General NAS-Central Forums

Welcome to the NAS community
It is currently Tue Oct 17, 2017 3:13 pm

All times are UTC




Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Mon Jan 07, 2013 1:45 pm 
Offline

Joined: Mon Jan 07, 2013 1:23 pm
Posts: 7
Got root on a Lacie CloudBox 2T by:
1. get harddisk out and connect to linux host
2. mount /dev/sdb6 /mnt/sdb6 -t ext3
3. create /mnt/sdb6/0/root/.ssh and authorized_keys (check permissions)
4. edit /mnt/sdb6/0/etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf to enable ssh
5. re-assemble and boot
7. ssh -p 2222 root@<yourlacie>

Some remarks:
- Ad 4: editing /mnt/sdb6/0/etc/initng/runlevel/default.runlevel to activate sshd is another option, but later in de bootprocess unicorn kills sshd. It does however give you a 20 second window to login.
- The changes in step 3 and 4 do not survive a reset to factory settings.
- I hapily used http://lacie.nas-central.org/wiki/Enabl ... space_2%29 to figure things out.

Edit: be clear about this not surviving a reset to factory settings.


Top
 Profile  
 
PostPosted: Fri Feb 01, 2013 7:08 pm 
Offline

Joined: Fri Feb 01, 2013 7:05 pm
Posts: 5
Hi,

Could you explane me a (noobproof) how-to.. I always got a "permission denied" error when i try to login via putty.


Top
 Profile  
 
PostPosted: Fri Feb 01, 2013 8:05 pm 
Offline

Joined: Mon Jan 07, 2013 1:23 pm
Posts: 7
computerfreak wrote:
Could you explane me a (noobproof) how-to.. I always got a "permission denied" error when i try to login via putty.

I'd love to, but you need to give us more information, because there are more ways to get "permission denied". Exactly what steps did you take up to this point?


Top
 Profile  
 
PostPosted: Fri Feb 01, 2013 11:40 pm 
Offline

Joined: Fri Feb 01, 2013 7:05 pm
Posts: 5
Well this is what i did,

1. I have created the .ssh folder
2. I have created the authorized_keys file and insert te public key that i made with puttygen.
3. I have set the permissiosn of the .ssh folder to => 755 and the authorized_keys to 644
4. I have edit the unicorn.sharing.ssh.conf to true
5. re-assemble and boot


Top
 Profile  
 
PostPosted: Sat Feb 02, 2013 7:05 am 
Offline

Joined: Mon Jan 07, 2013 1:23 pm
Posts: 7
Did you instruct putty to connect to port 2222 (the default is 22)?


Top
 Profile  
 
PostPosted: Sat Feb 02, 2013 8:02 am 
Offline

Joined: Fri Feb 01, 2013 7:05 pm
Posts: 5
blong wrote:
Did you instruct putty to connect to port 2222 (the default is 22)?

Yes i did.


Top
 Profile  
 
PostPosted: Sat Feb 02, 2013 9:08 am 
Offline

Joined: Mon Jan 07, 2013 1:23 pm
Posts: 7
Approaching the end of Things that come to mind. You can try:
- check wether you login as user root
- try a login with verbosity on and paste output here
- check the contents of authorized_keys (one key on one line; remove spaces resulting from concatenating lines)
- try to login from a linux box to exclude some issue on your client

You should not get a password prompt.


Top
 Profile  
 
PostPosted: Sat Feb 02, 2013 11:28 am 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6047
Quote:
3. I have set the permissiosn of the .ssh folder to => 755 and the authorized_keys to 644
That should be 700 and 600
http://www.openssh.org/faq.html#3.14


Top
 Profile  
 
PostPosted: Sat Feb 02, 2013 11:50 am 
Offline

Joined: Mon Jan 07, 2013 1:23 pm
Posts: 7
Mijzelf wrote:
That should be 700 and 600
http://www.openssh.org/faq.html#3.14


I have been considering that, but I do not think is the cause of "permission denied" in this case. I tested by changing permissions to 755 and 644 on my box and was permitted login using the keypair. Also the manual page suggests only writability by others would be a problem:

Quote:
If this file, the ~/.ssh directory, or the user's home directory are writable by other users, then the file could be modified or replaced by unauthorized users. In this case, sshd will not allow it to be used unless the StrictModes option has been set to ``no''.


I checked 777 on /root gave me a login prompt.


Top
 Profile  
 
PostPosted: Sat Feb 02, 2013 2:42 pm 
Offline

Joined: Fri Feb 01, 2013 7:05 pm
Posts: 5
blong wrote:
Approaching the end of Things that come to mind. You can try:
- check wether you login as user root
- try a login with verbosity on and paste output here
- check the contents of authorized_keys (one key on one line; remove spaces resulting from concatenating lines)
- try to login from a linux box to exclude some issue on your client

You should not get a password prompt.


This is the message what i got when i would connect with my raspberry pi.

pi@raspbmc:~$ ssh -v root@198.168.0.104 -p 2222

OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 198.168.0.104 [198.168.0.104] port 2222.


Top
 Profile  
 
PostPosted: Sat Feb 02, 2013 3:38 pm 
Offline

Joined: Mon Jan 07, 2013 1:23 pm
Posts: 7
I don't see "permission denied".

If it hangs there maybe the ssh server did not start and I'd like to see the contents of unicorn.sharing.ssh.conf. That file is on three different partitions and it is important you take the one under sdb6/0 (ie under the sixth partition that is on disk; it has a directory '0' at the top). If you think you took the wrong partition, you should also re-do step 3.


Top
 Profile  
 
PostPosted: Sat Mar 16, 2013 11:13 am 
Offline
User avatar

Joined: Sat Mar 16, 2013 11:09 am
Posts: 4
Out of curiosity, which make/ model was the 2TB drive ?

I got myself a 3TB one but it is "DOA". It only reports ~800GB. I am now afraid design issues and not being an isolated case.

Option is return for refund or return for a new unit.

Check info about Intel RST driver: http://www.seagate.com/support/downloads/beyond-2tb/

Also, and going a little bit off topic, does your interface negotiates at lower speeds than gigabit ? With root access can you correct this ?


Top
 Profile  
 
PostPosted: Sun Mar 31, 2013 3:49 pm 
Offline

Joined: Fri Feb 01, 2013 7:05 pm
Posts: 5
[quote="blong"]Got root on a Lacie CloudBox 2T by:
1. get harddisk out and connect to linux host
2. mount /dev/sdb6 /mnt/sdb6 -t ext3
3. create /mnt/sdb6/0/root/.ssh and authorized_keys (check permissions)
4. edit /mnt/sdb6/0/etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf to enable ssh
5. re-assemble and boot
7. ssh -p 2222 root@<yourlacie>

He does anyone can send me a sample of the authorized_keys and the unicorn.sharing.ssh.conf files.

Maybe someone can make a tutorial for me?


Top
 Profile  
 
PostPosted: Sat Apr 13, 2013 11:22 am 
Offline
User avatar

Joined: Sat Mar 16, 2013 11:09 am
Posts: 4
Rooted !

What is my goal ?

- I hate locked down devices than fail to explore full potential,
- LaCie software if frustrating for anything else than non proficient user, for all else it falls short and lacks funcionalities

So, this is my walk through... I rooted the CloudBox with "partial" disassembling... partial because no screws where taken.

First of all it should be possible to do it without even opening the box using CLUNC http://www.lacie-nas.org/dokuwiki/doku.php?id=clunc but I was unable to do it... not sure why.

EDIT: Taken from http://www.rigacci.org/wiki/doku.php/doc/appunti/hardware/lacie_d2_network:"(WARNING: it seems that clunc broadcasts to U-Boot only to the interface where you have the default route, beware if you have more than one Ethernet interface):"

I did it using a serial console cable to the board using information from: http://lacie.nas-central.org/wiki/File:Lacie_d2_network_jtag_serial.jpg as the pin out is the same. You need a RS232 TTL converter like the MAX232 http://www.ebay.co.uk/itm/RS232-To-TTL-Converter-Module-Built-in-MAX232CPE-Transfer-Chip-With-4PCS-Cables-/110769034040?pt=UK_Computing_Other_Computing_Networking&hash=item19ca595338; Just google it or look it up on eBay if link goes away, and a putty alike serial client.

At a given time the UBoot stops at:

Code:
Waiting for LUMP (3)
no lump receive; continuing
Hit any key to stop autoboot:  0


This is where I frantically hit the keyboard and get it to stop. Now using UBoot environment variables that boot scripts will use I change it to pass kernel parameters to boot it in "single user mode"

Code:
Marvell>> printenv console
console=console=ttyS0,115200
Marvell>> setenv console 'single init=/bin/sh console=ttyS0,115200'
Marvell>> printenv console                                         
console=single init=/bin/sh console=ttyS0,115200
Marvell>> ide reset

Reset IDE:
Marvell Serial ATA Adapter

Marvell Serial ATA Adapter
Integrated Sata device found
[0 0 0]: Enable DMA mode (5)
  Device 0 @ 0 0:
Model: ST3000DM001-1CH166                       Firm: CC44     Ser#:             W1F2ALG5
            Type: Hard Disk
            Supports 48-bit addressing
            Capacity: 2861588.4 MB = 2794.5 GB (5860533168 x 512)
PCIe SATA:ffffffff

Marvell>> run nexus_boot
Booting Nexus layout from disk 0...
boot_count=0
saved_entry=0
Loading file "/boot/uImage" from ide device 0:4 (gpt4
)
7177572 bytes read

## Checking Image at 00800000 ...
   Image Name:   Linux-2.6.31.14-svn7493
   Created:      2012-09-27  18:20:30 UTC
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    7177508 Bytes =  6.8 MB
   Load Address: 00008000
   Entry Point:  00008000
   Verifying Checksum ... OK
## Error: "rescue" not defined
## Booting image at 00800000 ...
   Image Name:   Linux-2.6.31.14-svn7493
   Created:      2012-09-27  18:20:30 UTC
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    7177508 Bytes =  6.8 MB
   Load Address: 00008000
   Entry Point:  00008000
   Verifying Checksum ... OK
OK
bootargs from environment variables : single init=/bin/sh console=ttyS0,115200 boot=UUID=45383132-04f6-46ba-9ba8-b1d3dea7d28c root=UUID=0aaf00e6-378a-4f09-9720-12e6de1f08e2 cap=gpt,lba64

Starting kernel ...


Above, look for the line at the end starting with "bootargs from environment variables".

Now when this finished you get a root console prompt whiteout asking for password and a partial mounted filesystem.
What you get is enough to run vi and create the ssh/authorized_keys and "patch" unicorn.
More info on ssh here http://www.debian-administration.org/articles/530 I created the file and copy pasted the key in a SINGLE line. Beware editor quirks.

Uncomment sshd like in /etc/initng/runlevel/default.runlevel

Code:
# +--+  File autogenerated by sbs_plugin projectfilepatcher (Stage: RELEASE) +--+
initial
dbus
udev
ublocks
dhcdbd
logrotate
syslogd
klogd
NetworkManager
http
getty/S0
getty/0
sshd/generate_keys
sshd
cron
unicorn
thumbd
unicorn/ready
mdadm/monitor
buttons-manager


Just change enable to true in /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf

Code:
_config:
    enabled: true
    port: 2222
    chroot_directory: '/'
    authorized_keys: ''


Now at this time you can run system init,
Code:
/sbin/initng
and system would continue boot as it normally would.

You can now ssh into it:

Code:
root@raspberrypi:~# ssh root@lacie-cloudbox -p 2222
[root@LaCie-CloudBox ~]# uname -av
Linux LaCie-CloudBox 2.6.31.14-svn7493 #1 Thu Sep 27 18:20:26 UTC 2012 armv5tel GNU/Linux
[root@LaCie-CloudBox ~]# cat /etc/issue
NAS OS 2.6.8.1
Linux \r on an \m / \l


Main goal is complete.

I have already installed ipkg, info on http://www.nslu2-linux.org/wiki/Main/PlugComputers, and I am now taclking unicorn to allow me to make changes on configuration files.
To install ipkg I just remounted / as rw
Code:
mount -o remount rw /

For instance, unicorn keeps overwriting the changes I made to setting.json of transmission.

One chance is to do it like described here http://lacie.nas-central.org/wiki/Category:2big_Network_2#Transmition:_Use_original_web_manager
Changing the init script to use a different configfile.

All other changes, ssh keys, unicorn ssh and ipkg install under /opt where persistent across reboots.

Hope it helps and hope to discuss with others changes within the Lacie NAS OS to improve it, without breaking it ;)


Top
 Profile  
 
PostPosted: Wed Jul 10, 2013 3:45 pm 
Offline

Joined: Wed Jul 10, 2013 3:18 pm
Posts: 18
Hiya

I managed to get root using clunc, on my cloudbox running firmware v2.6.8.2. I created a script and put it on the "family" share, then I adjusted the uboot console variable to add to the kernel boot arguments in such a way that they get added to a file that gets sourced by several utilities at boot time. Details:

Contents of script:

Code:
#!/bin/sh
/usr/sbin/telnetd -l /bin/sh


Ensure the script contains newlines and not carriage-returns (so don't use Notepad to create). Copy it into the root of the "family" share on the cloudbox. Call it telnetd.sh.

Run clunc, reboot the cloudbox, then when the Marvell prompt shows up, change the console variable with the setenv command like so:

Code:
Marvell>> setenv console 'console=ttyS0,115200 a=a;/*/*/telnetd.sh'


Then type "ide reset" and "run nexus_boot".

After about 2 minutes, you should be able to telnet into a root shell.

This won't survive a reboot, so follow the other instructions provided in this thread, to get secure-shell logins working.

For those interested in how this works, check out the file lib/drive_utils. This and other scripts source the file /etc/cmdline.conf, without sanitizing the contents. The cmdline.conf file is built at boot time by /etc/init.d/cmdline, which simply splits apart (at spaces) the contents of /proc/cmdline (ie the boot parameters, including the uboot "console" variable), and each term is put into a var=val line in cmdline.conf, each variable prefixed with "cmdline_". So after booting with the above settings, my cmdline.conf contains this line:

Code:
cmdline_a=a;/*/*/telnetd.sh


When this gets sourced by drive_utils (and other places), "a=a" is executed and then "/*/*/telnetd.sh" is executed. The shell expands this to /shares/Family/telnetd.sh.

Also, I didn't want to change the root password, so instead, I gave my admin login a shell with this one-liner:
Code:
cp /etc/passwd /etc/passwd.bak && sed -i '/^admin:/s/false/bash/' /etc/passwd


Hmm, seems this isn't the reason that I cannot login as admin. So I did the ssh thing as follows:

Code:
cp /etc/initng/runlevel/default.runlevel /etc/initng/runlevel/default.runlevel.bak
sed -i '/^#sshd$/s/^#//' /etc/initng/runlevel/default.runlevel
cp /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf.bak
sed -i '/enabled:.*false/s/:.*/: true/' /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf
ngc --start sshd


Then for the keys:
Code:
ssh -o batchmode=yes 0.0.0.0  # creates .ssh with correct permissions
cd ~/.ssh
ssh-keygen  # accept defaults, but be sure to enter a good passphrase
cp id_rsa.pub authorized_keys
chmod 600 authorized_keys
cp .ssh/id_rsa* /shares/Family  # note: this is insecure unless you entered a good passphrase


Then from my Windows box I connected to the Family share, loaded up the id_rsa file in PuttyGen, entered the passphrase, saved the private key locally as a .ppk file, and loaded it up in Pageant. Then I connected to my cloudbox with PuTTY (on port 2222), entered the username of "root" and I was into a root shell. Free!!! After rebooting, I was still able to re-connect with PuTTY in the same way. Telnet no longer worked after the reboot, which is how it should be, and the telnetd.sh script can be removed from the Family share.

I'd prefer to be able to ssh in as admin and then su to root, but so far I haven't been able to work out why sshd is blocking me in this endeavor. More research needed.

Next? Perhaps I'll install some useful tools to replace the cut-down busybox ones - netstat and ps are too limited for my purposes.


Last edited by jez on Sun Apr 13, 2014 11:47 pm, edited 2 times in total.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group