So, I’ve been accessing my NSLU2 via SSH for quite a while now (open SSH server) using putty, and I’ve made my SSH server available via the internet by mapping the SSH port (22) in my ADSL router through to the SSH port on the NSLU2.

This opens up all kinds of possibilities.  I can access my NSLU2 from anywhere in the world via the internet, and also, I can use SSH tunnels to access my Windows PC via remote desktop if its turned on.

To install OpenSSH, I used the guide found here: http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess

I also followed the guide to set up the SSH server for public key access – anyone who wants to log into my NSLU via the internet will need the private key file that matches the public key provided during SSH logon.  The one change I did make – I didn’t allow root to access via SSH, I setup another user on the box and gave that user SSH access.  Once I’m logged in as that user, I either ‘su’ to root, or use ‘sudo’ (available via ipkg) to run anything that requires root access.

I can’t stress how important this is if you are going to put your NSLU2 on the internet.  Within a few hours of my NSLU2 being on the internet there had already been a number of brute force hack attempts to gain entry to the server via SSH.  Since they didn’t have a key, they couldn’t get in, but it doesn’t stop most of them from trying as its likely to be a script they are running to connect via SSH with password/users from a dictionary file.

You can spot the hack attempts easily in the /var/log/messages file.  They look something like:

 

Apr 10 16:07:41 NASSERVER auth.info sshd[3012]: Invalid user newsroom from 216.167.162.253 

Apr 10 16:07:46 NASSERVER auth.info sshd[3016]: Invalid user magazine from 216.167.162.253 

Apr 10 16:07:51 NASSERVER auth.info sshd[3020]: Invalid user research from 216.167.162.253 

Apr 10 16:07:55 NASSERVER auth.info sshd[3024]: Invalid user cjohnson from 216.167.162.253 

Apr 10 16:08:00 NASSERVER auth.info sshd[3028]: Invalid user export from 216.167.162.253

 

Of course, they can be trying for quite a while so inorder to deal with these sort of hack attempts, I’d recommend installation of the denyhosts package through ipkg.  Deny Hosts monitors the /var/log/messages file, and after a configurable number of failed attempts to login, it will take the IP address and add it to the hosts.deny file, preventing the user from further accessing the system.

The hosts.deny file on the latest unslung can be found in /opt/etc/hosts.deny

 

So far the IP addresses that have been blocked (to name and shame) are as follows:

IP Address	Host Name
212.55.199.242	svrnat.stepx.ch
190.144.35.210	190.144.35.210
80.203.202.130	130.80-203-202.nextgentel.com
193.151.12.36	jabber.alba.ua
59.120.182.211	fsd.com.tw
209.104.200.6	200-104-209.galaxyvisions.com
66.48.73.107	66.48.73.107
219.239.105.51	219.239.105.51
208.71.208.190	208.71.208.190
89.41.197.113	pc197113.static.is.airbites.ro
69.60.115.14	cantsitstill.com.115.60.69.in-addr.arpa
88.176.20.140	vil93-12-88-176-20-140.fbx.proxad.net
219.93.25.93	219.93.25.93
216.133.192.20	npu20.npu.edu
203.94.8.149	203.94.8.149
220.68.74.168	220.68.74.168
203.199.212.36	illchn-static-203.199.212.36.vsnl.net.in
202.143.136.2	202.143.136.2
121.180.100.15	121.180.100.15
59.144.174.187	dsl-del-static-187.174.144.59.airtelbroadband.in
61.34.78.200	61.34.78.200
213.251.184.171	ks35220.kimsufi.com
85.14.168.78	85.14.168.78
202.134.91.60	static-ip-60-91-134-202.rev.dyxnet.com
195.38.107.55	aquila.euroexpert.tvnet.hu
83.14.125.114	eav114.internetdsl.tpnet.pl
87.106.210.109	s15285217.onlinehome-server.info
210.212.176.20	210.212.176.20
76.76.15.121	unknown.carohosting.net
216.167.162.253	nts-253.162-167-216.nts-online.net

 

If you do manage to lock yourself out of the NSLU via SSH for whatever reason, you’ll need to login to the web interface, enable telnet access, and then remove your IP address from the hosts.deny file.

 

I connect to my NSLU2 using putty, and set up quite a few tunnelled ports to access the HTTP servers/etc that aren’t exposed to the internet, e.g.

 

Port	Application
9000	Twonkyvision
631	CUPS (Printer server)
80	NSLU2 Admin Interface
2370	CTorrent Web Interface

 

To name a few.  To access my Windows PC via an SSH tunnel, I setup a tunnel on port 3389 to my Windows PC’s ip address on the same port.  This then means that once I’m logged into the NSLU2, I can remote desktop to my PC.

So, after getting some time back on my PC again, I’ve now managed to set up my NSLU2 with a USB 2.0 Hub.  I first tried it with my belkin 7 port hub thats connected to my windows box to check it worked, and it did, so I went out and purchased a small 4 port hub to leave plugged into my NSLU2.

 The one I went for in the end was an Advent one from PC World for £9.99:

When it scanned in the till, it came up as £24.99 much to my shock, though they sold it to me at the shelf price of £9.99.

It does have some stupid colour changing light on the top of the hub (the white bit) though it is actually quite useful as a reminder that my Linksys NSLU2 is actually turned on, as I can’t see the slug itself as its hidden behind my monitor and I can’t miss the light on the hub!

It doesn’t come with a power supply (which I wasn’t too bothered about, as my printer is normally turned off anyway!) though it does have a power socket to allow one to be plugged in.

 This plugs into the disk2 usb port of the slug, and then in the hub I’ve got my second hard disk, and my printer currently plugged into the hub, leaving me two ports spare to ponder what to run next 🙂

I might have a try getting my webcam working, but I don’t think it’s going to be straight forward as it’s a very old logitech quickcam express. 

Next was the installation of CVS to control all my development sources.  The CVS installation was a straight forward ipkg installation, then once I’d figured how to create the repository, it was all done. 

The biggest difficulty was getting eclipse to communicate with CVS on the NSLU2, due to the fact that I’d used public/private key certificates to log onto the box through SSH.  I used puttgen to create the keys, but didn’t realise there was different formats of private key files.  Eclipse wanted the openSSH format.  Good job then that puttygen allows you to save the key in that format!

Next, I instaleld CVSWEB into the lighttp webserver.  This was a perl application, so I needed to ensure I had all the relevent perl packages installed, plus I needed to download a few other libraries from CPAN (http://www.cpan.org/)

Once I’d configured Lighttp to work with both perl and PHP (which was a bit of a challenge) then CVSWEB worked fine.  Even better, as I’d now compiled ENSCRIPT (see earlier post), CVSWeb uses ENSCRIPT to colour code the source when you view or diff it!

So next on the Slug trail was the installation of CUPS.

It’s a straight forward optware package install.  Then you set up you printer, and away you go.  This network enables the printer so it can be used from anywhere on the network.  It also spools the jobs and manages the print queue, so you can print even when the printer is turned off, and as soon as you turn it on, it starts churning away.

I’ve compiled and got a working version of GNU Enscript v1.6.4 on my NSLU2 (slug) running Unslung v6.10

“Enscript converts ASCII files to PostScript and spools generated PostScript output to the specified printer or leaves it to file. Enscript can be easily extended to handle different output media and it has many options that can be used to customize printouts.”

Should other people be interested in this, I’ve made available both the source and binary versions here:

Binary: [download#16#nohits]
Source: [download#17#nohits]

I might see about building this into an optware package for easier installation, but it may take some time.

The binary currently runs from

/opt/share/enscript/bin/enscript