Tuesday, April 24, 2012

ZyXEL NSA310, Disabling FTP Clear Text Access

NSA310 is a nice NAS with impressive amount of access options. Mainly thanks to Linux which runs it. Besides it is cheap.

There is one caveat: FTP access. While enabling it there is no way to force FTPES mode only. A client can connect either using clear text or SSL.

Forcing NSA310 into FTPES only mode requires some hacking.

First, you need to enable sshd on your box to be able to hack it remotely. Use your web interface to log-in as admin. After that go to the following address (it enables sshd):

https://192.168.15.125/zyxel/cgi-bin/remote_help-cgi?type=sshd_tdc

Now, ssh to your box using root as the username and admin's password.

Go to the following directory:

/usr/local/zy-pkgs/etc/init.d

and create a file named: pureftpd-tweak which contains the folowing code:

#!/bin/sh
CONF=/etc/pure-ftpd.arg
DATA=`cat $CONF`
echo ' -Y 2' $DATA > $CONF
kill `cat /var/run/pure-ftpd.pid`
sleep 1
/usr/local/sbin/pure-ftpd `/bin/cat $CONF`
exit 0

Now tell NSA310 to actually use this file upon boot.
Edit ZYPKG_DEPS file and add the following line in the START-UP section:

/usr/local/zy-pkgs/etc/init.d/pureftpd-tweak

ZYPKG_DEPS should look like this now:

# Dependency for zypkgs

# START-UP (DON'T REMOVE THIS LINE!)
/usr/local/zy-pkgs/etc/init.d/PHP-MySQL-phpMyAdmin
/usr/local/zy-pkgs/etc/init.d/gallery
/usr/local/zy-pkgs/etc/init.d/WordPress
/usr/local/zy-pkgs/etc/init.d/SqueezeCenter
/usr/local/zy-pkgs/etc/init.d/eMule
/usr/local/zy-pkgs/etc/init.d/DyDNS
/usr/local/zy-pkgs/etc/init.d/SMART
/usr/local/zy-pkgs/etc/init.d/BackupPlanner
/usr/local/zy-pkgs/etc/init.d/NFS
/usr/local/zy-pkgs/etc/init.d/Tftp
/usr/local/zy-pkgs/etc/init.d/Syslog
/usr/local/zy-pkgs/etc/init.d/pyLoad
/usr/local/zy-pkgs/etc/init.d/pureftpd-tweak

# SHUTDOWN (DON'T REMOVE THIS LINE!)
/usr/local/zy-pkgs/etc/init.d/pyLoad
/usr/local/zy-pkgs/etc/init.d/Syslog
/usr/local/zy-pkgs/etc/init.d/Tftp
/usr/local/zy-pkgs/etc/init.d/NFS
/usr/local/zy-pkgs/etc/init.d/BackupPlanner
/usr/local/zy-pkgs/etc/init.d/SMART
/usr/local/zy-pkgs/etc/init.d/DyDNS
/usr/local/zy-pkgs/etc/init.d/SqueezeCenter
/usr/local/zy-pkgs/etc/init.d/eMule
/usr/local/zy-pkgs/etc/init.d/gallery
/usr/local/zy-pkgs/etc/init.d/WordPress
/usr/local/zy-pkgs/etc/init.d/PHP-MySQL-phpMyAdmin

Reboot, and that's it.

You can FTPS but not FTP to your box now.

For more information take a look at: ZyXEL Forum and NAS-central.