boltblog

Removing a WIFI-network in Windows 8

Posted on April 1, 2014

After having to look this up a third time, I found . I made a copy here.
In short, Microsoft fucked up and you're left with the command line to do this, unless the wireless network is in range.

The following commands list all the WIFI networks you have stored, and removes the one called "Old Network":

netsh wlan show profiles
netsh wlan delete profile name="Old Network"

 

See Vonnie's blog for more details.

Shrinking a vmdk with VMware Player

Posted on March 2, 2014

It seems VMware has removed the GUI for the disk shrink feature in VMware Tools, but the good news is it's still available from the console.
The following command will shrink the disk image for drive C:
C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe disk shrink c:\

Logging out of a samba file server

Posted on December 3, 2013

When changing your password on a samba (Linux) server, the tokens a Windows machine holds get invalidated, yet Windows does not automatically prompt for new credentials. Instead, it consistently says "access denied" when trying to access a previously available share, say, \\myfineserver\share

If you previously mapped this drive, disconnecting is trivial in explorer, but if you browsed the network to access this drive, it's not that straight forward.

There is a solution, however, which is roughly equivalent to nuking the site from orbit. Running the following commands will clear all current network credentials:

net use * /del /yes
net use /persistent:no

Disable screensaver in default desktop Raspbian installation

Posted on September 26, 2013

The simplest way I've found so far:
Edit /etc/xdg/lxsession/LXDE/autostart to append:
@xset -s off
@xset -dpkm
@xset s noblank

Filed under: Linux, Reference No Comments

Creating persistent SSH tunnels in Windows using autossh

Posted on July 3, 2013
  1. Download Cygwin (http://www.cygwin.com/)
  2. Install Cygwin, selecting the autossh package.
  3. Start the Cygwin shell (Start -> Programs -> Cygwin).
  4. Generate a public/private key pair.
    1. At the command line, run: ssh-keygen
    2. Accept the default file locations
    3. Use an empty passphrase
  5. Copy your newly-created public key to the SSH server.
    1. scp .ssh/id_rsa.pub user@ssh.host.name:id_rsa.pub
  6. Add your public key to your list of authorized keys on the server.
    1. Login to your SSH server.
    2. mkdir .ssh
    3. cat id_rsa.pub >> .ssh/authorized_keys
  7. Test your key.
    1. Logout of your SSH sever.
    2. Login to your SSH server again. This time, your key will be used for authentication and you won't be challenged for your login credentials. If you are not logged in automatically, review the previous steps. Or contact your server administrator.
    3. Logout of your SSH server.
    4. Exit of the Cygwin shell.
  8. Install autossh as a Windows service.
    1. Now back in Windows, open a new command Window (Start -> Run -> cmd).
    2. cd C:\cygwin\bin
    3. cygrunsrv -I AutoSSH -p /usr/bin/autossh -a "-M 20000 -L localaddress:port:serveraddress:port user@ssh.host.name" -e AUTOSSH_NTSERVICE=yes
  9. Tweak Windows service settings.
    1. Open the Services management console (Administrative Tools -> Services).
    2. Edit the properties of the AutoSSH service.
    3. In the "Log On" tab, select the "This account" radio button and set the service to run as your current user.
    4. Start the service.
  10. Test your tunnels.
  11. Consider making a scheduled task to start the service every hour or so, in case autossh goes boom.
Filed under: Howto's, Windows No Comments

Running PulseAudio in system mode with TCP listening on Debian Wheezy

Posted on April 21, 2013

On this thin client I've set up, I wanted pulseaudio to run before logging in, and not have any specific users on the machine. System mode was called for.

On Wheezy, pulseaudio is by default configured for per-user sessions. To remedy this, edit /etc/default/pulseaudio, putting PULSEAUDIO_SYSTEM_START=1

Then, edit /etc/pulse/system.pa - this is the file that configures the server when system mode is used, as opposed to /etc/pulse/default.pa. At the end of said file, I added two lines and some comments:

### Enable TCP and CLI
load-module module-native-protocol-tcp port=1500 auth-anonymous=1
load-module module-cli-protocol-unix

 

Please keep in mind that the above tcp line allows access from any host. This is a potential security problem. I restrict access using shorewall and iptables, but an alternative would be the auth-ip-acl option with a list of approved IP's. More here. Restart pulseaudio:

/etc/init.d/pulseaudio start
/etc/init.d/pulseaudio restart

 

The above restart includes "start", because pulseaudio's default script does not start it on "restart" unless it's not already running. Stupid.

Because pulseaudio now runs as the "pulse" user, commands like pacmd are a pain to use. However, as we made sure to load module-cli-protocol-unix above, they are actually usable, you just have to run them as the "pulse" user, and point it at the correct directory.

sudo PULSE_RUNTIME_PATH=/var/run/pulse -u pulse pacmd

 

To get access to playing sound, you now need to run anything as "pulse"... or you can simply use the TCP socket you made. Edit /etc/pulse/client.conf and set "default-server" to "localhost:1500" or similar:

default-server = localhost:1500

 

Now set up SSH port forwarding for port 1500, or whichever port you used above, with something like autossh and public key logins, and you've got remote sound playing over an encrypted tunnel. Neat.

Remember to set the default-server for client computers as well.

Filed under: Howto's, Linux No Comments

Mysterious IGMP Query Request packets from 0.0.0.0 to 224.0.0.1

Posted on April 15, 2013

On my Debian KVM hosts, and on the firewalls that guard them, I noticed that every two minutes, plus a couple seconds or so each time, I'd see blocked IGMP packages from 0.0.0.0 to 224.0.0.1. Googling around, I found this post, explaining that it's the multicast_snooping option for bridge-utils that's causing it. Being KVM hosts, they are indeed configured with bridges.

I added the following line to my Bash startup scripts in /etc/rc.local, and the issue is now gone:

( shopt -s nullglob; for ms in /sys/devices/virtual/net/br*/bridge/multicast_snooping; do echo -n 0 >"$ms"; done )

 

In short, it runs a subshell, sets the nullglob option to prevent running on a file with an asterisk in the name if no bridges were found, then puts a 0 into all found multicast_snooping configuration files. Problem solved!

Note: If you use virtual interfaces, those are in /sys/devices/virtual/net/virbr and require the same treatment.

How to prevent ssh -X from hanging on exit when dbus is used

Posted on March 5, 2013

Programs like virt-manager and gedit commonly use dbus. Dbus running will prevent a clean exit of ssh -X, making it hang on exit until you press ctrl+c or kill dbus manually.
To avoid having to kill dbus manually, let's kill it automatically :)

Now, normally if I want to run virt-manager (or anything else graphical) on a remote machine with X forwarding, I'd use a command like

ssh -X root@remote-server virt-manager

 

Instead, I want to use dbus' ability to output sh-compatible commands to set invironment variables and kill the PID I get from that before exiting, like so:

ssh -X root@remote-server 'eval $(dbus-launch --close-stderr --sh-syntax); virt-manager --no-fork; kill -TERM $DBUS_SESSION_BUS_PID'

 

Problem solved!  The remote shell (bash) now starts dbus manually instead of letting virt-manager do it, waits for virt-manager to exit (--no-fork), then kills dbus and exits.

Cygwin auto started sshd service as single user on Windows 8

Posted on March 1, 2013

On a single user desktop, you might want to run cygwin sshd autostarted as a specific user, without privilege separation. Here's a short reference:

  1. Disable UAC
  2. Open a Cygwin terminal
  3. ssh-host-config
  4. Select "no" on privilege separation
  5. Enter nothing, [], as the value of CYGWIN for the daemon
  6. Select "yes" to use a different username than cyg_server
  7. Enter your username, twice
  8. Enter your password, twice
  9. Edit (with your favorite editor) /etc/sshd_config
  10. Edit the UsePrivilegeSeparation line to say "UsePrivilegeSeparation no" (why the hell didn't step 4 do this?)
  11. Go to the windows firewall settings (just type "firewall" into the start menu search - look under "settings")
  12. Go to "advanced settings"
  13. Go to "Inbound rules"
  14. Add a new rule
  15. Select "Port"
  16. Select "TCP" and enter "22" as the specific local port
  17. Select "Allow the connection"
  18. Select when to apply the rule (default all cases)
  19. Give it a name, like "SSH"
  20. Reboot

If you later change your password, you will have to start "services.msc", find the Cygwin ssh service and change your credentials on it as well.

Filed under: Reference, Windows 3 Comments

Enable username and password in URL in Internet Explorer

Posted on January 25, 2013

After IE6, usernames and passwords in URL's are no longer enabled by default in Internet Explorer, the reasoning being that saving usernames and passwords in the browser history and referral headers is a very, very bad idea. Still, it's sometimes needed, especially when dealing with old IP cameras, which is when I last bumped into this issue.

If you're not sure what I'm on about, I'm referring to links like these: http://user:pass@example.com/

To re-enable this feature:

  1. Open RegEdit (Start->Run->"regedit")
  2. Navigate to [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE].
  3. Create two new REG_DWORD values, set to 0, named "iexplore.exe" and "explorer.exe"
  4. Reboot