Active Topics
-
Porting apps to Leste (29)
to Maemo 7 / Leste by Arno_11 - 2 days, 16 hrs ago -
Install Fonts in N900 (68)
to Maemo 5 / Fremantle by teroyk - 3 days, 20 hrs ago - more...
|
2010-03-10
, 17:20
|
|
Posts: 393 |
Thanked: 67 times |
Joined on Feb 2010
|
#22
|
Thanks for resurrecting this thread.
I hope someone brings a GUI-based application for DynDNS to Maemo N900.
I hope someone brings a GUI-based application for DynDNS to Maemo N900.
|
|
2010-03-10
, 22:13
|
|
Posts: 3 |
Thanked: 0 times |
Joined on Mar 2010
|
#23
|
well, i would be interested in doing some programming. but i don't have the time at the moment 
|
|
2010-03-11
, 18:21
|
|
Posts: 1,751 |
Thanked: 844 times |
Joined on Feb 2010
@ Sweden
|
#24
|
Wouldn't www.no-ip.com solve this. It's setup is in CLI.
|
|
2010-05-03
, 15:45
|
|
Posts: 20 |
Thanked: 0 times |
Joined on May 2006
|
#25
|
Thank you Crocodile
nice infos, used for my asterisk server =)
i just used this command instead
python ipcheck.py -i -l -r checkip.dyndns.org:8245 user pass dynhost.dyndns.org
works great
nice infos, used for my asterisk server =)
i just used this command instead
python ipcheck.py -i -l -r checkip.dyndns.org:8245 user pass dynhost.dyndns.org
works great
Originally Posted by Crocodile
http://ipcheck.sourceforge.net/
Create file /etc/network/if-up.d/dyndns:
#!/bin/bash
cd /path/where/you/keep/pythonscript
python ipcheck.py -i gprs0 username password domain.dyndns.org
chmod 755 /etc/network/if-up.d/dyndns
First time, run manually:
python ipcheck.py --makedat -i gprs0 username password domain.dyndns.org
So it created it's data file.
And now you have autoupdating dyndns on the phone.. happy SSHing
|
|
2010-05-03
, 16:30
|
|
Posts: 169 |
Thanked: 56 times |
Joined on Jan 2010
@ Italia
|
#26
|
A method to overcome both the IP and the NAT problems could be to set up a reverse tunneling towards an always-on machine, i.e. to exec this line on the n900 every time it connects to internet:
ssh -R 9000:localhost:22 dest_user@dest_machine
where dest_user@dest_machine is an sshd enabled account WITH the n900/.ssh/id_rsa.pub file included in authorized_keys (meaning that no password is needed for ssh-ing from n900).
Then it's easy to connect to the n900 from that machine WITHOUT KNOWING THE N900 IP:
ssh -p 9000 user@localhost
simple like that
ssh -R 9000:localhost:22 dest_user@dest_machine
where dest_user@dest_machine is an sshd enabled account WITH the n900/.ssh/id_rsa.pub file included in authorized_keys (meaning that no password is needed for ssh-ing from n900).
Then it's easy to connect to the n900 from that machine WITHOUT KNOWING THE N900 IP:
ssh -p 9000 user@localhost
simple like that
|
|
2010-05-03
, 16:53
|
|
Posts: 1,048 |
Thanked: 979 times |
Joined on Mar 2008
@ SF Bay Area
|
#27
|
Has the OP considered using the OpenVPN client on the N900 so that it gets into a vlan?
Then SSH is possible no matter which machine in the vlan you're working from.
This method is not useful if what you want is to be able to ssh into the n900 from any random *nix machine. But since you mentioned key pairs, I thought OpenVPN should satisfy and exceed your requirements.
Then SSH is possible no matter which machine in the vlan you're working from.
This method is not useful if what you want is to be able to ssh into the n900 from any random *nix machine. But since you mentioned key pairs, I thought OpenVPN should satisfy and exceed your requirements.
|
|
2010-05-04
, 06:45
|
|
Posts: 169 |
Thanked: 56 times |
Joined on Jan 2010
@ Italia
|
#28
|
Originally Posted by uvatbc
Why not? From any PC you can ssh to the dest_user@dest_machine (on port 22) and then ssh to n900. Very simple IMO.
This method is not useful if what you want is to be able to ssh into the n900 from any random *nix machine.
|
|
2010-05-06
, 19:02
|
|
Posts: 1,048 |
Thanked: 979 times |
Joined on Mar 2008
@ SF Bay Area
|
#29
|
Originally Posted by cipper
Yes, it is possible to log in to an SSH server from any machine.
Why not? From any PC you can ssh to the dest_user@dest_machine (on port 22) and then ssh to n900. Very simple IMO.
From a security point of view key pairs are typically to be used to machines that you trust. If you're doing keypairs for any random machine then you are compromising the security of your SSH server from the moment you install a key pair on an untrusted machine.
ssh password logins are only slightly better - there are keyloggers to subvert that.
Since openvpn does key pairs, I wouldn't recommend using it on untrusted machine, just in the same way that I don't recommend using ssh on an untrusted machine.
In fact the above statement is needlessly repetitive - because OpenVPN uses ssl as its underlying transport.
| The Following User Says Thank You to uvatbc For This Useful Post: | ||
|
|
2010-05-08
, 07:00
|
|
Posts: 169 |
Thanked: 56 times |
Joined on Jan 2010
@ Italia
|
#30
|
Originally Posted by uvatbc
It is understood that the reverse tunneling that I proposed requires a machine that you trust, typically your home pc, because from there you can connect to n900 without the need of a password!
Yes, it is possible to log in to an SSH server from any machine.
From a security point of view key pairs are typically to be used to machines that you trust. If you're doing keypairs for any random machine then you are compromising the security of your SSH server from the moment you install a key pair on an untrusted machine.
ssh password logins are only slightly better - there are keyloggers to subvert that.
I use dyndns on my pc so the trick works fine: every time it connects to the net it sets up the tunnel to my pc (on a dedicated account). In the case of my n900 being stolen I could connect to it and find out its latest gps position
i also dislike having passwords readable to anyone who gets their hands on the phone since "/home/user/.ipcheckrc" is unprotected. yes you can chmod it but why leave it in the user folder then? removing the line ". /home/user/.ipcheckrc" and running "chmod go-r /etc/ipcheckrc" should do the trick after adding a little script (dyndns_autoupdate.sh) -- which updates dyndns every 10 mins -- to /etc/init.d (see below).
This overcomes the issue of /etc/network/if-up.d/ipcheck not always being run when the connection is changed and additionally ensures that your dyndns entry is regularly updated.
on a sidenote.. the sudoers configuration of the n900 is VERY lacking. almost anything that is installed and requires elevated user status will be run as root with no password request. run "sudo -l" to see all the progs that can do this. but i digress.
ofc. a more elegant ipcheck solution would check something other than $IP_ADDRESS before runing ipcheck.py and thus be more efficient but this also does the trick and the script is only called every now and then (its not like you are switching your connection every few ms or anything).
/etc/network/if-up.d/ipcheck
#!/bin/ash # # $Id: ipcheck 1006 2010-02-13 02:47:53Z lth $ # # . /etc/ipcheckrc interface=`/sbin/ifconfig | grep -iE "(wlan0|gprs0)" | awk '{print $1}'` # Echo the IP Address get_ip_address() { /sbin/ifconfig $1 | grep "inet addr:" | sed 's/^.*inet addr://' | sed 's/ *.*$//' } # Let's first check that we got a proper configuration if [ -z $DYNDNS_HOSTNAME ]; then exit 0 fi # Check if the data file needs to be created (first run) if [ ! -f /opt/ipcheck/ipcheck.dat ]; then MAKEDAT=--makedat fi # Two options - gprs or wifi (any others?) ICD_CONNECTION_TYPE=$interface case $ICD_CONNECTION_TYPE in wlan0) IP_ADDRESS=`get_ip_address wlan0` break ;; gprs0) IP_ADDRESS=`get_ip_address gprs0` break ;; esac # Do a final sanity check and configure dyndns if acceptable if [ -n $IP_ADDRESS ]; then cd /opt/ipcheck ./ipcheck.py $MAKEDAT -l -r checkip.dyndns.org:8245 $DYNDNS_USER $DYNDNS_PASSWORD $DYNDNS_HOSTNAME fi exit 0but the idea is the same.
this is easily fixed by adding a script to /etc/event.d that runs the init script in /etc/init.d. naturally you could just write the script into an event.d script but again both options work and the reasoning for the hack is as above (and i am too lazy to backtrack
/etc/event.d/dyndns
Last edited by 1i1g; 2010-03-09 at 20:25.