you'll see the login prompt. Enter "root" to log on.

Let's create a safe and difficult to guess password. Make it hard, you'll never need to type it again. I think. Us the "passwd" command:

Don't close this window yet, we'll need it later!

3: Create a Key

Next is creating us a key. Run "PuTTYGen" and press the Generate button. Wiggle the mouse until the bar fills up and you'll see a new key appear.

Press "Save private key" to save the private login key. This is only meant for you - it is not intented to be stored on the dreambox, though you might want to store it on a USB stick for external use, e.g. at work. I'm saving it as C:\MyKey.ppk. No need to store the public key. Also, keep this window open for awhile.

4: Authenticate the Key

Next, create the authorized_keys file. In the telnet session from step 2, type:
mkdir .ssh
cat > .ssh/authorized_keys
The promt disappears, and it's waiting for the file contents. Go to the PuTTYgen window from stap 3, and copy the public key part.

Go back to the PuTTY window and paste the text, by right-clicking inside the window. The key text should appear. Press RETURN to end the input line, and press CTRL-D to close the file (I usually have to hit CTRL-D twice).

Both windows can be closed now.

5: My first session

Restart PuTTY and load the previous session with the Load button. Don't double-click, and don't Open it yet. Change the "telnet" radio button to SSH now. Press Save to save the new setting.

We wish to log on as "root", select Connection/Data in the tree to the left of the screen. Enter "root" as auto-login username:

In Connection/SSH/Auth, select the keyfile that we saved to disk in step 3:

Don't be impatient... First go back to the Session page, at the top, and press Save to store all the new settings. Now hit Open (or enter) and PuTTY should smoothly log on. You'll get a warning that this host is new and not yet trusted. We trust it now.

Bonus: Access to the WebInterface and more

SSH also supports "port forwarding". This allows you to "tunnel" other connections, piggy-backing on the SSH connection without the need to configure extra ports on your router.

Check out Connection/SSH/Tunnels. Here you can tunnel ports from your local machine to the dreambox or any machine it's connected to.

For each port, enter source and destination in the boxes, and press Add. Leave the radiobuttons on "local" and "auto".
Source port: 80 -> Destination: localhost:80
Source port: 8001 -> Destination: localhost:8001
Source port: 16001 -> Destination: localhost:16001

No password allowed

Even safer! You can configure the dreambox to never allow passwords on its SSH interface (telnet will still function). To do this, the dropbear server on the Dreambox needs the -s -g options. To pass these, modify the file /etc/default/dropbear as follows:
cat > /etc/default/dropbear
DROPBEAR_EXTRA_ARGS="-s -g" (Ctrl+D to end input)
To have this take effect, completely reboot the box or kill all dropbear processes (hint: don't try this in an SSH session):
killall dropbear
/etc/init.d/dropbear start
After this, you can still login with SSH, but only with a keyfile.

Now what?

Still troubles?

• You have to set a non-blank password. When the root password is empty, dropbear will refuse any connection, even if you don't allow passwords any longer.