My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
New issue | Search
for
| Advanced search | Search tips
Issue 77: IPv6 & Logins
1 person starred this issue and may be notified of changes. Back to list
Status:  Accepted
Owner:  ----
Type-Enhancement
Priority-Medium


Sign in to add a comment
 
Reported by troy.telford, Oct 17, 2008 
What steps will reproduce the problem?
1.  Setup IPv6 so that you can use IPv6 over the internet.  (On your router/internet gateway 
machine)
2. AppleTV will automatically obtain a valid IPv6 address if you do #1 properly.
3. SSH into AppleTV from anywhere in the world using the default username/pw 
frontrow:frontrow

What is the expected output? What do you see instead?
I'd like to be able to control logins.  I'm not sure if changing the username/pw is an option; I'm 
currently trying to lock down the sshd_config so that it requires an SSH key; unfortunately, simply 
fixing /etc/sshd_config  doesn't seem to have the desired effect.  Option #2 was to set sshd so it 
would only listen on IPv4 using 'AddressFamily inet'

It's especially bad as 'sudo' works fine... meaning it's more or less a rooted machine sitting on 
the internet.

What version of the product are you using? On what operating system?
atvusb-creator-1.0.b3.zip
appletv software 2.2
Comment 1 by sdavilla, Oct 17, 2008 
This is a disaster waiting to happen. Setup your firewall to not expose the appletv. IPv6 or not, exposing such 
devices on the raw internet is a sure way to become insecure. 

If you really want to do this, look at the akwardtv forums, install openssh and kerberos frameworks and now the 
ssh is like a normal OSX box. Or google for dropbear which is the ssh that gets installed.
Comment 2 by Gabe.McG, Oct 17, 2008 
Hi davilla, glad to see some active development is taking place, and thanks for all 
the hard work.  Any idea if a windows 32bit version of the atvusb-creator utility is 
in the works?
Comment 3 by troy.telford, Oct 17, 2008 
I agree it's a disaster waiting to happen - I did setup the firewall to not expose the AppleTV after filing the bug; 
for that matter, only SSH was allowed in the first place, so closing down the one port and one address wasn't a 
problem.  I can still access it from home.

Sadly, it means I can't mess with anybody at home while I'm at work.

Still, I was under the impression that it was running openssh - what does the patchstick install?
Comment 4 by sdavilla, Oct 17, 2008 
@Gabe.McG -> Watch svn, that's were you can see activity. Windows is maybe this weekend if the microsoft 
gods are kind to me ;)


@troy.telford -> dropbear because of the openssh/kerberos frameworks build issue. I can only legally 
distribute software that I can compile. openssh/kerberos are open source but a pain in the rear to get 
compiling correctly. Until I get the other platform version of atvusb-creator released, I don't have the time to resolve the building issues.

To get at my internal devices, I run a VPN from the outside world to inside. That gets me a single point of 
failure to track and I don't have to worry about the numerous internal devices.
Comment 5 by sdavilla, Oct 22, 2008 
(No comment was entered for this change.)
Status: Accepted
Comment 6 by sdavilla, Nov 03, 2008 
(No comment was entered for this change.)
Labels: -Type-Defect Type-Enhancement
Sign in to add a comment

Hosted by Google Code