Remote Command & Control for Dreambox

[Digital.Diablo]

Are there any remote command and control applications available for the Dreamboxes? The reason I ask is that a few friends and family are interested in using the DM boxes as freeview/freesat style boxes on my recommendations of price & features. However, as they're not Linux aware nor that technically competent, they're likely to need regular support/assistance for updating channel lists, managing epg settings e.t.c, which will likely fall to me.

As they're all over the UK, its unfeasible for me to visit them, and I understand that VPN clients arn't very good/reliable/working for the DM boxes? Don't think an open port/dyndns is a suitable solution because I am likely to end up overseeing 5+ boxes and I don't have access to their routers, and the security issues could end up being an even greater problem than the management.

Two options I've thought of if there aren't any prebuilt apps:
1) Configuring each box with a reverse SSH tunnel, either always on or runnable via a yellow button option.
2) Configuring a cron job and associated script that can pull down a config set on a scheduled basis, extract and install it.

I have an Internet facing server that I have full control over as the 'management' server, but Id like to see others opinions for making my life easy.

 

[Analoguesat]

If you want an easy life give them Freesat boxes. They are idiot proof and auto update.

Linux boxes are far too easy to fiddle with and bugger up. What happens when someone changes the network settings on one of the boxes? You cant dial in to fix it.

Installer dale094 installs them and made a comment recently that hes forever going back to folks houses to reinstall things because someone has pressed something they shouldnt have done.

 

[deleted]

Totally agree with Analoguesat, If you want an easy life then freesat box , As you know linux boxes are all too easy to access the wrong buttons downloads etc , which will probably make life miserable for you.

 

[shumifan50]

Taking note of the above comments!

You can open SSH port on their router and get in that way.
You can also do a limited amount through the web interface.
But to gain full control you would have to open too many ports and would expose the box to the web and it will only be a matter of time before it is hacked.
The Linux boxes are REALLY for hobbiests, not appliances.

 

[td03-5]

Hi @Digital.Diablo,

If you do want the hard life and a bit of grey matter stirring fun!
It is only necessary to open one port on the router for SSH and then tunnel to all other ports on the Dreambox through this one secure/encrypted link. I see little vulnerability to attack.
With Telnet, FTP, HTTP ports open directly, yes, way too open.
However you can access all of those through SSH tunneling using Dropbear.
I have done this on a Gemini 4.70 image on my DM7000S:
http://www.satellites.co.uk/forums/...72686-remotely-login-dreambox.html#post918566
and more recently on an EDG Nemesis 4.4 image:
http://www.satellites.co.uk/forums/dreambox7000/183029-winscp-error-127-a.html#post953869

Other boxes should be similar.
The Enigma Webif, Telnet, FTP (as SFTP), plus access to EMU/Cam admin are all available securely through the one SSH port. However make sure to use a high numbered obscure port and not 22 in order to distract any attention (even though RSA Key security would foil it).

Best wishes, John.

 

[Digital.Diablo]

Thanks for the comments guys. I've tested Reverse SSH tunnelling from the dreambox into a remote server, but its not stable, and if the connection is dropped, it doesn't resume. So I couldn't use it for automated C&C. At best, it would have to be either a yellow button script or a nightly cron job for example.

I take on board the comments that DMs are very easy to break (I've had to factory reset myself a few times whilst I've been experimenting). Im wondering now if its possible to disable 'dangerous' menu items. Id be looking at deploying a custom image to each box if I did go down this route, so I could keep them all at the same config/spec.

I accept at present, its not feasible. However, I think as a project, I may look at developing something which may be of use to myself and the community. If Sky can do it on their crappy Amstrad boxes, it must be possible for us to do it with our 'advanced' computers ;)

 

[td03-5]

Hi @Digital.Diablo,

You seem to be on-the-ball!! I'm still in the process of testing Dreambox to server SSH Tunneling. I didn't have a server, so my little Asus EeePC 700 has become one! (!_!)
What exactly were the stability problems you experienced?
I was assuming you would be using a Yellow Button (Yellow on Gemini anyway) Plugins Script (which could also easily be run by a simple Crond job). I've written a Plugin Script which establishes an SSH session from Dreambox to Asus and then uses tunneled http/wget to fetch a file from the Asus and install it on the Dreambox. The main amount of time for me, was spent getting the Asus side working. All OK now and final tests to be carried out tonight. (Worked fine this morning between the EeePC 900 I'm using now and the EeePC 700 at home).

I already have Crond running on my DM7000S with an overnight reboot (and re-sleep) script that I wrote some time ago, so adding another job would be no problem.

So long as there is no pressure to provide TV for other people on an 'always available' basis, these Linux boxes are good fun.

Not sure which particular things you would want to disable but I'm sure most things are possible!

Best wishes, John.

 

[Digital.Diablo]

I've been doing a bit of work on this, not because I should, but because I want to I'm a stickler for punishment.
CronD seems to be the way to go, fetching an update script on a regular basis, processing any changes then doing any reboots as required.

One issue that I've got though is being able to identify a box uniquely. What I'd like to do is say, if this box has x serial number then apply y update. However, the only unique identifier I can really find is the mac address of the NIC, and well, some boxes I'm experimenting with are clones and as such may not have unique mac's.

I thought about getting a CPU ID or tuner serial number or something like that, but cat'ing through the /proc devices doesn't seem to reveal anything useful. No-one seems to have an ipkg build of dmidecode/lshw or any of the other hw info tools that I can find, so wondering if anyone knows of something in the box I can query to get a unique ID. I supposed I could load a UUID into each box, but then there's a risk of this being wiped during an upgrade or error. At least with something hardware based, I could just rerun a 'firstrun.sh' script and scriptomagically reidentify the box.

 

[td03-5]

Hi @Digital.Diablo,

You would seem to have a very large and widespread 'family'!
Are you sure this is not a commercial venture?

I now have Dropbear SSH working, into/out of and between Dreamboxes in different locations but it does not require the level of management and control that you are suggesting!!

Best wishes, John.

 

[Digital.Diablo]

Not exactly LoL. I've got access to 3 boxes locally, a 500, 600 and 800. I've also got the ability to tinker with another 500 and 800 remotely. I'm writing a PHP/MySql web app to manage it all, and I intend to opensauce it once its in a workable state, so might as well start off with a design that can support a large number boxes, as later on down the line, someone else will want/need to do it, whether for good or bad.

I have 'discovered' the 'secondstage' bootloader, at least on the 800, which has a serial number electronically within. If I can find where to query this from, I think I could be onto a winner. This then opens up the scope to do so many things automagically rather than having to 'pre-code' them or whatever. The Dreambox equivalent of HP-OpenView ;)

 

[tomthebomb1968]

I have been using teamviewer to remotely set up and maintain my mum n sisters boxes. Does the job fine for me who aint too networking savvy.

 

[hakalati]

Hello Digital.Diablo! Have you make this reverse ssh work? I was thinking to use my vu+ solo2 box with reverse ssh connection because of internet providers NAT. Port opening is not possible at the moment. So all information is welcome to me. Thanks!

 

[Analoguesat]

D-D hasnt been active on the forum since July 2011, so Im afraid its unlikely you will get an answer from him/her.