Login on your dreambox 7025, 800 or 800 without a password

1: Ingredients

Start by downloading what we need. That's not much:

  • PuTTY. I recommend the Windows installer, it includes handy menu items.
  • Just install.

    2: First Logon

    Start PuTTY (from the start menu). PuTTY is also a good telnet client, and if the Dreambox is fresh from its box or you just flashed a new image, SSH will not function because you'll need to set a non-blank password first. So good old telnet is first.

    Pick "telnet" connection type, and enter the address for the dreambox. Before continuing, create and save a PuTTY session first. Type a session name and hit the "Save session" button.

    Now select Open and you'll see the login prompt. Enter "root" to log on.

    Let's create a safe and difficult to guess password. Make it hard, you'll never need to type it again. I think. Us the "passwd" command:

    Don't close this window yet, we'll need it later!

    3: Create a Key

    Next is creating us a key. Run "PuTTYGen" and press the Generate button. Wiggle the mouse until the bar fills up and you'll see a new key appear.

    Press "Save private key" to save the private login key. This is only meant for you - it is not intented to be stored on the dreambox, though you might want to store it on a USB stick for external use, e.g. at work. I'm saving it as C:\MyKey.ppk. No need to store the public key. Also, keep this window open for awhile.

    4: Authenticate the Key

    Next, create the authorized_keys file. In the telnet session from step 2, type:
    mkdir .ssh
    cat > .ssh/authorized_keys

    The promt disappears, and it's waiting for the file contents. Go to the PuTTYgen window from stap 3, and copy the public key part.

    Go back to the PuTTY window and paste the text, by right-clicking inside the window. The key text should appear. Press RETURN to end the input line, and press CTRL-D to close the file (I usually have to hit CTRL-D twice).

    Both windows can be closed now.

    5: My first session

    Restart PuTTY and load the previous session with the Load button. Don't double-click, and don't Open it yet. Change the "telnet" radio button to SSH now. Press Save to save the new setting.

    We wish to log on as "root", select Connection/Data in the tree to the left of the screen. Enter "root" as auto-login username:

    In Connection/SSH/Auth, select the keyfile that we saved to disk in step 3:

    Don't be impatient... First go back to the Session page, at the top, and press Save to store all the new settings. Now hit Open (or enter) and PuTTY should smoothly log on. You'll get a warning that this host is new and not yet trusted. We trust it now.

    Bonus: Access to the WebInterface and more

    SSH also supports "port forwarding". This allows you to "tunnel" other connections, piggy-backing on the SSH connection without the need to configure extra ports on your router.

    Check out Connection/SSH/Tunnels. Here you can tunnel ports from your local machine to the dreambox or any machine it's connected to.

    For each port, enter source and destination in the boxes, and press Add. Leave the radiobuttons on "local" and "auto".
    Source port: 80 -> Destination: localhost:80
    Source port: 8001 -> Destination: localhost:8001
    Source port: 16001 -> Destination: localhost:16001

    If, after opening this session (don't forget to save!), you enter the following URL in your browser: http://localhost/ you'll reach the Dreambox' web interface. By forwarding port 8001 you can also stream services if you have sufficient bandwidth. Port 16001 enables access to CCcam pages.

    No password allowed

    Even safer! You can configure the dreambox to never allow passwords on its SSH interface (telnet will still function). To do this, the dropbear server on the Dreambox needs the -s -g options. To pass these, modify the file /etc/default/dropbear as follows:
    cat > /etc/default/dropbear
    (Ctrl+D to end input)
    To have this take effect, completely reboot the box or kill all dropbear processes (hint: don't try this in an SSH session):
    killall dropbear
    /etc/init.d/dropbear start

    After this, you can still login with SSH, but only with a keyfile.

    Now what?

    Still troubles?

    • You have to set a non-blank password. When the root password is empty, dropbear will refuse any connection, even if you don't allow passwords any longer.