Sunday, August 29, 2010

My life with Ben, episode 2

I've had a serial terminal connected to my Linux box for as long as I can remember. My brother worked for a company that was phasing them out at the time, I told him I wanted one (I was always a sucker for useless hardware) so I got one for free. It sat on my dinner table for years and then I switched to Linux. Hooking it up was (and is) quite easy. You simply put this entry in your inittab:
S0:12345:respawn:/sbin/agetty -L 38400 ttyS1 wy60-25

And make an entry in /etc/securetty. Done. Then I log in and enter:
tail -f /var/log/messages

This may seem trivial, but it has saved my life numerous times, e.g.
  • .. when X becomes unresponsive because a runaway program is eating up my swap space;
  • .. when X crashes for some reason and locks up my terminal;
  • .. when my harddisk is starting to give up and throws all kinds of messages all over the place.
Once I was able to quickly make a backup, losing only a few trivial files. After a reboot the disk was gone forever.

Unfortunately, my old Wyse 25 is slowly giving up. All of a sudden horizontal or vertical bars strike out all the characters on screen and only a sharp tap on the left side of the terminal helps - sometimes. I have been looking for a replacement, but even on eBay they're scarce. Wyse has stopped producing them altogether.



The closest thing you can get are thin clients. Although they're not too expensive they're a hell to setup properly. Note I'm not a network expert and I really don't need a GUI. All I need is a bunch of scrolling /var/log/messages and an occasional [CTRL]-C halt[ENTER]. In other words, a thin client: that's overkill.

Then I got my Ben Nanonote. The Ben features a serial port, but unfortunately you need to solder your way into that. That's a tall order from a guy who can't even properly glue the poor things feet back on without making the device an inseparable part of his body. But the Ben also features an Ethernet-over-USB gadget. I could use that one to connect it to my OpenSuSE machine.

Ok, it probably can be done, but I got two problems here. One, I don't know much about networking. Two, I'm paranoid where security is concerned. I saw sshd was running, so I tried to login.
ssh root@192.168.254.100

Surprise, it didn't work. A quick look at dmesg showed me why:
SFW2-INext-DROP-DEFLT IN=usb0 OUT= MAC=xxxx SRC=192.168.254.101 DST=192.168.254.100 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27103 DF PROTO=TCP SPT=49762 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (yyyy)

It was killed by the firewall before it even got there. I never like fiddling around with my machine - especially when I barely know what I'm doing - but I gave it a try. I started YaST, selected "Security and Users" and then "Firewall". Then I selected "Interfaces" and placed "usb0" in the DMZ.



Now I had to allow Ben to use ssh. I selected "Allowed services" and then "Secure Shell Server".



Finally, it was time to wrap it all up and try again. I finalized the configuration and was presented with a screen, showing all my changes.



When I tried to login, it still didn't work, but at least I got through.
SFW2-INdmz-ACC-TCP IN=usb0 OUT= MAC=xxxx SRC=192.168.254.101 DST=192.168.254.100 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=460 DF PROTO=TCP SPT=49763 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (yyyy)

Finally, I turned to /etc/ssh/sshd_config and changed a few settings. Now, this was dangerous territory..
Port 22
AddressFamily any
ListenAddress 192.168.254.101

Then I restarted ssh.
/etc/init.d/sshd restart

But all I got was:
bind: Cannot assign requested address

Duh? Ok, to cut this story short: I went from 192.168.254.101 all through 192.0.0.0, but all with the same result. Finally, 0.0.0.0 worked. Don't ask me why..

I went to Gibson Research Center to test the outside defenses. All ports still on stealth. Fine. I know my ADSL modem has a firewall too, but you can never be too sure..

So, this is how my Ben Nanonote became a console. If my Wyse 25 finally goes to that big computer center in the sky, the only thing I have to do is to order another Ben Nanonote and hook it up.



Sure, there are still a few things left to figure out. Sometimes I have to go through the entire firewall dialog, because it seems to have "forgotten" all about the DMZ. The connection with the Ben is not set up automatically at startup and finally, a professional would have made a far more better job of setting up the entire configuration. But it works! And that's good. I hate repairing filesystems.

1 comment:

turn.self.off said...

one would have thought that it should be possible to do a serial terminal over a usb to usb connection.