janh
Zyxel - VMG4005-B50A - Support & Info
The default admin user currently faces issues retrieving xdslctl information via SSH or Telnet. The console does not respond as expected.
When using the go-dsl tool, the xdslctl process fails to respond and is not properly terminated by the firmware on the Zyxel VMG4005-B50A. This problem occurs during both connection and disconnection attempts, leading to orphaned xdslctl processes.
Repeated connection attempts result in an increasing number of orphaned xdslctl processes. This accumulation causes CPU and RAM usage to reach 100%, ultimately leading to a situation where only a reboot will restore the modem to a functional state.
To avoid this issue, use the root or supervisor account (which are the same), as this problem does not occur with these higher-level privileges.
Root/supervisor password?
- To optain the root password contact Zyxel support, as I did!
- Or use this tool to get the default root password!
- https://github.com/boginw/zyxel-vmg8825-keygen
`python3 main.py #THE_S#_OF_THE_MODEM' Password is: zcfgBeCommonGenKeyBySerialNumMethod3 : xxxxxxxxxx
Using user: root/supervisor on a VMG4005-B50A*
Thank you for the report!
Does the same issue exist, when connecting using a normal Telnet or SSH client? When using the tool, does it happen for both Telnet and SSH?
I assume the most likely reason here, is that the admin login leads to the Zysh shell, while root and superuser allow access to a proper shell.
If there is an easy fix to make it work with Zysh, I'd like to implement that, otherwise I'm going to add a note to the documentation.
- It appears that the DSLAM has switched to compatibility mode because I performed too many resyncs.
Considering the minimum line in the SNR graph, there could also be an actual issue on the line. Maybe some issue with vectoring?
Does the same issue exist, when connecting using a normal Telnet or SSH client? When using the tool, does it happen for both Telnet and SSH?
No, with the normal SSH/Telnet client/console I'm able to request the xdslctl also as a default admin user.
And yes, with the tool, does not matter if I choose Broadcom SSH or Telnet.
If there is an easy fix to make it work with Zysh, I'd like to implement that, otherwise I'm going to add a note to the documentation.
I'm not sure if there is a hard or easy fix. I really do not know how the console part is implemented, but you are right, the non-root user will see the ZySH>.
Considering the minimum line in the SNR graph, there could also be an actual issue on the line. Maybe some issue with vectoring?
Mmmm, I'm not sure. Before I bought and used the Zyxel modem, I had the Vigor165 installed. It always had ~250 Mbps and higher sync (for the past 2-3 years). However, the Vigor kept rebooting and was probably defective in last time, as I had been using it for over 4 years. Before exchanging it, i tried different firmware versions for the Vigor, and after too many firmware changes and syncs in a short time, the VDSL sync dropped directly to 204 Mbps. So, I switched to the Zyxel modem. I think I need to wait a few weeks before the DSLAM goes back up to the maximum again... that's what I'm hoping for....
@GeminiServer any news on that? Are you happy with your Zyxel, did you manage to sync at full speed and use go-dsl successfully?
@arnuschky: I'm totaly happy with the Zyxel modem. Running now for over 225 Days. without any issues and with full sync speed.
Thanks for your reply @GeminiServer; glad to hear that the modem's good.
Are you using it successfully with go-dsl? (via the root user I assume?)
I've received my VMG4005 and can report that it works!
A few comments:
- I can connect using the
dsltool when using therootaccount as mentioned by @GeminiServer above. I've generated the root password using the tool they mentioned, which worked flawlessly.
Example: ./dsl -d broadcom_telnet -u root 192.168.1.1
Minor point here: there seems to be a bug in Zyxel's firmware, as I only managed to use alphanumeric passwords. Passwords using any other character worked via the webfrontend, but didn't allow to log in via ssh or telnet.
- I cannot connect using SSH, it gives me the following seg fault:
Connecting…panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x82a138]
goroutine 1 [running]:
golang.org/x/crypto/ssh.FingerprintSHA256({0x0?, 0x0?})
/home/myuser/.opt/go/pkg/mod/golang.org/x/[email protected]/ssh/keys.go:1725 +0x18
3e8.eu/go/dsl/internal/ssh.(*Client).connect.func1()
/home/myuser/go-dsl.git/internal/ssh/client.go:67 +0x17a
golang.org/x/crypto/ssh.publicKeyCallback.auth(0x11?, {0xc00050e2c0, 0x20, 0x20}, {0x7ffdfdac0b5d, 0x4}, {0xa7e410, 0xc000134000}, {0xa7ba00, 0xc00007e080}, ...)
/home/myuser/.opt/go/pkg/mod/golang.org/x/[email protected]/ssh/client_auth.go:304 +0x66
golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc000600200, 0xc0000ba000)
/home/myuser/.opt/go/pkg/mod/golang.org/x/[email protected]/ssh/client_auth.go:72 +0x382
golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc000600200, {0xc000014ee0, 0xf}, 0xc0000ba000)
/home/myuser/.opt/go/pkg/mod/golang.org/x/[email protected]/ssh/client.go:113 +0x297
golang.org/x/crypto/ssh.NewClientConn({0xa814b0, 0xc00011e008}, {0xc000014ee0, 0xf}, 0xc000041058)
/home/myuser/.opt/go/pkg/mod/golang.org/x/[email protected]/ssh/client.go:83 +0x125
3e8.eu/go/dsl/internal/ssh.(*Client).connect(0xc000012588, {0x7ffdfdac0b62, 0xc}, {0x7ffdfdac0b5d, 0x4}, 0x9eb0f8, {0x9eb130?, 0x9eb100?}, {0xc00023e000, 0x3cdc3})
/home/myuser/go-dsl.git/internal/ssh/client.go:146 +0x6cb
3e8.eu/go/dsl/internal/ssh.NewClient({0x7ffdfdac0b62, 0xc}, {0x7ffdfdac0b5d, 0x4}, 0x9eb0f8, {0x9eb130?, 0x9eb100?}, {0xc00023e000, 0x3cdc3})
/home/myuser/go-dsl.git/internal/ssh/client.go:35 +0xcb
3e8.eu/go/dsl/broadcom.NewSSHClient({{0x7ffdfdac0b62, 0xc}, {0x7ffdfdac0b5d, 0x4}, 0x9eb0f8, {0x9eb130, 0x9eb100}, {0xc00023e000, 0x3cdc3}, {0x0, ...}})
/home/myuser/go-dsl.git/broadcom/ssh.go:27 +0x94
3e8.eu/go/dsl/broadcom.init.0.func2({{0x7ffdfdac0b4d, 0xc}, {0x7ffdfdac0b62, 0xc}, {0x7ffdfdac0b5d, 0x4}, 0x9eb0f8, {0x9eb130, 0x9eb100}, 0x0, ...})
/home/myuser/go-dsl.git/broadcom/register.go:45 +0x11f
3e8.eu/go/dsl.NewClient({{0x7ffdfdac0b4d, 0xc}, {0x7ffdfdac0b62, 0xc}, {0x7ffdfdac0b5d, 0x4}, 0x9eb0f8, {0x9eb130, 0x9eb100}, 0x0, ...})
/home/myuser/go-dsl.git/client.go:54 +0x5a
3e8.eu/go/dsl/cmd/cli.LoadData({{0x7ffdfdac0b4d, 0xc}, {0x7ffdfdac0b62, 0xc}, {0x7ffdfdac0b5d, 0x4}, 0x9eb0f8, {0x9eb130, 0x9eb100}, 0x0, ...})
/home/myuser/go-dsl.git/cmd/cli/cli.go:66 +0x1b9
main.main()
/home/myuser/go-dsl.git/cmd/main.go:195 +0xd78
I didn't manage to upload a public key for passwordless auth, so I tried using a password.
Example: ./dsl -d broadcom_ssh -u root 192.168.1.1
Logging in with the normal ssh command worked fine.
- Connecting via Telnet using the
adminuser (or any other user) fails because of the issued described above by @GeminiServer related to the shell/prompt. I've edited/etc/passwdto change the shell from the limitedZyShto/bin/sh(which is a standard busybox), which got around the limited shell issue.
Final piece to the puzzle is the following patch:
diff --git a/broadcom/telnet.go b/broadcom/telnet.go
index 8915fd8..8fae01b 100644
--- a/broadcom/telnet.go
+++ b/broadcom/telnet.go
@@ -36,6 +36,11 @@ func NewTelnetClient(config TelnetConfig) (dsl.Client, error) {
Password: "Password: ",
Command: "# ",
},
+ telnet.Prompts{
+ Account: "login: ",
+ Password: "Password: ",
+ Command: "$ ",
+ },
// Billion
telnet.Prompts{
Account: "Login: ",
Which adds support for the non-root shell (busybox uses $ for non-root users, and # for the root user, so prompt detection fails).
After this, using non-root users works fine. However, you have to set a user's access permissions to Administrator in case you want to have any shell access, which renders the whole user-separation point moot. (Essentially, any user go-dsl can use has to be privileged, so we might just as well use root.)
@arnuschky Is the following an accurate summary?
On Zyxel VMG4005, you need to use the "root" user (contact Zyxel or see https://github.com/boginw/zyxel-vmg8825-keygen to obtain the password). Alternatively, you can use a regular user with "Administrator" permissions, if the shell is changed to
/bin/shin/etc/passwd.
If yes, I'll add it to the documentation.
I think the crash when using SSH happens because I forgot to consider the case where an SSH private is protected by a passphrase, but the key file does not contain the public key. I'll look into this later.
You can disable SSH public key authentication entirely with the option -private-key "".
In the other issue, you mentioned missing values. Do you have any details about that? If you send me the raw data, I can have a look. Or do you mean additional values which are currently not implemented at all?
Is the following an accurate summary? If yes, I'll add it to the documentation.
Yes, that's correct if you detect the $ prompt (see my patch). Otherwise, you need to strike the sentence starting with "Alternatively..."
I think the crash when using SSH happens because I forgot to consider the case where an SSH private is protected by a passphrase, but the key file does not contain the public key. I'll look into this later. You can disable SSH public key authentication entirely with the option -private-key "".
Yes, you are correct! Sweet, this works! 👍
In the other issue, you mentioned missing values. Do you have any details about that? If you send me the raw data, I can have a look. Or do you mean additional values which are currently not implemented at all?
Sorry, I am not sure whether anything is actually missing. I'm using https://github.com/Dentrax/xdsl-exporter to get the modem data into Prometheus, and visualize it using Grafana. It's described in this blog post: https://grafana.com/blog/2023/03/17/how-to-monitor-an-xdsl-modem-using-a-prometheus-exporter-plugin-and-grafana-agent-on-grafana-cloud-with-grafana-oncall/
This works, but the Grafana dashboard shows a bunch of unpopulated values. Now I have no idea where this is coming from, and it might very well be that go-dsl is entirely without blame. The xdsl-exporter project is abandoned and I suspect something's amiss there - but honestly I didn't have the time yet to do any digging.
@arnuschky The SSH bug is now fixed (but if you don't use public key authentication, you probably still want it disabled, because otherwise you'll get prompted for the passphrase of the key). I also added support for the non-root Telnet prompt, and extended the documentation.
About the missing values: If only general device stats are missing (non-DSL related stuff like memory usage), it is an issue with the exporter (I think it only supports SSH, but I am not entirely sure, as I have never used it myself). If you have any issue with actual DSL stats, feel free to open a separate issue.