由于SSH以及Luci默认采用相同的账户root和密码,因此路由器很容易被别人SSH登录。可以通过修改web与ssh密码独立防止别人SSH登录路由。
1.修改/etc/passwd
添加 admin:x:0:0:root:/var:/bin/false(禁止ssh登录)
修改root用户 root:x:0:0:root:/root:/bin/ash 修改为username:x:0:0:root:/root:/bin/ash
2.修改/etc/shadow
添加 admin:uL5mRlqPSUNNI:17680:0:99999:7:::(admin默认密码)
修改 root:$1$BOL4ILjH$P4Fdbh1cgrDfqDJ19skha0:17666:0:99999:7::: 修改为username:$1$BOL4ILjH$P4Fdbh1cgrDfqDJ19skha0:17666:0:99999:7:::
3.修改/usr/lib/lua/luci/controller/admin/index.lua
将page.sysauth = {“root”}修改为page.sysauth = {“username”}
4.修改rpcd.config
package/system/rpcd/files/rpcd.config
- option username 'root'
- option password '$p$root'
+ option username 'admin'
+ option password '$p$admin'
5.修改/usr/lib/lua/luci/controller/admin/servicectl.lua
将entry({“servicectl”}, alias(“servicectl”, “status”)).sysauth = {“root”}修改为entry({“servicectl”}, alias(“servicectl”, “status”)).sysauth = {“username”}
修改第5条才能通过web后台修改web登录密码;