Take apart video.

The best of the bad take apart videos on youtube for the Seagate Central Cloud Storage: http://www.youtube.com/watch?v=zwZwbrVGrTA.

While it is great that this gentlman took the time to tape the process, It would have been awesome if we had got a close-up of the controler board. Does anyone have one open so we can see it?


Remote access on by Default (Seagate Central)

Yet another annoyance for Seagate central users: You can’t permanently disable remote access.

Seagate Central Cloud Storage Devices come with remote access which used UPnP to go arround your firewall. While this may be useful to some users, it could also be a vulnerability for others. It is possible to turn it off temporarily in the web interface for the product, but after every restart, it is back on.

Fix root ssh login vulnerability on Seagate Central Cloud Storage.

Correction Pending. I am only leaving this up to make sure that the truth is out there, whether I am right or not. For the record, I did test this out, and was able to log in as “root” with no password. I am currently attempting to recreate the issue, but the device may have been “in-between” reboots.

By default, the Seagate Central Cloud Storage Series of NAS drives are vulnerable to attack because as shipped, they do not require a password for root. This would not be a “critical” error, if they had not enabled logins from SSH without a password. My next post will be about why I chose to disclose this vulnerability without notifying Seagate first. I will give the short answer: this is a critical error, and would be found by any attacker on the local network segment with this device. With errors, vulnerabilities, and other errors in configuration of either WIFI or firewalls, this would leave any “private” files on the device open to view, and make all data vulnerable to loss. Why the password for root is not set by default is open to interpretation. It is simple “best practice” to set a password for the superuser account. It is also simple “best practice” not to allow the superuser to log in from ssh. These two issues, when shipped together, represent an inexcusable lack of respect for their customers.

The version of the firmware that I tested this on is: 2014.0410.0026-F. I suspect it is also the same for all versions and sizes of this device.

I recommend all users of the Seagate Central Cloud Storage device owners patch their system as follows:

Caution: this procedure is correct to the best of my knowledge, but may not work for all devices and users. The user alone bears responsibility for following my advice and recommendations. Use at your own risk.

Note: To the best of my knowledge, it is not possible to set the “root” users password, and have it remain set after a reboot. While it is possible to use the “passwd” command to set the password once, it will be null after the device is rebooted or loses power.

1) Obtain a secure shell client (ssh). On all modern Linux distributions, this is already done. On windows, download “PuTTY”, which can be found at: http://www.chiark.greenend.org.uk/~sgtatham/putty/. On android phones use “connect bot”. I am not versed in ssh clients for Mac, but I am sure there are several. Use the google.

2) Login to your Seagate Central device using ssh. Use one of the user/passwords you set when you installed your device on its web interface. (you could also login as root with no password, but as this is bad practice, I do not wish to encourage such behavior.)

3) Type “su” at the command prompt. You are now the superuser. You will know this because the character at the end of the prompt changed from “$” to “#”. You can fix or destroy your device with a few keystrokes. Be careful from here on.

4) Use the “nano” editor to change the last line in the file “sshd_config” by typing on the command line: “nano /etc/ssh/sshd_config”. Use the arrow keys to scroll to the bottom of the file.

5) Change the last line from “PermitRootLogin without-password” to “#PermitRootLogin without-password”. Then add a new line below this that reads: “PermitRootLogin no”.

6) Exit nano by pressing the <CTRL> and <X> keys at the same time. At the bottom of the screen, you will be prompted to save the file by typing “yes”. Do so.

7) Reboot your Seagate Central by typing “/sbin/shutdown -r now”. You will be logged out and your device will reboot.

8) Your device will be unavailable while it reboots for several minutes. You can find out when it is ready by using the ping command, or by trying the web interface repeatedly.

9) After the reboot, when you attempt to login using ssh as root, you will be prompted for a password, but as long as there is none set, you will not be able to log in. This will also keep out people with malicious intent for your data.

Enjoy a small improvement in security. -Jim

Share organization and FTP access on the Segate Central Cloud Storage.

More on the Segate Central NAS device:

The device has several shares available after setup in its web interface. By the way, if you do not know it’s IP address, Just browse to “Workgroup”->”Name of the Nas”-> “Public”. Then view the contents of the file: “Manage Seagate Central Central3TB.url”. It is a link for windows users, but linux users will be able to figure it out.

By default, it makes a windows share for:

1) Public: which is accessable by anyone on the network. It has the link mentioned above and three folders: Music, Photos, and Videos. If you put your media in those folders, it is also shared out on DLNA. This folder is also shared out via a Public FTP server (vsFTP).

2) User shares: shares named for each user created in the web interface, and only accessable to the user under the windows “share” permission scheme. You will need to supply the username/password for access.

3) Attached drive folders: Each drive is mounted in a folder and shared out. The drive currently connected to mine and formated with the linux ext3 format is: “usb1-1share1”.

All of these shares can be accessed in the associated directory in the “/share” directory.


Segate Central Personal Cloud Storage

I just bought a “Central” and I love it. It is a good device even if all you want is a cheap NAS. But, it is soo much more.

It comes with linux on it. Segate was smart enough to leave it open for users to shell into. Many companies would not have the same faith.

I bought a 3tb model. I got it on sale at “BestBuy” for $149.99USD.

To gain access, just ssh to the device using what ever user/password you set up in the web interface. Unfortunately, all users have shell access by default, and root is _NOT_ passworded. Just type “su” to gain superuser status.

I do have issues with linux clients. When copying large files, it hangs. I think the drive is spinning down from “inactivty”. I have had similar issues with external drives.

One easy workaround is to simply plug in a drive to the USB 3.0 Plug on the back. After a reboot, my 2TB Segate external drive was mounted in the “/shares” folder. I then coppied the files on the command line. I have a few TB of data to copy so I will let you know how it ends.

I got the idea when I saw the file “/etc/filesystems”:

Which is probably the list of filesystems it is set up to read by default. I had an ext3 formated drive that I was using with a Buffalo DDWRT router. I was also able to mount a 3TB NTFS partition. I have not yet tried an ext4 partition.

I intend to dig some more into this little gem, and post what I find here.