Is SSH or telnet available in 5.4.5?

[baumi]

Hi guys,

I have a HikVision DS-2CD2142FWD-IWS camera (firmware V5.4.5 build 170124) and I would like to access it through the console. I have read that previous versions of the software had a telnet available but it doesn't seem to work now.

Is there any way to connect to the camera through the console? SSH / telnet?

 

[alastairstevenson]

Is there any way to connect to the camera through the console? SSH / telnet?

Dropbear (the SSH server that Hikvision use) still runs by default in the R0 5.4.5 firmware (I'm not sure about R6 series, I don't have any) - but access to the SSH port 22 is blocked by the use of the iptables Ip filter. It's a bit of an odd situation, it's not clear why they do this, unless it's just an oversight.
But - if a camera running a firmware version that still has the facility to enable SSH (eg 5.3.0) has it enabled, and a web gui update to say 5.4.0 is done, the SSH enabled setting remains active, as it's held as a value in the (encrypted) configuration file, even though there is no web GUI tickbox to enable it.

Or you could search the forum here for the version of firmware that @montecrypto shared that has SSH enabled, and psh bypassed.
Or if you are Linux-savvy you could create your own version with the use of the @montecrypto firmware repacker, shared on this forum.

 

[baumi]

Great, thanks for the explenation @alastairstevenson

Dropbear (...) still runs by default in the R0 5.4.5 firmware (I'm not sure about R6 series, I don't have any)

How can I tell my version? Can this information be read from config?

Is there any way to find out if SSH is running?

access to the SSH port 22 is blocked by the use of the iptables Ip filter

Is there any way to view / moddify the iptables rules e.g. using cURL?

Or you could search the forum here for the version of firmware that @montecrypto shared that has SSH enabled, and psh bypassed

Currently the camera is installed 1.5k km from me and I only have access to it through the web and I have an access to the camera's network. Camera is connected by WiFi so I don't want to reflash if I have no physical access to it right now. If I can't make the SSH working that I will think of it in 2 months when I get the physical access to it again

 

[alastairstevenson]

Is there any way to find out if SSH is running?

If you don't have an SSH client such as PuTTY, a simple test would be, at a Windows command prompt
telnet <camera_IP_address> 22
and see if it connects.
Logon and access would require an SSH client.

Is there any way to view / moddify the iptables rules e.g. using cURL?

The web GUI modifies the iptables settings in the 'allow / block' IP addresses page, but does not change the rule that filters the SSH port.

Camera is connected by WiFi so I don't want to reflash if I have no physical access to it right now.

That would be prudent !

 

[baumi]

Thanks! I have tried to connect before and the only think I get as a response is a timeout But this doesn't indicate if SSH is running or not as the connection could be blocked by the firewall itself.

 

[alastairstevenson]

An indication would be to check the IP address with nmap, where port 22 would then show as 'filtered' as opposed to closed if dropbear is running but IPtables is blocking access.

 

[baumi]

Result of the nmap

Host is up (0.16s latency).
PORT STATE SERVICE VERSION
22/tcp filtered down

So I understand custom firmware is the only option here? No other way? HikVision bastards @alastairstevenson thanks a lot for the help!

 

[baumi]

I have contacted HikVision support and find out that there is a way of enabling different services including SSH.

I can confirm this solution to be working!

---------------


How to Enable SSH of Network Camera

Step 1: Download Device Network SDK (Windows 32-bit) from Hikvision website: Hangzhou Hikvision Digital Technology Co. Ltd.

Please note the version - 32-bit. I have tried 64-bit and get some weird errors.

​

Step 2: Unzip the file and find lib->ClientDemoEn.exe. Double click on ClientDemoEn.exe.
Step 3: Right click on the Device Tree and add the camera to ClientDemo tool. Input IP address, port number and password and click add.

Step 4: Choose the camera and find the path: Product Related->IPC/IPD CFG->Device Server->SSH. Choose Enable (in version demo of this application there was logic issue so enable was switched with disable, but this seems to be fixed in final version), and click Set to save the setting.

Step 5: When SSH access is no longer needed, disable SSH by choose Disable and click Set to save the settings.

Enjoy!

 

[dkaci]

Thank you. Tested and works.

 

[nithin]

2cd2145 - firmware 5.4 - no luck.
I get "connection refused" even after enabling ssh service as described

 

[aster1x]

I have tried the HIK utility on the following items
2CD2352 fw 5.4.5
2CD2342 fw 5.4.3
NVR DS-7604NI/SEP fw 3.0.15
And I can not get any info from the product related>DVR/NVR or IPC/IPD>Device Server. I always get an error.

So the question still remains. How to get telnet or SSH access to the latest IPC firmware (>5.4.X) and NVR firmware >3.0.15.
Sometimes the web interface of NVR does not respond at all. The LAN port and the rest of the NVR functionalities are running OK but I can not get any access to the web interface of the NVR. Hence I would like to reboot the NVR remotely through telnet or SSH as I do not have physical access to the NVR.

 

[baumi]

@aster1x - I had exacly same issue and it looked like this:

when I was using 64-bit version so the support told me to use 32-bit and it helped.

 

[aster1x]

Ok I tried the 32bit version of the HIK SDK. I got the screens and settings that @baumi shows, however the NVR with fw 3.0.15 can not enable ssh or telnet. Therefore I cannot access remotely the NVR.

 

[bashis]

confirmed to be working

 

[aster1x]

confirmed to be working

Please specify on which device model and firmware you are confirming the HIK SDK to be working on.

 

[bashis]

DS-2CD2020F-IW
V5.4.5 build 170123

 

[alastairstevenson]

Please specify on which device model and firmware you are confirming the HIK SDK to be working on.

I've tried the Win32 version (The Win64 version gives the ??????? response) and it works OK on a DS-2CD2132 that has the EN/ML 5.4.5 firmware.
If you do a dummy Save configuration in the camera web GUI, the setting survives a reboot.

That 5.4.5 firmware does not have the 'Enable SSH' button, but the dropbear SSH server is still running inside the camera, but xtables-multi (aka iptables) filters the SSH port when system default settings have been applied. Unless you'd enabled SSH in the 5.4.0 version and done the web GUI 5.4.5 firmware update so that configuration was retained.

*edit* Oh, and in the 5.4.5 firmware, the root password is now fixed in the firmware as hiklinux
A backward (or backdoor?) step in some ways from earlier versions.

 

[bashis]

Correct
There are no "Enable SSH" in Web GUI in mine either, and port 22 was filtered, until i used baumi's instructions w/ the 32bit version.
I had not enabled SSH in any version before, so this cmd seems to be flushed xtables to have port 22 not filtered anymore in my case, and the access indeed surviving reboot of the cam.

 

[Johanp112]

hi what did you use for the root password because I am able to putty to the camera now but I have no Idea what the root password is. thanks

 

[alastairstevenson]

hi what did you use for the root password because I am able to putty to the camera now but I have no Idea what the root password is. thanks

Try root/hiklinux or root/your_admin_password