Setting a random password for guest wifi

[RoutNew36]

You won't find the 'Enable Scripts/Configs option' .....unless you upgrade to Firmware 378.50

That's explained the missing point. Thanks.
Is there a way in 376.49_5,too?
Just asking because this Version is so stable.

 

[Martineau]

That's explained the missing point. Thanks.
Is there a way in 376.49_5,too?
Just asking because this Version is so stable.

As I stated, if you have enabled JFFS, then if you have manually populated /jffs/scripts and/or /jffs/configs, then they will automatically be excecuted as per the Wiki

https://github.com/RMerl/asuswrt-merlin/wiki

 

[RoutNew36]

arithmetic error

I got a lot of "arithmethic errors" during my latest tests and had a look what's going on.
Checked it only 20-30 times so maybe my conclusion isn't right but as far as I know:

The problem can hapen at two places. Both after
randomnumer=`tr -cd 1-9 </dev/urandom | head -c 7`

in getrandomphrase ().

if the randomnumber starts with a '0'
I get the error, otherwise not.

I can solve the problem by using 1-9 instead of 0-9 but this restricts my random number, of course.
I'm not familar enough to really solve the issue but maybe someone get's an idea.
Hope that helps

 

[redvers]

Thanks for that, I did mention earlier in the thread I thought it was related to leading 0's, but when I tested with a string like 0000007 it worked :-/

Will have a quick play later to see if I can strip leading 0's from the results before using them!

 

[redvers]

have just had a go at tweaking the script on the wiki... basically i have modified the random number generation to remove leading zeroes. replace your existing line with the following and all being well it will fix the issues with not being able to correctly generate a password based on phrases :

randomnumber=`tr -cd 0-9 </dev/urandom | head -c 7 | sed 's/^0*//'`

 

[RoutNew36]

replace your existing line with the following and all being well it will fix the issues with not being able to correctly generate a password based on phrases :

Many thanks. I'll give it a try.

Just as an information. Maybe it's intresting to hear my usage

Because I use this scripts for a real guest wifi network I did some changes
- I reduced the number of new generated passwords to avoid unneeded NVRAM writes because of the limited #writes
(Now I'm generate a new password only after the old one was used. Means a guest asked for)

I achieved this by:
- The cron job will be deleted after a new password is generated.
- I wrote a small Android App to request the Password via SSH from the router, shows it and setup a new cronjob to make it invalid the next day
This APP is installed on multiple smartphones so even my wife can give the password to guests.

Thanks for your great work. In addition with the VPN it's a perfect guest Wifi Solution.

 

[redvers]

Many thanks. I'll give it a try.

Just as an information. Maybe it's intresting to hear my usage

Because I use this scripts for a real guest wifi network I did some changes
- I reduced the number of new generated passwords to avoid unneeded NVRAM writes because of the limited #writes
(Now I'm generate a new password only after the old one was used. Means a guest asked for)

Wow that is an interesting usage, and I'm glad that someone else is getting some usage out of a script I knocked together

Regarding the NVRAM writes, as I understand it, changing the password in this way will not affect your limited writes. I specifically don't do a "NVRAM commit" and thus the password changes are not saved.

 

[RoutNew36]

Regarding the NVRAM writes, as I understand it, changing the password in this way will not affect your limited writes. I specifically don't do a "NVRAM commit" and thus the password changes are not saved.

Interesting. I didn't knew this. Then I can switch back to change it allways but the App is usefull anyway.

 

[halex4u]

I wrote a small Android App to request the Password via SSH from the router, shows it and setup a new cronjob to make it invalid the next day
This APP is installed on multiple smartphones so even my wife can give the password to guests.

Can you share the android app (.apk)?

Thank you!

 

[RoutNew36]

Can you share the android app (.apk)?

In principle yes but there are two hardcoded things to keep it simple.
- Graphic is written for 320 DPI. Must be changed if you have another one.
- IP and Login for SSH is fix.

To share it I must provide a way to setup login and add one or two other "graphics" for other DPI.
Maybe I'l do it after I finished my last idea.
Working on a way to specify the lifetime for the actual password. Now you can select x days in the App to prevent guest to enter the password again and again (If they stay longer).
Script part is missing because cron doesn't support a "do it in x days after today" feature.

 

[RoutNew36]

I prepared my APK for sharing but needs a new feature in one plugin I'm using. I asked the devloper of this plugin and he will add it.
I don't know when I'll receive his changes but will share my project soon afterwards.

 

[RoutNew36]

I'm finished my Guest wifi project. You can download it from here:
https://app.box.com/s/xe0m0pkq5kndvhvwo2gk8o8l0l66c6au

Features:
- password managing with Android device(s)
- password liftetime adjustable

Teaser:

Readme is included in download.

If you have any weird graphic give me a note.
Please feel free to ask for funtional changes or new features but don't ask for graphical changes. I'm no designer and don't want to be one.

Disclaimer: You are responsible for all what you do. This post shows only the possibility you have without being responsible for any error, damage or anything else which might happen while playing with this information and/or software.

 

[halex4u]

I'm finished my Guest wifi project. You can download it from here:
https://app.box.com/s/xe0m0pkq5kndvhvwo2gk8o8l0l66c6au

Features:
- password managing with Android device(s)
- password liftetime adjustable

Teaser:
View attachment 3472

Readme is included in download.

If you have any weird graphic give me a note.
Please feel free to ask for funtional changes or new features but don't ask for graphical changes. I'm no designer and don't want to be one.

Disclaimer: You are responsible for all what you do. This post shows only the possibility you have without being responsible for any error, damage or anything else which might happen while playing with this information and/or software.

It is possible to use "SSH Authentification Key" instead of user name and password for Android app?
Thank you!

 

[RoutNew36]

As requested I added keyfile login.
Download link mentioned above is updated.
Changelog:
- new apk (add SSH autentification)
- updated documentation
- updated password.txt (removed names with non ASCII characters)

 

[JanOonk]

As requested I added keyfile login.
Download link mentioned above is updated.
Changelog:
- new apk (add SSH autentification)
- updated documentation
- updated password.txt (removed names with non ASCII characters)

thanks for your scripts/docs and great idea. A few notes:
-enable-randomize-random.sh doesn't exist or isn't supplied by you in the download link you provided.
-in services-start you refer to generate-new-password.sh. Why don't you just call new-password.sh? Or does generate-new-password.sh exist for easy usage from your apk?
-what script(s) does your apk depend on or call? Could you share the source for the apk?
-why do you supply almost two identical password generate files: rpg-passgen.sh and new-password.sh?
-how does your app know the lifetime of password? Does it check the cronjob entry after login?

Since I am on iOS and I want to be flexible/futurproof I will make a simple website (hosted on my NAS) so all trusted family members regardless of devicetype can use it. The site will be password protected by an .htaccess file. The PHP site will have the same functionality as your apk. I will share it here when finished.

Update 1:
I got everything working. I will tidy it up and will post all scripts here very shortly.

Update 2:
You can find the latest and previous versions if available here: http://iris.fhict.nl/~i872272/downloads/guestwifi/guestwifi.rar

Update 3:
v1.01 released: Tiny bugfix for script which gets called by cronjob

Here's the readme/installation.txt from the .rar:
Installation of "JanOonk" version of "Setting a random password for guest wifi" - v1.01

Preface:
Initial idea was by user "redvers76 or redvers" from https://github.com/RMerl/asuswrt-merlin/wiki/Setting-a-random-password-for-guest-wifi
Additional ideas/features were made by user "RoutNew36" from http://www.snbforums.com/threads/setting-a-random-password-for-guest-wifi.22700/

Functionality wise I stayed as close as "RoutNew36" version. I changed the Android app (.apk) in a simple website so every client can be used.
Furthermore I simplified all scripts and made them more readable, debuggable and configurable.

Additional documentation can be found at the links above.

Prerequisites:
-webserver with PHP and SSH2 extension
-webserver needs to be connectable with router through SSH (connection settings see ssh.php)
-webpage needs to be reachable from at least your LAN. Optionally you could forward a port on your router to your webserver port, so the webpage is accessible from WAN.
-router with JFFS enabled
-router with SSH enabled (as long as this version of guestwifi uses SSH password only set "Allow SSH access from WAN" to No! Highly recommended because of security)

Download link:
You can always find the latest (and previous versions) here: http://iris.fhict.nl/~i872272/downloads/guestwifi/guestwifi.rar

Changelog:
v1.00 - 06 aug 2015: initial version
v1.01 - 07 aug 2015: [fix] changed relative path to absolute path in CheckGuestPassword.sh because it's called from cronjob from an unknown path

Features:
-authentication between webserver and router is by using SSH with plain password (connection settings see ssh.php)
-on the Router > System Log > General Log you can see important "guestwifi" events

Installation steps:

Below was tested on Asus RT-N66U with Asuswrt-Merlin v378.55 (july 2015) and a Synology NAS DS214+ DSM 5.2-5592 Update 2 (2015/07/23) with the webserver enabled.

Guestwifi webpage:
This is where you (and other trusted familymembers) can see the current guest wifi password and remaining life time.
To see this page you need to have a username/password. See few lines below.
You can set/change the lifetime of the password by pressing 1,3,5 buttons or you can generate a new password.
If password expires (lifetime is 0) automatically a new one is generated by the daily cronjob and set to notused (-1).

Do the following:
-put ssh.php and .htaccess on the webserver in a folder
-change AuthUserFile in .htaccess
-create the AuthUserFile for webuser "wifi":
htpasswd -c wifi.pw wifi
(type password 2x)

Router scripts:
-place all files in /jffs/scripts/guestwifi
-make all scripts executable:
-chmod +x *.sh
-chmod +x services-start
-review/change all settings in new-password.sh if needed (default is ok but at least check wireless settings)

Daily cronjob on the router:
The cronjob which calls CheckGuestPassword.sh is responsible for decreasing the life time of a password after 1 days passes,
and will create a new password when lifetime is 0. The password will last forever until viewed by the webpage which will set it to default 1 day lifetime.
You can change the lifetime if you wish through the webpage.

Login in your router using Putty. Add this to your /jffs/scripts/guestwifi/services-start script so the daily cronjob (at 5:00AM)
will always exist even after router reboot:
-cru a CheckGuestPassword "0 5 * * * /jffs/scripts/guestwifi/CheckGuestPassword.sh"

To do/future features:
-use SSH keyfile for SSH authentication from PHP

Research:
-possible to reload WiFi settings or restart only certain band/networknr instead of restarting whole WiFi?

 

[giopas]

Hi folks,

this is indeed a very interesting project!

I have just one question: as it could happen that you need to provide a guest access while you are not at home, it is possible to change the redvers script (which makes use of gmail - readable from anywhere - instead of an intranet site or apk - both needing access to local network if I am not wrong), to change password only when needed and not everyday? In such a way, I would receive a password on my inbox which would be valid until someone needs to use it. After password expiration (1, 2 or 3 days) I will receive a new email with the new available password.

What do you think?

A dedicated app like the one from RoutNew36 is really great, but I am not sure it would work from outside the network (nor that it would only generate a password when needed).

Thanks,

giopas

ps: unfortunately I am not skilled enough to make substantial changes to those wonderful pieces of codes.

 

[JanOonk]

Hi folks,

this is indeed a very interesting project!

I have just one question: as it could happen that you need to provide a guest access while you are not at home, it is possible to change the redvers script (which makes use of gmail - readable from anywhere - instead of an intranet site or apk - both needing access to local network if I am not wrong), to change password only when needed and not everyday? In such a way, I would receive a password on my inbox which would be valid until someone needs to use it. After password expiration (1, 2 or 3 days) I will receive a new email with the new available password.

What do you think?

A dedicated app like the one from RoutNew36 is really great, but I am not sure it would work from outside the network (nor that it would only generate a password when needed).

Thanks,

giopas

ps: unfortunately I am not skilled enough to make substantial changes to those wonderful pieces of codes.

Just take a look at my variant of redvers and routnew36. See .txt file in archive. See my message from few days back here above.
If your router is configured correctly its possible to use the webpage from everywhere on every device.
Also new password is only generated when used/viewed.

I find the email solution too restrictive/constrained especially with multiple trusted members.

 

[redvers]

Given that it was knocked together so that my eldest daughter had to do her chores before she got internet access, I'm shocked at how popular the script has been, even though it is very simple in it's execution!

Now, if there was a way of identifying when a network had been accessed, you could use that to add a cron job to reset the password again in 3 days (or whatever was configured), something for me to think about anyway

 

[Anders887]

How do i create the .sh file? Can't get it to work with "pico" command or "vi". Anyone got a dummy guide?

 

[jpclarke]

Hi,

I am interested in the web app to change the wifi password but the download link listed doesn't work, are the source files still available to download?

Thanks.