Credit for this goes to Packetstormer, and I wasnt sure in which section to post it, but it was written in the context for a dreambox so thats where I posted it
I wrote this for another site a couple of years back but it still works and might be useful for anyone concerned with opening SSH from your Satbox to the internet. With this setup you can safely connect to your receiver across the internet and tunnel TCP ports onto your LAN (this might include remote desktop connections, HTTP (to your WEBINF or Media Server), telnet, streaming protocols and of course any sharing ports for OSCAM/CCCam etc).
I do have DDNS account but for backup I use a small script to email/FTP me my external IP address daily so I can always connect from where ever I am.
Telnet to the Dreambox and login as the root user.
If you have not already done so type: passwd and enter a new root password
type cd /home/root
type mkdir .ssh
Next, leave the Telnet session open and jump to you browser and download PuttyGen (httx://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).
Run PuttyGen, enter a passphrase* and click the Generate button. Move the mouse around the screen to randomly generate your key
NOTE: You don't have to use PuttyGen to generate your key, you can use other usual methods such as the CLI on the DM and run dropbearconvert. PuttyGen is by far the easiest
Once PuttyGen has finished generating the key click the "Save Private Key" button and save the ppk file to a safe location - you will need this later to connect via SSH
Jump back to telnet session you have open and type cat > /home/root/.ssh/authorized_keys
When you press enter the screen will jump to the next line and wait for text to be inputted
From the PuttyGen app select all of the private key and then copy
Right click inside the telnet session to paste the contents of the key
Press Return the CTRL+D to exit from the command
Type cat /home/root/.ssh/authorized_keys and check the output to make sure the key pasted correctly.
You can now test the connection - try Putty from Windows making sure you select the SSH->Auth option and pointing the app to the private key you saved away earlier
At this stage you should get connected and prompted for the passphrase you setup earlier.
If the connection works correctly you may now want to disable SSH from accepting any connects that don't use key authentication. This will not effect your telnet connection
From you Windows/Linux box ftp to the Dreambox
cd /etc/init.d
bin (this isn't needed if you are connecting from Linux)
hash
get dropbear
Exit the ftp session
Copy the dropbear file to another file as a backup then open the dropbear file in an editor, I used WinVi
Find the line "DROPBEAR_EXTRA_ARGS=" and make it look like the next line
DROPBEAR_EXTRA_ARGS="-s -g"
Save the file and ftp it back to the Dreambox to the same location
Telnet into the Dreambox and issue this command: /etc/init.d/dropbear restart
You should now configure your ISP router to only allow SSH to your Dreambox, disabling Telnet, HTTP etc.
You can now securly SSH into the Dreambox and tunnel any traffic you might need through the connection.
None of the above changes will change any Telnet session and you should still be able to Telnet from within your LAN
NOTE: If you are using Linux (as I do) you will need to convert the Dropbear private key for OpenSSH use.
* You don't (and may not want) to give the private key a passphrase. While passphrases add an extra layer of security they can get in the way of automated tasks and some ssh-agents don't like them very much!
