Chuck's Blog

For anyone who doesn’t already know: a ssh client for BlackBerrys (BlackBerries?) is available for free. It’s called BBSSH, and is currently under pretty active development. Being the administrator I am I downloaded and installed it on my Storm2, but noticed one funky thing: it refused to go into portrait mode, or even hide the keyboard. Also it had a weird border around it.

I’m new to these phones, so I very confused until I did my research. Turns out all you have to do to fix this behavior is to go into Options->Applications, select BBSSH, open the menu, and click “Disable compatibility mode.” Once this is done things behave as expected.

I just unlocked one of these Samsung Hype‘s today, and for anyone who is wondering how hopefully this helps you out.

First, go on eBay and get unlocking codes for your specific phone. Just search for “Samsung Hype unlock” and you’ll get the results you need. The vendor will require your IMEI, which is located under the battery in your phone. Giving them this and the model name of your phone (which is SGH-a256,) and  they will send back a 10 digit code you need to unlock your phone. This will only work on your phone because unlock codes are tied to IMEI’s.

Second, put in an unrecognized SIM card. For example, if your on Rogers you could use a card from T-Mobile. Then power up your phone and select the option for unlocking the phone, and enter your 10 digit code. If you entered it correctly than congrats, your done and should be able to use your phone with the foreign SIM card. No funny numbers need to be dialed here unlike most phones — which is exactly what confused me.

If your not willing to go on eBay and purchase an unlocking code than unfortunately your out of luck. I spent hours trying to find another way, and I can tell you there just isn’t one. It’s only about 5$ USD for the code though, so it’s not a wallet breaker.

The most secure you can get a box from a login point of view involves three authentication methods: Something you have, something you know, and something about you.

So to secure my laptop a little more I decided to implement the “something you have” method. The “something you know” method is obviously the password. Currently I don’t see the need or have the ability to easily add the “something about you” method, but maybe in the future.

Obviously I always have a USB flash drive on me, being a computer geek. Thus I decided to use pam-usb, which allows me to use a USB flash drive as an authentication method.

First, install the following two packages:

apt-get install pamusb-tools libpam-usb pmount

Then plug in your flash drive and run:

pamusb-conf --add-device <name>

Where <name> is whatever you like. You will then be asked to select your storage device. Select the desired drive and afterward:

pamusb-conf --add-user <account>

Account is whatever account you want to use the flash drive for. When asked for a device just select the one you previously configured. If you only configured one device than it will be selected by default.

Finally confirm you can authenticate properly. The flash drive must be plugged in for this step!

pamusb-check <account>

If you are told that the authentication succeeded congrats! Else, check your configuration again.

The final step to complete is to change everything in /etc/pam.d/gdm so that it now says:

#%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth    optional        pam_gnome_keyring.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required        pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional        pam_gnome_keyring.so auto_start
@include common-password
auth required pam_usb.so fs=fat check_device=-1 check_if_mounted=-1

Then just restart GDM or restart your computer. After that try to login without your flash drive inserted. It should simply fail. Afterwards try plugging in the flash drive, waiting a few seconds, and trying again. This time the login should succeed. Note the above setup is for using both a password and flash drive, not just a flash drive.

One time passwords are a very effective way to connect to an SSH server from an untrusted computer. Consider the following scenario I deal with almost daily.

The computers where I take classes are owned by a governmental organization. Sounds secure, right? Not really. Quite often other students will mess with the computers as they see fit. Plus, installing a keylogger is trivial, since the computers are Mac Minis running Windows Vista laid out on top of a desk, right next to their respective monitor.

Usually I would simply steal the network cable from a Mac Mini for my session on my secured laptop and plug it back in after, but unfortunately this behavior is forbidden by the administration. The biggest problem is not this, but that I need to get access to my remote server to copy a file off. And it cannot wait.

So, I simply fixed the problem by following this how-to and installing putty onto a removable medium, and using my laptop to generate the one time passwords. The linked guide isn’t to hard to follow, so I won’t bother creating my own version of it. However, I did notice some interesting things that could be done with the opie-client and opie-server packages that I plan to blog about later.

If you have any problems with following the how-to I linked to just post a comment here with your problem. I’ll do my best to help.

We’ve all done it. Plug in a password, think we’ll remember it a month from now, and have our memory betray us. With most Linux distros you can just pop in a livecd and change the password, providing you did not use some sort of full disk encryption, but for Windows Vista and Windows 7 things can get more complicated.

You can purchase the Microsoft solutions to this problem, but if you’re like me you would prefer a free solution. SystemRescueCd is this solution.

Just burn the cd, boot from it (type rescuecd at the boot prompt) and wait. When you get a shell prompt just follow its instructions to mount your windows partition, and enter the system32 directoryand look for a file named “SAM”. Once you’ve found it just type chntpw -u <user> /path/to/SAM and follow its instructions. Reboot cleanly, and voila.

One thing I have noticed though is that sometimes chntpw cannot change Vista passwords. If this is the case for you just set the password blank, log in under windows, and change it there.