boltblog

Resetting an Aeon Labs Z-Stick S2

Posted on August 10, 2014

From the manual: This must be done through the host software which takes control of the Z-Stick USB adapter while the Z-Stick is in SerialAPI-Mode.

The Danfoss ZWave PC Controller, previously available here, you can use the "Reset Controller" button to do so. Works fine in VMware Player too, so you don't need to install a bunch of stuff on your main machine.

zwave_reset

Here are a couple of files to help you out :)
Aeon Z-Stick S2 Manual
Windows Driver
Latest Firmware (as of 2014-08-10)
Danfoss ZWave PC Controller v1.0.5

Reverse SSHFS mounts (fs push)

Posted on July 14, 2014

sshfs is a neat way of mounting a file system from one machine to another over an encrypted ssh channel. However, for machine CLIENT to access a file system that resides on machine HOST, CLIENT must generally be able to log in to HOST. In addition, CLIENT must be able to connect to HOST in the first place, though a tunnel from HOST to CLIENT can easily mediate this if a connection can only be initiated in that direction.

However, the login itself may still be an issue. You might not want to type your password for HOST on CLIENT, or set up a keyless login using public/private keys. You might not entirely trust CLIENT, from which you want to access the file system.

dpipe to the rescue.

Using dpipe, available in the "vde2" package on Debian (and, likely, derivatives), you can initiate the connection the other way and use sshfs in "slave mode", in which it communicates over standard input and output instead of an SSH connection directly.

Consider this is what you'd normally do:
sshfs YOU@HOST:/mnt/remote/path /mnt/local/path
.. from CLIENT

Instead, you can do:
dpipe /usr/lib/openssh/sftp-server = ssh CLIENT sshfs :/mnt/remote/path /mnt/local/path -o slave
.. from HOST!

Add any options you want as usual, and you've got a reverse SSHFS mount.

One cautionary note: While this setup allows you to initiate the connection from HOST, keeping your login details for HOST private, it will likely still allow for clever people to access the entire file structure of HOST as the client initiating the connection, the same as could happen if you initiate the connection from CLIENT. Thus, some trust in CLIENT is still required, though perhaps considerably less trust than you'd need to do the connection as usual.

Have fun!

regedit access denied

Posted on July 8, 2014

The registry on newer Windows systems has access control lists. This means that even if you run regedit.exe as an Administrator, you can still get "Access Denied" trying to erase or alter some keys (CurrentControlSet/Enum/USB comes to mind).

The solution to this is to run the registry editor as the "System" account, which can be done using psExec.

In short, the command you want is "psexec -i -d -s c:\windows\regedit.exe", and psexec is available as part of PSTools here:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Copy here, just in case: PSTools

Removing a WIFI-network in Windows 8

Posted on April 1, 2014

After having to look this up a third time, I found . I made a copy here.
In short, Microsoft fucked up and you're left with the command line to do this, unless the wireless network is in range.

The following commands list all the WIFI networks you have stored, and removes the one called "Old Network":

netsh wlan show profiles
netsh wlan delete profile name="Old Network"

 

See Vonnie's blog for more details.

Shrinking a vmdk with VMware Player

Posted on March 2, 2014

It seems VMware has removed the GUI for the disk shrink feature in VMware Tools, but the good news is it's still available from the console.
The following command will shrink the disk image for drive C:
C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe disk shrink c:\

Logging out of a samba file server

Posted on December 3, 2013

When changing your password on a samba (Linux) server, the tokens a Windows machine holds get invalidated, yet Windows does not automatically prompt for new credentials. Instead, it consistently says "access denied" when trying to access a previously available share, say, \\myfineserver\share

If you previously mapped this drive, disconnecting is trivial in explorer, but if you browsed the network to access this drive, it's not that straight forward.

There is a solution, however, which is roughly equivalent to nuking the site from orbit. Running the following commands will clear all current network credentials:

net use * /del /yes
net use /persistent:no

Disable screensaver in default desktop Raspbian installation

Posted on September 26, 2013

The simplest way I've found so far:
Edit /etc/xdg/lxsession/LXDE/autostart to append:
@xset -s off
@xset -dpkm
@xset s noblank

Filed under: Linux, Reference No Comments

Creating persistent SSH tunnels in Windows using autossh

Posted on July 3, 2013
  1. Download Cygwin (http://www.cygwin.com/)
  2. Install Cygwin, selecting the autossh package.
  3. Start the Cygwin shell (Start -> Programs -> Cygwin).
  4. Generate a public/private key pair.
    1. At the command line, run: ssh-keygen
    2. Accept the default file locations
    3. Use an empty passphrase
  5. Copy your newly-created public key to the SSH server.
    1. scp .ssh/id_rsa.pub user@ssh.host.name:id_rsa.pub
  6. Add your public key to your list of authorized keys on the server.
    1. Login to your SSH server.
    2. mkdir .ssh
    3. cat id_rsa.pub >> .ssh/authorized_keys
  7. Test your key.
    1. Logout of your SSH sever.
    2. Login to your SSH server again. This time, your key will be used for authentication and you won't be challenged for your login credentials. If you are not logged in automatically, review the previous steps. Or contact your server administrator.
    3. Logout of your SSH server.
    4. Exit of the Cygwin shell.
  8. Install autossh as a Windows service.
    1. Now back in Windows, open a new command Window (Start -> Run -> cmd).
    2. cd C:\cygwin\bin
    3. cygrunsrv -I AutoSSH -p /usr/bin/autossh -a "-M 20000 -L localaddress:port:serveraddress:port user@ssh.host.name" -e AUTOSSH_NTSERVICE=yes
  9. Tweak Windows service settings.
    1. Open the Services management console (Administrative Tools -> Services).
    2. Edit the properties of the AutoSSH service.
    3. In the "Log On" tab, select the "This account" radio button and set the service to run as your current user.
    4. Start the service.
  10. Test your tunnels.
  11. Consider making a scheduled task to start the service every hour or so, in case autossh goes boom.
Filed under: Howto's, Windows 1 Comment

Running PulseAudio in system mode with TCP listening on Debian Wheezy

Posted on April 21, 2013

On this thin client I've set up, I wanted pulseaudio to run before logging in, and not have any specific users on the machine. System mode was called for.

On Wheezy, pulseaudio is by default configured for per-user sessions. To remedy this, edit /etc/default/pulseaudio, putting PULSEAUDIO_SYSTEM_START=1

Then, edit /etc/pulse/system.pa - this is the file that configures the server when system mode is used, as opposed to /etc/pulse/default.pa. At the end of said file, I added two lines and some comments:

### Enable TCP and CLI
load-module module-native-protocol-tcp port=1500 auth-anonymous=1
load-module module-cli-protocol-unix

 

Please keep in mind that the above tcp line allows access from any host. This is a potential security problem. I restrict access using shorewall and iptables, but an alternative would be the auth-ip-acl option with a list of approved IP's. More here. Restart pulseaudio:

/etc/init.d/pulseaudio start
/etc/init.d/pulseaudio restart

 

The above restart includes "start", because pulseaudio's default script does not start it on "restart" unless it's not already running. Stupid.

Because pulseaudio now runs as the "pulse" user, commands like pacmd are a pain to use. However, as we made sure to load module-cli-protocol-unix above, they are actually usable, you just have to run them as the "pulse" user, and point it at the correct directory.

sudo PULSE_RUNTIME_PATH=/var/run/pulse -u pulse pacmd

 

To get access to playing sound, you now need to run anything as "pulse"... or you can simply use the TCP socket you made. Edit /etc/pulse/client.conf and set "default-server" to "localhost:1500" or similar:

default-server = localhost:1500

 

Now set up SSH port forwarding for port 1500, or whichever port you used above, with something like autossh and public key logins, and you've got remote sound playing over an encrypted tunnel. Neat.

Remember to set the default-server for client computers as well.

Filed under: Howto's, Linux No Comments

Mysterious IGMP Query Request packets from 0.0.0.0 to 224.0.0.1

Posted on April 15, 2013

On my Debian KVM hosts, and on the firewalls that guard them, I noticed that every two minutes, plus a couple seconds or so each time, I'd see blocked IGMP packages from 0.0.0.0 to 224.0.0.1. Googling around, I found this post, explaining that it's the multicast_snooping option for bridge-utils that's causing it. Being KVM hosts, they are indeed configured with bridges.

I added the following line to my Bash startup scripts in /etc/rc.local, and the issue is now gone:

( shopt -s nullglob; for ms in /sys/devices/virtual/net/br*/bridge/multicast_snooping; do echo -n 0 >"$ms"; done )

 

In short, it runs a subshell, sets the nullglob option to prevent running on a file with an asterisk in the name if no bridges were found, then puts a 0 into all found multicast_snooping configuration files. Problem solved!

Note: If you use virtual interfaces, those are in /sys/devices/virtual/net/virbr and require the same treatment.