Introduction
These are my notes on installing and configuring fun_plug (0.7) on D-Link DNS-315 (NAS). If you come across anything that doesn't come across clear please leave a comment and I shall attempt to add more explanation.
For me the primary motive for installing fun_plug was to enable SSH. This allows me to mount directories on my NAS onto my laptop / desktop
Resources
Pre-requisites
Remote Backup
Please ensure that the internal “Remote Backup” Services is deactivated. This server is shipped with newer NAS like the DNS-320/DNS-320L/DNS-325/DNS-345 and conflicts with the SSH-Server of the fun_plug.
Installation and configuration
Overview of Installation steps
- Follow the steps here. Download ARM version of fun_plug.tgz and copy the 2 files to root of drive
- Fix script issues
- change permissions of script - executable (on Linux)
- the HDD mount point is /mnt/HD/HD_a2
- Reboot
- fun_plug script should run and install fun_plug
- change root password - described here
- Apply the steps described in the post-install fixes section
- activate services by chmod a+x the respective scripts
- For instance, to enable ssh daemon, type chmod a+x /ffp/startup/sshd.sh
- [if you wish to use SSH] See the section on SSH Configuration for additional configuration
Post install fixes
permission issues
There appears to be a problem with file permissions – after reboot most of them are reset to 777 and that upsets sshd and also prevents choosing the startup scripts.
To address this, modify /ffp/etc/fun_plug.init
I added to /ffp/etc/fun_plug.init the following line, just before the section dedicated to enable/disable services:
/ffp/etc/fun_plug.init
chmod 600 /ffp/etc/ssh/ssh_host_*
chmod 755 /ffp/var/lib/sshd
|
fixes for sshd.sh
* I also changed a line in /ffp/start/sshd.sh to correctly check for the /ffp/etc/ssh/ssh_host_ecdsa_key file.
It appears this error may be to a invalid reference to the ssh file in /ffp/start/sshd.sh script.
/ffp/start/sshd.sh
The original script reads:
if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
/ffp/bin/ssh-keygen -t ecdsa -f /ffp/etc/ssh/ssh_host_ecdsa_key -N ''
fi
I believe it should read:
if [ ! -f /ffp/etc/ssh/ssh_host_ecdsa_key ]; then
/ffp/bin/ssh-keygen -t ecdsa -f /ffp/etc/ssh/ssh_host_ecdsa_key -N ''
fi
#!/ffp/bin/sh
|
Set up rsync option.
@see troubleshooting section
Adding users
added user using the web interface
Configuring User Home directories
usermod -s /ffp/bin/sh mochapenguin
mkdir -p /ffp/home/mochapenguin/
sed -ie 's#:/usr/share/ftp/mochapenguin:#:/ffp/home/mochapenguin:#g' /etc/passwd
pwconv
usermod -d /ffp/home/mochapenguin/ mochapenguin
store-passwd.sh [saves changes to disk]
<<worked>>
permissions of the user and user .ssh folder at boot
[after users have been created]
Create a script to put back the permissions of the user and user .ssh folder at boot
log in as root (did it using a telnet session)
touch /ffp/etc/fun_plug.local
/ffp/etc/fun_plug.local
#!/ffp/bin/sh
chmod 700 /ffp/home/mochapenguin
chmod 600 /ffp/home/mochapenguin/.ssh/*
chmod 700 /ffp/home/mochapenguin/.ssh
|
SSH Configuration
Using certificates
Concept -
http://nas-tweaks.net/53/private-public-key-authentication-with-openssh-in-ffp/
Changing the home of the user
By default, the home directory of the user ”root” is set to /home, which is located in the internal flash-memory. This memory is deleted every time the device is rebooted. Thus the home-directory of the each user should be moved to be a sub-directory of ffp.
mkdir -p /ffp/home/root/ usermod -d /ffp/home/root/ root store-passwd.sh
|
You need to repeat the last two steps every time your firmware gets upgraded.
Generating the keypair
mkdir /ffp/home/root/.ssh
cd /ffp/home/root/.ssh
There are now two choices for the key. You can either have a password (which can automatically be entered by ssh-agent or PuttY Pageant) or no password. Both ways are described below and will generate two files named keypair and keypair.pub which contain the private and public key needed for the authentication:
Adding public key
create .ssh folder in /ffp/home/mochapenguin as user
mochapenguin
change permission of directory to 700
copy pub file to .ssh folder
set chmod to 600
Activating authorized_keys in SSH
Open /ffp/etc/ssh/sshd_config and search for the following line:
#PubkeyAuthentication yes
And remove the comment:
PubkeyAuthentication yes
Moving the generated keys to authorized_keys
touch authorized_keys
chmod 600 authorized_keys
cat keypair.pub >> authorized_keys
restart SSH
root@DNS-315:~# sh /mnt/HD/HD_a2/ffp/start/sshd.sh restart
Log output
Here is the fun_plug startup log from DNS-315. There are a couple of things I am not happy about. But they are not show stoppers anyway. I shall be looking into them as soon as I get time. Any suggestions in the meantime are welcome.
ffp.log
**** fun_plug script for DNS-323 (2008-08-11 tp@fonz.de) **** **** fun_plug script modded by Uli (2012-02-21 ffp@wolf-u.li) **** Sat Sep 14 01:35:28 BST 2013 ln -snf /mnt/HD/HD_a2/ffp /ffp * Running /ffp/etc/fun_plug.init ... * Running /ffp/etc/fun_plug.local ... * Running /ffp/etc/rc ... * /ffp/start/SERVERS.sh ... * /ffp/start/portmap.sh ... Starting /ffp/sbin/rpc.portmap * /ffp/start/nfsd.sh ... Mounting /proc/fs/nfsd ... WARNING: rpc.portmap: Already running <== How do I turn off rpc portmap? Starting /ffp/sbin/rpc.statd Starting /ffp/sbin/rpc.nfsd 8 rpc.nfsd: unable to resolve ANYADDR:nfs to inet address: Servname not supported for ai_socktype <= WTF? rpc.nfsd: unable to set any sockets for nfsd Starting /ffp/sbin/rpc.mountd * /ffp/start/LOGIN.sh ... * /ffp/start/telnetd.sh ... Starting /ffp/sbin/telnetd -l /ffp/bin/sh * /ffp/start/sshd.sh ... Starting /ffp/sbin/sshd * /ffp/start/rsyncd.sh ... Error: Missing config file /ffp/etc/rsyncd.conf * /ffp/start/kickwebs.sh ... Kicking webs ... webs: no process found * /ffp/start/lighttpd.sh ... <= Should I turn this off for now? How? /ffp/etc/lighttpd.conf: Required file not found or not readable * /ffp/start/inetd.sh ... /ffp/etc/inetd.conf: Required file not found or not readable * /ffp/start/fp_master.sh ... Starting /ffp/sbin/fp.master Ready.
|
Troubleshooting