Ever find yourself needed to access a computer that is behind a NAT firewall, but cannot without a bunch of goofy port forwarding rules at your router? I know, it is annoying. Here is how to SSH into your computer without adding port forwarding rules to your router’s firewall.
For ease of explaining, I will label some of these in a common setup and then refer to them as such. Your setup may be slightly different. Change the names and locations to fit your needs… In my case, I am going to have a laptop, a home desktop and a server.
When I am out and about, I bring my laptop with me. I want to connect to the home computer (running Ubuntu Linux). Since the home desktop is behind a firewall, I cannot access it directly.However, I do have a server with a public domain that I can get to from the internet. Using this, I can proxy through the server and use it as a common meeting ground.
What you will need:
- ssh setup on all computers (Server, Laptop, and Desktop)
- Root access on the desktop and maybe on the server
- SSH Key (login without password) needs to be working on your Server and Desktop. See here for setup instructions.
- There is not much to setup here. Let’s just say 12345 for the port (You can choose anything in range). Make sure any firewall on your system (or on an external router) allows this port. There, that is it.
Setup Home Desktop
- On the home desktop, we need to have it connect to the server automatically. To do so, we will setup a script that will automatically dial in to the server. This script will login, but also ask that all traffic that comes into the server on a specific port be forwarded to the home desktop.
- First, edit your ssh config file to include the following line:
- GatewayPorts On
- Create a new file (or modify the existing file) with this command and add the text below (this will cause the command to be executed at 10 minutes after startup): sudo vim /etc/rc.local
#!/bin/shwhile true; do
# Automatically setup reverse tunnel on boot...
# This script allows me to connect to the nat'ed computer by using a third party server as a proxy.
# To connect from somewhere other than the office, use port 10002 like this... ssh workcomputer -p 10002
# This should cause the job to start initially about 10 minutes after boot. It will recheck/initialize
# every 10 minutes after that.
# See http://terry.ipearson.net/programming/reverse-ssh-to-access-linux-computer-behind-firewall/
ssh -nNT -R 10002:localhost:22 firstname.lastname@example.org
- Change the permissions of the script:
sudo chmod 755 /etc/rc.local
- Now restart sshd and networking. I would recommend just restarting the computer since there appears to be a bug with network restarts in Ubuntu.
- Now, from your laptop, ssh to the server using the port specified:
ssh -p 12345 user@server
You will notice that instead of logging in to your server, you will actually be logged in to your home desktop! You have not broken through the NAT barrier. Congrats.
If you are having ‘connection refused’ errors after restarting, but it works when directly running the script, the issue may be that your root user does not have an ssh key setup properly.
In keeping with the Thanksgiving theme, here a great video to watch that gives a virtual tour / interview with the historical residents of Jamestown:
I came across these videos about the Mayflower while searching for Thanksgiving videos for my kids (for homeschooling). Enjoy!
If you have ever used a virtual machine, you know how useful they can be. Linux has a special lightweight virtual machine-like interface that reuses the kernel, but installs the remaining portion of the operating system in a separate container. It uses less memory and integrates nicely with an existing system.
There are many advantages to these, but this is a functional post. Here is what you need. Note, I will be showing you instructions for Ubuntu 13.04.
First, install LXC (stands for LinuX Containers) and other needed software:
<code>sudo apt-get install lxc bridge-utils -y</code>
Next, download the web interface for Linux Containers
<code> sudo su wget http://lxc-webpanel.github.com/tools/install.sh -O - | bash</code>
Note that root is required for the wget command because it is piped to a bash install script that requires root. Entering “sudo” before wget will not be enough.
At this point, you have linux containers. Go to http://localhost:5000 and login using user name ‘admin’ and password ‘admin’.
But utilities like this are no fun if they cannot be accessed through your normal router. Right now, all Containers will be created on a private 10.?.?.? network. Only your computer can access them. If that is all you need, stop here. If you would like to assign real ip addresses on your network, continue…
Note that Ubuntu uses the network manager app by default. Once we make our configuration, it is important to realize that future network changes need to be done through the command line. As soon as we modify the network settings file, all Network Manager interfaces will be overridden. This means that if you fail to setup network interfaces that already exist, they will not exist after restart.
So let us configure the network. Your setting may be different.
I use vim as my editor, you can use nano, vim, or anything else. Enter the following command:
sudo vim /etc/network/interfaces
This brings you into the main configuration for your networks. This is where you setup dns servers, interfaces, etc. The file I use is based on a dhcp connection (I create static assignments in the router for specific mac addresses.). Mine looks like this:
# interfaces(5) file used by ifup(8) and ifdown(8)
# This defines my wired interface.
iface eth0 inet manual
# This is the network bridge, the only thing that might need changing is the network interface name.
iface br0 inet dhcp
bridge_ports eth0 lxcbr0
# This is the loopback – It was probably in the file by default
iface lo inet loopback
After all that is done, restart the computer. After restart, verify that network connections work and then go to http://localhost:5000 and add a container. Make sure you change the network address to something in your network’s range (you can assign an ip, as long as it is in your subnet). If you do not assign something, an ip will be given in the range defined in your config for lxc. Also make sure that the network interface for the device is called “br0″
Tip 1: A couple of quick tips. DO NOT do this over ssh from the outside world. I’ve cut off my access a few times trying that. That being said, you probably will anyway, so maybe work on writing a script to reset settings in /etc/network/interfaces, then restart at a certain time of day if you don’t cancel it. That way, you will automatically regain access without having to be physically present.
Tip 2: If you installed on ubuntu, it probably has a default username and password of ubuntu. So ssh in with this command: (assuming the container is at 192.168.1.15)
Tip 3: You can go to /var/lib/lxc/[NAME_OF_CONTAINER]/rootfs/ and access the folders of the file system for your virtual machine. This makes it easy to copy settings and other items into the virtual instance.
Tip 4: A good use of containers is for websites (they can each have their own ip address). Other good uses would include Caching dns servers for your network, media servers, anonybox setups, vpns, and anything else that you wish to install without screwing up your ubuntu installation settings.
Did you know you can run many Windows programs right through Ubuntu Linux. Use a program called “Wine”.
To install Wine:
- Go to the Ubuntu Sofware Center and find “Wine”.
- Install Wine – Wine is now installed.
Getting Wine to open exe files by default
Tip/Warning: If you do not do the second section of steps, Ubuntu will attempt to open exe files using the “File Roller” application. Here is how to fix that.
- Then open a terminal and type:
sudo gedit ~/.local/share/applications/mimeapps.list
- When in gedit, add the following text to the bottom:
Congratulations, you can now double click on exe files for Windows and open them with Wine.
If you program for the web, you probably have been locked out of MySQL at some point. If you find yourself in a situation where you cannot login, here is how you regain access. The following example will give your user complete control over the database.
1. Login as a sudo-er or a root user.
2. Stop mysql:
- /etc/init.d/mysqld stop
3. Start mysql in safe mode:
- mysqld_safe –skip-grant-tables
4. Login to mysql as root
- mysql -u root
5. Select the mysql database.
- use mysql;
6. Insert a new username or update the existing password for a user (The following gives universal access, adjust accordingly):
- INSERT INTO user VALUES(‘%’,'INSERT_USERNAME_HERE’,PASSWORD(‘INSERT_PASSWORD_HERE’), ‘Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,'Y’,”,”,”,”,0,0,0,0);
- Note that the exact number of columns will differ depending on mysql version. Use the ‘desc user’ command to see the corresponding column names. This was for version 5.0.45)
Ever run into the error: “bad interpreter: No such file or directory”? The problem is you have CRLF end of line characters… The solution, run this command on the file in Linux…
sed -i 's/\r//' filename
[Update] While these are great instructions for rooting any Asus Transformer Infinity, I would encourage you to look at other tablets instead. Asus has had massive quality control issues with their Transformer line. One of the worst issues is the random screen cracks that can occur when docked. See this search for the latest of thousands of unhappy customers that have witnessed their screen cracking while they were not touching their tablet.” While this seems not plausible, I witnessed this myself on one of our devices. To this date, Asus has refused to honor their defect warranty for almost all such cases. Your money would be much better spent on a manufacturer with a better reputation and higher quality control. Check out the Samsung Note 10.1 for a good alternative to the Asus Transformer Infinity.
My wonderful wife gave me a new Transformer Infinity today and I immediately decided I needed to root it. Unfortunately, it was already on Android 4.1.1 so it is unrootable in that state (without unlocking the bootloader).
Here are my notes on the downgrading and rooting process. Make sure your battery is fully charged and you have everything backed up. This will wipe your device (because the downgrade is a full system image).
This is based on Steve Hamilton’s advice here: http://androidforums.com/transformer-infinity-tf700t-all-things-root/637903-trouble-rooting-asus-transformer-infinity-tf700t-4-1-1-jellybean.html#post5123594
We are going to assume that you have a US Based sku for your Infinity. If not, some numbers may be different.
- Download the Stock Ice Cream Sandwich Rom for the ASUS Transformer Infinity. You can get it here: http://d-h.st/Zo7 and here: http://pdadb.net/index.php?m=repository&author=Asus If you live in the US, make sure you get the version that ends in “.30″ (184.108.40.206). If not, get the version for your country.
- Extract the downloaded zip file, there will be a zip file inside called US_epad_user_9_4_5_30_20120907_UpdateLauncher.zip and place it on the root of your “internal SD card”.
- Power off the device while holding the volume down and power buttons for about 10 seconds. It will load in safe mode.
- It will show an update available. DO NOTHING. After 10 seconds, the device will reboot and you will load a safe mode version of the OS.
- When your device is restarted, the settings bar will show that there is an update to install. Select it.
- Click through the warnings. WARNING: This will delete your data.
- Your device will restart with Ice Cream Sandwich.
- Go here to download the latest automated Debug FS Root tool: http://forum.xda-developers.com/showthread.php?t=1706588
- Extract the zip file and save in some folder of your choice.
- Make sure your tablet is plugged in and recognized by your computer. If not, install appropriate drivers.
- Run RootDebugfs.bat
- Choose option 1 to root your device (Read and follow instructions at the prompts). The most important parts are to enable installing from unknown sources and enable USB debugging.
- Open up the SU app at least once before doing anything.
- On your device, download OTA Rootkeeper from Google Play: https://play.google.com/store/apps/details?id=org.projectvoodoo.otarootkeeper&hl=en
- Click on “protect root” in the Rootkeeper app.
- Upgrade via over-the-air updates to Jellybean.
- If needed, go back into OTA Rootkeeper and restore root.
The title above may be a lie. It just depends on your context or situation. You may have heard these terms (especially if you read Jeff Atwood’s recent post or Dodgy Coder’s 2011 post). Note that there may be very practical uses for some of these in real life. Others simply describe situations that should never happen.
if(constant==variable) instead of if(variable==constant)
This is equivalent to saying “If blue is the sky”.
This is no insult to Yoda, after all, ”When nine hundred years old you reach, look as good, you will not, hmmm?”
A bug that naturally disappears when you look for it.
This notorious bug gets its name from the Heisenberg Uncertainty Principle. The classic example is outlined in this Wikipedia article. The bug manifests itself with an optimized (normal) compiler. But when the programmer compiles with the debug option, the bug disappears. In debug mode, values are often stored in memory instead of registers, allowing for slight differences in floating point values.
One example I have experienced is in using different Java environments. Our test environment used the IBM JVM and the production environment used the Sun JVM. The Sun JVM evaluates the “==” operators differently than the IBM JVM. That’s why you should always compare strings with “string1.equals(“string2″)”.
Fermat’s last post
A poster to a forum or discussion list claims a solution, but never gives the answer.
I’ve seen this hundreds of times. Someone posts a complicated question on a forum and no answer is known. Finally, the person writes back and says “Nevermind, I figured it out.” But, they never share their results.
This term comes from Pierre de Fermat’s infamous last theorem, where he claimed he had a proof for the conjecture that no positive integers a,b,c that are greater than 2 can satisfy the equation an + bn = cn.
Unfortunately, he never published his full proof because he said it would not fit in the margin of his book (which if it existed, would have been done without a computer, so it would have been simple enough for an intelligent person to understand). No proof existed until 1995, a full 358 years after Fermat claimed he had a proof.