Sunday, August 31, 2014

Gain SSH access to the Buffalo LinkStation 421e

So it turns out after I setup my LinkStation it seems guest access to Samba and AFP doesn't seem to work. The only way for me to solve this is to get sshd turned on. It just so happens that there is a tool called acp_commander that allows to send shell commands to the LinkStation (originally for firmware purposes I'm sure). Besides being a huge security hole, it serves its purpose.

Things to note:

  • I am using 1.31-0.92 firmware
  • telnets does not exist on this firmware version, so we can't use that for access.
  • I could unzip the firmware (the zip password exists online) and repackage the firmware, but I just didn't want to go through that process.
  • The commands I'm explaining are for the GUI version of ACPCommander, not the command line java version. Strings would have to be escaped differently for the command line.
  • Obtain the UI version of ACP Commander from here.
  • The administrator password in the GUI should be the 'admin' password you have setup with the LinkStation. I believe it is just 'password' by default.
  • Run these commands with ACP Commander:
    • chmod 0755 /etc/init.d/
    • (echo newrootpass;echo newrootpass)|passwd
      • Make sure to keep the parenthesis and replace 'newrootpass' with a password of your choosing. This will be the root password for the LinkStation.
    • sed -i 's/#Port 22/Port 22/g' /etc/sshd_config
    • sed -i 's/#Protocol 2/Protocol 2/g' /etc/sshd_config
    • sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/sshd_config
    • sed -i 's/#StrictModes yes/StrictModes yes/g' /etc/sshd_config
    • sed -i 's/\/usr\/lib\/sftp-server/\/usr\/local\/libexec\/sftp-server/g' /etc/sshd_config
    • sed -i 's/"${SUPPORT_SFTP}" = "0"/"${SUPPORT_SFTP}" = "1"/g' /etc/init.d/
      • Currently the init.d script for sshd seems to be experimental and SFTP support is not exposed by the current firmware, therefore the init.d script exits if SFTP is not turned on. This allows the 'exiting' of the script to be bypassed.
    • reboot
      • Obviously the LinkStation will reboot after this last command.
  • After the reboot finishes, you should be able to SSH into your LinkStation.


  1. Hi, I am setting up my buffalo 421e and have some security questions. Will you pls tell me?
    How you gonna access the device from internet? Only through SSH? You have not enabled web access?
    2. Did you configure TV access? I have smart TV (Google TV) no clue how to stream media files? Buffalo support is clue less.
    Appriciate any help here. Thanks.

  2. This worked perfectly thanks. Note however, that I didn't do: "sed -i 's/\/usr\/lib\/sftp-server/\/usr\/local\/libexec\/sftp-server/g' /etc/sshd_config" as it looked to me like the /usr/lib/sftp-server existed, but the /usr/local/libexec/sftp-server did not.

  3. This worked on the 441e also on the 1.70-1.06 software. Unfortunately, rebooting and logging back in to the web interface undid these changes and actively killed sshd. Will have to find the code that's doing that to prevent it.

  4. Beware! After I followed this procedure to enable SSH on a LS421DE the device started making (or receiving not sure) SSH connections to chinese addresses such as

    1. Hi Luis. Following these steps, there is no way at all this could possibly happen unless a couple things are true:
      1) There is a keylogger on the machine you used to connect via SSH to the Buffalo.
      2) You are not behind a Router/Firewall and are allowing open SSH connections to your Buffalo AND there is a default Username/Password that you didn't change.
      3) You installed other software from an untrusted source.

  5. I followed these instruction but with no success. Without a shell the unit is proving to be almost, not completely, useless. I just purchased the unit and have a Buffalo LS441D (LS441DB13) with firmware version 1.81-0.03 (4x4TB Red hdds if that makes any difference). Any help would be appreciated.

  6. I followed the instructions on firmware 1.81-0.03 on LS421 and it worked like a charm.


  7. Thank you! This also worked for me on firmware 1.81-0.03 on a LS421DE.

  8. Thank you! This also worked for me on firmware 1.81-0.03 on a LS421DE.

  9. worked great on my LS220D THANKS!

  10. As posted before it works ok even under 1.81 until you login again to the web interface.

  11. Actually, even without re-using the web interface, the ssh daemon may be stopped.
    The workaround is to start it manually via the following command :

    /etc/init.d/ start

    This produces the following output :

    Authenticate EnOneCmd... OK
    Authenticate with admin pw... OK
    load_info ItemValue = off
    LoadConfFileStringEx:key=[ad_dns] not found in /etc/melco/info.
    userinfo finished
    groupname guest
    groupname admin
    groupname hdusers
    groupname family


  12. Just want to give you my thanks for your nice clear write-up. Have been scratching my head as to how to get ssh to LS, then I found your guidance. Brilliant and well done. My LS421DE is on fw 1.84.

  13. I'm running LS441D - worked like it should have..
    initially ran default enable SSH and SetRoot - no sucess.
    used your commands rebooted and now SSH working..
    was the first article I tried then this one...
    and its working now! - many thx

  14. I have a very old buffalo hd-htgl terastation, running 2.160 firmware. No one's commands anywhere seem to get me root. It's a great raid 5 nas as long as I don't want to set directory permission shares and that's the real problem with these old units - something is very off about the way these terastations configure user/password permissions and it's not a windows issue, I can't connect to permission set directories when enabled from unix or android devices either. Turn the permissions to disabled everything works...

  15. Wow still works. Couple of times it said communication timed out but it seemed to work anyways. I have a Bufffalo LS220 running firmware 1.70.

  16. I can run the acp gui app fine and it says SSH enabled OK. When I use Putty, it does allow me to enter the admin id and password. As soon as I hit enter after the password I get "Remote side unexpectedly closed the connection." If I manually enter the commands and reboot, I get a connection refused when I try to SSH/Putty. Any ideas? Thanks in advance.

  17. I followed the instructions on firmware 1.74 on LS220DE and must confirm it worked like a charm. Thanks.

  18. Thank you! This worked fabulously with Buffalo Linkstation LS421DE running the latest firmware 1.86 (downloaded manually from the Buffalo's website).

    1. In firmware 1.86, sftp-server is correctly located in the /usr/lib/ folder so there is no need for the command "sed -i 's/\/usr\/lib\/sftp-server/\/usr\/local\/libexec\/sftp-server/g' /etc/sshd_config"

  19. Ah well, not working here (LS220DE with firmware 1.7). I can access the GUI, I can supposedly enable SSH and set a root password, but when I try to ssh to it I get "connection refused." Tried from both Mac, Windows, and Linux, tried rebooting the NAS, nothing worked. I also don't see any place where I could issue the text-based commands you suggest, I only see a pretty simple graphical GUI with a few buttons (Enable SSH, set root PW, etc.)



Ryan Kuhn