Difference between revisions of "Open Stock Firmware"
(→Heinz' Script Method) |
(→Create a startup script & config for sshd.) |
||
(20 intermediate revisions by 10 users not shown) | |||
Line 18: | Line 18: | ||
* Probably the most important part... BACKUP, you don't want to lose your important data/system files. | * Probably the most important part... BACKUP, you don't want to lose your important data/system files. | ||
* If unsure read again, check the wiki, search the forum.... then post. | * If unsure read again, check the wiki, search the forum.... then post. | ||
+ | * Firmware version 1.3.5 appears to break acpcommander, do not upgrade to 1.35 till the issue is resolved. | ||
== <font color=blue>Getting Console (Telnet) Access with acp_commander</font> == | == <font color=blue>Getting Console (Telnet) Access with acp_commander</font> == | ||
* Read the http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/README Make sure you understand what the acp_commander is for & how you can use it. | * Read the http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/README Make sure you understand what the acp_commander is for & how you can use it. | ||
+ | <embedurl>http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/README</embedurl> | ||
* Download http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/acp_commander.jar to somewhere you will remember. | * Download http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/acp_commander.jar to somewhere you will remember. | ||
* Get console access, dos, terminal, shell it doesn't really matter as long as you can execute the java command. | * Get console access, dos, terminal, shell it doesn't really matter as long as you can execute the java command. | ||
Line 51: | Line 53: | ||
telnet <IP ADDRESS> | telnet <IP ADDRESS> | ||
and login with "root" No password should be asked. | and login with "root" No password should be asked. | ||
+ | |||
+ | === Linkstation Quad with Firmware >= 1.10 === | ||
+ | If the telnet attempt results in "connection refused", try this: | ||
+ | java -jar acp_commander.jar -pw <admin password> -t <quad's IP address> -ip <quad's IP address> -o | ||
+ | Use the admin password which is valid for the web interface. After logging in, you will need to go into the Linkstation's web page, onto the network page, and re-enable DHCP to be able access the net from your linkstation. This will restart the network service (which will pause your telnet session for 10-20 seconds, dont panic, it will come back). Source: http://forum.buffalo.nas-central.org/viewtopic.php?f=66&t=14651 | ||
+ | |||
+ | === Bypassing Telnet altogether === | ||
+ | If you fail to get access via telnet you can use the -c option to set root password with acp_commander: | ||
+ | java -jar acp_commander.jar -t <IP Address> -c "(echo <pass>;echo <pass>)|passwd" | ||
+ | Replace <IP Address> with the IP address of your TS and <pass> with password you want. You can now login via ssh as root using your new password. | ||
== <font color=blue>Securing</font> == | == <font color=blue>Securing</font> == | ||
Line 75: | Line 87: | ||
* We will use vi to create & edit the '/etc/init.d/sshd.sh' startup script. (This script does not exist in stock, no backup needed) | * We will use vi to create & edit the '/etc/init.d/sshd.sh' startup script. (This script does not exist in stock, no backup needed) | ||
+ | |||
+ | * If you have firmware 1.56 or 1.57, the /etc/init.d/sshd.sh already exists and does not need to be modified. Update /etc/nas_feature and set SUPPORT_SFTP=1 instead of SUPPORT_SFTP=0. | ||
Type in the following: | Type in the following: | ||
Line 80: | Line 94: | ||
You will then be taken into the text editor. | You will then be taken into the text editor. | ||
Press i, to get into Insert mode. | Press i, to get into Insert mode. | ||
− | Enter the following code: | + | Enter the following code (valid for all versions, Verified with version 1.06 and 1.33): |
− | + | <pre>#! /bin/sh | |
− | + | ||
− | + | # | |
− | + | # Start/stop the SSH daemon. | |
− | + | # | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | test -f /usr/local/sbin/sshd || exit 0 | |
− | + | ||
− | + | # this is used by daemonwatch (since fw 1.11-1a) | |
− | + | ACTIVE_FILE=/var/run/active_sshd | |
− | + | ||
− | + | case "$1" in | |
− | + | start) | |
− | + | echo "Start service: sshd" | |
− | + | /usr/local/sbin/sshd -f /etc/sshd_config | |
− | + | touch ${ACTIVE_FILE} | |
− | + | ;; | |
− | + | stop) | |
− | + | echo "Stop service: sshd" | |
− | + | killall sshd | |
− | + | rm -f ${ACTIVE_FILE} | |
− | + | ;; | |
− | + | restart) | |
− | + | $0 stop | |
− | + | $0 start | |
− | + | ;; | |
− | + | *) | |
− | + | echo "Usage: $0 start|stop|restart" | |
− | + | exit 1 | |
− | + | ;; | |
− | + | esac | |
− | + | exit 0</pre> | |
− | + | ||
− | + | ||
− | + | ||
Press Esc to exit Insert mode. | Press Esc to exit Insert mode. | ||
Then enter :wq (colon wq) to exit vi. | Then enter :wq (colon wq) to exit vi. | ||
+ | |||
+ | This is also the proper script to use with an LS Live (HS-DHxxxGL) on stock firmware version 2.11. | ||
We need to make sure that this file is executable we will do this with chmod http://www.penguin-soft.com/penguin/man/1/chmod.html | We need to make sure that this file is executable we will do this with chmod http://www.penguin-soft.com/penguin/man/1/chmod.html | ||
Line 144: | Line 138: | ||
Enter the following: | Enter the following: | ||
chmod 0755 /etc/init.d/sshd.sh | chmod 0755 /etc/init.d/sshd.sh | ||
− | |||
=== Config === | === Config === | ||
Line 166: | Line 159: | ||
Assuming that you have no errors all is fine. You can now login to your Linkstation with your ssh client. | Assuming that you have no errors all is fine. You can now login to your Linkstation with your ssh client. | ||
+ | |||
+ | If the sshd does not start and reports something like this: | ||
+ | Could not load host key: /etc/apache/server.key | ||
+ | Disabling protocol version 1. Could not load host key | ||
+ | Disabling protocol version 2. Could not load host key | ||
+ | sshd: no hostkeys available -- exiting. | ||
+ | try changing the following lines in /etc/sshd_config: | ||
+ | HostKey /etc/ssh_host_key | ||
+ | UsePAM no | ||
+ | This worked for me on a LinkStation Quad v1.11 | ||
+ | |||
+ | HostKey file can be generated by | ||
+ | ssh-keygen -t dsa -f /etc/ssh_host_key | ||
=== Adding Telnet/SSHD to your start up script (rcS). === | === Adding Telnet/SSHD to your start up script (rcS). === | ||
Line 193: | Line 199: | ||
* If you have taken the option to enable sshd you can add the sshd.sh to this file also. | * If you have taken the option to enable sshd you can add the sshd.sh to this file also. | ||
− | I prefer to keep the file as close to default as possible I will add it to the same section as stock. | + | I prefer to keep the file as close to default as possible I will add it to the same section (step 3) as stock. |
− | Add sshd.sh | + | Add sshd.sh before daemonwatch.sh, that's the line containing (This is for LS-Live, Pro has less scripts to start) |
− | + | <pre>echo "** step3 **" | |
− | + | for cmd in micon_setup.sh ... clientUtil_servd.sh lsprcvd.sh daemonwatch.sh cron.sh ltbootd.sh logchkd.sh | |
− | + | do | |
− | + | exec_sh $cmd | |
− | + | done</pre> | |
Like So: | Like So: | ||
− | + | <pre>echo "** step3 **" | |
− | + | for cmd in micon_setup.sh ... clientUtil_servd.sh lsprcvd.sh sshd.sh daemonwatch.sh cron.sh ltbootd.sh logchkd.sh | |
− | + | do | |
− | + | exec_sh $cmd | |
− | + | done</pre> | |
Exit vi | Exit vi | ||
Line 273: | Line 279: | ||
/var/run/sshd.pid /etc/init.d/sshd.sh restart | /var/run/sshd.pid /etc/init.d/sshd.sh restart | ||
+ | Then restart the daemonwatch process. | ||
+ | /etc/init.d/daemonwatch.sh restart | ||
To test.. spawn telnet as a backup for access. | To test.. spawn telnet as a backup for access. | ||
/usr/sbin/telnetd | /usr/sbin/telnetd | ||
Line 283: | Line 291: | ||
Jul 29 10:56:55 HS-320 daemonwatch: pid [/var/run/sshd.pid] does not exist | Jul 29 10:56:55 HS-320 daemonwatch: pid [/var/run/sshd.pid] does not exist | ||
− | ==== 1.11-1a Firmware ==== | + | ==== 1.11-1a Firmware==== |
+ | Verified procedure with version 1.33. | ||
/var/run/apache/httpd.pid /var/run/active_httpd /etc/init.d/httpd.sh restart | /var/run/apache/httpd.pid /var/run/active_httpd /etc/init.d/httpd.sh restart | ||
/var/run/smbd.pid /var/run/active_smb /etc/init.d/smb.sh restart | /var/run/smbd.pid /var/run/active_smb /etc/init.d/smb.sh restart | ||
Line 289: | Line 298: | ||
/var/run/sshd.pid /var/run/active_sshd /etc/init.d/sshd.sh restart | /var/run/sshd.pid /var/run/active_sshd /etc/init.d/sshd.sh restart | ||
+ | Then restart the daemonwatch process. | ||
+ | /etc/init.d/daemonwatch.sh restart | ||
To test.. spawn telnet as a backup for access. | To test.. spawn telnet as a backup for access. | ||
/usr/sbin/telnetd | /usr/sbin/telnetd | ||
Line 309: | Line 320: | ||
Now when you login you should get the last login message when logging in. | Now when you login you should get the last login message when logging in. | ||
Last login: Sat Aug 4 14:23:20 2007 from xyz.localdomain | Last login: Sat Aug 4 14:23:20 2007 from xyz.localdomain | ||
+ | |||
+ | === TTY Errors. === | ||
+ | |||
+ | Look at <tt>'/var/log/messages'</tt>. | ||
+ | If you see messages like: | ||
+ | Mar 6 05:31:32 LS-250GL sshd[21868]: error: open /dev/tty failed - could not set controlling tty: Permission denied | ||
+ | Change permissions of <tt>'/dev/tty'</tt> | ||
+ | chmod a+w /dev/tty | ||
+ | |||
+ | === Ipkg === | ||
+ | |||
+ | There is an bootstrapping script that allows you to install ipkg on arm-based devices with stock firmware: http://buffalo.nas-central.org/wiki/Ipkg_on_the_Linkstation_(for_end-users)#ARM | ||
== <font color=blue>Revision Info:</font> == | == <font color=blue>Revision Info:</font> == | ||
Line 322: | Line 345: | ||
* 1.6 - 03 Sep 2007 : Added full version of ps --[[User:Wasted life|Wasted life]] | * 1.6 - 03 Sep 2007 : Added full version of ps --[[User:Wasted life|Wasted life]] | ||
* 1.7 - 06 Sep 2007 : Added testing for sshd and deamonwatch on 1.11-1a --[[User:Wasted life|Wasted life]] | * 1.7 - 06 Sep 2007 : Added testing for sshd and deamonwatch on 1.11-1a --[[User:Wasted life|Wasted life]] | ||
+ | * 1.8 - 05 Mar 2009 : Added TTY errors, Ipkg --[[User:sans17|sans17]] | ||
+ | * 1.8.1 - 08 APR 2009 : Verified sshd and deamonwatch on version 1.33 -- Kage | ||
=Other Methods= | =Other Methods= | ||
Line 388: | Line 413: | ||
===Georg's Script Method=== | ===Georg's Script Method=== | ||
− | Georg modified Heinz' automatic script. For those with access, the script it is available in [http://downloads.nas-central.org/ | + | Georg modified Heinz' automatic script. For those with access, the script it is available in [http://downloads.nas-central.org/Uploads/OldUploads/LS_Pro_temporary/telnet_enabled_no_root_password/ LS_Pro Temporary Upload Folder for Telnet Enabled Firmwares] |
The script untars the firmware, sets the current dates in linkstation_version.txt (allows exchange of kernel etc.) and adds the debug flag for LSUpdater.exe. Further telnetd is started during boot and the web interface scripts are altered in order to clear the root password when "creating" user 'clearroot'. | The script untars the firmware, sets the current dates in linkstation_version.txt (allows exchange of kernel etc.) and adds the debug flag for LSUpdater.exe. Further telnetd is started during boot and the web interface scripts are altered in order to clear the root password when "creating" user 'clearroot'. | ||
Thanks to MartinP, the latest version uses the correct path to passwd (/usr/sbin). It also offers command line parameters to exchange kernel, uboot and untar an additional tar file into the root file system (see option -h). | Thanks to MartinP, the latest version uses the correct path to passwd (/usr/sbin). It also offers command line parameters to exchange kernel, uboot and untar an additional tar file into the root file system (see option -h). | ||
Line 400: | Line 425: | ||
[[Category:Software]] | [[Category:Software]] | ||
[[Category:LSLive]] | [[Category:LSLive]] | ||
+ | [[Category:LSQuad]] |
Latest revision as of 15:18, 6 April 2012
Contents
Georg's acp-commander Method
I just bought another LS(Live) & wanted to have it open (SSH), as close to a stock firmware box as I could for testing. There are a few fixes that should be added too.
I'll be referencing a few links to a few wiki/web articles as long as some user posts. Hopefully this will cover most of what is needed. As always I'm human & can make some mistakes. If you see anything that seems a bit odd, change it.
WARNING.. Do this at your own risk.
Have a plan
- Research is always the best way to go.
- Get all the doumentation you need available.
- Understand what your going to do. No point in getting halfway through a job, only to get stuck/lost.
- Make sure you have the software/tools available to carry out the job.
- Probably the most important part... BACKUP, you don't want to lose your important data/system files.
- If unsure read again, check the wiki, search the forum.... then post.
- Firmware version 1.3.5 appears to break acpcommander, do not upgrade to 1.35 till the issue is resolved.
Getting Console (Telnet) Access with acp_commander
- Read the http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/README Make sure you understand what the acp_commander is for & how you can use it.
<embedurl>http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/README</embedurl>
- Download http://downloads.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/acp_commander.jar to somewhere you will remember.
- Get console access, dos, terminal, shell it doesn't really matter as long as you can execute the java command.
- cd to the directory where you saved acp_commander.jar
- Disable your firewall temporarily. (If applicable)
Enter the following (Replacing <IP ADDRESS> with the IP Address of your Linkstation)
java -jar acp_commander.jar -t <IP ADDRESS> -o
You should see something along the lines of:
Using random connID VALUE = FB6A7FCF57E6 Using target: 192.168.1.11/192.168.1.11 (your IP address) ** NO message ** ** NO message ** Password changed.
or
java -jar acp_commander.jar -t <IP ADDRESS> -o -addons
This will install the addons package now.
This may not happen straight away. However I have only ever had to do it a maximum of twice.
Your Linkstation should now have the telnet daemon enabled. User "root" will have a null (Blank) root password, until you change it. The telnet daemon will be available until you reboot your Linkstation.
- Enable your firewall. (If applicable)
Now you can login to your Linkstation with telnet.
Connect with Telnet
Enter the following (Replacing <IP ADDRESS> with the IP Address of your Linkstation)
telnet <IP ADDRESS>
and login with "root" No password should be asked.
Linkstation Quad with Firmware >= 1.10
If the telnet attempt results in "connection refused", try this:
java -jar acp_commander.jar -pw <admin password> -t <quad's IP address> -ip <quad's IP address> -o
Use the admin password which is valid for the web interface. After logging in, you will need to go into the Linkstation's web page, onto the network page, and re-enable DHCP to be able access the net from your linkstation. This will restart the network service (which will pause your telnet session for 10-20 seconds, dont panic, it will come back). Source: http://forum.buffalo.nas-central.org/viewtopic.php?f=66&t=14651
Bypassing Telnet altogether
If you fail to get access via telnet you can use the -c option to set root password with acp_commander:
java -jar acp_commander.jar -t <IP Address> -c "(echo <pass>;echo <pass>)|passwd"
Replace <IP Address> with the IP address of your TS and <pass> with password you want. You can now login via ssh as root using your new password.
Securing
- First thing you want to do is set the root password & secure your Linkstation from unwanted users.
Enter the following.
passwd
You will be promted with the following.
Changing password for root Enter the new password (minimum of 5, maximum of 20 characters) Please use a combination of upper and lower case letters and numbers. Enter new password:
Enter your new password, press enter. You will be then prompted with:
Re-enter new password:
Re-enter your new password. Press enter. If your passwords match (C'mon it aint hard), you will get the following notifiction:
Password changed.
- Please also note that users created via the Web Admin are also shell users. The guest user has an invalid password, but you should definitely change the default admin password and any other trivial account passwords if you plan to expose the SSH port to the Internet.
Create a startup script & config for sshd.
- If you want to leave telnet as the preferred way of connecting then you don't have to do this. Skip to section: Adding Telnet/SSHD to your start up script (rcS)
- The stock firmware does have the sshd binaries included. The following section will allow you to create a startup script for this.
- Read the Vi text editor tutorial, http://nas-central.org/index.php/Vi_text_editor_tutorial
- We will use vi to create & edit the '/etc/init.d/sshd.sh' startup script. (This script does not exist in stock, no backup needed)
- If you have firmware 1.56 or 1.57, the /etc/init.d/sshd.sh already exists and does not need to be modified. Update /etc/nas_feature and set SUPPORT_SFTP=1 instead of SUPPORT_SFTP=0.
Type in the following:
vi /etc/init.d/sshd.sh
You will then be taken into the text editor. Press i, to get into Insert mode. Enter the following code (valid for all versions, Verified with version 1.06 and 1.33):
#! /bin/sh # # Start/stop the SSH daemon. # test -f /usr/local/sbin/sshd || exit 0 # this is used by daemonwatch (since fw 1.11-1a) ACTIVE_FILE=/var/run/active_sshd case "$1" in start) echo "Start service: sshd" /usr/local/sbin/sshd -f /etc/sshd_config touch ${ACTIVE_FILE} ;; stop) echo "Stop service: sshd" killall sshd rm -f ${ACTIVE_FILE} ;; restart) $0 stop $0 start ;; *) echo "Usage: $0 start|stop|restart" exit 1 ;; esac exit 0
Press Esc to exit Insert mode. Then enter :wq (colon wq) to exit vi.
This is also the proper script to use with an LS Live (HS-DHxxxGL) on stock firmware version 2.11.
We need to make sure that this file is executable we will do this with chmod http://www.penguin-soft.com/penguin/man/1/chmod.html
Enter the following:
chmod 0755 /etc/init.d/sshd.sh
Config
Now we need to create the config. I will use an example of a basic config to allow you access. You can add the relevant sections you want. More info can be found http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config There already exists a config file for sshd, this has nothing enabled. We will make a backup copy of this before editing. Enter the following:
cp /etc/sshd_config /etc/sshd_config.bak
Use vi to edit the config file.
vi /etc/sshd_config
Make sure that the file has the following changed/uncommented:
port 22 Protocol 2,1 PermitRootLogin yes StrictModes yes Subsystem sftp /usr/local/libexec/sftp-server
Exit Vi.
Then test that your startup script & config work by entering the following.
/etc/init.d/sshd.sh start
Assuming that you have no errors all is fine. You can now login to your Linkstation with your ssh client.
If the sshd does not start and reports something like this:
Could not load host key: /etc/apache/server.key Disabling protocol version 1. Could not load host key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting.
try changing the following lines in /etc/sshd_config:
HostKey /etc/ssh_host_key UsePAM no
This worked for me on a LinkStation Quad v1.11
HostKey file can be generated by
ssh-keygen -t dsa -f /etc/ssh_host_key
Adding Telnet/SSHD to your start up script (rcS).
- Backup before editing.
The file for editing will be '/etc/init.d/rcS' this has all the init scripts defined for startup. Make a backup of this by entering the following:
cp /etc/init.d/rcS /etc/init.d/rcS.bak
Edit this with Vi
vi /etc/init.d/rcS
Telnet
To enable telnet at startup, uncomment the line if it exists (Does exist in some earlier firmwares).
# /usr/sbin/telnetd
so it looks like
/usr/sbin/telnetd
If it doesn't exist, add it just before "** step3 **" like
# telnetd for debug /usr/sbin/telnetd echo "** step3 **"
SSHD
- If you have taken the option to enable sshd you can add the sshd.sh to this file also.
I prefer to keep the file as close to default as possible I will add it to the same section (step 3) as stock. Add sshd.sh before daemonwatch.sh, that's the line containing (This is for LS-Live, Pro has less scripts to start)
echo "** step3 **" for cmd in micon_setup.sh ... clientUtil_servd.sh lsprcvd.sh daemonwatch.sh cron.sh ltbootd.sh logchkd.sh do exec_sh $cmd done
Like So:
echo "** step3 **" for cmd in micon_setup.sh ... clientUtil_servd.sh lsprcvd.sh sshd.sh daemonwatch.sh cron.sh ltbootd.sh logchkd.sh do exec_sh $cmd done
Exit vi
Optional Files & Fixes
Time discrepancies
Some might notice in their logs that there are some errors with backups, system time etc. The reason for this is the hardware clock is not updated by sytem time. The file time_set.sh is missing. http://bugtracker.nas-central.org/view.php?id=113 This can be resolved by creating a symlink to set_time.sh
ln -s /usr/local/bin/set_time.sh /usr/local/bin/time_set.sh
/dev/null
By default in the stock firmware /dev/null is only accessible to root. http://bugtracker.nas-central.org/view.php?id=86 Change the permissions for /dev/null for all user access:
chmod 0666 /dev/null
/etc/profile
When logging in as a non root user, The error "Permission denied" will be displayed. http://bugtracker.nas-central.org/view.php?id=87 Change the permissions for /etc/profile for all user access:
chmod 0644 /etc/profile
Addon Files.
To add some extra files namely wget, su & joe. Download: http://downloads.nas-central.org/Uploads/OldUploads/LS_Pro_temporary/Binaries/addons.tar and transfer it to a share. cd to wherever you transferred it to & execute:
tar -C / -xzvf addons.tar
Set the suid bit on su:
chmod 4755 /bin/su
Note: If you have a LS Live or running firmware 1.10 or above you will need to download libproc, this is not included with the above. http://downloads.nas-central.org/Users/kaiten/libproc-3.2.6_arm9.tgz
tar -C / -xzvf libproc-3.2.6_arm9.tgz ldconfig -v
Full version of ps
The version of ps that is supplied is extremely limited, to get the full version.
Backup the original:
mv /bin/ps /bin/ps.bak
Download the newer version:
cd /bin/ wget http://downloads.nas-central.org/Uploads/OldUploads/LS_Pro_temporary/Binaries/ps
Make new ps executable:
chmod a+x /bin/ps
Note: If you have a LS Live or running firmware 1.10 or above you will need to download libproc, this is not included with the above. http://downloads.nas-central.org/Users/kaiten/libproc-3.2.6_arm9.tgz
tar -C / -xzvf libproc-3.2.6_arm9.tgz ldconfig -v
Daemonwatch.. Adding sshd.
For those that have taken the option to have sshd as their preferred way of connecting to their Linkstation. sshd can be added to the daemonwatch list, if it falls over for any reason it will be respawned.
Backup '/etc/daemonwatch.list'
cp /etc/daemonwatch.list /etc/daemonwatch.list.bak
Add the sshd pid & startup script to it.
Pre 1.11-1a Firmware
/var/run/apache/httpd.pid /etc/init.d/httpd.sh restart /var/run/smbd.pid /etc/init.d/smb.sh restart /var/run/clientUtil_server-eth0.pid /etc/init.d/clientUtil_servd.sh restart /var/run/sshd.pid /etc/init.d/sshd.sh restart
Then restart the daemonwatch process.
/etc/init.d/daemonwatch.sh restart
To test.. spawn telnet as a backup for access.
/usr/sbin/telnetd
Then stop sshd:
/etc/init.d/sshd.sh stop
You should then be disconnected from your ssh session. The daemonwatch process should have detected that sshd has stopped & restarted. You should now be able to log back in.. However if not.. You have your telnet access to fall back on & investigate. In '/var/log/linkstation.log' you should see the following entry.
Jul 29 10:56:55 HS-320 daemonwatch: pid [/var/run/sshd.pid] does not exist
1.11-1a Firmware
Verified procedure with version 1.33.
/var/run/apache/httpd.pid /var/run/active_httpd /etc/init.d/httpd.sh restart /var/run/smbd.pid /var/run/active_smb /etc/init.d/smb.sh restart /var/run/clientUtil_server-eth0.pid /var/run/active_clientUtil_server /etc/init.d/clientUtil_servd.sh restart /var/run/sshd.pid /var/run/active_sshd /etc/init.d/sshd.sh restart
Then restart the daemonwatch process.
/etc/init.d/daemonwatch.sh restart
To test.. spawn telnet as a backup for access.
/usr/sbin/telnetd
Then stop sshd:
killall sshd
You should then be disconnected from your ssh session. The daemonwatch process should have detected that sshd has stopped & restarted. You should now be able to log back in.. However if not.. You have your telnet access to fall back on & investigate. In '/var/log/messages' you should see the following entry.
Sep 6 08:57:15 LSPRO daemonwatch[874]: pid [/var/run/sshd.pid] does not exist
Lastlog Errors.
You may get some errors when logging in with ssh etc. 'var/log/lastlog' does not exist. Lastlog entries are never entered.
Aug 4 13:27:00 LS-250GL sshd[20020]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory Aug 4 13:27:00 LS-250GL sshd[20020]: lastlog_openseek: /var/log/lastlog is not a file or directory!
To get rid of the lastlog errors.
touch /var/log/lastlog chmod 0744 /var/log/lastlog
Now when you login you should get the last login message when logging in.
Last login: Sat Aug 4 14:23:20 2007 from xyz.localdomain
TTY Errors.
Look at '/var/log/messages'. If you see messages like:
Mar 6 05:31:32 LS-250GL sshd[21868]: error: open /dev/tty failed - could not set controlling tty: Permission denied
Change permissions of '/dev/tty'
chmod a+w /dev/tty
Ipkg
There is an bootstrapping script that allows you to install ipkg on arm-based devices with stock firmware: http://buffalo.nas-central.org/wiki/Ipkg_on_the_Linkstation_(for_end-users)#ARM
Revision Info:
That's all I have at the moment. More can be added, some taken away. Just some of the things I've done to make my life a little bit easier.
- 1.0 - 29 July 2007 : Initial Post
- 1.1 - 01 Aug 2007 : Fixed typo
- 1.2 - 04 Aug 2007 : Added Lastlog Errors
- 1.3 - 06 Aug 2007 : Added libproc for Live & 110 firmwares
- 1.4 - 31 Aug 2007 : Added Changes to deamonwatch for 1.11-1a firmwares (Thanks wasted life)
- 1.5 - 31 Aug 2007 : Added su permission fix (Thanks wasted life)
- 1.6 - 03 Sep 2007 : Added full version of ps --Wasted life
- 1.7 - 06 Sep 2007 : Added testing for sshd and deamonwatch on 1.11-1a --Wasted life
- 1.8 - 05 Mar 2009 : Added TTY errors, Ipkg --sans17
- 1.8.1 - 08 APR 2009 : Verified sshd and deamonwatch on version 1.33 -- Kage
Other Methods
We have successfully managed to create a telnet-enabled firmware for the LS-GL. Fortunately for us, the LS-GL already came with a telnet binary in the stock firmware. Telnet can be enabled by uncommenting line 42 in /etc/init.d/rcS and repackaging hddrootfs.
There is a pre-made telnet enabled firmware available at here.
Note: The above firmware package does enable root access.
Removing Root Password
There are two known successful ways for removing the root password. You can use the "manual method" or uses a special "clearroot" method (The telnet enabled firmware contains the "clearroot" method). Possibly a third method is to use the firmware updater's debug tags.
Manual Method
The general idea is to open connect the sata drive to a desktop running a linux distribution (i.e. Knoppix or Ubuntu). Then remove root password in /etc/shadow.
Detailed Steps
1) Connect the hard drive to a pc running Linux (i.e. Knoppix boots directly from cd/dvd)
2) Find out how it was recognized. (i.e. in Knoppix there are some shortcuts on the desktop).
3) Open a shell/commandline/terminal.
4) Mount the second partition of the sata hdd to somewhere.
5) Delete everything on the partition
6) Download the telnet enabled hddrootfs.img located in this zip
7) Unzip hddrootfs.img...you will be prompted for a password. it is:
IeY8omJwGlGkIbJm2FH_MV4fLsXE8ieu0gNYwE6Ty
8) Untar the resulting file to the second partition:
tar xzvf <file> <path_where_you_mounted_the_second_partition>
9*) mount /dev/sda1 (assuming the sata drive is the first special drive connected on the pc) somewhere
- extract conf_saved.tgz, remove password in etc/shadow to look like:
root::11009:0:99999:7:::
10*) re-tar the contents of conf_saved.tgz, replace conf_saved.tgz to /dev/sda1, umount
(*)These steps still need to be tested further!!!
- Steps originally drafted by mindbender.
Heinz' Script Method
Heinz made a script to automatically convert a downloaded stock firmware into a telnet enabled firmware with root access. The script is made for the German firmware. The script is available here. Heinz also made a pre-made firmware package with his script. It can be downloaded here.
- Testing Needed
The script mainly does the following things:
- retrieving the actual firmware update from the buffalo site.
- unzip the archive to a tmp directory
- modify linkstation_version, because the updater only updates "newer" firmwares. It seems this can be overwritten in the debug mode (see georg's changes)
- for modifing the installed image. it is unzipped (using the current password)
- then to start the (already installed) telnetd, some comments in the rcS script are removed.
- because the password of the root login is not known, it needs to be removed. Modifing /etc/shadow had not worked, so currently we change the web interface, which runs with root permissions, to do it for us.
- reverse the whole zip/tar process to create a useable firmware update again.
Instructions
Georg's Script Method
Georg modified Heinz' automatic script. For those with access, the script it is available in LS_Pro Temporary Upload Folder for Telnet Enabled Firmwares The script untars the firmware, sets the current dates in linkstation_version.txt (allows exchange of kernel etc.) and adds the debug flag for LSUpdater.exe. Further telnetd is started during boot and the web interface scripts are altered in order to clear the root password when "creating" user 'clearroot'. Thanks to MartinP, the latest version uses the correct path to passwd (/usr/sbin). It also offers command line parameters to exchange kernel, uboot and untar an additional tar file into the root file system (see option -h).
- Testing Needed
Instructions
Run the script as user root, if the zipped firmware file is not present, the script tries to get it from buffalos server. If you don't want the script to delete the temporary directory (e.g. to directly run LSUpdater.exe or for further modifications) add option -d.