In my last post I wrote how to make the MV2 a secure proxy/gateway. The one thing I didn't like about it was I had to use the root account. I wanted to give other uses the ability to ssh into the vault and use it as a proxy/gateway. (I think it will also work very nice with WinSCP)
So after a lot of playing around, and a lot of emails I got it working.
Users of the Vault can now start an SSH session using their own name and it'll drop them into their own share.
So...should I tell you how I did it? Ok..lets start!
Add Users to SSH
First install a few packages
ipkg install coreutils adduser diffutils nano bash
edit /etc/passwd
nano /etc/passwd
For each user that you want to have ssh access, change the line that looks something like this:
joeuser:x:502:502:Linux User,,,:/:/bin/nologin
to something that looks like below
joeuser:x:502:502:Linux User,,,/:/share/1000/joeuser:/bin/sh
For more information on the format of the passwd file look here
Note: the joeuser in /share/1000/joeuser:/bin/sh is a share name that will become the home directory for that user.
create the script below and name it restore-etc-files
place it in /share/1000/
#!/bin/sh
save_to=/share/ 1000/Documents/ saved-etc
mkdir -p ${save_to}
cp -pf /etc/passwd ${save_to}
cp -pf /etc/group ${save_to}
Make the restore-etc-files executable
chmod +x /share/1000/restore-etc-files
Create a file called "shells" and place the following two lines in it.
/bin/sh
/opt/bin/bash
Save shells in /etc
edit the /etc/init.d/rcS and add to the bottom before the exit 0
saved_etc=/share/ 1000/Documents/ saved-etc
[ -e ${saved_etc} /passwd ] && cp -f
${saved_etc} /passwd /etc/
[ -e ${saved_etc} /group ] && cp -f
${saved_etc} /group /etc/
Once all is set, ssh onto the MV2 and re-set the passwords for the users you want to have SSH access.
passwd username
Once you do this, log out and try to ssh in to your MV2 with the username you just set the password to.
I would like to thank the folks over at http://nslu2-linux.org/ for maintaining all the software that makes hacking the MV2 so fun and easy. I would also especially like to thank Brian Zhou for creating the scripts/code (and for the most part this how to) and most of all helping me through countless emails getting all this to work!
Tuesday, October 21, 2008
Monday, October 20, 2008
Use The MV2120/5150 as a proxy......well more like a Secure Gateway
Have you ever had problem of not being able to access one of your favorite websites when your on public Wifi?
Have you ever needed to access something personal on public Wifi but didnt trust passing your personal information through it?
If you said yes....well I'v got some good news for you.
If you have remote access to your MediaVault you can tunnel all your web browsing through ssh.
A few Needed Things
ssh (Should be on most Linux Distros) For windows go here
If you use the windows version of ssh you only need to install the client. If ssh should fail check your firewall.
A proxy addon for Firefox called FoxyProxy
Install
If you install ssh on a windows machine, you will only need the client.
Install FoxyProxy with Firefox
If you already ssh into you vault remotely this will be cake! I will explain how to do this with Firefox.
So lets begin!
Configure Firefox
Once FoxyProxy is installed, do the following:
Open FoxyProxy in Firefox. Tools-FoxyProxy-Options
Click on the "Proxies" tab.
Highlight the Default proxy that is listed and click the "EditSelection" button
Click on the "Manual Proxy Configuration"
In the "Host Name" field enter "localhost" with out the ""
Set the port to "8080"
Place a check box in the "SOCKS proxy?"
Click "ok"
Click on the "Global Settings" Tab
Under "Miscellaneous" click on "Use SOCKS proxy for DNS lookups"
Click "Close"
Run SSH
I will be using the default ports for the proxy and ssh in this example
(To start ssh on a windows machine open a cmd and type the command below)
(If you have problems, you may need to be in the path of ssh and then execute the command below)
"cd C:\Program Files\OpenSSH\bin"
ssh -D 8080 -p 22 root@IP or URL
Note: ip is the external IP address of your router. URL would be for services like dyndns.
What the above command does is:
ssh runs ssh
-D is to set the local port (So we are setting the local port to 8080 in this example.)
-p 22 is telling ssh what port to use on the remote machine. (22 is the default port for ssh.)
If you have port forwarding on your router, you could set it to 2200 and have the router forward all traffic on that port to the vault on 22. That would make it a little more secure....kinda. With this set up your command would look like this ssh -D 8080 -p 2200 root@ip or url
Once your logged in the ssh session minimise the ssh window.
Lets test it out!
To enable your new HP MV proxy right click on "FoxyProxy" in the tray of firefox and select "Use proxy "Default" for all URLs"
To dissable the proxy right click on "FoxyProxy" in the tray of firefox and select "Completlely disable FoxyProxy"
Have you ever needed to access something personal on public Wifi but didnt trust passing your personal information through it?
If you said yes....well I'v got some good news for you.
If you have remote access to your MediaVault you can tunnel all your web browsing through ssh.
A few Needed Things
ssh (Should be on most Linux Distros) For windows go here
If you use the windows version of ssh you only need to install the client. If ssh should fail check your firewall.
A proxy addon for Firefox called FoxyProxy
Install
If you install ssh on a windows machine, you will only need the client.
Install FoxyProxy with Firefox
If you already ssh into you vault remotely this will be cake! I will explain how to do this with Firefox.
So lets begin!
Configure Firefox
Once FoxyProxy is installed, do the following:
Open FoxyProxy in Firefox. Tools-FoxyProxy-Options
Click on the "Proxies" tab.
Highlight the Default proxy that is listed and click the "EditSelection" button
Click on the "Manual Proxy Configuration"
In the "Host Name" field enter "localhost" with out the ""
Set the port to "8080"
Place a check box in the "SOCKS proxy?"
Click "ok"
Click on the "Global Settings" Tab
Under "Miscellaneous" click on "Use SOCKS proxy for DNS lookups"
Click "Close"
Run SSH
I will be using the default ports for the proxy and ssh in this example
(To start ssh on a windows machine open a cmd and type the command below)
(If you have problems, you may need to be in the path of ssh and then execute the command below)
"cd C:\Program Files\OpenSSH\bin"
ssh -D 8080 -p 22 root@IP or URL
Note: ip is the external IP address of your router. URL would be for services like dyndns.
What the above command does is:
ssh runs ssh
-D is to set the local port (So we are setting the local port to 8080 in this example.)
-p 22 is telling ssh what port to use on the remote machine. (22 is the default port for ssh.)
If you have port forwarding on your router, you could set it to 2200 and have the router forward all traffic on that port to the vault on 22. That would make it a little more secure....kinda. With this set up your command would look like this ssh -D 8080 -p 2200 root@ip or url
Once your logged in the ssh session minimise the ssh window.
Lets test it out!
To enable your new HP MV proxy right click on "FoxyProxy" in the tray of firefox and select "Use proxy "Default" for all URLs"
To dissable the proxy right click on "FoxyProxy" in the tray of firefox and select "Completlely disable FoxyProxy"
Tuesday, October 7, 2008
Ubuntu 8.04 Hardware acceleration on a PICO-ITX (Drives for chipset CX700M/VX700)
To enable Hardware acceleration on a PICO-ITX using Ubuntu you need to download a couple files and do a little compiling.
NOTE:As of 05OCT08 the kernel version is 2.6.24-19, and this how to is based off of that. If using a different kernel the steps are the same except where noted.
Download and install the beta driver from here.
Install the driver:
1. Extract the package
2. Open a terminal and and goto the directory you just extracted
3. sudo vinstall
4. Restart X Ctrl+Alt+backspace (or just reboot)
Note: To uninstall the driver (If needed)
1.Open a terminal and and goto the directory where the installer is
2. sudo vuninstall
3. Restart X Ctrl+Alt+backspace (or just reboot)
Install the Patch.
1. Open the terminal
2. mkdir F00 (create the directory F00 in your home folder.)
3. sudo apt-get update (update package list)
4. sudo apt-get install patch build-essential libncurses5-dev linux-source-2.6.24 (install the packages patch, build-essential, libncurses5-dev, linux-source-2.6.24)
5. cd F00/ (change dirrectory to F00)
6. cp /usr/src/linux-source-2.6.24.tar.bz2 . (copy the source package to the current working directory)(include the . at the end)
7. tar -jxvf linux-source-2.6.24.tar.bz2 (extract the linux-source-2.6.24.bz2)
8. Download the unichrome-patch to the F00 directory
9. tar -zxvf VIA-unichrome-patch-for-Ubuntu+804LTS.tar.gz (extract the package)
10. tar -zxvf VIA-unichrome-patch-for-Ubuntu\ 804LTS/VIA-unichrome-DRM-patch-for-Ubuntu\ 804LTS/via-unichome-drm-patch-2.6.24.tar.gz (extract the patch)
11. cp via-unichome-drm-patch-2.6.24/via-unichrome-drm.patch-2.6.24 /home/YOURUSERNAME/F00/linux-source-2.6.24 (Enter the username you loged onto ubuntu with where it says YOURUSERNAME)
12. cd linux-source-2.6.24/
13. patch -p0 < via-unichrome-drm.patch-2.6.24
14. NOTE: USER YOUR KERNEL NUMBER if your kernel is different from 2.6.24-19. cp /boot/config-2.6.24-19-generic .config
15. gedit Makefile (edit the line EXTRAVERSION = .3 to your kernel) (The kernel thats being used for this how to is 2.6.24-19, so we will edit the line EXTRAVERSION = .3 to EXTRAVERSION = -19-generic. Save and exit
16. make oldconfig (This command sets the default answers to all kernel configuration questions according to the settings of our .config file.)
17. cp /usr/src/linux-headers-2.6.24-19-generic/Module.symvers Module.symvers
18. make prepare scripts
19. make menuconfig
20. Use the down arrows to get to "Device Drives" and press the space bar to select it.
Use the down arrows to get to "Graphics suppor" and press the space bar to select it.
Use the down arrows to get to "Direct Rendering Manager" and press enter to select it.
Use the down arrows to get to "Via unichrome video cards" and press M to select it.
Make sure your config has the follow items set:
Device Drivers --->
Graphics support --->
Direct Rendering Manager (XFree86 4.1.0 and higher DRI support) -->
Via unichrome video cards
To exit: Press tab to select exit and press enter. Keep doing this untill you get "Do you wish to save your new kernel configuration?"
Yes should be highlighted. Press enter.
21. make modules M=drivers/char/drm
22. There will be via.ko in the directory: ./drivers/char/drm.
Copy via.ko into the directory: /lib/modules/2.6.24-19-generic/kernel/drivers/char/drm.
Note: If you have a different kernel place it in that kernel directory. /lib/modules/2.6.24-XX-generic/kernel/drivers/char/drm
Then the via drm module will be loaded each time when system boot up.
23. Restart X Ctrl+Alt+backspace (or just reboot)
To test if Hardware acceleration is working type the folowing in a terminial.
glxinfo | grep direct
If you get an out put that says:
direct rendering: Yes
Your good to go!
NOTE:As of 05OCT08 the kernel version is 2.6.24-19, and this how to is based off of that. If using a different kernel the steps are the same except where noted.
Download and install the beta driver from here.
Install the driver:
1. Extract the package
2. Open a terminal and and goto the directory you just extracted
3. sudo vinstall
4. Restart X Ctrl+Alt+backspace (or just reboot)
Note: To uninstall the driver (If needed)
1.Open a terminal and and goto the directory where the installer is
2. sudo vuninstall
3. Restart X Ctrl+Alt+backspace (or just reboot)
Install the Patch.
1. Open the terminal
2. mkdir F00 (create the directory F00 in your home folder.)
3. sudo apt-get update (update package list)
4. sudo apt-get install patch build-essential libncurses5-dev linux-source-2.6.24 (install the packages patch, build-essential, libncurses5-dev, linux-source-2.6.24)
5. cd F00/ (change dirrectory to F00)
6. cp /usr/src/linux-source-2.6.24.tar.bz2 . (copy the source package to the current working directory)(include the . at the end)
7. tar -jxvf linux-source-2.6.24.tar.bz2 (extract the linux-source-2.6.24.bz2)
8. Download the unichrome-patch to the F00 directory
9. tar -zxvf VIA-unichrome-patch-for-Ubuntu+804LTS.tar.gz (extract the package)
10. tar -zxvf VIA-unichrome-patch-for-Ubuntu\ 804LTS/VIA-unichrome-DRM-patch-for-Ubuntu\ 804LTS/via-unichome-drm-patch-2.6.24.tar.gz (extract the patch)
11. cp via-unichome-drm-patch-2.6.24/via-unichrome-drm.patch-2.6.24 /home/YOURUSERNAME/F00/linux-source-2.6.24 (Enter the username you loged onto ubuntu with where it says YOURUSERNAME)
12. cd linux-source-2.6.24/
13. patch -p0 < via-unichrome-drm.patch-2.6.24
14. NOTE: USER YOUR KERNEL NUMBER if your kernel is different from 2.6.24-19. cp /boot/config-2.6.24-19-generic .config
15. gedit Makefile (edit the line EXTRAVERSION = .3 to your kernel) (The kernel thats being used for this how to is 2.6.24-19, so we will edit the line EXTRAVERSION = .3 to EXTRAVERSION = -19-generic. Save and exit
16. make oldconfig (This command sets the default answers to all kernel configuration questions according to the settings of our .config file.)
17. cp /usr/src/linux-headers-2.6.24-19-generic/Module.symvers Module.symvers
18. make prepare scripts
19. make menuconfig
20. Use the down arrows to get to "Device Drives" and press the space bar to select it.
Use the down arrows to get to "Graphics suppor" and press the space bar to select it.
Use the down arrows to get to "Direct Rendering Manager" and press enter to select it.
Use the down arrows to get to "Via unichrome video cards" and press M to select it.
Make sure your config has the follow items set:
Device Drivers --->
Graphics support --->
To exit: Press tab to select exit and press enter. Keep doing this untill you get "Do you wish to save your new kernel configuration?"
Yes should be highlighted. Press enter.
21. make modules M=drivers/char/drm
22. There will be via.ko in the directory: ./drivers/char/drm.
Copy via.ko into the directory: /lib/modules/2.6.24-19-generic/kernel/drivers/char/drm.
Note: If you have a different kernel place it in that kernel directory. /lib/modules/2.6.24-XX-generic/kernel/drivers/char/drm
Then the via drm module will be loaded each time when system boot up.
23. Restart X Ctrl+Alt+backspace (or just reboot)
To test if Hardware acceleration is working type the folowing in a terminial.
glxinfo | grep direct
If you get an out put that says:
direct rendering: Yes
Your good to go!
Sunday, October 5, 2008
HP Media Vault MV2120, MV5150 IPKG
NOTE: In order to access your vault from a remote location, remote access must be set up.
So the HP Media Vaults are cool little things. They are for the most part a NAS with a few extras, however.....they are also fairly hackable.
Ive been using the HP media vault for a few months now and haven't hand any real problems (other then the ones I create). I use it for storage and streaming media on my local network. I Also have been using it as a remote storage place for myself and friends as a place to work on projects.
When on my local LAN I don't worry about running it through any type of encryption, however when I'm out and about I like to have some sort of security.
I have https enabled on the MV so when I access the MV from a remote place my web session is going through encryption. The only downer with the web interface is you are only able to download, and upload one file at a time. This is where IPKG comes along.
Taken from Wikipedia:
ipkg, or the Itsy Package Management System, is a lightweight package management system designed for embedded devices that tries to resemble Debian's dpkg.
So to install IPKG, ssh into the MV and do the following.
NOTE: When following the procedure above use hpmv2-bootstrap_1.2-5_arm.xsh and not trap_1.1-1_arm.xsh as it says to.
NOTE:To ssh into the MV you need to know the MV IP address and ssh client installed on a computer. If you are using Linux you should be all set. If you are using windows machine you can download and install SSH for Windows.
If you want to be really adventurous you can install andlinux and run a full ubuntu system native in windows. (Very COOL!!!)
So to ssh into the MV you would do the flowing:
ssh root@theIPaddress
enter the system password when asked. (Thats the password you used to set the MV up.)
Once IPKG is installed do the following:
"ipkg update"
"Ipkg install openssh"
The openssh package includes something called SCP (Secure Copy Protocol). This will be need to upload and download multiple files at a time. (notice I said files, not directories.)
Next you will need to install WinSCP on your computer. You have a choice of an installer or a portable package. (You can run the portable package from a USB thumb drive)
Once you have WinSCP set up all you need to do is start WinSCP and complete the following fields.
Click Session on the Left.
Under Host Name enter the URL you would enter if you were using a web browser with out the http, or https://, or you can use the IP address
Example:
Host Name: MyHPMediavault.com
Port: 22
User Name: root
File Protocol:SCP
Now click on "Tunnel" under "Connection" on the left.
Enter all the same information for each field you just entered above.
Ensure "Connect Through SSH Tunnel" is checked.
That's it!
When asked for a password, Enter the password that was used to setup the MediaVault
Now when you go to connect you will get an error "error looking up user group" Just click ok.
There are no groups on the vault and that is why this error appears.
A Word Of Caution: You are running root! You can brick you system and possibly loose your files if you do the wrong thing.
If this happens you can recover you system but not your files with this tool here.
All of your files will be located in /share/1000
You can now upload and download multiple files.
For lots of good info, hacks, and how to's see here.
So the HP Media Vaults are cool little things. They are for the most part a NAS with a few extras, however.....they are also fairly hackable.
Ive been using the HP media vault for a few months now and haven't hand any real problems (other then the ones I create). I use it for storage and streaming media on my local network. I Also have been using it as a remote storage place for myself and friends as a place to work on projects.
When on my local LAN I don't worry about running it through any type of encryption, however when I'm out and about I like to have some sort of security.
I have https enabled on the MV so when I access the MV from a remote place my web session is going through encryption. The only downer with the web interface is you are only able to download, and upload one file at a time. This is where IPKG comes along.
Taken from Wikipedia:
ipkg, or the Itsy Package Management System, is a lightweight package management system designed for embedded devices that tries to resemble Debian's dpkg.
So to install IPKG, ssh into the MV and do the following.
NOTE: When following the procedure above use hpmv2-bootstrap_1.2-5_arm.xsh and not trap_1.1-1_arm.xsh as it says to.
NOTE:To ssh into the MV you need to know the MV IP address and ssh client installed on a computer. If you are using Linux you should be all set. If you are using windows machine you can download and install SSH for Windows.
If you want to be really adventurous you can install andlinux and run a full ubuntu system native in windows. (Very COOL!!!)
So to ssh into the MV you would do the flowing:
ssh root@theIPaddress
enter the system password when asked. (Thats the password you used to set the MV up.)
Once IPKG is installed do the following:
"ipkg update"
"Ipkg install openssh"
The openssh package includes something called SCP (Secure Copy Protocol). This will be need to upload and download multiple files at a time. (notice I said files, not directories.)
Next you will need to install WinSCP on your computer. You have a choice of an installer or a portable package. (You can run the portable package from a USB thumb drive)
Once you have WinSCP set up all you need to do is start WinSCP and complete the following fields.
Click Session on the Left.
Under Host Name enter the URL you would enter if you were using a web browser with out the http, or https://, or you can use the IP address
Example:
Host Name: MyHPMediavault.com
Port: 22
User Name: root
File Protocol:SCP
Now click on "Tunnel" under "Connection" on the left.
Enter all the same information for each field you just entered above.
Ensure "Connect Through SSH Tunnel" is checked.
That's it!
When asked for a password, Enter the password that was used to setup the MediaVault
Now when you go to connect you will get an error "error looking up user group" Just click ok.
There are no groups on the vault and that is why this error appears.
A Word Of Caution: You are running root! You can brick you system and possibly loose your files if you do the wrong thing.
If this happens you can recover you system but not your files with this tool here.
All of your files will be located in /share/1000
You can now upload and download multiple files.
For lots of good info, hacks, and how to's see here.
Subscribe to:
Posts (Atom)