Passwords ???

  • Hello,


    Just purchased a DM900 running the latest factory firmware 4.3.1r7-2017-05-23


    Looks a great box.


    But using the GUI, I cannot work out how to change the root password or enter a password for the Enable HTTP Authentication setting - I have attached images of the GUI, but the functionality eludes me ??


    Regards,
    Kev

  • Thanks Jogi - Hmm, I'm now confused ...


    Using putty, I can telnet raw and SSH into the DM900 as user root with NO password.


    I thought the factory defaults were user: root and password: dreambox


    I can see that there is an encrypted root password set in the /etc/passwd file which I assume is dreambox.


    Why did I not need a password to connect via telnet ?
    Should I set a telnet password or not bother?


    And why is the GUI functionality for changing the root password not working ?


    Also, how do I protect the DM900 web server with a password - again the GUI fails to show how to do this.


    Sorry too many questions - any help is gratefully received.


    I hope to get my DM900 to allow me to watch UK & German TV whilst I'm on holiday far away - any tips for that.


    Cheers

  • In E2 images by Dream there has never been a default password. dreambox was used for E1, but never in the E2 age. Thats just an urban legend.
    Set a safe password.

  • I think even an empty password has a hash value in /etc/passwd or /etc/shadows. If you don't trust your local network or want to access the dreambox remotely, a strong password (and the use of HTTPS) is very advisable! If you're just accessing the box via VPN and in a safe network, you might leave the default empty password.


    Regarding the GUI:
    I think there was a bug in the SetPassword plugin if there was no previous password (as by default). So you would need an update. But currently there is no update for the stable (aka release branch). So you might try an unstable image if you want to test this :winking_face:


    However, simply setting the password in Telnet should be the easiest solution for now.


    For the regular Webinterface there should be an authentication setting in Settings -> Network -> Webinterface. You might need to disable the "No authentication for local clients" if you want authentication in your LAN as well.
    I'm not sure if the setting is already available with the release version, but then authentication should be activated with another setting for all clients.


    Regarding streams, there are two different servers. One is the streaming included in the webinterface settings that will let you stream the untouched stream from your tuner.
    The other is the seperate Streaming Server plugin, which can give you a transcoded stream via RTSP and/or HLS.
    As the untouched streams usually need a bandwidth of at least ~5 MBit/s for SD streams and 10+ MBit/s for HD streams, you will probably need to use the streaming server.


    The easiest and most secure way for remote access should be VPN. The problem is that almost no private VPN solution is powerful enough for streaming. The solution for that is to open the corresponding ports in your router for the correct streaming service. But then you should definitively set a password!


    What is your internet connection at home? Especially the upload is relevant. Which router are you using? Which download speed are you expecting for your holidays?

    so long
    m0rphU



    :aufsmaul: Kein Support per PN! :aufsmaul:

    Einmal editiert, zuletzt von m0rphU ()

  • "However, simply setting the password in Telnet should be the easiest solution for now."


    I will create a root password.


    "For the regular Webinterface there should be an authentication setting in Settings -> Network -> Webinterface. You might need to disable the "No authentication for local clients" if you want authentication in your LAN as well.
    I'm not sure if the setting is already available with the release version, but then authentication should be activated with another setting for all clients."


    In Webinterface- Additional Security I have enabled Authentication for local clients. Now when I access the web server I am asked for user and password - I got in by entering user: root and no password - I assume the root password is used for web access.


    "you will probably need to use the streaming server ... What is your internet connection at home? Especially the upload is relevant. Which router are you using? Which download speed are you expecting for your holidays? "


    45Mbit down / 7Mbit up
    Asus RT-AC66U
    Probably around 8Mbit down


    Which streaming profile would you suggest I use?


    I have Hotbird, Astra 1 and Astra 2 channels available via a DiSEqC Switch, and would be happy to watch any free SD channel whilst abroad on Smartphone/DreamDroid and Windows laptop/Browser. Just need to ensure I never send a Shutown command !


    Many thanks for your help.

  • Zitat

    Original von KevJames
    In Webinterface- Additional Security I have enabled Authentication for local clients. Now when I access the web server I am asked for user and password - I got in by entering user: root and no password - I assume the root password is used for web access.


    Correct. If you know how, you might try to create a new user. But by default there is only root and root will always be allowed to access the Webinterface.


    The Streaming server has its own credential system, so you will need to set user and passwort yourself there and not use root.


    Zitat

    Original von KevJames45Mbit down / 7Mbit up
    Asus RT-AC66U
    Probably around 8Mbit down


    Which streaming profile would you suggest I use?


    I'd try the one Medium or High one. These have already HD ready resolution.


    Then you will need to make port forwarding in your Asus router for UDP Port 554 (RTSP). I'm not sure if you can enable authentication with HLS (TCP Port 8080) so I wouldn't forward this publicly.
    Another good way to add a tiny bit of extra security is to change the externally forwarded port to some high, random number, as port scanners will definitely include 8080 and maybe even 554. You will just need to edit the player settings and URLs. Only the internal port needs to match.

    so long
    m0rphU



    :aufsmaul: Kein Support per PN! :aufsmaul:

  • I'm not sure if it is advisable to use the same port for both services, but in general that looks good! In Dreamdroid or other apps you will need to set the external ip (or a dyndns hostname) with the port for https and the one for rtsp streaming.


    Don't forget to set passwords and activate authorization before saving the port forwarding :winking_face:

    so long
    m0rphU



    :aufsmaul: Kein Support per PN! :aufsmaul:

  • OK the only way I can make it work is by using the attached config - using any other ports causes the RTSP streaming to fail in DreamDroid with a "Playback failed" error.
    I double checked that my two chosen port numbers were open using online checkers - but still I got "Playback failed" errors.


    I'm still testing using my Samsung Note 4 running in 3G and 4G.


    Also I'm using a Windows 10 laptop running Dreambox WebControl with the"EnableEncoder" setting checked. I had to create a new Firefox config entry "network.protocol-handler.expose.rtsp" to make VLC understand the RTSP URL - BUT then I have to enter the user and password every time I change channels.


    Is there a more user friendly way of viewing the Dreambox transcoded streams on a laptop?