This document briefly describes how to install NFS on your buffalo device, along with how to get remote root access, via SSH.
There are two systems involved here:
- My desktop system - which will mount the exports.
192.168.1.160
- The NAS device itself.
192.168.1.4
To get root on the device you can use the bundled acp_commander.jar
command - of course you'll need a Java installation to do that.
Using acp_commander.jar
you can execute arbitrary commands on the NAS, as root
, you just need to know the IP address of your NAS and the password for the admin
user.
Add your details to the nas script, then execute it like so:
Using random connID value = 83E20F6293D2
Using MAC: 106f3fe44e46
Using target: 192.168.1.4/192.168.1.4
Starting authentication procedure...
Sending Discover packet...
Found: kinton (/192.168.1.4) LS-WXL(KEITAI) (ID=00486) mac: 10:6F:3F:E4:4E:46 Firmware= 1.740 Key=2DFEBB60
Trying to authenticate EnOneCmd... ACP_STATE_OK
Trying to authenticate with admin password... ACP_STATE_OK
> uptime
21:25:59 up 2 min, load average: 1.28, 0.77, 0.30
Changeing IP: ACP_STATE_PASSWORD_ERROR
Please note, that the current support for the change of the IP is currently very rudimentary.
The IP has been set to the given, fixed IP. However DNS and gateway have not been set. Use the WebGUI to make appropriate settings.
Although in the end it fails, the command was able to run successfully. You can now examine the get-root script which will run a couple of commands:
- root.sh
- Change the
root
password tossh.pass
.- NOTE: This is the password you'll use for SSH, the
admin
webui login will remain unchanged.
- NOTE: This is the password you'll use for SSH, the
- Enable SFTP/SSH support.
- Stop & start the
sshd
server
- Change the
Once you have root you can login to your NAS via SSH and run commands interactively, as you'd expect:
$ ssh -o PreferredAuthentications=password -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
[email protected]'s password:
REMEMBER: The
root.sh
script will have set the ssh-password to bessh.pass
.
NOTE: The
PreferredAuthentications
option is needed to prevent keyboard-interactive authentication.
[root@kinton ~]# uptime
21:35:37 up 12 min, load average: 0.16, 0.29, 0.28
[root@kinton ~]# free
total used free shared buffers
Mem: 117560 96772 20788 0 5424
Swap: 1000432 500 999932
Total: 1117992 97272 1020720
[root@kinton ~]# uname -r
3.3.4-88f6281
[root@kinton ~]# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid6] [raid5] [raid4]
md2 : active raid1 sda6[0] sdb6[1]
1938311340 blocks super 1.2 [2/2] [UU]
md1 : active raid1 sda2[0] sdb2[1]
4999156 blocks super 1.2 [2/2] [UU]
md10 : active raid1 sda5[0] sdb5[1]
1000436 blocks super 1.2 [2/2] [UU]
md0 : active raid1 sda1[0] sdb1[1]
1000384 blocks [2/2] [UU]
unused devices: <none>
Check in /etc/sshd_config
that exists only one parameter PermitRootLogin
:
[root@kinton ~]# cat /etc/sshd_config | grep PermitRootLogin
In case exists two parameters, only keep PermitRootLogin yes
.
Check if dns is configured:
[root@kinton ~]# cat /etc/resolf.conf
If is empty, fill with dns servers, for example with OpenDNS:
[root@kinton ~]# cat /etc/resolf.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
Check date/time is correct:
[root@kinton ~]# date
Sat Dec 26 21:51:15 CET 2020
If it's not correct, update with:
[root@kinton ~]# ntpdate -s -b ntp.jst.mfeed.ad.jp
Install ipkg
like so:
cd /tmp
wget http://ipkg.nslu2-linux.org/feeds/optware/cs05q3armel/cross/stable/lspro-bootstrap_1.2-7_arm.xsh
sh ./lspro-bootstrap_1.2-7_arm.xsh
NOTE: If this site disappears you can look at the
archive/
directory in this repository.
The .xsh
script will boosttrap the system, by unpackaging a binary-archive embedded within itself, and then executing it.
To view the contents of the archive you can run this:
# dd if=lspro-bootstrap_1.2-7_arm.xsh bs=201 skip=1 2>/dev/null| tar xz
bootstrap/
bootstrap/bootstrap.sh
bootstrap/ipkg-opt.ipk
bootstrap/ipkg.sh
bootstrap/optware-bootstrap.ipk
bootstrap/wget.ipk
NOTE: Use
.. | tar xf
if you wish to unpack locally and read what will be executed.
When ./bootstrap/bootstrap.sh
is executed it will install the two bundled .ipkg
files (giving ipkg
itself, and wget
which is used to download packages), and configure ipkg
.
Once installed, configure variable REAL_OPT_DIR
in /etc/init.d/rc.optware
script with persistent directory created with ipkg installation, in my case /mnt/array1/.optware
:
[root@kinton ~]# cat /etc/init.d/rc.optware
#! /bin/sh
if test -z "${REAL_OPT_DIR}"; then
# next line to be replaced according to OPTWARE_TARGET
REAL_OPT_DIR=/mnt/array1/.optware
fi
....
Once you have ipkg
, the package-manager, installed you can install things via:
# ipkg update
# ipkg install $name
To get the (user-space) NFS-server you'll run:
# ipkg update
# ipkg install unfs3
To configure your exports you need to edit the configuration file
/opt/etc/exports
. My example is this:
/mnt/array1/backup 192.168.1.2(rw,sync,anonuid=1001,anongid=100)
/mnt/array1/shared 192.168.1.2(rw,sync,anonuid=1001,anongid=100)
Once that file has been updated you'll need to restart NFS:
/opt/etc/init.d/S56unfsd stop
/opt/etc/init.d/S56unfsd start
NOTE: We're explicitly installing the user-space NFS server here. My first attempt involved using the kernel-mode NFS server, via a third-party repository. This failed to boot, effectively bricking the device neatly. Recovering from that was a real pain, and something I have no wish to repeat! (You need a third-party kernel because the default kernel contains zero NFS-modules. Also doesn't contain a kernel
.config
file either.) NOTE2: Instead of unfsd3 you can install nfs-server, the main difference is that nfs-server implements NFS protocol version 2 which has a limitation to manage files until 2GB. The unfsd3 implements NFS protocol version 3.
If NFS service is not started automatically when boots, add a last sleep line in /opt/etc/init.d/S56unfsd
:
root@kinton:/# cat /opt/etc/init.d/S56unfsd
#!/bin/sh
if [ -n "`pidof unfsd`" ] ; then
killall unfsd 2>/dev/null
fi
sleep 2
/opt/sbin/unfsd -e /opt/etc/exports
# If you no wait, the processes die
sleep 5
From a local system in your LAN, with IP 192.168.1.160
, you should now
be able to list those exports:
[email protected]:~# showmount -e 192.168.1.4
Export list for 192.168.1.4:
/mnt/array1/shared 192.168.1.2
/mnt/array1/backup 192.168.1.2
This is what I did to mount the shares on 192.168.1.2:
mkdir /mnt/shared
mount -t nfs 192.168.1.4:/mnt/array1/shared /mnt/shared
mkdir /mnt/backup
mount -t nfs 192.168.1.4:/mnt/array1/backup /mnt/backup
All done.