dropbear and dsa keys

hm. i found this page on the openwrt wiki - DropbearPublicKeyAuthenticationHowto. since it's just me taking care of the router, i guess it's okay to auth to root or my non-root user using the same global authorized_keys file. but it just feels wrong. but dropbear has a really small memory footprint. argh, the problems of a sysadmin's conscience.

well, i've set it up on my active WRT54Gv2.2 router and i'll do it as a starting point on my WRTSL54GS next time i boot it.



got another hit yesterday

my where's george bill hit rate is still low compared to others (right now, around 5%), but the comment on this bill is interesting: One Dollar Bill, Serial# B4196---9A Series: 2003A

other significant hits i've gotten:
first cross-coast hit
first international hit
first hit in 'the south'

where's george is an interesting experiment on circulation of currency (read: a strange hobby). it's not like "big brother" is going to be tracking my every cash expense now, as bills trade hands dozens of times before people enter it into wheresgeorge.com.



... and we're back

well, i couldn't get it to boot off the CF anymore, so I just started over. i think the problem was that after i reloaded OpenWrt on the internal flash and installed the usb/storage drivers, it thought the CF filesystem "magically" changed to vfat and it didn't want to mount as root anymore. now i know that i mke2fs'd it. ah well.

so, i altered the swap technique by adding an /etc/fstab, making the swap init.d script S90swap and making it's entire contents "/usr/sbin/swapon -a". the contents of /etc/fstab are:

/dev/scsi/host0/bus0/target0/lun0/part1 / ext3 defaults 1 1
/dev/scsi/host0/bus0/target0/lun2/part1 swap swap defaults 0 0

i think my next step will be to dump dropbear and start running OpenSSH. i once spent entirely too many hours to get DSA keys to work with dropbear, unsuccessfully. i should have enough memory to run a real ssh daemon. besides, i think all the libs are pre-req's for OpenVPN anyway. or maybe remote syslogging. i've been seeing these weird scsi errors in 'dmesg' after it boots. i think it's for the empty slots in the flash memory reader - i believe i'm using sda and sdc (lun0 and lun2). i'm seeing errors for sdb and sdd as follows, but it's only the end of the error dump:

sdd : READ CAPACITY failed.
sdd : status = 1, message = 00, host = 0, driver = 08
Current sd00:00: sns = 70 2
ASC=3a ASCQ= 0
Raw sense data:0x70 0x00 0x02 0x00 0x00 0x00 0x00 0x0a 0x00 0x00 0x00 0x00 0x3a 0x00 0x00 0x00 0x00 0x00
sdd : block size assumed to be 512 bytes, disk size 1GB.
sdd: Write Protect is off
/dev/scsi/host0/bus0/target0/lun3: I/O error: dev 08:30, sector 0
I/O error: dev 08:30, sector 0
VFS: Disk change detected on device 08:30
sdd: Unit Not Ready, sense:
Current 00:00: sns = 70 2
ASC=3a ASCQ= 0
Raw sense data:0x70 0x00 0x02 0x00 0x00 0x00 0x00 0x0a 0x00 0x00 0x00 0x00 0x3a 0x00 0x00 0x00 0x00 0x00



hm. something went wrong - it won't complete the boot-up on the CF. i have a feeling it was the swap setup, as that init.d script was before the network init'd. no ping from the lan/bridge interface, the wifi interface doesn't come up (no light) and no dhcp on the wan interface. bleaugh.

luckily, that /sbin/init script from the OpenWrt has a test before it does the pivot_root, so I have it up and running with the internal flash. ahh, failsafes. fun fun fun. damn, this thing need a serial console.




Since I don't have the wireless setup yet (specifically WPA and OpenVPN), I've created a failsafe to make sure people aren't peeking:

cd /etc/init.d
echo "ifconfig eth2 down" > S98nowifi; chmod +x S98nowifi

The wiki page on the WRTSL54GS let me know which interface is which.


creating swap

I found a 16MB smartmedia card laying around and figured it would be good for swap. Note that I had to install fdisk from the backports repository. I had previously partitioned the CF card when tooling around, so I didn't need it to mount the CF card as root, just e2fsprogs to reformat it. Anyway, on with the show:

# install fdisk
ipkg install fdisk
#find the partition
fdisk -l
# create the swap partition (partition 1, type 82)
fdisk /dev/scsi/host0/bus0/target0/lun2/disc
# install swap-utils
ipkg install swap-utils
# make it a swap partition
mkswap /dev/scsi/host0/bus0/target0/lun2/part1
# and do it
swapon /dev/scsi/host0/bus0/target0/lun2/part1
swapon -s
# make it persistent
echo "/usr/sbin/swapon /dev/scsi/host0/bus0/target0/lun2/part1" > /etc/init.d/S11swap
chmod 755 /etc/init.d/S11swap

Now I've got more virtual mem to do... something with.

root@OpenWrt:/etc# swapon -s
Filename Type Size Used Priority
/dev/scsi/host0/bus0/target0/lun2/part1 partition 15984 0 -2
root@OpenWrt:/etc# cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 31289344 12382208 18907136 0 770048 3854336
Swap: 16367616 0 16367616
MemTotal: 30556 kB
MemFree: 18464 kB
MemShared: 0 kB
Buffers: 752 kB
Cached: 3764 kB
SwapCached: 0 kB
Active: 2820 kB
Inactive: 1724 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 30556 kB
LowFree: 18464 kB
SwapTotal: 15984 kB
SwapFree: 15984 kB

You can also read slightly less verbose instructions on the OpenWrt wiki.


getting the CF to be root

So, the UsbStorageHowto works pretty well. Basically, the steps I used were:

mount /dev/scsi/host0/bus0/target0/lun0/part1 /mnt
mkdir /tmp/root
mount -o bind /rom /tmp/root
cp /tmp/root/* /mnt -a
umount /tmp/root
umount /mnt
cd /sbin
mv init init.old
vi init
chmod a+x init

and here's my version of init

for module in usbcore usb-ohci scsi_mod sd_mod usb-storage jbd ext3; do {
insmod $module
}; done
sleep 4s
mount "$boot_dev" /mnt
[ -x /mnt/sbin/init ] && {
mount -o move /proc /mnt/proc && pivot_root /mnt /mnt/mnt && {
mount -o move /mnt/dev /dev
mount -o move /mnt/tmp /tmp
mount -o move /mnt/jffs2 /jffs2 2>&-
mount -o move /mnt/sys /sys 2>&-
exec /bin/busybox init

Of course, what's not mentioned is that your system is reset to as if you just installed OpenWrt. So you have to set the root pw, update ipkg.conf, install pkgs, etc. etc. as per my last blog post.

BTW, after it's all said and done, the filesystems show up as follows:

root@OpenWrt:~# df
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/root 1024 1024 0 100% /mnt/rom
/dev/mtdblock/4 6272 1304 4968 21% /mnt
none 15276 36 15240 0% /tmp
/dev/scsi/host0/bus0/target0/lun0/part1 121203 8583 106362 7% /mnt/mnt/disc0_1
/dev/scsi/host0/bus0/target0/lun0/part1 121203 8583 106362 7% /

With 32MB of RAM and 128MB of disk... it's 1990 all over again!



getting things started

Well, I got off my ass today and started working on getting my WRTSL54GS up and running. So far, the notes I had made previously work like a charm for getting OpenWrt up and mounting the CF card. Next is to get it mounting the CF card as root.

rexmt 1
timeout 60
put openwrt-WR1.0rc5-wrtsl54gs-squashfs.bin

# logout/login
ssh root@
wifi down
ifdown wifi
ifconfig eth2 down

Then with some help from the OpenWrt wiki.

cd /etc
rm ipkg.conf
cp /rom/etc/ipkg.conf ipkg.conf
vi /etc/ipkg.conf
#src backports http://downloads.openwrt.org/backports/rc5
ipkg update
ipkg install kmod-usb-core
ipkg install kmod-usb-ohci
ipkg install kmod-usb-storage
ipkg install kmod-usb2
ipkg install kmod-vfat
ipkg install kmod-ext3
ipkg install e2fsprogs
fdisk /dev/scsi/host0/bus0/target0/lun0/part1
ln -s /proc/mounts /etc/mtab
mke2fs -j /dev/scsi/host0/bus0/target0/lun0/part1