Svend/ Svend blog!
bikes debian eeepc git livesc q-and-a security ssh

Blog archive

RSS Add a new post titled:
Autologin on serial consoles

Autologin on a serial console

For physical consoles, /bin/login is called instead of /sbin/getty.

1:2345:respawn:/bin/login -f root </dev/tty1 >/dev/tty1 2>&1

This does not work for serial consoles, because you cannot set the baud rate.

I've found a couple of ways to solve this problem.

Autologin wrapper script

Create an autlogin wrapper script that calls /bin/login.

/usr/local/bin/autologin:

#!/bin/sh
exec /bin/login -f root

T0:23:respawn:/sbin/getty -l /usr/local/bin/autologin -n -L ttyS0 115200 vt102

sulogin

If the root account is locked, sulogin can be used to automatically login the root account.

T0:23:respawn:/sbin/getty -l /sbin/sulogin -n -L ttyS0 115200 vt102

Posted Fri Jun 3 22:08:08 2011
Security through invisible ports

The Open-E Data Storage Server documentation [Manual (Ver. 5.00 up49) November 19, 2008] has this to say about SSH access.

The default port is 22222 for security reasons, seeing as high-number ports are invisible to port scanners. You can change the setting only to a port within the 1024-65535 range.

(And painting your doors the same color as your the rest of your house will make them invisible to burglars.)

$ nmap -sV -p 1024-65535 X.X.X.X

Starting Nmap 5.21 ( http://nmap.org ) at 2010-08-26 13:18 PDT
Nmap scan report for X.X.X.X
Host is up (0.00055s latency).
Not shown: 64509 closed ports
PORT      STATE SERVICE  VERSION
3260/tcp  open  iscsi?
11211/tcp open  memcache memcached 1.1.12 (PID 14311; uptime 84778 seconds; curr items: 6; total items: 3142; bytes cached: 6131)
22222/tcp open  ssh      OpenSSH 4.3p2 Debian 9etch3 (protocol 2.0)
Service Info: OS: Linux

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 115.18 seconds
Posted Thu Aug 26 20:31:17 2010 Tags:
Gnome administration with user password

Because I manually installed Gnome, sudo, and disabled the root password after installing Debian, I was unable to use Gnome's administration applications. When I ran anything under the Administration menu, I would get a prompt: "Enter the administrative password".

The solution was to change the gconf key /apps/gksu/sudo-mode to true. I changed this in my own gconf DB, not the system DB, but either place should work.

According to Debian bug 57070, sudo-mode will be set automatically if Gnome is installed when the Debian installer is run.

Update

The user-setup-apply script in the user-setup package is responsible for setting up gksu. (See bug 481689.) Here are equivalent commands that can be run after the system is already installed.

sudo update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
sudo update-gconf-defaults
Posted Wed Mar 24 18:34:43 2010 Tags:
Modern browser support with DRAC 5

I have been able to get console redirection and virtual media working with Epiphany 2.29.6 and Iceweasel (Firefox) 3.5.6 after upgrading the DRAC 5 to the 1.51 firmware. I installed default-jre and icedtea6-plugin to get a Java JRE and used the Java plug-in to test. (default-jre installed the OpenJDK JRE.) I haven't tested the Firefox plug-in. I can now get rid of the copy of Firefox 2.0 that I kept around for working with the DRAC 5s.

Console redirection via a Java plug-in was added in 1.40, and Firefox 3.0 support was added in 1.45.

The DRAC 5's SSH host key changed after installing the 1.51 firmware.

Posted Wed Feb 3 23:01:25 2010
qemu-kvm in Debian unstable

Version 0.11.0 of qemu-kvm is now available in Debian unstable.

Posted Wed Nov 18 23:24:30 2009 Tags:
Upgrading the BIOS in an X60s

I upgraded the bios in my Thinkpad X60s from 2.17 to 2.18. It was complicated because the IBM BIOS upgrade disc only has drivers for the drive in the docking station, which I do not have.

When I tried booting the upgrade CD in a Lite-On DVD drive, the upgrade failed with the following error.

Device driver not found: 'TPCD001'.
No valid CDROM device drivers selected
Bad command or file name
Invalid drive specification

I found instructions for upgrading the BIOS on ThinkWiki. I used "Approach 1."

Because I suspended to disk, I didn't even need to restart my Linux session to perform the BIOS upgrade.

Posted Fri Jun 12 21:44:37 2009
Removing old network devices from Windows

After I upgraded a Xen server, a Windows Server 2003 guest lost it's network connection. Apparently, the virtual NIC hardware had changed, so a new, unconfigured network device was installed.

(The virtual hardware had changed enough that Windows required reactivation. However, I couldn't do the online activation, because the new network adapter wasn't configured. I was locked out of the system. I had to call Microsoft's activation hotline and read nine six-digit numbers to a computer on the other end to activate Windows again.)

When I tried to configure the new NIC with the system's static IP, I got a warning since the old NIC was still using it. However, the old NIC wasn't in the Network Connections list or the Device Manager's Network adapters list.

I was finally able to delete the old NIC using the fix in KB269155.

Posted Thu Apr 16 17:55:41 2009
Verifying the backports.org GPG key

How to download, verify, and install the backports.org GPG key.

These instructions are adapted from the DebianEdu backports.org instructions.

1. Download backports GPG key

The key ID is on the backports website. We will save it to a temporary keyring.

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --keyserver hkp://subkeys.pgp.net \
      --recv-keys 16BA136C
gpg: keyring `/tmp/backports.gpg' created
gpg: requesting key 16BA136C from hkp server subkeys.pgp.net
gpg: key 16BA136C: public key "Backports.org Archive Key <ftp-master@backports.org>" imported
gpg: public key of ultimately trusted key EF6CC3C1 not found
gpg: public key of ultimately trusted key 78733EF8 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Total number processed: 1
gpg:               imported: 1

2. Check the backports key's signatures

Check the signatures using the Debian developers keyring (part of the debian-keyring package).

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --keyring /usr/share/keyrings/debian-keyring.gpg \
      --check-sigs 16BA136C
pub   1024D/16BA136C 2005-08-21
uid                  Backports.org Archive Key <ftp-master@backports.org>
sig!         7E7B8AC9 2005-11-20  Joerg Jaspert <joerg@debian.org>
sig!3        16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>
sig!3        16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>
sub   2048g/5B82CECE 2005-08-21
sig!         16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>

3 signatures not checked due to missing keys

You can see three self-signatures, and one valid signature by a Debian developer.

3. Add the backports key to apt's keyring

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --export 16BA136C | 
      sudo apt-key add -
OK
Posted Tue Feb 24 21:01:29 2009 Tags:
lenny-backports ready

lenny-backports is now active. wesnoth is the first package to be uploaded.

Posted Fri Feb 20 23:44:00 2009 Tags:
Live CD updated to lenny

I have updated Debian Live SC to Debian 5.0 (lenny) from Debian 4.0 (etch).

Posted Fri Feb 20 19:05:51 2009 Tags: