optools/net/devices/actiontec/README

This has been confirmed to work for, at the very least, my own Verizon Fi-OS
Actiontec MI424WR-GEN3I on firmware 40.21.24. It might work on other models as
well, but this hasn't been tested.

No non-stdlib modules are required.

Place your routers credentials in ~/.config/optools/actiontec_mgmt.json
in the following format:
(pay close attention to the quoting)
(minified json is OK/whitespace-insensitive):
_______________________________________________________________________________
                {
                    "ip_addr": "192.168.1.1",
                    "user": "admin",
                    "password": "admin",
                    "ssl": false,
                    "port": 23
                }
_______________________________________________________________________________

IF:

- That file isn't found:
-- A default (blank) one will be created (with secure permissions). All values
   will be null (see below).
   
- "ip_addr" is null:
-- You will be prompted for the IP address interactively. (If you don't know
   the IP address of it, it's probably the default -- "192.168.1.1".)

- "user" is null:
-- You will be prompted for the username to log in interactively. (If you don't
   know the username, it's probably the default -- "admin".)

- "password" is null:
-- You will be prompted for the password. When being prompted, it will NOT echo
   back (like a sudo prompt).
   
- "ssl" is null:
-- The default (false) will be used.

- "port" is null:
-- The default port (23) will be used.



TIPS:

- You need to ensure that you have the management interface enabled. Log into
  your Actiontec's web interface, and:
  1.) "Advanced" button (at the top)
  2.) "Yes" button
  3.) a.) Choose "Local administration" if you'll be managing the device within
          the network it provides.[0]
      b.) Choose "Remote administration" if you'll be managing the device
          outside the network it provides (i.e. over the Internet).[0]
      3.5) The "Telnet" options are what you want, ignore the "Web" settings.
  4.) Select the protocols/ports you'll be using. SEE FOOTNOTE 0 ([0])!
  5.) Click the "Apply" button.

- "ip_addr" can also be a host/DNS name -- just make sure it resolves on your
  local machine to your Actiontec IP address! The default, at least on mine,
  was "wireless_broadband_router" (can be changed via Advanced > Yes > System
  Settings > Wireless Broadband Router's Hostname):
  
        [bts@cylon ~]$ nslookup wireless_broadband_router 192.168.1.1
        Server:		192.168.1.1
        Address:	192.168.1.1#53

        Name:	wireless_broadband_router
        Address: 192.168.1.1
        Name:	wireless_broadband_router
        Address: <YOUR_PUBLIC_IP_ADDRESS>


- Unfortunately it's a necessity to store the password in plaintext currently.
  Future versions may give the option of encrypting it via GPG and using an
  existing GPG agent session to unlock (if there's demand for such a feature).
  Make sure your machine's files are safe (I recommend full-disk encryption).
  

[0] NOTE: ENABLING MANAGEMENT CAN BE HIGHLY INSECURE, *ESPECIALLY* IF ENABLING
          "REMOTE ADMINISTRATION"! *ONLY* DO THIS IF YOU UNDERSTAND THE RISKS
          AND HAVE ACCOUNTED FOR THEM. TELNET PASSES CREDENTIALS IN PLAINTEXT
          BY DEFAULT, AND IF SOMEONE NASTY GETS THEIR HANDS ON YOUR DEVICE'S
          CREDENTIALS THEY CAN DO *VERY* NASTY THINGS. I REFUSE ANY AND ALL
          LIABILITY YOU OPEN YOURSELF UP TO BY ENABLING THIS. AT *LEAST* USE
          THE "USING SECURE TELNET OVER SSL PORT"[1] OPTION.
          YOU HAVE BEEN WARNED.

[1] NOTE: Even if using SSL, it's HIGHLY insecure and not to be trusted. The
          key has been leaked (as of 2018-04-12):
                    https://code.google.com/archive/p/littleblackbox/
          and it uses VERY weak ciphers, at that:
          _____________________________________________________________________
          | ssl-cert: Subject: commonName=ORname_Jungo: OpenRG Products Group/|
          |           countryName=US                                          |
          | Not valid before: 2004-06-03T11:11:43                             |
          |_Not valid after:  2024-05-29T11:11:43                             |
          |_ssl-date: 2018-04-12T09:42:22+00:00; -1s from scanner time.       |
          |_ssl-known-key: Found in Little Black Box 0.1 -                    |
          |         http://code.google.com/p/littleblackbox/                  |
          |         (SHA-1: 4388 33c0 94f6 afc8 64c6 0e4a 6f57 e9f4 d128 1411)|
          | sslv2:                                                            |
          |   SSLv2 supported                                                 |
          |   ciphers:                                                        |
          |     SSL2_RC4_128_WITH_MD5                                         |
          |     SSL2_RC4_64_WITH_MD5                                          |
          |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5                            |
          |     SSL2_RC4_128_EXPORT40_WITH_MD5                                |
          |     SSL2_DES_192_EDE3_CBC_WITH_MD5                                |
          |     SSL2_RC2_128_CBC_WITH_MD5                                     |
          |_    SSL2_DES_64_CBC_WITH_MD5                                      |
          |___________________________________________________________________|
          
          It's generally probably not even worth it, to be honest. You'll get
          more security mileage out of firewalling off to select hosts/nets.
          But, if you insist on having it and using it, you will ALSO need to
          install the following module:
          
                        ssltelnet
                        https://pypi.python.org/pypi/ssltelnet