SSH unlock encrypted Ubuntu 14.04 server

June 27th, 2014

With 14.04 this procedure has become really easy. Nevertheless some of the steps mentioned at http://hacksr.blogspot.de/2012/05/ssh-unlock-with-fully-encrypted-ubuntu.html are still necessary. Given you have set up your fully encrypted Ubuntu 14.04 server and your OpenSSH infrastructure with public keys and all running, there’s just a little more:

Install dropbear, a tiny ssh server that runs before the root partition on the server is decrypted

sudo apt-get install dropbear

Installation scripts will create/copy keys. Just edit

/etc/default/dropbear

and change

NO_START=1

to

NO_START=0

to make sure, dropbear starts on boot.

I then activated the root user

sudo passwd root

and copied the keys

sudo cp /etc/dropbear/dropbear_* /etc/initramfs-tools/etc/dropbear/

sudo cp ~/.ssh/authorized_keys /etc/initramfs-tools/root/.ssh/authorized_keys

You should now be able to login via ssh into a busybox shell. In order to decrypt the root partition just one script is needed. Edit

/etc/initramfs-tools/hooks/crypt_unlock.sh

and enter

#!/bin/sh

PREREQ="dropbear"

prereqs() {
echo "$PREREQ"
}

case "$1" in
prereqs)
prereqs
exit 0
;;
esac

. "${CONFDIR}/initramfs.conf"
. /usr/share/initramfs-tools/hook-functions

if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
cat > "${DESTDIR}/bin/unlock" << EOF #!/bin/sh if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\` exit 0 fi exit 1 EOF chmod 755 "${DESTDIR}/bin/unlock" mkdir -p "${DESTDIR}/lib/unlock" cat > "${DESTDIR}/lib/unlock/plymouth" << EOF #!/bin/sh [ "\$1" == "--ping" ] && exit 1 /bin/plymouth "\$@" EOF chmod 755 "${DESTDIR}/lib/unlock/plymouth" echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd

fi

save the file and then make the script executable

sudo chmod +x /etc/initramfs-tools/hooks/crypt_unlock.sh

and update the initramfs

sudo update-initramfs -u

DONE!

After a reboot you should be able to

ssh root@serverip

and with

unlock

to boot your server.

Posted in Linux | No Comments »

mpv Video Player

February 5th, 2014

Yesterday I accidentally stumbled over the successor of MPlayer and mplayer2. mpv Video Player that is. One has to be aware of the differences between the projects but all in all I was very impressed with how it handled some of the video files I threw at it. It includes most of the improvements that mplayer2 introduced over the old and somewhat bloated Mplayer code and even brings VDPAU and VAAPI directly compiled in. However I did not compile for myself but users this https://launchpad.net/~mc3man/+archive/mpv-tests/ repository instead. It even includes the correct icon für Ubuntu’s Unity and brings a .desktop file as well.

Nice job so far!

Posted in Linux | No Comments »

XBMC 12.0 Beta 1 is out – and great!

November 17th, 2012

Read more about what’s new here. The new audio engine finally solves problems I was having with S/PDIF passthrough audio and enhances my overall user experience quite a bit.

The following information is taken from

http://wiki.xbmc.org/index.php?title=HOW-TO:Compile_XBMC_for_Linux

https://github.com/xbmc/xbmc/blob/master/docs/README.ubuntu

Here’s in a nutshell how to compile it for Ubuntu 12.10!

First remove a possible conflicting version of xbmc from Ubuntu repositories:

sudo apt-get autoremove xbmc

Install git and fetch the source code:

sudo apt-get install git
cd $HOME
git clone git://github.com/xbmc/xbmc.git

then install necessary dependencies

sudo apt-get install git-core build-essential gawk pmount libtool nasm yasm automake cmake gperf zip unzip bison libsdl-dev libsdl-image1.2-dev libsdl-gfx1.2-dev libsdl-mixer1.2-dev libfribidi-dev liblzo2-dev libfreetype6-dev libsqlite3-dev libogg-dev libasound2-dev python-sqlite libglew-dev libcurl3 libcurl4-gnutls-dev libxrandr-dev libxrender-dev libmad0-dev libogg-dev libvorbisenc2 libsmbclient-dev libmysqlclient-dev libpcre3-dev libdbus-1-dev libhal-dev libhal-storage-dev libjasper-dev libfontconfig-dev libbz2-dev libboost-dev libenca-dev libxt-dev libxmu-dev libpng-dev libjpeg-dev libpulse-dev mesa-utils libcdio-dev libsamplerate-dev libmpeg3-dev libflac-dev libiso9660-dev libass-dev libssl-dev fp-compiler gdc libmpeg2-4-dev libmicrohttpd-dev libmodplug-dev libssh-dev gettext cvs python-dev libyajl-dev libboost-thread-dev libplist-dev libusb-dev libudev-dev libtinyxml-dev libcap-dev curl swig default-jre autopoint libltdl-dev libtag1-dev

install more dependencies

sudo apt-get build-dep xbmc

finally bootstrap, configure, compile and install

cd $HOME/xbmc
./bootstrap
./configure
make
sudo make install

For further information on how to update, speedup things with ccache and more refer to the linked documents above.

 

Posted in Linux | No Comments »

Save power with PowerTOP 2.0

May 12th, 2012

In order to optimize power consumption PowerTOP can be utilized in its recent version 2.0. Ubuntu 12.04 ships with 1.97 so if you want to benefit from the latest and greatest you’ll have to compile for yourself. However this is not a big deal.

  • download PowerTOP
  • extract file and enter dir
  • sudo apt-get install build-essential checkinstall
  • ./autogen.sh
  • ./configure

    • (install everything configure complains about, then rerun configure)

  • ./make
  • sudo checkinstall

    • Posted in Uncategorized | No Comments »

    Samsung P580 backlight brightness on Ubuntu 12.04

    May 12th, 2012

    After everything else works out of the box with a fresh install of Ubuntu 12.04 I realized that brightness control via FN key doesn’t. The problem seems to be somewhere located in the Nvidia driver for GT330M and can easily be solved by adding one line to the “Device” section of /etc/X11/xorg.conf.

    Hit ALT-F2

    gksu gedit /etc/X11/xorg.conf

    add

    Option "RegistryDwords" "EnableBrightnessControl=1"

    to the “Device” section so it looks somewhat like this

    Section "Device"
    Identifier "Default Device"
    Option "NoLogo" "True"
    Option "RegistryDwords" "EnableBrightnessControl=1"
    EndSection

    save file and finally reboot or restart lightdm with

    sudo service lightdm restart

    and brightness control is back in your hands!

    Posted in Uncategorized | 1 Comment »

    wicd – iwlwifi problems solved

    May 11th, 2012

    Last week I posted about my connection problems with iwlwifi and network manager. For the duration of a week I have tested wicd as an alternative connection tool on two Intel machines and must say: no disconnections or any problems whatsoever so far! iwlwifi options can be set to N speed and no modifications other than stopping the LED from blinking are necessary.

    Posted in Uncategorized | No Comments »

    Gnome 3.4 window buttons on left side

    May 6th, 2012

    First install dconf-tools with

    sudo apt-get install dconf-tools

    start dconf-editor

    dconf-editor

    and change org > gnome > shell > overrides > button-layout to

    close,minimize,maximize:

    Done!

    Posted in Uncategorized | 1 Comment »

    Ubuntu 12.04 and ath9k

    May 5th, 2012

    Wireless is traditionally troublesome on Linux. The other day I transferred a lot of data over my wifi. After iwlwifi is finally stable for Intel devices using wicd, ath9k for Atheros wasn’t. It nearly passed out a couple of times leaving me with unusable connection speed.

    I’m still testing if the culprit is hardware encryption or maybe power saving. For now I disabled hardware encryption with

    sudo nano /etc/modprobe.d/ath9k.conf

    adding

    options ath9k nohwcrypt=1

    and rebooting.

    No further problems until now.

    Posted in Uncategorized | 10 Comments »

    Ubuntu 12.04 and VDPAU on Nvidia

    May 5th, 2012

    Although the new Unity experience is a smooth and snappy one desktop wise, video playback is a little choppy and sluggish. Even when using GPU powered VDPAU compiz is using a lot more CPU than it should and playback all in all is not enjoyable for me. Unlike earlier releases tearing is not a problem though.

    Installing Gnome Shell works much better for video. But the new 3.4 desktop feels not as good as 3.2 did. So not a real option either.

    Fortunately there is xbmc with its great media center software. For the first time available from standard Ubuntu repositories. Using it from within either Unity or Gnome suffers from the underlying desktop environments. Choosing the xbmc session from lightdm however delivers what any media enthusiast would want. Playback is smooth, CPU is very low and I’m happy again.

    Posted in Uncategorized | No Comments »

    Ubuntu 12.04 iwlwifi connection troubles

    May 4th, 2012

    I have one laptop running over night sometimes. That requires a stable wifi connection which I found out Ubuntu 12.04 with iwlwifi could not offer. Often I returned to the desktop in the morning and network-manager disconnected hours ago without establishing a new connection. So no down and uploads since then. Manually trying to reconnect doesn’t work either. One either has to switch off and on wifi or unload and reload the iwlwifi module.

    I experimented with iwlwifi options 11n_disable and swcrypto as some people on the net suggested but no luck. Wifi kept disconnecting unpredictably. Then I stumbled upon one bug addressing this misbehavior to network-manager suggesting to remove it and install wicd. That was what I did last week and had not one disconnection since then!

    sudo apt-get install wicd
    sudo apt-get remove --purge network-manager network-manager-gnome

    Caution: you will lose your network indicator and wicd will not show anywhere in Unity. Doesn’t matter to me since I monitor my network along with other information with Conky.

    Posted in Uncategorized | 4 Comments »

    « Older Entries