Open Stock Firmware
I just bought another LS(Live) & wanted to have it open (SSH), as close to a stock firmware box as I could for testing. There are a few fixes that should be added too.
I'll be referencing a few links to a few wiki/web articles as long as some user posts. Hopefully this will cover most of what is needed. As always I'm human & can make some mistakes. If you see anything that seems a bit odd, change it.
WARNING.. Do this at your own risk.
Have a plan
- Research is always the best way to go.
- Get all the doumentation you need available.
- Understand what your going to do. No point in getting halfway through a job, only to get stuck/lost.
- Make sure you have the software/tools available to carry out the job.
- Probably the most important part... BACKUP, you don't want to lose your important data/system files.
- If unsure read again, check the wiki, search the forum.... then post.
Getting Console (Telnet) Access with acp_commander
- Read the http://downloads.linkstationwiki.net/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/README.TXT Make sure you understand what the acp_commander is for & how you can use it.
- Download http://downloads.linkstationwiki.net/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/acp_commander.jar to somewhere you will remember.
- Get console access, dos, terminal, shell it doesn't really matter as long as you can execute the java command.
- cd to the directory where you saved acp_commander.jar
- Disable your firewall temporarily. (If applicable)
Enter the following (Replacing <IP ADDRESS> with the IP Address of your Linkstation)
java -jar acp_commander.jar -t <IP ADDRESS> -o
You should see something along the lines of:
Using random connID VALUE = FB6A7FCF57E6 Using target: 192.168.1.11/192.168.1.11 (your IP address) ** NO message ** ** NO message ** Password changed.
This may not happen straight away. However I have only ever had to do it a maximum of twice.
Your Linkstation should now have the telnet daemon enabled. User "root" will have a null (Blank) root password, until you change it. The telnet daemon will be available until you reboot your Linkstation.
- Enable your firewall. (If applicable)
Now you can login to your Linkstation with telnet.
Connect with Telnet
Enter the following (Replacing <IP ADDRESS> with the IP Address of your Linkstation)
telnet <IP ADDRESS>
and login with "root" No password should be asked.
- First thing you want to do is set the root password & secure your Linkstation from unwanted users.
Enter the following.
You will be promted with the following.
Changing password for root Enter the new password (minimum of 5, maximum of 20 characters) Please use a combination of upper and lower case letters and numbers. Enter new password:
Enter your new password, press enter. You will be then promted with:
Re-enter new password:
Re-enter your new password. Press enter. If your passwords match (C'mon it aint hard), you will get the following notifiction:
Create a startup script & config for sshd.
- If you want to leave telnet as the preferred way of connecting then you don't have to do this. Skip to section: Adding Telnet/SSHD to your start up script (rcS)
- The stock firmware does have the sshd binaries included. The following section will allow you to create a startup script for this.
- Read the Vi text editor tutorial, http://linkstationwiki.net/index.php/Vi_text_editor_tutorial
- We will use vi to create & edit the '/etc/init.d/sshd.sh' startup script. (This script does not exist in stock, no backup needed)
Type in the following:
You will then be taken into the text editor. Press i, to get into Insert mode. Enter the following code:
Pre 1.11-1a Frimware:
#! /bin/sh # Start/stop the SSH daemon. # # test -f /usr/local/sbin/sshd || exit 0 case "$1" in start) echo -n "Start services: sshd" /usr/local/sbin/sshd -f /etc/sshd_config 2> /dev/null & ;; stop) echo -n "Stop services: sshd" killall sshd ;; restart) $0 stop $0 start ;; *) echo "Usage: $0 start|stop|restart" exit 1 ;; esac exit 0
#! /bin/sh # Start/stop the SSH daemon # # test -f /usr/local/sbin/sshd || exit 0 # this is used by daemonwatch ACTIVE_FILE=/var/run/active_sshd case "$1" in start) echo -n "Start services: sshd" /usr/local/sbin/sshd -f /etc/sshd_config 2> /dev/null & touch $ACTIVE_FILE ;; stop) echo -n "Stop services: sshd" killall sshd rm -f $ACTIVE_FILE ;; restart) $0 stop $0 start ;; *) echo "Usage: $0 start|stop|restart" exit 1 ;; esac exit 0
Press Esc to exit Insert mode. Then enter :wq (colon wq) to exit vi.
We need to make sure that this file is executable we will do this with chmod http://www.penguin-soft.com/penguin/man/1/chmod.html
Enter the following:
chmod 0755 /etc/init.d/sshd.sh
Now we need to create the config. I will use an example of a basic config to allow you access. You can add the relevant sections the you want. More info can be found http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config There already exists a config file for sshd, this has nothing enabled. We will make a backup copy of this before editing. Enter the following:
cp /etc/sshd_config /etc/sshd_config.bak
Use vi to edit the config file.
Make sure that the file has the following changed/uncommented:
port 22 Protocol 2,1 PermitRootLogin yes StrictModes yes Subsystem sftp /usr/local/libexec/sftp-server
Then test that your startup script & config work by entering the following.
Assuming that you have no errors all is fine. You can now login to your Linkstation with your ssh client.
Adding Telnet/SSHD to your start up script (rcS).
- Backup before editing.
The file for editing will be '/etc/init.d/rcS' this has all the init scripts defined for startup. Make a backup of this by entering the following:
cp /etc/init.d/rcS /etc/init.d/rcS.bak
Edit this with Vi
To enable telnet at startup, uncomment the line if it exists (Does exist in some firmwares).
so it looks like
- If you have taken the option to enable sshd you can add the sshd.sh to this file also.
I prefer to keep the file as close to default as possible I will add it to the same section as stock. Add sshd.sh to the line containing (This is for LS-Live, Pro has less scripts to start)
echo "** step3 **" for cmd in micon_setup.sh atalk.sh ftpd.sh httpd.sh lprng.sh smb.sh pcastd.sh epg.sh directcopy.sh clientUtil_servd.sh lsprcvd.sh daemonwatch.sh cron.sh ltbootd.sh logchkd.sh do exec_sh $cmd done
echo "** step3 **" for cmd in micon_setup.sh atalk.sh ftpd.sh httpd.sh lprng.sh smb.sh pcastd.sh epg.sh directcopy.sh clientUtil_servd.sh lsprcvd.sh daemonwatch.sh cron.sh ltbootd.sh logchkd.sh sshd.sh do exec_sh $cmd done
Optional Files & Fixes
Some might notice in their logs that there are some errors with backups, system time etc. The reason for this is the hardware clock is not updated by sytem time. The file time_set.sh is missing. http://bugtracker.linkstationwiki.net/view.php?id=113 This can be resolved by creating a symlink to set_time.sh
ln -s /usr/local/bin/set_time.sh /usr/local/bin/time_set.sh
By default in the stock firmware /dev/null is only accessible to root. http://bugtracker.linkstationwiki.net/view.php?id=86 Change the permissions for /dev/null for all user access:
chmod 0666 /dev/null
When logging in as a non root user, The error "Permission denied" will be displayed. http://bugtracker.linkstationwiki.net/view.php?id=87 Change the permissions for /etc/profile for all user access:
chmod 0644 /etc/profile
To add some extra files namely wget, su & joe. Download: http://downloads.linkstationwiki.net/Uploads/OldUploads/LS_Pro_temporary/Binaries/addons.tar and transfer it to a share. cd to wherever you transferred it to & execute:
tar -C / -xzvf addons.tar
Set the suid bit on su:
chmod 4755 /bin/su
Note: If you have a LS Live or running firmware 1.10 or above you will need to download libproc, this is not included with the above. http://downloads.linkstationwiki.net/Users/kaiten/libproc-3.2.6_arm9.tgz
tar -C / -xzvf libproc-3.2.6_arm9.tgz ldconfig -v
Daemonwatch.. Adding sshd.
For those that have taken the option to have sshd as their preferred way of connecting to their Linkstation. sshd can be added to the daemonwatch list, if it falls over for any reason it will be respawned.
cp /etc/daemonwatch.list /etc/daemonwatch.list.bak
Add the sshd pid & startup script to it.
Pre 1.11-1a Firmware
/var/run/apache/httpd.pid /etc/init.d/httpd.sh restart /var/run/smbd.pid /etc/init.d/smb.sh restart /var/run/clientUtil_server-eth0.pid /etc/init.d/clientUtil_servd.sh restart /var/run/sshd.pid /etc/init.d/sshd.sh restart
/var/run/apache/httpd.pid /var/run/active_httpd /etc/init.d/httpd.sh restart /var/run/smbd.pid /var/run/active_smb /etc/init.d/smb.sh restart /var/run/clientUtil_server-eth0.pid /var/run/active_clientUtil_server /etc/init.d/clientUtil_servd.sh restart /var/run/sshd.pid /var/run/active_sshd /etc/init.d/sshd.sh restart
To test.. spawn telnet as a backup for access.
Then stop sshd:
You should then be disconnected from your ssh session. The daemonwatch process should have detected that sshd has stopped & restarted. You should now be able to log back in.. However if not.. You have your telnet access to fall back on & investigate. In '/var/log/linkstation.log' you should see the following entry.
Jul 29 10:56:55 HS-320 daemonwatch: pid [/var/run/sshd.pid] does not exist
You may get some errors when logging in with ssh etc. 'var/log/lastlog' does not exist. Lastlog entries are never entered.
Aug 4 13:27:00 LS-250GL sshd: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory Aug 4 13:27:00 LS-250GL sshd: lastlog_openseek: /var/log/lastlog is not a file or directory!
To get rid of the lastlog errors.
touch /var/log/lastlog chmod 0744 /var/log/lastlog
Now when you login you should get the last login message when logging in.
Last login: Sat Aug 4 14:23:20 2007 from xyz.localdomain
That's all I have at the moment. More can be added, some taken away. Just some of the things I've done to make my life a little bit easier.
- 1.0 - 29 July 2007 : Initial Post
- 1.1 - 01 Aug 2007 : Fixed typo
- 1.2 - 04 Aug 2007 : Added Lastlog Errors
- 1.3 - 06 Aug 2007 : Added libproc for Live & 110 firmwares
- 1.4 - 31 Aug 2007 : Added Changes to deamonwatch for 1.11-1a firmwares (Thanks wasted life)
- 1.5 - 31 Aug 2007 : Added su permission fix (Thanks wasted life)