Category:CloudBox

From NAS-Central Lacie Wiki
Jump to: navigation, search
This article is currently a stub. You can help this Wiki by expanding it

. This template will categorize articles that include it into Category:Stubs.

CloudBox.png
CloudBox
CPU 1GHz Kirkwood
RAM 256 MB
Flash ROM
Other
NIC Gigabit
USB None
internal HDD 1, 2 or 3 TB
Fan None

Introduction

The CloudBox (aka FamilyBox) looks very similar on the outside to the Internet Space.

Product information

Product model

  • Product Name: CloudBox
  • Product Id: familibox
  • Hardware Id: familybox
  • Hardware Revision: 1.0

Hardware Information

cat /proc/cpuinfo

Processor       : Feroceon 88FR131 rev 1 (v5l)
BogoMIPS        : 999.42
Features        : swp half thumb fastmult edsp
CPU implementer : 0x56
CPU architecture: 5TE
CPU variant     : 0x2
CPU part        : 0x131
CPU revision    : 1

Hardware        : familybox
Revision        : 0000
Serial          : 0000000000000000

cat /proc/meminfo

MemTotal:         254348 kB
MemFree:            6388 kB
Buffers:            1392 kB
Cached:           169184 kB
SwapCached:        11232 kB
Active:           105404 kB
Inactive:         118964 kB
Active(anon):      20360 kB
Inactive(anon):    33932 kB
Active(file):      85044 kB
Inactive(file):    85032 kB
Unevictable:           0 kB
Mlocked:               0 kB
SwapTotal:        262124 kB
SwapFree:         223508 kB
Dirty:             43520 kB
Writeback:             0 kB
AnonPages:         47284 kB
Mapped:             6396 kB
Slab:              18136 kB
SReclaimable:       9252 kB
SUnreclaim:         8884 kB
PageTables:         1448 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:      389296 kB
Committed_AS:     287240 kB
VmallocTotal:     385024 kB
VmallocUsed:         992 kB
VmallocChunk:     382244 kB

cat /proc/partitions

For 4TB version

major minor  #blocks  name

  31        0        512 mtdblock0
   8        0 3907018584 sda
   8        1       1024 sda1
   8        2     196608 sda2
   8        3       1024 sda3
   8        4    1572864 sda4
   8        5    1572864 sda5
   8        6    1048576 sda6
   8        7     262144 sda7
   8        8 3902362439 sda8
   9        4    1572852 md4
   9        5    1572852 md5
   9        6    1048564 md6
   9        7     262132 md7
   9        8 3902362300 md8
 253        0 3902357504 dm-0

cat /proc/mdstat

For 4TB version

Personalities : [raid1]
md8 : active raid1 sda8[0]
      3902362300 blocks super 1.0 [1/1] [U]

md7 : active raid1 sda7[0]
      262132 blocks super 1.0 [1/1] [U]

md6 : active raid1 sda6[0]
      1048564 blocks super 1.0 [1/1] [U]

md5 : active raid1 sda5[0]
      1572852 blocks super 1.0 [1/1] [U]

md4 : active raid1 sda4[0]
      1572852 blocks super 1.0 [1/1] [U]

cat /proc/mounts

rootfs / rootfs rw 0 0
/dev/md4 / ext2 ro,relatime,errors=continue 0 0
/dev/md6 /rw ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0
/dev/md6 /var ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0
/dev/md6 /etc ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0
/dev/md6 /root ext3 rw,relatime,errors=continue,commit=5,data=writeback 0 0
none /tmp tmpfs rw,relatime 0 0
none /media tmpfs rw,relatime 0 0
none /shares tmpfs rw,relatime 0 0
none /lacie tmpfs rw,relatime 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
udev /dev tmpfs rw,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
/dev/dm-0 /media/internal_11 ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/dm-0 /lacie/tmp ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/dm-0 /lacie/var ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/dm-0 /lacie/torrent_dir ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/dm-0 /lacie/autoupdate ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/dm-0 /lacie/afp_db ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/dm-0 /shares/Family ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/dm-0 /shares/admin ext4 rw,relatime,barrier=1,data=ordered 0 0

cat /proc/filesystems

nodev   sysfs
nodev   rootfs
nodev   bdev
nodev   proc
nodev   debugfs
nodev   sockfs
nodev   pipefs
nodev   anon_inodefs
nodev   tmpfs
nodev   inotifyfs
nodev   configfs
nodev   devpts
        ext3
        ext2
        ext4
        cramfs
        squashfs
nodev   ramfs
        hfs
nodev   unionfs
nodev   nfs
nodev   nfs4
nodev   nfsd
nodev   cifs
nodev   jffs2
nodev   autofs
        xfs
nodev   rpc_pipefs
nodev   ubifs
nodev   usbfs

dmesg

[    0.000000] Linux version 2.6.31.14-svn7493 (root@sbs2_node1.lacie.com) (gcc version 4.4.1 (Sourcery G++ Lite 2010q1-202) ) #1 Tue Apr 16 10:04:36 UTC 2013
[    0.000000] CPU: Feroceon 88FR131 [56251311] revision 1 (ARMv5TE), cr=00053977
[    0.000000] CPU: VIVT data cache, VIVT instruction cache
[    0.000000] Machine: familybox
[    0.000000] Using UBoot passing parameters structure
[    0.000000] Memory policy: ECC disabled, Data cache writeback
[    0.000000] On node 0 totalpages: 65536
[    0.000000] free_area_init_node: node 0, pgdat c09972d0, node_mem_map c09c5000
[    0.000000]   Normal zone: 512 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 65024 pages, LIFO batch:15
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 65024
[    0.000000] Kernel command line: console=ttyS0,115200 boot=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx cap=gpt,lba64
[    0.000000] PID hash table entries: 1024 (order: 10, 4096 bytes)
[    0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[    0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Memory: 256MB = 256MB total
[    0.000000] Memory: 249728KB available (9316K code, 371K data, 140K init, 0K highmem)
[    0.000000] Hierarchical RCU implementation.
[    0.000000] NR_IRQS:114
[   25.769945] Console: colour dummy device 80x30
[   25.769980] Calibrating delay loop... 999.42 BogoMIPS (lpj=4997120)
[   26.029963] Mount-cache hash table entries: 512
[   26.030301] CPU: Testing write buffer coherency: ok
[   26.032302] NET: Registered protocol family 16
[   26.034633] Feroceon L2: Enabling L2
[   26.034672] Feroceon L2: Cache support initialised.
[   26.035205] 
[   26.035211] CPU Interface
[   26.035216] -------------
[   26.035223] SDRAM_CS0 ....base 00000000, size 256MB 
[   26.035237] SDRAM_CS1 ....disable
[   26.035246] SDRAM_CS2 ....disable
[   26.035254] SDRAM_CS3 ....disable
[   26.035263] PEX0_MEM ....base e8000000, size 128MB 
[   26.035278] PEX0_IO ....base f2000000, size   1MB 
[   26.035292] INTER_REGS ....base f1000000, size   1MB 
[   26.035306] NFLASH_CS ....base fa000000, size   2MB 
[   26.035321] SPI_CS ....base f4000000, size  16MB 
[   26.035339] BOOT_ROM_CS ....no such
[   26.035360] DEV_BOOTCS ....no such
[   26.035383] CRYPT_ENG ....base f0000000, size   2MB 
[   26.035405] 
[   26.035408]   Marvell Development Board (LSP Version KW_LSP_5.0.3)-- familybox  Soc: 88F6192 A1 LE
[   26.035425] 
[   26.035431]  Detected Tclk 166666667 and SysClk 400000000 
[   26.037457] Kirkwood PCIe port 0: 
[   26.037465] link down, ignoring
[   26.046054] bio: create slab <bio-0> at 0
[   26.046449] SCSI Scattered Spinup: Disabled
[   26.047031] SCSI subsystem initialized
[   26.047112] libata version 3.00 loaded.
[   26.049434] NET: Registered protocol family 2
[   26.049544] IP route cache hash table entries: 2048 (order: 1, 8192 bytes)
[   26.049787] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[   26.049843] Switched to NOHz mode on CPU #0
[   26.050087] TCP bind hash table entries: 8192 (order: 3, 32768 bytes)
[   26.050215] TCP: Hash tables configured (established 8192 bind 8192)
[   26.050226] TCP reno registered
[   26.050528] NET: Registered protocol family 1
[   30.563759] cpufreq: Init kirkwood cpufreq driver
[   30.563786] cpufreq: High frequency: 1000000KHz - Low frequency: 0KHz
[   30.563850] cpufreq: Setting CPU Frequency to 1000000 KHz
[   30.563863] cpufreq: Setting PowerSaveState to off
[   30.569901] cpufreq: Setting CPU Frequency to 1000000 KHz
[   30.569912] cpufreq: Setting PowerSaveState to off
[   30.580705] gpio-hd-power gpio-hd-power: GPIO Hard Disk power device initialized
[   30.582615] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[   30.582648] Registering unionfs 2.5.10 (for 2.6.31.14)
[   30.582961] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[   30.583656] JFFS2 version 2.2. (NAND) (SUMMARY)  © 2001-2006 Red Hat, Inc.
[   30.584171] SGI XFS with ACLs, security attributes, large block/inode numbers, no debug enabled
[   30.584718] SGI XFS Quota Management subsystem
[   30.584753] msgmni has been set to 488
[   30.584876] alg: No test for cipher_null (cipher_null-generic)
[   30.584949] alg: No test for ecb(cipher_null) (ecb-cipher_null)
[   30.585021] alg: No test for digest_null (digest_null-generic)
[   30.585086] alg: No test for compress_null (compress_null-generic)
[   30.593699] alg: No test for stdrng (krng)
[   30.910292] alg: No test for hmac(digest_null) (hmac(digest_null-generic))
[   31.059110] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
[   31.059127] io scheduler noop registered
[   31.059136] io scheduler anticipatory registered (default)
[   31.059146] io scheduler deadline registered
[   31.059208] io scheduler cfq registered
[   31.074829] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
[   31.075925] serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A
[   31.075951] console [ttyS0] enabled
[   31.480814] brd: module loaded
[   31.484495] sata_mv sata_mv.0: version 1.28
[   31.488760] sata_mv sata_mv.0: slots 32 ports 1
[   31.493816] scsi0 : sata_mv
[   31.497012] ata1: SATA max UDMA/133 irq 21
[   31.501479] INIT Marvell Ethernet Driver: mv_netdev
[   31.506567] Loading Marvell Ethernet Driver:
[   31.510849]   o Cached descriptors in DRAM
[   31.514929]   o DRAM SW cache-coherency
[   31.518748]   o 2 Giga ports supported
[   31.522493]   o Single RX Queue support - ETH_DEF_RXQ=0
[   31.527691]   o Single TX Queue support - ETH_DEF_TXQ=0
[   31.532900]   o TCP segmentation offload (TSO) supported
[   31.538188]   o Large Receive offload (LRO) supported
[   31.543224]   o Receive checksum offload supported
[   31.547995]   o Transmit checksum offload supported
[   31.552859]   o Network Fast Processing (Routing) supported - (Disabled)
[   31.559528]   o Proc tool API enabled
[   31.563183]   o SKB Reuse supported - (Disabled)
[   31.567781]   o SKB Recycle supported - (Disabled)
[   31.572556]   o Rx descripors: q0=128
[   31.576213]   o Tx descripors: q0=532
[   31.579885]   o Loading network interface(s):
[   31.585389]     o  register under mv_netdev platform
[   31.591323]     o eth0, ifindex = 2, GbE port = 0
[   31.596023] 
[   31.596026] Warning: Giga 1 is Powered Off
[   31.601611] 
[   31.603107] mvFpRuleDb (cc472000): 2048 entries, 8192 bytes
[   31.608848] console [netcon0] enabled
[   31.612515] netconsole: network logging started
[   31.618445] m25p80 spi0.0: mx25l4005a (512 Kbytes)
[   31.623247] Creating 1 MTD partitions on "spi_flash":
[   31.628288] 0x000000000000-0x000000080000 : "u-boot"
[   31.634339] mice: PS/2 mouse device common for all mice
[   31.639920] input: gpio-keys as /devices/platform/gpio-keys/input/input0
[   31.647239] rtc-mv rtc-mv: rtc core: registered rtc-mv as rtc0
[   31.653093] IRQ 53/rtc-mv: IRQF_DISABLED is not guaranteed on shared IRQs
[   31.660445] cpufreq: Setting CPU Frequency to 1000000 KHz
[   31.660458] cpufreq: Setting PowerSaveState to off
[   31.670199] cpuidle: using governor ladder
[   31.674686] cpuidle: using governor menu
[   31.678790] Registered led device: familybox:red:fail
[   31.684246] Registered led device: familybox:blue:sata
[   31.689640] mv_xor_shared mv_xor_shared.0: Marvell shared XOR driver
[   31.696057] mv_xor_shared mv_xor_shared.1: Marvell shared XOR driver
[   31.739869] mv_xor mv_xor.0: Marvell XOR: ( xor cpy )
[   31.779867] mv_xor mv_xor.1: Marvell XOR: ( xor fill cpy )
[   31.819878] mv_xor mv_xor.2: Marvell XOR: ( xor cpy )
[   31.859871] mv_xor mv_xor.3: Marvell XOR: ( xor fill cpy )
[   31.865855] TCP cubic registered
[   31.869070] NET: Registered protocol family 17
[   31.873591] Bridge firewalling registered
[   31.877591] NET: Registered protocol family 5
[   31.882177] RPC: Registered udp transport module.
[   31.886864] RPC: Registered tcp transport module.
[   31.892685] rtc-mv rtc-mv: setting system clock to xxxx-xx-xx xx:xx:xx UTC (xxxxxxxxxx)
[   32.079861] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl F300)
[   32.119889] ata1.00: ATA-9: ST4000DM000-1F2168, CC54, max UDMA/133
[   32.126050] ata1.00: 7814037168 sectors, multi 0: LBA48 NCQ (depth 31/32)
[   32.189946] ata1.00: configured for UDMA/133
[   32.194467] scsi 0:0:0:0: Direct-Access     ATA      ST4000DM000-1F21 CC54 PQ: 0 ANSI: 5
[   32.203354] sd 0:0:0:0: [sda] 7814037168 512-byte logical blocks: (4.00 TB/3.63 TiB)
[   32.211085] sd 0:0:0:0: [sda] 4096-byte physical blocks
[   32.216586] sd 0:0:0:0: Attached scsi generic sg0 type 0
[   32.222266] sd 0:0:0:0: [sda] Write Protect is off
[   32.227043] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
[   32.227138] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[   32.236651]  sda: sda1 sda2 sda3 sda4 sda5 sda6 sda7 sda8
[   32.287656] sd 0:0:0:0: [sda] Attached SCSI disk
[   32.292305] Freeing init memory: 140K
[   32.296503] Freeing initramfs memory: 4312K
[   32.833389] EXT2-fs warning: checktime reached, running e2fsck is recommended
[   35.001420] eth0: link down
[   35.001439] eth0: started
[   35.184598] md: md8 stopped.
[   35.189140] md: bind<sda8>
[   35.210235] md: raid1 personality registered for level 1
[   35.210652] raid1: raid set md8 active with 1 out of 1 mirrors
[   35.210746] md8: detected capacity change from 0 to 3996018995200
[   35.219063]  md8: unknown partition table
[   35.229622] md: md8 stopped.
[   35.229646] md: unbind<sda8>
[   35.229663] md: export_rdev(sda8)
[   35.230214] md8: detected capacity change from 3996018995200 to 0
[   35.267203] md: md7 stopped.
[   35.271655] md: bind<sda7>
[   35.284593] raid1: raid set md7 active with 1 out of 1 mirrors
[   35.284689] md7: detected capacity change from 0 to 268423168
[   35.292980]  md7: unknown partition table
[   35.326827] md: md7 stopped.
[   35.326852] md: unbind<sda7>
[   35.326870] md: export_rdev(sda7)
[   35.327233] md7: detected capacity change from 268423168 to 0
[   35.364325] md: md6 stopped.
[   35.368557] md: bind<sda6>
[   35.381658] raid1: raid set md6 active with 1 out of 1 mirrors
[   35.381755] md6: detected capacity change from 0 to 1073729536
[   35.387535]  md6: unknown partition table
[   35.425365] md: md6 stopped.
[   35.425389] md: unbind<sda6>
[   35.425407] md: export_rdev(sda6)
[   35.425770] md6: detected capacity change from 1073729536 to 0
[   35.465954] md: md5 stopped.
[   35.470110] md: bind<sda5>
[   35.483326] raid1: raid set md5 active with 1 out of 1 mirrors
[   35.483422] md5: detected capacity change from 0 to 1610600448
[   35.489206]  md5: unknown partition table
[   35.540309] md: md5 stopped.
[   35.540334] md: unbind<sda5>
[   35.540351] md: export_rdev(sda5)
[   35.540710] md5: detected capacity change from 1610600448 to 0
[   35.581912] md: md4 stopped.
[   35.586042] md: bind<sda4>
[   35.599155] raid1: raid set md4 active with 1 out of 1 mirrors
[   35.599253] md4: detected capacity change from 0 to 1610600448
[   35.605168]  md4: unknown partition table
[   35.623150] eth0: link up, full duplex, speed 1 Gbps
[   35.630083] md: md4 stopped.
[   35.630107] md: unbind<sda4>
[   35.630124] md: export_rdev(sda4)
[   35.630488] md4: detected capacity change from 1610600448 to 0
[   35.980205] md: md4 stopped.
[   35.984413] md: bind<sda4>
[   35.997364] raid1: raid set md4 active with 1 out of 1 mirrors
[   35.997461] md4: detected capacity change from 0 to 1610600448
[   35.998491]  md4: unknown partition table
[   36.008781] md: md5 stopped.
[   36.013038] md: bind<sda5>
[   36.026139] raid1: raid set md5 active with 1 out of 1 mirrors
[   36.026237] md5: detected capacity change from 0 to 1610600448
[   36.027275]  md5: unknown partition table
[   36.037639] md: md6 stopped.
[   36.041497] md: bind<sda6>
[   36.054996] raid1: raid set md6 active with 1 out of 1 mirrors
[   36.055095] md6: detected capacity change from 0 to 1073729536
[   36.056209]  md6: unknown partition table
[   36.066642] md: md7 stopped.
[   36.070917] md: bind<sda7>
[   36.083951] raid1: raid set md7 active with 1 out of 1 mirrors
[   36.084050] md7: detected capacity change from 0 to 268423168
[   36.085262]  md7: unknown partition table
[   36.095859] md: md8 stopped.
[   36.100149] md: bind<sda8>
[   36.113177] raid1: raid set md8 active with 1 out of 1 mirrors
[   36.113279] md8: detected capacity change from 0 to 3996018995200
[   36.249613]  md8: unknown partition table
[   36.388666] kjournald starting.  Commit interval 5 seconds
[   36.388694] EXT3-fs warning: checktime reached, running e2fsck is recommended
[   36.440184] EXT3 FS on md6, internal journal
[   36.440201] EXT3-fs: mounted filesystem with writeback data mode.
[   37.506414] Adding 262124k swap on /dev/md7.  Priority:-1 extents:1 across:262124k 
[   37.731735] usbcore: registered new interface driver usbfs
[   37.737277] usbcore: registered new interface driver hub
[   37.740140] usbcore: registered new device driver usb
[   37.766045] Initializing USB Mass Storage driver...
[   37.768871] usbcore: registered new interface driver usb-storage
[   37.768895] USB Mass Storage support registered.

Release Notes

Version 2.6.8.4 (2014-10-17)

  • Fix Bash Shellshock and OpenSSL vulnerabilities
  • Fix some other issues.

Version 2.6.8.2 (2013-04-16)

  • Fix security issue

Version 2.6.8.1 (removed)

  • Initial version

Getting a Root Shell

The first step in getting a root shell is to temporarily access the filesystem. Once this is achieved, modify files to permanently enable remote root login over ssh.

Accessing the Filesystem

There are several ways to access the filesystem. Choose the most appropriate to your circumstances.

Extract Drive and Plug Into Computer

This method works by opening the case, removing the drive and connecting to another Linux computer. Once connected, mount the root filesystem (type ext3) on partition 6, and update the files as described below.

Using Serial Console

A serial console can be connected to the GPIO port header on the board. The box needs to be opened to gain access. Refer to [this link] for more details on connecting a computer to the serial console. Once connected, boot the CloudBox and break the boot sequence. At the "Marvell>>" prompt, enter the following commands:

setenv console "ttyS0,115200 init=/bin/sh single"
ide reset
run nexus_boot

This should boot the system into single-user mode and give you a root shell. You may need to mount disks to edit the files needed to enable remote shell login.

Using clunc

The "clunc" tool provides a way of getting network access to the uboot console. However, this can not be used to boot into single-user mode, because the network console is only present when uboot is running, and is not supported by the kernel.

Instead, the uboot "console" variable can be tweaked to exploit a vulnerability in a script that parses the kernel command-line parameters. Once in place, the system will boot into multi-user mode, but will be running a telnet daemon which will fork a root shell without requiring authentication.

1. Create a file in UNIX format (newlines rather than carriage-returns) containing the following:

 #!/bin/sh
 /usr/sbin/telnetd -l /bin/sh

2. Copy the file to the root of a share (eg \\Lacie-CloudBox\Family\). The CloudBox sets execute permission on files uploaded by SMB, so this script will run if we can get the CloudBox to attempt it.

3. Download and build clunc.

4. Run clunc like this: clunc -i $NASIP

5. Boot the device and wait for clunc to connect to uboot

6. At the Marvell>> prompt, enter the following commands. These won't survive a reboot, but are enough to allow us to get in once, which is all we need.

 setenv console "ttyS0,115200 a=a;/*/*/telnetd.sh"
 ide reset
 run nexus_boot

Once the kernel is loading, you can break out of clunc with ^C.

7. Wait about 2 minutes for the CloudBox to finish booting and try to telnet:

 telnet $NASIP

You should have a root shell.

Enabling Secure Shell

Note that there are potentially two sshd processes on the CloudBox. One listens on port 22, and provides SFTP access to shared files only. This is of no use to us because it does not allow a shell, nor does it allow access to any system files. The other instance of sshd is not running on a stock CloudBox, and needs to be enabled. This alternate instance accepts connections on port 2222.

1. Remove comment from sshd in the default.runlevel file, so initng will start it at boot time:

 cd /etc/initng/runlevel
 cp default.runlevel default.runlevel.bak
 sed -i '/^#sshd$/s/^#//' default.runlevel

2. Enable sshd in Unicorn

 cd /etc/unicorn/unicorn_conf
 cp unicorn.sharing.ssh.conf unicorn.sharing.ssh.conf.bak
 sed -i '/enabled:.*false/s/:.*/: true/' unicorn.sharing.ssh.conf

3. Check that root login is enabled

 cat /etc/ssh/sshd_config
Root login is enabled if PermitRootLogin is set to yes and AllowUsers contains root. If that's not the case, enable root access as follows:
 cd /etc/ssh
 cp sshd_config sshd_config.bak
 sed -i '/PermitRootLogin.*no/s/no/yes/; /AllowUsers/s/$/ root/' sshd_config

4. Start sshd

 ngc --start sshd

You should now be able to connect on port 2222.

Setting Up SSH Keys

The ssh daemon (that we just started) is configured (in /etc/ssh/sshd_config) so that only root can login, and this configuration setting is automatically re-written and won't survive a reboot. The root password is not known, so it's not possible to login as root with a password. Other users have their shells automatically reverted to /bin/false so that they cannot login to a shell. You could change or delete the root password, but I suspect that this also gets automatically rewritten. Instead, we use RSA keys to login as root, and avoid the password problem altogether.

The commands below will create a new key pair, and authorise it to be used for authentication as root. Alternatively, if you already have a key, you can add it into the file /root/.ssh/authorized_keys. If you're doing this bit manually, be sure to set the permissions on the .ssh directory to not be world-readable (eg chmod 700 /root/.ssh).

ssh -o batchmode=yes 0.0.0.0  # ignore the error - this simply creates .ssh with correct permissions
cd ~/.ssh
ssh-keygen  # accept defaults, but be sure to enter a good passphrase
cp id_rsa.pub authorized_keys
chmod 600 authorized_keys
cp .ssh/id_rsa* /shares/Family  # note: this is insecure unless you entered a good passphrase

A copy of the key files are placed in the \\Lacie-CloudBox\Family share, so that they can be accessed from other devices. If you're using PuTTY for ssh, you'll need to use PuttyGen to convert the private key to a format that is compatible with PuTTY/Pageant.

When connecting, remember to use port 2222 as the "root" user.

Installing Optware

Optware provides access to a huge store of packages that can be installed onto the CloudBox without interfering with the main system. The unused /opt/ directory is used as the install target for Optware binaries and configuration files. This is spliced into the system by adding it into root's $PATH (in /root/.profile) and also by adding an initng file that runs at boot time and executes Optware start-up scripts in /opt/etc/init.d/.

Installing Optware is straightforward, and presents little risk of interfering with the system. Removing Optware is a matter of deleting one file on the main system and the contents of /opt/, and adjusting root's profile.

These instructions are based on those provided at http://lacie.nas-central.org/w/index.php?title=Category:2big_Network_2&section=50#Install_ipkg, and are fairly universal.

1. Create a location for the optware root

This assumes an "admin" user and share exists. Creating the directory under the admin user's share allows you to access the files over other means (eg Samba) if you have to, and also allows it to be backed up using the vendor-supplied utilities. You may prefer to make the root at /shares/opt instead of /shares/admin/opt.

mkdir /shares/admin/opt
mkdir /opt
mount -o bind /shares/admin/opt /opt

2. Manually download and Extract the ipkg-opt package.

There's a chicken-and-egg situation we need to overcome, where we cannot install the ipkg-opt package without a package manager. We solve this by replicating the basic functions of the ipkg binary.

cd /opt
feed=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/
feednative=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable
ipkg_name=`wget -qO- $feed/Packages | awk '/^Filename: ipkg-opt/ {print $2}'`
wget $feed/$ipkg_name
tar -xOvzf $ipkg_name ./data.tar.gz | tar -C / -xzvf -
rm $ipkg_name

3. Configure Package Sources

mkdir -p /opt/etc/ipkg
echo "src cross $feed" > /opt/etc/ipkg/feeds.conf
echo "src native $feednative" >> /opt/etc/ipkg/feeds.conf

4. Prepare Root's Profile

echo -e "\nexport PATH=/opt/bin:/opt/sbin:\$PATH" >> /root/.profile
source /root/.profile

5. Update the Package Lists

ipkg update

6. Install the Optware Init Driver Script

Create the file /opt/etc/rc.optware containing the following:

#!/bin/sh

# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
#
for i in /opt/etc/init.d/S??* ;do

        # Ignore dangling symlinks (if any).
        [ ! -f "$i" ] && continue

        case "$i" in
           *.sh)
                # Source shell script for speed.
                (
                        trap - INT QUIT TSTP
                        set start
                        . $i
                )
                ;;
           *)
                # No sh extension, so fork subprocess.
                $i start
                ;;
        esac
done

Make the file executable:

 chmod 755 /opt/etc/rc.optware

7. Install the Optware InitNG File

This file is used by initng to launch the rc.optware file we just created. Copy the contents into the file into /etc/initng/optware.i:

#!/sbin/itype
# This is a i file, used by initng parsed by install_service

    service optware {
          need = unicorn/ready;
          stdall = /var/log/messages;
          script start = {
                  if test -z "${REAL_OPT_DIR}"; then
                      REAL_OPT_DIR=/shares/admin/opt/
                  fi
                  if test -n "${REAL_OPT_DIR}"; then
                      if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then
                          mkdir -p /opt
                          mount -o bind ${REAL_OPT_DIR} /opt
                      fi
                  fi
                  [ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware
          };
          script stop = {
                  umount /opt
          };
  }

8. Add optware to the end of default.runlevel

echo "optware" >> /etc/initng/runlevel/default.runlevel

9. Tell initng to start Optware

ngc --start optware

After a reboot, /opt should be mounted, and any packages that install scripts in /etc/init.d/ (eg openssh) should have them executed at start-up time.

This category currently contains no pages or media.