ssh keys

ssh keys can be configured to enhance security, with password-less logins. no password is typed or transmitted.

the basic steps are:
- generate your keys at local end
- secure your private key
- gather your public key
- add public key to remote end

we will look at my two preferred tools:
(1) putty
(2) dropbear

i don't seem to prefer openssh, the seemingly defacto standard, as i consider it bloatware. too big does obscure/obfuscate vulnerabilities. look at my preferred alternatives - so tiny, so beautiful :-)


putty-tools are rather quirky to get right the first time. but once you have them setup right, and understand what you are doing, you'll love 'em. i like them also because they are much smaller and efficient than openssh-client, the supposedly defacto standard. putty, though, is very much the defacto choice on windows.

generate your rsa key file on the ssh client
$ puttygen -t rsa -b 4096 -o puttygen_rsa

do not modify puttygen_rsa. copy the Public-Lines from the key file to another file, say puttygen_rsa.pub.

ensure all puttygen_rsa.pub is one word on one line, i.e. join all lines together, with no spaces in between.

now insert "ssh-rsa" and a space in front. you may optionally add your id at the end, ie a space and "ssh-user@ssh-client". there should be a space in between each of these three items. and this file still contains everything on one line only - your public key.

send your puttygen_rsa.pub to ssh servers
$ pscp -v ~/.ssh/puttygen_rsa.pub ssh-user@ssh-server:/home/ssh-user/.ssh/

at the ssh-server
$ cd .ssh
$ cat puttygen_rsa.pub >> authorized_keys


ssh config is now complete, and we can test it from the client.
$ plink -v -i .ssh/puttygen_rsa ssh-user@ssh-server
$ plink -v -X -i .ssh/puttygen_rsa ssh-user@ssh-server
$ pscp -v -i .ssh/puttygen_rsa source-files ssh-user@ssh-server:/destination-directory



dbclient is much simpler, generate your rsa key file on the ssh client
$ cd ~/.ssh
$ dropbearkey -t rsa -s 4096 -f dropbearkey_rsa


copy/paste the generated Public key portion to dropbearkey_rsa.pub and send it to the remote end.
$ scp -S dbclient dropbearkey_rsa.pub ssh-user@ssh-server:/home/ssh-user/.ssh/

at the remote end, add your public key to ~/.ssh/authorized_keys.
$ cd ~/.ssh
$ cat dropbearkey_rsa.pub >> authorized_keys


now you can ssh from your client
$ dbclient -i ~/.ssh/dropbearkey_rsa ssh-user@ssh-server
$ scp -S dbclient -i ~/.ssh/dropbearkey_rsa source-file ssh-user@ssh-server:/directory

ssh clients

my last post was about my preferred ssh-server. and this post is about my preferred ssh-clients.

ssh-client configuration has to be done at both endpoints - (i) ssh-client computer, and (ii) ssh-server.

dbclient is included within dropbear.

$ dbclient ssh-user@ssh-server
$ scp -S dbclient source-file ssh-user@ssh-server:/directory


though dbclient is very efficient, you might find it lacking sometimes. i couldn't figure out how to forward X.
also, if you do not have dropbear installed, you might not want to install the dropbear server, just to get dbclient.

i much prefer putty, and specifically the cmdline putty-tools. they are a bit quirky to get right the first time. but once setup correctly, you'll love 'em. i like them also because they are much smaller and efficient than openssh-client, the supposedly defacto standard.
putty, though, is very much the defacto choice on windows. there aren't many alternatives.

$ pscp source-file ssh-user@ssh-server:/destination-directory
$ plink ssh-user@ssh-server


enable X!! forwarding
$ plink -X ssh-user@ssh-server
$ xeyes


enjoy! :-)

dropbear ssh server

i prefer dropbear, because it is much smaller and more efficient than openssh.

install dropbear in debian, with
# apt-get install dropbear

this package contains an ssh server called dropbear and an ssh client called dbclient.

ssh keys

(re)generate your keys

# dropbearkey -t dss -s 1024 -f /etc/dropbear/dropbear_dss_host_key
# dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key
# /etc/init.d/dropbear restart


remember to save both the private keys and the public keys.

dropbear can be configured in /etc/default/dropbear.

nook pin lock

you might want to secure your nook, if you have personal data on it. you can set a screen lock with a 4-digit pin. enter the following command in terminal or adb.

$ am start -n com.android.settings/.ChooseLockPin

you can change your pin the same way.

but removing the pin is a bit tricky, and needs a bit more hardcore hacking. this pin is stored in /data/data/com.android.providers.settings/databases/settings.db. use sqlite3 to remove the entry.

$ sqlite3 settings.db
delete from system where name like 'lock%';
.q

NetworkManager

i don't prefer/recommend gnome, as it tries to be everything and do everything. bloatwares usually become #TBTF :( and NetworkManager (pulling in gnome libs) seems to be in that bandwagon..

for now, i'm keeping NetworkManager in #!. wireless auto-connect seems intermittent (more often than not). nm does remember all the settings though. and i can manually connect, when tired of waiting.

nm also has some cmdline tools. i used nmcli in openbox/autostart to force connect wireless. if you use another window manager or log in to console, you could use it in your relevant startup/login scripts.

sleep 1m && \
while [ "$(nmcli -t -f WIFI,STATE nm)" = 'enabled:disconnected' ]
do
nmcli con up id {wireless-ssid}
sleep 5
done &


ref: http://blog.nixpanic.net/2011/01/connect-automatically-and-immediately.html

[Addendum] this laptop has an atheros wireless card, with working drivers in kernel. i also found a driver listed in the debian repository. after installing firmware-atheros, auto-connect issues have become very rare. i have no idea why!

nook backup

nobody needs to be reminded of the significance of backups. usually never needed, but when they are, you're in a do or die!

my backup strategy is to backup every new device, soon as i get my hands on it. and then, before every significant change. sometimes, i might just take two backups and compare them.

nook community has made the backup process rather straightforward.

download noogie.img from either:
http://code.google.com/p/nst-recovery/downloads/detail?name=noogie.img.gz (recommended)
http://code.google.com/p/nst-mod/downloads/detail?name=noogie.img

extract .img, if you downloaded the .gz
$ gunzip noogie.img.gz

write .img to a spare sdcard. note: sdcard contents will be erased.
# dd if=noogie.img of=/dev/sd? bs=1M

1. power-off the nook
2. insert noogie sdcard
3. power-on the nook
4. usb connect to computer
5. backup/restore disk/partition

depending on your os/preferences, your step #5 might be different. restore process is the same.

i use debian, and find the standard nix utils to be the best, most efficient, and universal.

to backup
# dd if=/dev/sdb of=backup.img bs=1M

to restore
# dd if=backup.img if=/dev/sdb bs=1M

gzip the .img, ensuring integrity and save diskspace
$ gzip -9 backup.img

nook simple touch

this device has been makes waves among the developer community, since barnes & noble reduced the list price to £29. since, i'm not an early adopter, i waited a while, till the first lot did some testing for me and produced relatively positive feedback.

i went in to my local curry's, and found that company probably not particularly keen on long-term survival. good assistants, probably useless senior management. so i hopped across to the argos next-door, and ordered one for home-delivery in two days. argos waived the delivery charges, as it was not in-stock. excellent all-round service, and i went back to them for accessories.

my motivations for buying this device:
1. mature developer community / open-source / android
2. e-ink screen -- good for my eyes :-)
3. battery life -- 2mths !?
4. cheap enough -- £29

android wifi priority

have you ever had multiple wifi networks available to you, and your android not connecting to the one you want? then read on…

usually force connecting to your preferred wifi network should allow android to allocate wifi priority. if this is not happening and you keep connecting to other wifi networks, diagnose and rule out router/channel issues.

android allows you to specify the priority of every wifi network. don't be fobbed off by ignorant people telling you it can't be done. nothing is impossible… we just need to look beyond the obvious and the nay-sayers.

if you are not technical or don't want to root or hack code in a text file, find a suitable app. i don't usually recommend apps, unless they are open-source and not bloatwares.

ok, let's start… by now, you might have guessed that we need root and a text editor. you will be using root access to modify a text file. if you understand this, the rest is easy.

the file you want is /data/misc/wifi/wpa_supplicant.conf and you are looking for priority=

stop your wifi, if it is running. use your preferred method to edit/save this file. you might need to reboot.

ref:
http://developer.android.com/reference/android/net/wifi/WifiConfiguration.html

favicon

ever looked at a website, and thought you like it's favicon enough to want to save it? it is easy enough.

every website stores its favicon, as favicon.ico on it's root.

at the brower address bar, enter website url followed by /favicon.ico and save the image!

for example, google's favicon can be found at http://google.com/favicon.ico.

static front page for blogger

you might have noticed that your blogspot home page defaults to the recent posts. blogs look different from standard websites, as their front page continuosly changes displaying the latest blog posts.

i had a requirement for a static front page, for my blog to mimic a website. this is not too difficult. but not too obvious either.

wordpress provides a simple way to specify a static front page, and also to specify a page for your blog posts.
http://support.wordpress.com/pages/front-page

the following steps are for Google Blogger hosted blogs.

our first step is to create our static front page. we call it Home.

[Pages] -> [New Page] -> [Blank Page] -> [Page Title] -> [Home] -> [Save]

the default home page of a blog is the list of recent posts. we hide this default home page.

[Layout] -> [Pages] -> [Edit] -> untick default Home -> [Save]

[Pages] -> [Show pages as] -> [Top tabs]
_ notice (default) Home is Hidden

next, we redirect the default home to our new front page.

[Settings] -> [Search preferences] -> [Custom Redirects] -> [Edit] -> [New Redirect] ->
_ From: /
_ To: /p/home.html (verify page name)
_ Permanent: yes
[Save] -> [Save Changes]

we will lose our blog by redirecting the home page, since our blog was the default home page. so we create another page and link it to our blog.

[Pages] -> [New Page] -> [Web address] ->
_ Page title: Blog
_ URL: /index.html
[Save]

finally, reorder all pages

[Pages] -> [Show pages as] -> [Top tabs]
_ notice (default) Home is Hidden
_ drag (new) Home to top of list
_ drag Blog to required

don't forget to save!

[Save Arrangement]

Apparently, blogger on mobile works funny with redirects. Test it: http://{blog}.blogspot.com/?m=1

Till blogger resolves these issues, the best that we can do is disable the mobile template.

[Template] -> [Mobile] -> [No] -> [Save]

my android apps

i continously seek smaller app/vers, and switchover. in doing so, i have about 250 apps installed on my small phone. you may notice that i have no qualmns using very old versions, if they are small enough. most official apps start out efficient, and end up bloatware. i also purge most of the pre-installed crapware apps (google play, google maps, gmail, google talk, email, clock), replacing them with smaller/efficient apps.

always choose open source apps over closed source. you never know what may be hidden in the source code. i always uninstall any market-installed apps, if i can find them in f-droid repo.

apps listed below are in order of preference. i will try to keep this page updated..

App Stores:
---
f-droid
google market v1.82
google play (uninstalled)

Home Screens:
---
search based launcher
StoicHome
organized drawer
zeam launcher

Browsers:
---
cm7 browser, no javascript, inverted
zirco browser
inbrowser
opera mini

E-mail:
---
k-9 mail
Gmail (uninstalled)
Email (uninstalled)

Chat/VoIP:
---
slick
sipdroid (can skype)
viber v2.2.3.109
skype v2.9.0.315 (hacked version)
google talk (uninstalled)

E-Book/Readers:
---
wordoholic reader
nomad reader
zxreader

Pray:
---
lectio divina
live bible v2.9.25

Office/Docs:
---
Kingsoft Office
LcWord

Facebook:
---
browser w/o javascript
Tinfoil for facebook

Twitter:
---
browser w/o javascript
CheepCheep
TweetsRide

SatNav/Maps:
---
navit
navfree World
OsmAnd
Waze
rmaps
google maps (uninstalled)

most popular posts