Samstag, 1. März 2014

Raspberry Pi backup and restore on Linux

Backup your Raspberry pi on (insert distro here)

Just 2 commands are needed for a fast and easy backup of your precious sd card.
Do it every once in a while and more importantly before huge changes.

Backup:

 sudo dd bs=4M if=/dev/mmcblk0 | gzip > /home/yourusername/yourbackupdircetory/image`date +%d%m%y`.gz  

Restore:

 sudo gzip -dc /home/yourusername/yourbackupdircetory/image `yourneededdate`.gz | sudo dd bs=4M of=/dev/mmcblk0  

Thats it.

Even better SSH-keypair security with Linux


How to protect your private keys:

Falls ihr dieses Tutorial auf deutsch braucht. Einfach einen Kommentar hinterlassen oder mich anschreiben.

Previously I showed you how to generate your own SSH-Keypair and how to use it with Putty. Since I switched to Ubuntu, i can show you how to make it even easier. Generate your ssh-keypair and push it up to your server or your rpi.

You could also generate the keypair on your server, but it seems more convenient to do it on your own.

It is pretty easy, just open up a terminal and here you go:

  • Create the folder:
 mkdir ~/.ssh  
 chmod 700 ~/.ssh  

  • Create the keypair
 ssh-keygen -t rsa -b 4096 -f .ssh/id_rsa -C pi@raspberry   
 umask 0077  

-C is the Comment for the keyfile
-b is the bitlength of the key. I advise you to use 4096, because 1024 is already not safe anymore
-t is the type of the keyfile. We use rsa.
-f is the output_file you can name it as you want, but be aware, that ssh always searches for the name id_rsa

Now type in a password if you want to, but we will not be using this standard procedure. So just leave it be.

Next we will be encrypting our private key, and overwriting the old file with it.


 openssl pkcs8 -topk8 -v2 des3 -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa.new && mv ~/.ssh/id_rsa.new ~/.ssh/id_rsa  
 Enter Encryption Password:  
 Verifying - Enter Encryption Password:  

Just follow your orders and enter a good, and long password.

It maybe not work in every Program, but even the standard ssh command knows the PKCS#8 encryption we are using.

Execute these commands on a for you suitable manner.

 ssh-copy-id -i ~/.ssh/id_rsa.pub remote_host  
  sudo chmod 700 ~/.ssh    
  sudo chmod 600 ~/.ssh/authorized_keys    
  ssh-add /path/to/file your private key  

replace remote_host with your host dyndns-adress, or ipadress.
set the permissions right and dont forget to add the private keyfile.



On your Remote host do these changes:

  sudo chmod 700 ~/.ssh    
  sudo chmod 600 ~/.ssh/authorized_keys 
 sudo nano /etc/ssh/sshd_config   
  change  
  #AuthorizedKeysFile %h/.ssh/authorized_keys   
  to  
  AuthorizedKeysFile %h/.ssh/authorized_keys 
  sudo service ssh restart  

Now try to login with your new ssh private keyfile.

 ssh username@hostadress  

If it works great, if not, you need to troubleshoot somethings.

And if it worked you also need to change this:

  sudo nano /etc/ssh/sshd_config   
  from  
  PasswordAuthentication yes    
 to  
  PasswordAuthentication no   
 and from  
 PermitRootLogin yes  
 to  
 PermitRootLogin no  

And now you are ready to go for it:

 ssh username@hostadress  

Have fun

Montag, 23. September 2013

Xposed Framework und vom NFC Tag entfernen Funktionen aktivieren

Zuerst einmal braucht man das Xposed Framework. Hier im XDA-Thread gibt es dazu mehr.

Was macht das Xposed Framework?

Nun zuerst einmal kann man es ab Android  4.0.3 installieren (es gibt auch eine experimentelle Version für vorherige Android versionen).
Es bietet den Vorteil, dass man an seinem Android Gerät etwas verändern kann, ohne extra eine Custom Rom zu installieren, oder eine app zu ersetzen. Es kann auf die elementarsten Dinge zugreifen, z.B. gibt es ein XPrivacy Plugin, um Apps keinen zugreif auf die eigenen Informationen zu geben oder aber einfache Dinge, wie die Möglichkeit keine Warnung beim erhöhen der Kopfhörerlautstärke zu bekommen.(sehr hilfreich)

Braucht das Xposed Framework root?

Ja.

Ist root schlecht für mich?

Nein.
Dank root kann man Apps wie AdAway nutzen. Einen Adblocker, der einfache Regeln für Ads festlegt, sodass diese gar nicht erst geladen werden.(klappt nicht zu 100% jedoch zu knapp 95% der Fälle die ich hatte)
Was bringt mir Root noch? Die Möglichkeit einfache Backups mittels TitaniumBackup oder anderem zu erstellen. Man kann Greenify nutzen und damit Ram sparen. USB-OTG support nachreichen. Tasker nutzen und viele Dinge automatisieren. z.B. in Verbindung mit der Secure Settings App das Lockscreen passwort Zuhause deaktivieren und unterwegs wieder aktivieren und vieles mehr.
Man muss sich root einfach wie den Administrator account unter Windows vorstellen. Man kann damit alles installieren und deinstallieren, jedoch wenn man nicht aufpasst das falsche tun. Nutze root mit bedacht, aber habe keine Angst es zu nutzen wofür es nötig ist.

Download + Installation

Der Download ist im XDA-Developers Thread zu finden, mit vielen Informationen, Warnungen und anderen Hinweisen. 
Oder aber hier die neueste Version: http://dl.xposed.info/latest.apk

Herunterladen und installieren. Root vorrausgesetzt.
Das ganze sieht dann in etwa so aus:

Einfach auf Framework klicken und diesen Bildschirm bekommen, auf dem nur noch Install/Update gedrückt wird.

Nun sagt einem die App dass man einmal Neustarten soll. Also machen wir das Soft reboot und Reboot spielen hier beide keine Rolle, klicke also was du willst, wobei Soft reboot schneller ist.


Nun können wir theoretisch bei Download schauen und gucken welche Module daherkommen, ohne das wir eine externe App installieren müssen. Herunterladen unter Modules noch ein Häckchen setzen und wieder neustarten.


Meine bisher aktivierten Module


NFC Tags: Aktion ausführen beim entfernen vom Tag

(beispiel solange es auf dem Auto Tag Maps und Spotify öffnen, sowie GPS aktivieren, beim entfernen, diese Apps wieder schließen, und GPS deaktivieren)
Die notwendige APK findet man in diesem Thread

Herunterladen, installieren und beim Xposed Framework aktivieren. Man kann nun lange auf NFC LockScreenOff Enabler klicken und bekommt einen Einstellungsdialog.
Nun ein letzter Reboot eh voila es ist vollbracht.

Damit das ganze auch von NFC Apps genutzt wird kann man eine Modifizierte Version von AnyTag nutzen oder aber ReTag installieren, welches in der letzten version Support hierfür bekam.

In der ReTag app noch Tag Lost! aktivieren

Viel Spaß beim Taggen.

Montag, 2. September 2013

How to control your RPi with Tasker

How to control your RPi with Tasker

A Good Question indeed.
You could have this scenario:
You own your Raspberry Pi. You have connected it to something. Maybe a wireless powerplug, or a garage door, or "insert your scenario here".
But you want to do it on the go, and you want to do it from everywhere.

Depending on your Scenario, you could try to make a Webserver and configure it how you wish to, but not everybody knows how to do that, and even if you know, you need to work on your security and all these nasty things. 
And all just because you would want to send 2 sudo commands. Lights on and Lights off.

So what could you do.

Set up your own ssh server with key authentication: click here 
You don't even need to root your Phone for this, but i recommend it. 

Just go in Tasker to create new Task - Give it a name - click on the Plus - click on Plugin - click on SSH Command - click on Configuration

Now you are good to go.
Type in your Server settings, you can use a password or a keyfile, and on top of it you can type the command you would want.

 sudo apt-get update && sudo apt-get dist-upgrade -y  

And after this just create a homescreen widget or let the task always perform, when you leave your home, or go to work, or open your music app, or whatever else comes to your mind.


At the moment the developer only supports only one server in his plugin. But it is coming for sure. Check out his Website: http://aledthomas.com/

Support your Devs.

Samstag, 1. Juni 2013

SSH RSA and PUTTY

How to connect via ssh and rsa key

The first time I used Puttygen to generate my keys. But somehow i failed with copying my key through my open ssh session into the authorized_keys file. Everything seemed to work well. I had the right permissions and everything looked good. But... it didn't work. I just got a whole day of "Server refused our key".
Finally it worked.
I gonna show you how.

First things first. Don't use puttygen to generate your key. Use your pi.

Create your own ssh folder and navigate into it.

 mkdir ~/.ssh  
 cd ~/.ssh  

Now generate your Key. I use RSA 4096 bit keys. You may use which you please, but 1024 is/was considered as unsafe. While generating just press enter and enter your password as you please.

 ssh-keygen -t rsa -b 4096  
 mv id_rsa.pub authorized_keys
 mv id_rsa ~/privatekey  

Rename the files and move them. WinScp will be used to download the privatekey file.

Now change the rights of the .ssh folder and key file. And authorize the use of the private key.

 sudo chmod 700 ~/.ssh   
 sudo chmod 600 ~/.ssh/authorized_keys   

 sudo nano /etc/ssh/sshd_config  
 von:  
 #AuthorizedKeysFile  %h/.ssh/authorized_keys  
 auf:  
 AuthorizedKeysFile  %h/.ssh/authorized_keys   

Now connect via WinScp or something else and download the privatekey file.
Save it and open it with puttygen. Now you can generate a Putty-useable private-key.ppk file.

Check if it works.Connect with Putty and your ppk file, use your new hostname you made in the last tutorial and enter your username,( and maybe your keyfile password) eh voila.

As far as i know i don't get the Server refused our key message, but if you do, something went wrong. If I made a mistake, tell me.

As last line of defense remove the permission to authenticate via Password:

 sudo nano /etc/ssh/sshd_config  
 von:  
 PasswordAuthentication yes   
 auf:  
 PasswordAuthentication no  

It is also advised to remove root login permission and other things. Search around and tell me what you did.

DynDns and ddclient with dtdns and dns-o-matic

How is it possible to access your PI when not at home?

DynDNS

So i started looking for a DynDns Solution for me. Sadly my Home Router doesn't Support anything else than dyndns.org. But your pi does.
So after looking around I found www.dtdns.com

It works great, and if you pay a one time fee at dtdns.com you can also use mx-records, for hosting your own mail-server or redirecting the mails to outlook.de for example.

I could'nt find a decent working solution with ddclient or other scripts for dtdns. They have some on the webpage, but it was to hard for me to understand and didn't work.

I found dns-o-matic.

Easy to use. Just need to register and put in your hostnames, as many as you want. You can specify which you want to update and it does it automatically for you.
So no more hassle with dtdns and more fun with ddlcient.

First things first.

 sudo apt-get install ddclient  

Fill in any gibberish on information it is not necessary, as we will configure the config file itself.

 sudo nano /etc/default/ddclient  

Set it to

 run_daemon=”true”  

Now the edit the config file.


 sudo nano /etc/ddclient.conf  

 daemon=300 # check every 300 seconds  
 pid=/var/run/ddclient.pid  
 ssl=yes  
 ## DNS-O-Matic account-configuration  
 use=web, web=myip.dnsomatic.com server=updates.dnsomatic.com  
 protocol=dyndns2  
 login=yourdnsomaticname  
 password='yourdnsomaticpassword''  
 all.dnsomatic.com  

Fill in your name and password. You can even specify, which hostname you want to update, the information stands in the wiki. You fill in something different for all.dnsomatic.com.

Finally restart the daemon:

 sudo ddclient



Donnerstag, 16. Mai 2013

Cloud Storage the easy way

This is for everybody who wants to support me:
Click here to get 15 GB
I just found out about Copy. They even offer 15gb for free. And for Every referral you dont get just 500mb but whole 5gb. In just 5 minutes i got 25 gb.
Now i am waiting for more.