-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathatom.xml
266 lines (198 loc) · 12.2 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title><![CDATA[MJ Blog]]></title>
<link href="http://macrojames.github.com/atom.xml" rel="self"/>
<link href="http://macrojames.github.com/"/>
<updated>2012-06-13T13:48:01+02:00</updated>
<id>http://macrojames.github.com/</id>
<author>
<name><![CDATA[Macrojames]]></name>
</author>
<generator uri="http://octopress.org/">Octopress</generator>
<entry>
<title type="html"><![CDATA[Making SSH available in environments with http(s)-proxies]]></title>
<link href="http://macrojames.github.com/blog/2012/06/13/making-ssh-available-in-environments-with-http-s-proxies/"/>
<updated>2012-06-13T13:34:00+02:00</updated>
<id>http://macrojames.github.com/blog/2012/06/13/making-ssh-available-in-environments-with-http-s-proxies</id>
<content type="html"><![CDATA[<p>If you are in networks with internet access only through proxies, you should try tunneling SSH through SSL. <a href="http://www.stunnel.org">Stunnel</a> is made for this purpose.</p>
<p>So let us install Stunnel4:</p>
<pre><code>sudo apt-get install stunnel
mkdir -p /var/run/stunnel4
sudo chown stunnel4:stunnel4 /var/run/stunnel4
vi /etc/stunnel/stunnel.conf
</code></pre>
<h2>Configuring the server</h2>
<p>Change its config to:</p>
<pre><code>; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /stunnel4.pid
client=no
cert=/etc/stunnel/stunnel.pem
debug=3
sslVersion = all
output=/var/log/stunnel4/stunnel.log
[sslssh]
accept=192.168.2.42:10443
connect=localhost:22
</code></pre>
<p>Do not forget to change the IP address in the “accept=” line</p>
<p>This allows connecting to port 10443 with SSL and redirects traffic from and to port 22 (SSH). You could also enter any other host and port as target which is reachable from the stunnel host.
I assume you are able to configure the port forwarding in your router yourself</p>
<p>Create the certificate and convert it for use with stunnel:</p>
<pre><code>openssl req -new -x509 -keyout st-key.pem -out st-csr.pem -days 1000 -nodes
sudo "echo | cat st-csr.pem - st-key.pem > /etc/stunnel/stunnel.pem"
</code></pre>
<h2>Configuring the client</h2>
<pre><code>; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /stunnel4.pid
client=yes
cert=/etc/stunnel/stunnel.pem
debug=3
sslVersion = all
output=/var/log/stunnel4/stunnel.log
[ssh]
accept = localhost:10443
connect = PROXY_IP:80
protocol = connect
protocolHost = REMOTE_IP:443
</code></pre>
<p>You have to enter the correct IP addresses again. I suggest using no-ip.com or any other DynDNS provider if REMOTE_IP ist dynamic.</p>
<h2>Starting the services</h2>
<p>If everything is configured, use</p>
<pre><code>sudo /etc/init.d/stunnel4 start
</code></pre>
<p>After successful configuration you are able to connect to the remote SSH machine with</p>
<pre><code>ssh localhost:10443
</code></pre>
<h2>Having trouble?</h2>
<p>If the connection fails it is possible, that your firewall or proxy blocks SSL-requests without User-Agent Header set.
I am using proxytunnel on the client side to circumvent this “feature”:</p>
<pre><code>sudo apt-get install proxytunnel
</code></pre>
<p>Change your ~/.ssh/config</p>
<pre><code>Host REMOTE_NAME
ProxyCommand proxytunnel -q -e -p PROXY_IP:80 -d REMOTE_IP:10443 -H "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:10.0.1) Gecko/20100101 Firefox/10.0.1\n"
ProtocolKeepAlives 30
User pi
</code></pre>
<p>To connect the remote system:</p>
<pre><code>ssh REMOTE_NAME
</code></pre>
<p>Simple? :)</p>
]]></content>
</entry>
<entry>
<title type="html"><![CDATA[Further configuration]]></title>
<link href="http://macrojames.github.com/blog/2012/06/12/further-configuration/"/>
<updated>2012-06-12T08:53:00+02:00</updated>
<id>http://macrojames.github.com/blog/2012/06/12/further-configuration</id>
<content type="html"><![CDATA[<p>The next day was only for configuration and bugfixes. I installed <a href="https://github.com/Hexxeh/rpi-update">rpi-update</a> to update my firmware and address issues with the network interface. It stopped
responding at medium to heavy load at random times. According to posts in the Pi forums there seems to be an issue with the NIC if there are USB devices plugged in external hubs. But I didn’t have
any of those hubs attached so it had to be a similar problem.
Luckily, I am a flash-oholic and push new firmware to my mobile devices (HTC Desire HD and Asus Transformer TF101) as soon as possible. So it was no problem for me to update the kernel and start.elf files with the script
from Hexxehs repository. It worked at the first try with a little error, which could be ignored:</p>
<pre><code>"/opt/vc/sbin/vcfiled: error while loading shared libraries: libvchiq_arm.so: cannot open shared object file: No such file or directory"
</code></pre>
<p>After the reboot my network stayed online until now. But when I am downloading some data from the internet I still have a huge amount of errors in my kernel messages.</p>
<pre><code>smsc95xx 1-1.1:1.0: eth0: kevent 2 may have been dropped
</code></pre>
<p>I have really no idea how to fix it, so i will wait for future updates.</p>
<p>Another problem with the Pi is its limited amount of RAM. It has 256 MB on board, but the default configuration uses 64 MB for the GPU, that gives applications and the system only 192 MB of RAM.
I thought my networking problems could be caused by a lack of memory but they did not.
To get more free space, I tried to use a bigger SD card. My Sandisk Extreme Video HD 4GB did not work. The system didn’t boot and threw no errors on the screen. So I ordered a new <a href="http://www.amazon.de/gp/product/B003VNKNEQ/ref=oh_details_o00_s00_i00">Transcend Extreme-Speed SDHC 16GB Class 10</a>
which was confirmed as working in the <a href="http://elinux.org/RPi_VerifiedPeripherals#Working_SD_Cards">wiki</a>. I transferred my old SD card contents to the new one with <em>dd</em>.</p>
<p>The first boot with the new card was very fast. But there was more work to do. As it still was sized like the original image, the root partition was only 1.6 GB and wasted 14 GB of space.
I had trouble resizing the partitions with the many <a href="https://www.google.de/search?q=resize+raspberry+pi+partition">tutorials</a>. At last I used my own way to change the root partitions size.
I cannot repeat every single step I took, but I have some tips for you:
Partition as you like BUT:</p>
<ul>
<li>DO NOT remove the first partition</li>
<li>DO NOT change the start of the second partition</li>
<li>you CAN remove the swap partition as it is disabled</li>
<li>DO NOT forget to run <em>sudo resize2fs /dev/mmcblk0p1</em> after the reboot</li>
</ul>
<p>Follow the tips unless you know what you do.</p>
<p>After some filesystem checks I was able to use all of the space.
I made a swap file and turn it on manually. I know this will damage my SD card over the time, but for now I am ok with it. I wnat to used two python applications which will used a more-than-usual amount of RAM.</p>
<pre><code>sudo dd if=/dev/zero of=/var/swapfile count=128 bs=1M
sudo mkswap /var/swapfile
sudo swapon /var/swapfile
</code></pre>
<p>Perhaps this is bad style or there are easier ways but it worked.
Typical output from <em>top</em> after 2 days uptime:</p>
<pre><code>Mem: 190536k total, 179516k used, 11020k free, 17764k buffers
Swap: 131068k total, 10052k used, 121016k free, 57304k cached
</code></pre>
]]></content>
</entry>
<entry>
<title type="html"><![CDATA[Starting up]]></title>
<link href="http://macrojames.github.com/blog/2012/06/11/starting-up/"/>
<updated>2012-06-11T09:48:00+02:00</updated>
<id>http://macrojames.github.com/blog/2012/06/11/starting-up</id>
<content type="html"><![CDATA[<p>After taking a <a href="http://yfrog.com/mgu3yphj">Photo</a> from my RPi, I took my first steps. I downloaded the <a href="http://www.raspberrypi.org/downloads">Debian Squeeze Image</a> and deployed it to my tiny 2GB card.</p>
<pre><code>sudo dd if=/tmp/debian6-19-04-2012.img of=/dev/mmcblk0 bs=1M
</code></pre>
<p>Quite easy!
So I inserted the card into the RPi, connected the Pi via Ethernet to my notebook, took my old Nokia Micro-USB Charger supplying 1200 mA and powered it the first time. But that would have been to simple. I could neither connect
via the hostname “raspberrypi” nor via any IP address. I did not put the Pi into my existing Network and did not like to configure any additional DHCP services. Only solution was (I thought!) to plug an USB keyboard and try to
configure the network interface blindly. I could not attach any monitors because my TV in another room is the only device with HDMI inputs :(</p>
<p>With the network correctly configured, my ping requests were finally answered by the Pi.
But I still couldn’t connect via SSH. The almighty google search revealed that SSH is disabled on Raspberry Pi Debian images. Still typing blindly I tried</p>
<pre><code>sudo service ssh start
</code></pre>
<p>and it worked!</p>
<p>The next step was to configure the network in /etc/network/interfaces to a fixed IP:</p>
<pre><code>auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.2.42
netmask 255.255.255.0
gateway 192.168.2.1
</code></pre>
<p>and to enable SSH at boot:</p>
<pre><code>mv /boot/boot_enable_ssh.rc /boot/boot.rc
</code></pre>
<p>Tried to reboot and after a minute I could login via SSH. You should definitely change the default password to something more secure with</p>
<pre><code>passwd
</code></pre>
<p>With SSH working I felt quite happy and plugged it in my switch in the other room. I also wanted to have the console on my TV and used an HDMI cable. After the bootup I issued</p>
<pre><code>startx
</code></pre>
<p>to look at the <a href="http://lxde.org">LXDE</a> interface. It was started in a few seconds, but I did not use it a lot. The browser worked, but was slow as hell. And with no mouse attached it was no fun. I wasted some hours with configuring and testing
<strong>x11vnc</strong> and <strong>vlc</strong>. I mounted a network share with a test movie in it and tried to play it. It made me sad. Very sad. Neither the 480p xvid nor any 720p mkv played smoothly. The opposite happened. It was like a slideshow with one frame per second.
I was unwilling to search for another lightweight video player and it was not my primary use case to make my Raspberry Pi a media station.
This was the point I decided to remove all graphical components after the updates. At a later time I will try it again with <a href="http://www.raspbmc.com/">Raspbmc</a> when it reaches a stable state.</p>
<pre><code>df -h
</code></pre>
<p>I had only 30 MB of space after the necessary updates:</p>
<pre><code>sudo apt-get update
sudo apt-get upgrade
</code></pre>
<p>There were 42 updates to install but my RPi died on downloading the packages without any errors. It just froze completely.
After the reboot downloading and installing the packages was successful.</p>
<pre><code>sudo apt-get remove lxde
</code></pre>
<p>The removal took some minutes because of the dependencies also being removed. Afterwards I had almost 200 Megs of free space.
This was day 1 of playing with the Raspberry Pi.</p>
]]></content>
</entry>
<entry>
<title type="html"><![CDATA[Ordering the Pi]]></title>
<link href="http://macrojames.github.com/blog/2012/06/06/ordering-the-pi/"/>
<updated>2012-06-06T15:53:00+02:00</updated>
<id>http://macrojames.github.com/blog/2012/06/06/ordering-the-pi</id>
<content type="html"><![CDATA[<p>On February 29th 2012 early in the German morning, the Raspberry Pi killed both websites taking orders.
I was able to register at rs-online.com and express my demand in the Pi. In the mid of May I got an invitation to the exclusive Raspberry Pi shop at RS. Delivery was announced to start on June 7th or later.
But: Surprise! On May 31st my Pi was on its way from Birmingham and 25 hours later I had it in my hands. I was happy but it started to get painful.
More later…</p>
]]></content>
</entry>
</feed>