Enabling Telnet on the DS-101(g+)
Warning: Telnet is an inherently insecure protocol. Do not attach a telnet-enabled DS-101(g+) to the internet.
The Easy Way To Gain Telnet Access
You can download two patch files to enable and disable, respectively, the telnet daemon (server) on the DS. The patch files are available at http://oinkzwurgl.org/diskstation (file syno-telnet-r3.zip). To activate the telnet daemon and allow telnet connections on port 23 upload the the patch file enable-telnet.pat to the DS using the update routine in the administrative interface. The patch file disable-telnet.pat will revert these changes and disables the telnet server. Both patches apply the changes immediately and without a reboot. The changes are persistent over a reboot.
For all current firmware revisions (since around autumn 2006) the supplementary syno password is no longer necessary. One can login as user admin or any other user created in the administrative interface. root logins are possible as well. The password for the super user is kept in sync with the admin password. But it is recommended to use sudo instead of logging in as root to issue administrative commands.
The patch files work on all Diskstations (and Cubestations and the Rackstation) with all known firmware revisions. As these patches are more or less officially recommended by Synology it is expected that the procedure will not change in the nearer future.
The routine used to enable and disable the telnet server only modify the "telnet" line in /etc/inetd.conf and does not touch other entries in it. Original, unmodified firmwares only have the telnet line but users might want to add their own stuff to the inetd configuration file.
The Hard Way To Gain Telnet Access
For DS-101(g+) New firmware 2.0.1 - 3.0240 as above but files are
and add a /x on access
DS-101g+ with Firmware Version: 2.0.1 - 3.0280 The method used to gain telnet last time and the time before is broken...:(
DS-101g+ with Firmware Version: 2.0.1 - 3.0284 Same procedure as above but use an enabletelnet-g284.php script instead, which contains this:
Why/how does it work?
Note: php scripts that use popen() (such as that above) don't even seem to run on DS-101g+ firmware 2.0.1 - 3.0284. See the Files area of http://groups.yahoo.com/group/ds101-linux/ for a .pat file you can apply that only adds the telnet line to /etc/inetd.conf.
DS-101j with Firmware Version: 2.0.1 - 3.0280 The only method that I found working is to connect the HDD to another PC, mount it as ext3 filesystem, and modify the /etc/inetd.conf file directly. (I used http://www.fs-driver.org/ under Windows XP).
There is an alternative solution for DS101j? FW 3.0280,3.0281. Basically you first have to downgrade to 3.0240 - see http://www.nslu2-linux.org/wiki/DS101/DowngradeFw. Afterwards copy a small script to any of your shares retelnet.sh:
Now start the FW upgrade. Afterwards you should be able to telnet again. Use the synopass.php (not php3!) to get the synopassword.
Synopass Routine In Shell Script
Works with busybox commands (i.e. runs on a DS).
Alternate Way To Gain Telnet Access
N.B. This procedure has been tested on a DS-101j, firmware version 2.0-3.0281. It is expected but not yet confirmed to work with other DS and firmwares as well.
The procedures described on this page and elsewhere are rather complicated and depend on certain firmware bugs or need to manipulate the DS in some way. As the update feature of the DS allows to install an operating system to the harddisk, it should be possible to use that feature to load our own stuff to the DS.
Looking at a firmware .pat file reveals that it is a normal POSIX tar archive. It contains some files with rather obvious names. The famous telnet.pat and the output found in /var/log/messages confirm that the DS update routine extracts the archive to /volume1/upd@te and runs the updater programme. This routine is contained in /usr/syno/synoman/main.cgi (the strings inside are quite meaningful!).
In the .pat, there are two more interesting files: VERSION and checksum.syno. As some other postings in the net suggests, the latter contains crc32 numbers, filesizes, filenames and two more unknow numbers. Well, the point is, it does not matter at all! :-). Nor is the VERSION file of any importance for this stage of the upgrade routine.
In the following a way to run a script (or likely any other DS compatible binary) through the updater routine of the DS. There is not even a need to reboot to do that.
Proof Of Concept
You need an editor and tar.
1. Create a file updater containing the following. It should have the executable bit(s) (not checked).
2. Create an empty (!) file checksum.syno, e.g. using the following command.
3. Create the .pat file.
4. Upload the hello_hello.pat using the firmware update function in the DS admin interface.
Result: The update should fail with a message like unknow error and the error code/number 42.
In the public share on the DS you shuld find a file hello_hello.txt containing the epoch when the updater script has been run.
Script To Enable Telnet
The following updater script will enable telnet in /etc/inetd.conf and restart inetd.
Create an enable_telnet.pat analogously to the above procedure and install it. Remember to set the executable bit!
Does It Work?
Please add confirmations of success or failure for other DS here:
view · edit · print · history · Last edited by Ling.
Based on work by Pieter, Wessel, bijkanguru, lyngsnes, invader, Emanuel Johannessen, flipflip, Gabbe, ds-101, ArnaudS, Jon, ds101, Bill F, mlo68, Andreas Vogel, hanberg, flops, conradL, conradl, tman, mma, and repvik.
Originally by repvik.
Page last modified on April 19, 2008, at 05:37 AM