25 May 2012
Permit running mactelnetd as unprivileged user in forwarding mode. New commandline options for MAC-SSH mode, to permit setting of the path for the SSH client executable and for dropping privileges. Permit passing additional parameters to SSH client.
24 May 2012
MAC-Telnet - Reimplementation of MAC-SSH
To facilitate tracking of upstream changes in MAC-Telnet client ( mactelnet ) and server ( mactelnetd ), the MAC-SSH functionality was re-implemented as command line options for MAC-Telnet client and server executables and the macssh and macsshd executables were removed. Once the re-implementation was over, all upstream changes to the code were merged.
Open source MAC Telnet client and server for connecting to Mikrotik RouterOS routers and Linux machines via MAC address.
Based on MAC-Telnet the original work of haakonnessjoen ( Håkon Nessjøen ); forked the upstream version to add forwarding mode for tunneling a TCP connection through MAC-Telnet protocol, and implemented MAC-SSH client and server functionality for tunneling SSH protocol instead of implementing shell interface directly.
The original version implements the following:
- A Linux console tool for connecting to MikroTik RouterOS devices via their Ethernet address.
- Linux daemon that implements the MAC-Telnet server to permit connecting to Linux machines via their ethernet address.
The forked version implements additional functionality for forwarding a TCP connection through the MAC Telnet protocol. The main use case is connecting to Linux machines via their Ethernet address using the SSH protocol for security. Take note that the clients and servers running in the forwarding mode are not compatible with existing MAC-Telnet clients and servers implementing the standard mode of operation.
The forked version of the server supports two modes of operation:
- Standard MAC-Telnet Server Mode
- TCP Connection Forwarding Mode: Tunnels a TCP connection to a local port on the client to a specific local port on the server side through MAC-Telnet protocol. This mode of operation is used for forwarding SSH connections through the MAC-Telnet protocol.
The client supports three modes of operation:
- Standard MAC-Telnet Client Mode
- TCP Connection Forwarding Mode: Tunnels a specific local port on the client to the serverthrough MAC-Telnet protocol.
- SSH Forwarding Mode: Apart from setting up the tunnel, the client takes care of launching the SSH client.
Standart MAC-Telnet Mode [MAC-Telnet Cli] ---UDP---> [MAC-Telnet Srv] TCP Connection Forwarding Mode ---TCP---> [MAC-Telnet Cli] ---UDP---> [MAC-Telnet Srv]---TCP---> SSH Forwarding Mode [SSH Cli] --->TCP---> [MAC-Telnet Cli] ---UDP---> [MAC-Telnet Srv] ---TCP---> [SSH Srv]
The SSH Forwarding Mode has the following advantages in comparison to standard MAC-Telnet:
- The_mactelnet.users_ configuration file is not needed. Instead of maintaining another set of user passwords for MAC-Telnet, the authentication mechanisms implemented ssh are used.
- Public Key Authentication works seamlessly permiting passwordless logins.
- The communication between client and server is encrypyted by SSH.
- The daemon does not require root privileges and can be run by a non-privileged user for additional security. In case the -n option is used, the server or client must be launched as root user, but the_-U_ option can be used to drop privileges once the initial setup phase ends.
- The server relies on the security model of SSH, instead of creating a shell environment itself.
It can be used for initial provisioning and for maintenance purposes in situations where a valid IP configuration is not available.
Might be a useful addition to the rescue mode especially of embedded systems without screens; connecting using MAC-Telnet / MAC-SSH is much more convenient then fetching and connecting a serial cable.
It can be used for initial provisioning of physical and virtual servers and might serve as a rescue system, when the IP configuration of a server gets messed up for any reason.
The original version of the MAC-Telnet has been packaged for Debian GNU/Linux by the original author haakonnessjoen ( Håkon Nessjøen ). You can download the deb packages for the original version from the Downloads Page of the Upstream Project.
You can also get the latest development version of the code by cloning the Git repository for the project by running:
git clone git://github.com/aouyar/MAC-Telnet
The binary packages of the original version of the code can be installed using the packaging tools of the distribution.
Once the source code is cloned or downloaded it can be installed as follows:
$ make all install
Sample upstart configuration files can be found in the config directory of the distribution:
- Use mactelnetd.init for starting / stopping MAC-Telnet in standard mode.
- Use macsshd.init for starting / stopping MAC-Telnet in MAC-SSH mode.
$ mactelnet -h Usage: mactelnet <MAC|identity> [-v] [-h] [-q] [-n] [-l] [-S] [-P <port>] [-t <timeout>] [-u <user>] [-p <pass>] [-c <path>] [-U <user>] Parameters: MAC MAC-Address of the RouterOS/mactelnetd device. Use mndp to discover it. identity The identity/name of your destination device. Uses MNDP protocol to find it. -l List/Search for routers nearby. (using MNDP) -n Do not use broadcast packets. Less insecure but requires root privileges. -t <timeout> Amount of seconds to wait for a response on each interface. -u <user> Specify username on command line. -p <pass> Specify password on command line. -U <user> Drop privileges by switching to user, when the command is run as a privileged user in conjunction with the -n option. -S Use MAC-SSH instead of MAC-Telnet. (Implies -F) Forward SSH connection through MAC-Telnet and launch SSH client. -F Forward connection through of MAC-Telnet without launching the SSH Client. -P <port> Local TCP port for forwarding SSH connection. (If not specified, port 2222 by default.) -c <path> Path for ssh client executable. (Default: /usr/bin/ssh) -q Quiet mode. -v Print version and exit. -h Print help and exit. All arguments after '--' will be passed to the ssh client command.
Establish standard MAC-Telnet session with remote box:
$ mactelnet aa:bb:cc:dd:ee:ff
Forward local port 4001:
$ mactelnet -F -P 4001 aa:bb:cc:dd:ee:ff
Establish SSH connection with remote box:
$ mactelnet -S -u root aa:bb:cc:dd:ee:ff
Establish SSH connection with remote box, forwarding additional ports using SSH Port Forwarding:
$ mactelnet -S -u root aa:bb:cc:dd:ee:ff -- -L8080:127.0.0.1:80 -L443:127.0.0.1:8443
$ mactelnetd -h Usage: mactelnetd [-v] [-h] [-n] [-f] [-S] [-P <port>] [-U <user>] Parameters: -f Run process in foreground. -n Do not use broadcast packets. Just a tad less insecure. -S / -F Forwarding of TCP connections through MAC-Telnet protocol, instead of using the standard MAC-Telnet remote terminal. -P <port> Local TCP port used for forwarding connections to SSH Server. (If not specified, port 22 by default.) -U <user> Drop privileges by switching to user, when the command is run as a privileged user in conjunction with the -n option. Standard MAC-Telnet is not compatible with this option. -v Print version and exit. -h Print help and exit.
Launch MAC-Telnet Daemon for receiving Standard MAC-Telnet protocol connections:
Launch MAC-Telnet Daemon for forwarding connections to local SSH Daemon listening on port 22:
$ mactelnetd -S
Launch MAC-Telnet Daemon for forwarding connections to local SSH Daemon listening on non-standard port 2222:
$ mactelnetd -S -p 2222
$ macping -h Usage: macping <MAC> [-h] [-f] [-c <count>] [-s <packet size>] Parameters: MAC MAC-Address of the RouterOS/mactelnetd device. -f Fast mode, do not wait before sending next ping request. -s Specify size of ping packet. -c Number of packets to send. (0 = unlimited) -h This help.
$ macping aa:bb:cc:dd:ee:ff
Disable firewalls both on the client and server side for testing. Firewalls can block the forwarding of packets with broadcast addresses even when they are not blocking any ports.
The server can be run in the foreground (commanline option: -f) for testing.
The code published on this page is a fork with some experimental features for establishing SSH connections via MAC Address. The additional features have been implemented
by Ali Onur Uyar (aouyar @ GitHub).
MAC-Telnet is copyrighted free software made available under the terms of the GPL License Version 3 or later.
See the file LICENSE that acompanies the code for full licensing information.