[Solved] ssh/root access ?

19 Posts
9 Users
11 Reactions
3,632 Views
(@Anonymous)
New Member Guest
Joined: 1 Sekunde ago
Posts: 0
Topic starter  

Hello,

the eBlocker is now open source, i ask the question about the possibility of a ssh access! So what should be the problem?
Other systems like pi-hole, nems, nextcloudpi, max2play, moode also offer this. Should there be security concerns?
I myself have the responsibility for the system, that I have install!

Best regards, Carsten


   
ReplyQuote
(@benne)
Famed Member Admin
Joined: 5 Jahren ago
Posts: 1051
 

Today eBlocker has no root/ssh access. So there is no password to share. Seriously.

In a team call we discussed the possibility to open eBlocker for root access a few weeks ago. We concluded (100% votes) that most semi talented engineers can gain access with the hint "use the filesystem".

For everyone else eBlockerOS stays as is - because we only see risks but no chances.

Background: eBlocker is strongly woven into the underlying linux. A minor change can have unpredictable effects. The more people make changes  the less supportable eBlocker gets - next to the efforts of implementing root access.

So take it as a little tech test: everyone is welcome to hack eBlocker to gain root access. 😎 

Please don't share a "how to" once you've made it, but rather join us in the core team for further development. You are very welcome 😀 😉 😎 

 


   
Random and CalimerO reacted
ReplyQuote
(@Anonymous)
New Member Guest
Joined: 1 Sekunde ago
Posts: 0
Topic starter  

@benne

I am grateful for the answer, but i regret the content.

It's not about hacking eBlocker!

But it is as it is, i have asked and received an answer.

Thank you!


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 1980
 
Posted by: @carstenfalconcrest-lippert-de

It's not about hacking eBlocker!

Well, that‘s the ONLY reason for root access: hacking. And there is nothing bad about hacking as we love skilled hackers 🤩 😎 


   
CalimerO and Benne reacted
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 490
 

@carstenfalconcrest-lippert-de

And it is not to difficult to hack, if you follow the hint -> filesystem 🙂

I'vd done that myself in less than half an hour.

And from there it should be easy to script Backup/Restore or Export/Import things and read more information from the logfiles of the system.

 

Cheers

Sven


   
Benne and Random reacted
ReplyQuote
(@mainzelm)
Member
Joined: 5 Jahren ago
Posts: 119
 
Posted by: @carstenfalconcrest-lippert-de

@benne

I am grateful for the answer, but i regret the content.

 

Please note that there is also a security aspect: if we‘d enable ssh access by default, we would need to share a standard password. And this would make the system open for attacks if the user does not change it right away. Rasbian also comes with ssh disabled by default for this reason.

Best regards

Martin

 


   
Random reacted
ReplyQuote
(@pio78)
Member
Joined: 5 Jahren ago
Posts: 329
 

Hi,

installed a new eBlocker for testing. Hacked root and ssh  💣 💣 💣 

 

regards

PIO78

🍓


   
Random reacted
ReplyQuote
(@malcinator)
New Member
Joined: 4 Jahren ago
Posts: 2
 

Having been forced to replace my pi3 with a pi4 to run eblocker I have also been looking to login localy via ssh. My sole reason for this is to install a python script to control the cooling fan i bought with my official pi4 case 

I live in a country where the room temperature in the summer reaches 40ºc. The high summer temperatures will cause the pi to throttle as my pi3 has done in the past. I feel that if a Pi4 is required to run eblocker then, would it be possible to include an option for activating GPIO pin14 to turn the fan on to cool cpu temperatures in a very near future update?

[edit] The official Raspberry PI 4 case fan uses GPIO pin 14 to activate the fan. I have tried to link to it but the link is always removed from my post.

 


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 1980
 
Posted by: @malcinator

if a Pi4 is required

From our side, Raspi 4 is not a requirement but a recommendation.

As soon as Rasbian has fixed the linux bug, eBlockerOS will run smoothly on Raspi 3 again. Unfortunately it‘s not in our hands and we are waiting too. 

Posted by: @malcinator

will cause the pi to throttle due to high cpu temperatures as it has done in the past

Can you please share the data this is based on. 

I run a Raspi 4 w/o extra cooling in a fully closed case that resides in our central heating cellar. I‘ve not measured temperature there but it probably reaches 40 degrees celsius in summer easily too. So far I haven‘t had any problems in over a year. 🤔

Posted by: @malcinator

option for activating GPIO pin14 to on cpu temperatures

Unfortunately I‘m not a dev and have no idea what that means. To get a proper answer it would be great if you could specify your need more in detail. If it’s a quick win - and your data proves the real need - someone might tackle this feature request in future...

THX!


   
ReplyQuote
(@malcinator)
New Member
Joined: 4 Jahren ago
Posts: 2
 

I'm sorry I didn’t come here to pick a fight I just wanted to add my thoughts on being able to access the Pi4 via ssh.

I understand that the pi4 is a recommendation but in view of the fact pi2 are no longer on sale and a pi3 will not currently work with eblocker I see the only path forward is by upgrading to a pi4 which I have done.

I can't back up my findings on the pi being throttled due to high cpu temperatures, at the time it was inconviennt but I didn't consider trying to document it. After all its not possible to view the cpu temperature from eblocker I was only able to compare it by not using pi3 eblocker and by using the router's dns. It was a noticable difference that’s all I can say.

Again I'm not here for a fight I would just like to have access to either ssh or GPIO to simply install a cooling fan. If that is too much of a big ask or offends some then I'm sorry and can only conclude I have chosen the wrong software for my needs.


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 1980
 
Posted by: @malcinator

I'm not here for a fight

I didn‘t feel you were up to a fight otherwise I would not have answered your post. 😉 

Maybe I falsely interpreted your post as a feature request „please add fan support“?

Background: For any feature request, we need to either reason why this has priority over other requests as we have trillions of ideas and requests in the backlog. Or we find a community volunteer who feels that it’s worth to spend time implementing the feature.

In both cases a solid reason is not only helpful - but mandatory. That‘s why I asked for data about your heating experience. Seriously, I fear no one cares about your request, if no one shares your experiences and the problem can not be validated neutrally. Maybe you can point us to other resources where the heating is discussed if you have no data? 

If I got you completely wrong and you just want shell access - well, then I kindly invite you to read this thread again. It‘s all said here already - and it‘s not overly complicated... 😉 

THX!


   
ReplyQuote
(@helmi1987)
New Member
Joined: 4 Jahren ago
Posts: 2
 

Can you give us the pi Password or User and pass for Raspberry ssh login?

Or a other way can you give us a install guide for raspberry with the git repositories.

Thanks for open the eBlocker system. But is it open when we haven't root access?

 

Thanks
helmi1987


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 1980
 

@helmi1987 

Maybe you‘ve overread the post above, which explains everything:

Posted by: @benne

Today eBlocker has no root/ssh access. So there is no password to share. Seriously.

In a team call we discussed the possibility to open eBlocker for root access a few weeks ago. We concluded (100% votes) that most semi talented engineers can gain access with the hint "use the filesystem".

THX!


   
ReplyQuote
(@benne)
Famed Member Admin
Joined: 5 Jahren ago
Posts: 1051
 

@helmi1987 Even everything is said above, I‘m happy to sum up again:

Security of eBlocker users has the highest priority. All traffic passes thru eBlocker and it might even get decrypted - so this is highly sensitive data. So high security for eBlocker is not just a „nice to have“, but a must. A central root password would mean that any eBlocker in the world could be accessed by anyone - which is the opposite of security - not to say a stupidity.

eBlocker is Open Source which means anyone can check how eBlocker is build and add enhancements. Same like a house architect might open all plans to build a house to the public. This does not result that the architect has a key to all houses that are build using his plan nor that there is a master key that is shared among all house owners.

As said above: There is no „door“ build into the plans of the „eBlocker house“. If you feel like having a door for your house: you are very welcome to add it yourself with the lock & key you desire.

Please understand that we can not share details how to build a door as this would result in lots of open and unlocked houses modified by unskilled users. So we rather leave this to experts who are familiar with doors & locks and know how to open and secure them with professional know-how. 

Hopes this helps to understand the difference between Open Source and an Open (= insecure) System a bit better. And I know, the answer might be frustrating but it‘s for the security of all eBlocker users.

Thank you.


   
Random reacted
ReplyQuote
(@helmi1987)
New Member
Joined: 4 Jahren ago
Posts: 2
 

Yes i understand this and i have activate ssh service over the file system.

But the pi user haven't the defaut password.
is it really needed to change the password with initial script, display and keyboard?

Thanks 
helmi1987


   
ReplyQuote
(@superblond)
Active Member
Joined: 3 Jahren ago
Posts: 6
 

@calimero 

Hello experts!

Is it posible for any of you guys to create a doc, screenshots or a vid about gaining root access on RasPi with eBlocker2 and host it somewhere as download?

I am just interessted to setup some backup and auto restart unction s in cron e.g.

Thx a lot for your help!

SB


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 1980
 
Posted by: @benne

Please understand that we can not share details how to build a door as this would result in lots of open and unlocked houses modified by unskilled users. So we rather leave this to experts who are familiar with doors & locks and know how to open and secure them with professional know-how. 

@superblond Maybe you misinterpreted these lines? You are highly invited to read thru the thread before adding to it…😉

Nevertheless, it means that you are welcome to hack eBlocker to get root access, but we will not disclose a „how to“. Any posting in this regard can not be approved. It‘s for the safety of all users! Sorry 🙏

THX!


   
ReplyQuote
(@superblond)
Active Member
Joined: 3 Jahren ago
Posts: 6
 

@random 

Thx for the reply.

No, I didnt misinterpreted or missed the general policy and/or your statements regarding that SSH-Topic. I understand that you do not want to see a tutorial of this kind here in this forum.

But a description of how to get root rights would be quick and easy to find on the Internet by anyone.

So I was writing to motivate some of the other user on expert level to create an How-to and host it somewhere else, for example on YT.

Its not necessary to promote it here, or post a link here, not even to react to my post. Its more like: create a tutorial and publish it somewhere secretly...

I will stop writing about that here & now!

Thanks & Happy new year!

SB


   
ReplyQuote
(@benne)
Famed Member Admin
Joined: 5 Jahren ago
Posts: 1051
 

@superblond 

We kindly ask technically skilled users not to share a „how to get root access“ and responsibly keep this „secret“. This is for the security of all (especially less skilled) users and regardless of the platform intended for sharing.

Thanks very much for acting responsibly 👍

 


   
Faber38 and Random reacted
ReplyQuote

Nach oben scrollen