Secure Access To Your DSL Modem’s Telnet (telnet / ssh)
I have one of those crappy DSL modems that all these ISPs give to you with the connection. My ISP is Airtel and the modem that I have is Beetel 110-BXi (They also have other models like 220-BX and 220 BXi). One thing common among all these modems is that they do not provide secure access like Secure Shell (ssh) as all they provide is ftp/telnet/http etc which are all clear text protocols. Hence, it is a huge security risk to expose these interfaces to the internet and then access them from outside. So, I (and most others) don’t allow these services to be accessed from WAN. But I do have the need some time to access it. So, what do I do? I follow a simple process to allow myself a pseudo-ssh or telnet picggy-backed over ssh connection. How is that?
Well, I have an excellent wi-fi router (Asus WL-500W) that does have ssh (which I have configured to listen on, say, port XXXX). Now all I do is:
Disable telnet access to modem from WAN but enable from LAN.
Forward this particular port XXXX in modem’s configuration to the router’s IP.
Optional: Register for a dynamic dns account (e.g. dyndns.org) and update the same in modem’s config so I can access my modem through a domain name since I have a dynamic IP which changes all the time.
Now, ssh to my external (WAN) IP from outside (say from work). Since, the port is forwarded to my router, it the router that answers my ssh request.
After logging in to my router, simply telnet to the modem using its LAN IP and configure away.
Simple, isn’t it? I would advise you all to make a similar setup for yourself as well, if possible, rather than taking risks of unsecure access.