If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 08/05/2018 15:57, dennis@home wrote:
On 08/05/2018 14:03, Chris Green wrote: What doesn't FTP allow you to do that you want to do? You can get 'file explorer' like GUIs that use FTP. The op doesn't actually say what NAS he has but.. https://wiki.debian.org/InstallingDe.../PersonalCloud gives instructions for putting linux on some Seagate NAS boxes. Then he has multiple options if it works or buying a synolgy NAS if it doesn't. The model of mine is SRN01C - which does not appear to be one of the supported models. -- Cheers, Roger ____________ Please reply to Newsgroup. Whilst email address is valid, it is seldom checked. |
Ads |
#17
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 08/05/2018 08:22, The Natural Philosopher wrote:
On 07/05/18 23:12, Roger Mills wrote: Seagate provided a facility whereby you could log on at access.seagate.com and access the files on your NAS. ... ... They have taken down their server, and withdrawn support for the Tappin app on portable devices. Yes, it seems like it really has gone already: C:\TEMPping access.seagate.com Pinging seagateaccess.tappin.com [208.89.184.225] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 208.89.184.225: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), They apologise for any inconvenience caused(!) and assure me that my data is quite safe - but can only be accessed from within my own network. So, as others have suggested, you need think about how to gain access across your own router. My router supports Game and Application Sharing - which permits me (for example) to associate a PPTP server with my Seagate NAS so that - in theory - anything coming in on port 1723 goes to the NAS. Problem is that all such connects are refused! Probably need to open up the firewall on the NAS as well as the one on the router. If I log on to the NAS's web interface, it offers me 'Services' of "Remote Access", "Seagate Media", "DLNA" and "iTunes". The first two of these are no longer supported and the last two only work on the same LAN as the NAS. So you're going to have to hack into the NAS, which means that probably you'd've done better to post to a Linux NG, but see some suggestions below anyway. I've no idea what OS the NAS uses - probably some flavour of Unix/Linux Almost certainly an embedded version of Linux. but it's pretty thoroughly locked down with no ready access to it. Apparently at one time not securely locked down at all: https://www.slashgear.com/seagate-na...hole-08402370/ Oh dear! For starters, try telnet from the relative security of your own LAN! I *can* FTP to the NAS but that doesn't seem to allow me to do much. Obviously there is a way in, but its not well advertised. Yes, apparently use telnet! It the tappin crap was supposed to work behind a firewall with no especial configuration, that strongly implies that the NAS istself sets up and maintains a permanent connection to some seagate cloud. Bit like skype does Possibly, but that can be disabled now, if the OP can get into the box. Now if that is the case you wont be able to use that partucular backdoor. Unless he subverts it in some way. I would try scanning the NAS ports to see which are active. My guess is that ssh might be open. If its bog standard linux on the NAS. Try using PUTTY to connect to it. If that works you can use sftp and its chumsÂ* if you redirect port 22 to the NAS. Given that telnet may be able to gain access, I would advise starting with that. It is not beyond the bounds of reason either to set up port redirection for SMB services on the router so you can actually mount the NAS across the internet. TCP ports 139 and 445 and UDP ports 137 and 138 should be redirected to the NAS box. Why would he need Samba/SMB? He makes no specific mention of Windows devices requiring remote access, only media files, so presumably a mobile or a tablet, Mac or Android, which are both Linux. Obviously you wont be able to 'scan' for the NAS across the internet, so you will have to know ip address and tell whatever ****e MS uses to display shares *for that server*. Or better still use NET USE to mount the device as a drive etc No, no! He doesn't seem to need this at all. NET USE is a (very old legacy) Windows command to mount a network share as a drive letter. These days, he wouldn't even need this to connect from a Windows machine. W9x or older used it, but since 2K+, in fact I suspect even NT3+, Windows PCs have been able to connect directly using the protocol: \\Server\Share It's not very secure though, but I myself have done this years ago as proof of concept. I suspect the way forward is to tunnel, but, although I understand the principles involved, I'm not familiar with the practicalities of this. Back to the OP: There are two stages involved in customising/hacking such devices: 1) Gaining access, it sounds as though telnet might work, so try that first, but failing that, see the next link below. 2) Finding a workable method of subverting the boot process to apply the desired customisations. Others already may have done some or all of this work for you. I haven't read the following, but the equivalent Zyxel section was very helpful to me: http://www.nas-central.org/wiki/Seagate_Central Although the following apply to different devices, if you want brief descriptions of how the above two stages are attained in practice, together with some example scripts, see also: http://www.macfh.co.uk/Test/QNAPNMP1000.html http://www.macfh.co.uk/Test/ZyxelNSA221.html Also, although it's probably a bit late for you, for future reference, the moment I buy anything like this I go online and download and save locally everything related to it that there is the remotest possibility that I could ever need - PDF Manuals, firmware upgrades, instructions for hacking into, files required to do so, etc, etc. Here are some links to things that might still prove useful to you: Manual: https://www.manualsearcher.com/seaga...-srn01c/manual https://www.seagate.com/files/www-co...r-guide-us.pdf http://knowledge.seagate.com/article...S/FAQ/005532en The above from: https://duckduckgo.com/?t=palemoon&q=Seagate+SRN01C+NAS |
#18
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 08/05/2018 08:22, The Natural Philosopher wrote:
On 07/05/18 23:12, Roger Mills wrote: Seagate provided a facility whereby you could log on at access.seagate.com and access the files on your NAS. That may well have employed some sort of dynamic DNS for those needing it - but that isn't the issue. They have taken down their server, and withdrawn support for the Tappin app on portable devices. They apologise for any inconvenience caused(!) and assure me that my data is quite safe - but can only be accessed from within my own network. My router supports Game and Application Sharing - which permits me (for example) to associate a PPTP server with my Seagate NAS so that - in theory - anything coming in on port 1723 goes to the NAS. Problem is that all such connects are refused! If I log on to the NAS's web interface, it offers me 'Services' of "Remote Access", "Seagate Media", "DLNA" and "iTunes". The first two of these are no longer supported and the last two only work on the same LAN as the NAS. I've no idea what OS the NAS uses - probably some flavour of Unix/Linux - but it's pretty thoroughly locked down with no ready access to it. I *can* FTP to the NAS but that doesn't seem to allow me to do much. Hmm. A pretty problem. Obviously there is a way in, but its not well advertised. It the tappin crap was supposed to work behind a firewall with no especial configuration, that strongly implies that the NAS istself sets up and maintains a permanent connection to some seagate cloud. Bit like skype does Now if that is the case you wont be able to use that partucular backdoor. I would try scanning the NAS ports to see which are active. My guess is that ssh might be open. If its bog standard linux on the NAS. Try using PUTTY to connect to it. If that works you can use sftp and its chums if you redirect port 22 to the NAS. It is not beyond the bounds of reason either to set up port redirection for SMB services on the router so you can actually mount the NAS across the internet. TCP ports 139 and 445 and UDP ports 137 and 138 should be redirected to the NAS box. Obviously you wont be able to 'scan' for the NAS across the internet, so you will have to know ip address and tell whatever ****e MS uses to display shares *for that server*. Or better still use NET USE to mount the device as a drive etc It's not very secure though, but I myself have done this years ago as proof of concept. Thanks for your comments. I have made *some* progress with FTP. There are two shares on the NAS - a public one which accepts an anonymous ftp connection, and a private one which requires a username and password. I can point my AceFTP PRO client at either of these, and see the folders and files. That's from within my own network, of course. I've done a port scan, and found a number of ports open: 22 OpenSSH 110 ? 139 Samba 143 ? 443 OpenSSL 445 Samba (again) 548 Netatalk 993 ? 995 ? Do any of these look promising as a means of getting remote access to my files? If so, which ones, and what client software/apps would I need to use on (a) Windows and (B) Android? -- Cheers, Roger ____________ Please reply to Newsgroup. Whilst email address is valid, it is seldom checked. |
#19
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
Roger Mills wrote:
On 08/05/2018 08:22, The Natural Philosopher wrote: On 07/05/18 23:12, Roger Mills wrote: Seagate provided a facility whereby you could log on at access.seagate.com and access the files on your NAS. That may well have employed some sort of dynamic DNS for those needing it - but that isn't the issue. They have taken down their server, and withdrawn support for the Tappin app on portable devices. They apologise for any inconvenience caused(!) and assure me that my data is quite safe - but can only be accessed from within my own network. My router supports Game and Application Sharing - which permits me (for example) to associate a PPTP server with my Seagate NAS so that - in theory - anything coming in on port 1723 goes to the NAS. Problem is that all such connects are refused! If I log on to the NAS's web interface, it offers me 'Services' of "Remote Access", "Seagate Media", "DLNA" and "iTunes". The first two of these are no longer supported and the last two only work on the same LAN as the NAS. I've no idea what OS the NAS uses - probably some flavour of Unix/Linux - but it's pretty thoroughly locked down with no ready access to it. I *can* FTP to the NAS but that doesn't seem to allow me to do much. Hmm. A pretty problem. Obviously there is a way in, but its not well advertised. It the tappin crap was supposed to work behind a firewall with no especial configuration, that strongly implies that the NAS istself sets up and maintains a permanent connection to some seagate cloud. Bit like skype does Now if that is the case you wont be able to use that partucular backdoor. I would try scanning the NAS ports to see which are active. My guess is that ssh might be open. If its bog standard linux on the NAS. Try using PUTTY to connect to it. If that works you can use sftp and its chums if you redirect port 22 to the NAS. It is not beyond the bounds of reason either to set up port redirection for SMB services on the router so you can actually mount the NAS across the internet. TCP ports 139 and 445 and UDP ports 137 and 138 should be redirected to the NAS box. Obviously you wont be able to 'scan' for the NAS across the internet, so you will have to know ip address and tell whatever ****e MS uses to display shares *for that server*. Or better still use NET USE to mount the device as a drive etc It's not very secure though, but I myself have done this years ago as proof of concept. Thanks for your comments. I have made *some* progress with FTP. There are two shares on the NAS - a public one which accepts an anonymous ftp connection, and a private one which requires a username and password. I can point my AceFTP PRO client at either of these, and see the folders and files. That's from within my own network, of course. I've done a port scan, and found a number of ports open: 22 OpenSSH 110 ? 139 Samba 143 ? 443 OpenSSL 445 Samba (again) 548 Netatalk 993 ? 995 ? Do any of these look promising as a means of getting remote access to my files? If so, which ones, and what client software/apps would I need to use on (a) Windows and (B) Android? I'm thinking you want to work your network foo on Port 22. https://serverfault.com/questions/74...-does-sftp-use "As SFTP runs as a subsystem of SSH it runs on whatever port the SSH daemon is listening on" "SFTP transfers all data over the SSH connection. No additional port is used." Paul |
#20
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 09/05/2018 19:42, Paul wrote:
Roger Mills wrote: I have made *some* progress with FTP. There are two shares on the NAS - a public one which accepts an anonymous ftp connection, and a private one which requires a username and password. I can point my AceFTP PRO client at either of these, and see the folders and files. That's from within my own network, of course. I've done a port scan, and found a number of ports open: 22 OpenSSH 110 ? 139 Samba 143 ? 443 OpenSSL 445 Samba (again) 548 Netatalk 993 ? 995 ? Do any of these look promising as a means of getting remote access to my files? If so, which ones, and what client software/apps would I need to use on (a) Windows and (B) Android? I'm thinking you want to work your network foo on Port 22. https://serverfault.com/questions/74...-does-sftp-use "As SFTP runs as a subsystem of SSH it runs on whatever port the SSH daemon is listening on" "SFTP transfers all data over the SSH connection. No additional port is used." Paul Thanks. I had come to the same conclusion - and have made *some* progress using sftp on Port 22, but still have a way to go. As noted before, when connecting tom the NAS from within my own network, I can use bog-standard FTP on Port 21. I can access the Private share on the NAS by supplying the correct username and password, and can access the Public share by using an anonymous logon. In order to access the NAS from outside my network (Android tablet using Android phone-generated hotspot) using sftp, I have told my router to assign port 22 to the NAS. I can then access the Private share ok, by supplying the username and password. But I'm stuck with the Public share. I haven't found any way of using sftp anonymously, so I can't get in. I've tried several Android sftp client apps - the most promising one being AndFTP - but to no avail. Any ideas? -- Cheers, Roger ____________ Please reply to Newsgroup. Whilst email address is valid, it is seldom checked. |
#21
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
Roger Mills wrote:
On 09/05/2018 19:42, Paul wrote: Roger Mills wrote: I have made *some* progress with FTP. There are two shares on the NAS - a public one which accepts an anonymous ftp connection, and a private one which requires a username and password. I can point my AceFTP PRO client at either of these, and see the folders and files. That's from within my own network, of course. I've done a port scan, and found a number of ports open: 22 OpenSSH 110 ? 139 Samba 143 ? 443 OpenSSL 445 Samba (again) 548 Netatalk 993 ? 995 ? Do any of these look promising as a means of getting remote access to my files? If so, which ones, and what client software/apps would I need to use on (a) Windows and (B) Android? I'm thinking you want to work your network foo on Port 22. https://serverfault.com/questions/74...-does-sftp-use "As SFTP runs as a subsystem of SSH it runs on whatever port the SSH daemon is listening on" "SFTP transfers all data over the SSH connection. No additional port is used." Paul Thanks. I had come to the same conclusion - and have made *some* progress using sftp on Port 22, but still have a way to go. As noted before, when connecting tom the NAS from within my own network, I can use bog-standard FTP on Port 21. I can access the Private share on the NAS by supplying the correct username and password, and can access the Public share by using an anonymous logon. In order to access the NAS from outside my network (Android tablet using Android phone-generated hotspot) using sftp, I have told my router to assign port 22 to the NAS. I can then access the Private share ok, by supplying the username and password. But I'm stuck with the Public share. I haven't found any way of using sftp anonymously, so I can't get in. I've tried several Android sftp client apps - the most promising one being AndFTP - but to no avail. Any ideas? The user manual doesn't hint at any controls being available, so a Zen-like "it is what it is", is all I can manage as an answer :-) If you forward the FTP port... you'll be sorry :-) So that's not the answer. Paul |
#22
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
Roger Mills wrote:
On 09/05/2018 19:42, Paul wrote: Roger Mills wrote: I have made *some* progress with FTP. There are two shares on the NAS - a public one which accepts an anonymous ftp connection, and a private one which requires a username and password. I can point my AceFTP PRO client at either of these, and see the folders and files. That's from within my own network, of course. I've done a port scan, and found a number of ports open: 22 OpenSSH 110 ? 139 Samba 143 ? 443 OpenSSL 445 Samba (again) 548 Netatalk 993 ? 995 ? Do any of these look promising as a means of getting remote access to my files? If so, which ones, and what client software/apps would I need to use on (a) Windows and (B) Android? I'm thinking you want to work your network foo on Port 22. https://serverfault.com/questions/74...-does-sftp-use "As SFTP runs as a subsystem of SSH it runs on whatever port the SSH daemon is listening on" "SFTP transfers all data over the SSH connection. No additional port is used." Paul Thanks. I had come to the same conclusion - and have made *some* progress using sftp on Port 22, but still have a way to go. As noted before, when connecting tom the NAS from within my own network, I can use bog-standard FTP on Port 21. I can access the Private share on the NAS by supplying the correct username and password, and can access the Public share by using an anonymous logon. In order to access the NAS from outside my network (Android tablet using Android phone-generated hotspot) using sftp, I have told my router to assign port 22 to the NAS. I can then access the Private share ok, by supplying the username and password. But I'm stuck with the Public share. I haven't found any way of using sftp anonymously, so I can't get in. I've tried several Android sftp client apps - the most promising one being AndFTP - but to no avail. Any ideas? I don't know *how* to do it, but I think that you need to set up smb.conf so that the public share accepts your login credentials as a synonym for anonymous/guest access. This creates no extra security risk and I think it only needs a fairly simple user alias statement. But my memory is hazy. -- Roger Hayter |
#23
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On Sat, 12 May 2018 22:47:43 +0100, Roger Mills
wrote: On 09/05/2018 19:42, Paul wrote: Roger Mills wrote: I have made *some* progress with FTP. There are two shares on the NAS - a public one which accepts an anonymous ftp connection, and a private one which requires a username and password. I can point my AceFTP PRO client at either of these, and see the folders and files. That's from within my own network, of course. I've done a port scan, and found a number of ports open: 22 OpenSSH 110 ? 139 Samba 143 ? 443 OpenSSL 445 Samba (again) 548 Netatalk 993 ? 995 ? Do any of these look promising as a means of getting remote access to my files? If so, which ones, and what client software/apps would I need to use on (a) Windows and (B) Android? I'm thinking you want to work your network foo on Port 22. https://serverfault.com/questions/74...-does-sftp-use "As SFTP runs as a subsystem of SSH it runs on whatever port the SSH daemon is listening on" "SFTP transfers all data over the SSH connection. No additional port is used." Paul Thanks. I had come to the same conclusion - and have made *some* progress using sftp on Port 22, but still have a way to go. As noted before, when connecting tom the NAS from within my own network, I can use bog-standard FTP on Port 21. I can access the Private share on the NAS by supplying the correct username and password, and can access the Public share by using an anonymous logon. As you noted, FTP includes the concept of anonymous login. However, SFTP (which is part of the SSH suite) has no such thing as anonymous login. With SSH (and of course SFTP), all access starts with properly logging into a specific account. There are workarounds, usually involving replacing a security module on the SSH server so that all logins, no matter what, are allowed, but that would be a security hole of large proportions. In order to access the NAS from outside my network (Android tablet using Android phone-generated hotspot) using sftp, I have told my router to assign port 22 to the NAS. I can then access the Private share ok, by supplying the username and password. But I'm stuck with the Public share. I haven't found any way of using sftp anonymously, so I can't get in. I've tried several Android sftp client apps - the most promising one being AndFTP - but to no avail. Any ideas? I would say you should create or use a 'private' account on the NAS as if it were public, meaning just share the password for that account and put the public stuff there. -- Char Jackson |
#24
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 12/05/2018 22:47, Roger Mills wrote:
Any ideas? Get a pi zero w and setup a VPN so your NAS appears as a local devices when you log in from the internet. You can set the firewall to only allow access to the NAS if you want. They cost about £17 with a PSU. You could even put your NAS disk in a USB case and use the pi as a NAS server if speed isn't a problem. |
#25
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 13/05/2018 09:25, dennis@home wrote:
On 12/05/2018 22:47, Roger Mills wrote: Any ideas? Get a pi zero w and setup a VPN so your NAS appears as a local devices when you log in from the internet. You can set the firewall to only allow access to the NAS if you want. They cost about £17 with a PSU. You could even put your NAS disk in a USB case and use the pi as a NAS server if speed isn't a problem. Many routers have built in VPN servers - and for that matter can share a USB HDD over the network. The Pi may not be needed at all. SteveW |
#26
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 13/05/2018 13:57, Steve Walker wrote:
On 13/05/2018 09:25, dennis@home wrote: On 12/05/2018 22:47, Roger Mills wrote: Any ideas? Get a pi zero w and setup a VPN so your NAS appears as a local devices when you log in from the internet. You can set the firewall to only allow access to the NAS if you want. They cost about £17 with a PSU. You could even put your NAS disk in a USB case and use the pi as a NAS server if speed isn't a problem. Many routers have built in VPN servers - and for that matter can share a USB HDD over the network. The Pi may not be needed at all. SteveW Most routers are full of bugs and security holes so I wouldn't trust them. What was the last time you got a security fix for your router? |
#27
|
|||
|
|||
Seagate abandon remote access to their 'Central' NAS
On 13/05/2018 21:05, dennis@home wrote:
On 13/05/2018 13:57, Steve Walker wrote: On 13/05/2018 09:25, dennis@home wrote: On 12/05/2018 22:47, Roger Mills wrote: Any ideas? Get a pi zero w and setup a VPN so your NAS appears as a local devices when you log in from the internet. You can set the firewall to only allow access to the NAS if you want. They cost about £17 with a PSU. You could even put your NAS disk in a USB case and use the pi as a NAS server if speed isn't a problem. Many routers have built in VPN servers - and for that matter can share a USB HDD over the network. The Pi may not be needed at all. SteveW Most routers are full of bugs and security holes so I wouldn't trust them. What was the last time you got a security fix for your router? I've had 3 updates to its firmware in the last 2 years. SteveW |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|