SSH Access to OpenWRT without a Password

OpenWRT is an open source router firmware that can be installed on most consumer WiFi routers for increased security, functionality, and performance.

One way to configure OpenWRT is through a web interface.  The other, more powerful, way to configure it is through SSH.  OpenWRT comes with dropbear for SSH.  Dropbear is a optimized, reduced functionality, SSH server.  So, the typical methodology of creating public/private key pairs for authentication does not always work.  Here is what I have found to work:

  1. Assume that the OpenWRT router has an assigned IP address of 192.168.1.1
  2. In Cygwin, or in a Linux terminal, run the following commands:
    • ssh-keygen
    • ssh-copy-id -i root@192.168.1.1

The first command creates a 2048 RSA key, which is the strength recommended by NIST for RSA.  To login without a password, just choose the defaults by pressing enter at each prompt.  The second command copies the public key to the OpenWRT router.  Now, log in to the OpenWRT router with SSH:

ssh root@192.168.1.1

You will be prompted for a password.  Use the password that you set up for the OpenWRT web interface.

Once logged into the router, execute the following command:

cp /root/.ssh/authorized_keys /etc/dropbear/authorized_keys

This will copy the public key to the location expected by dropbear.  This has to be done because ssh-keygen puts the key in the directory expected by openssh, not dropbear.

Now, exit from the router:

exit

Back that the Cygwin or Linux terminal, try logging into the OpenWRT router again with SSH:

ssh root@192.168.1.1

This time, you should be able to get in without a password.

Finally, use the OpenWRT GUI (under System->Administration) to turn off SSH password authentication and disallow the root user to login with a password.  Test to verify password authentication is turned off by typing the following in Cygwin or a Linux terminal:

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no root@192.168.1.1

You should get an error that says root@192.168.1.1: Permission denied (publickey).

Two things to note:

  1. Unfortunately, OpenWRT makes it difficult to create anything but a root user.  There are ways to do so, however.  Google it.
  2. I tried generating RSA keys larger than 2048 bits.  However, they did not seem to work with dropbear.

Remote Desktop for Raspberry Pi

To access your Raspberry Pi through remote desktop, type the following commands at the Raspberry Pi terminal prompt:

sudo apt-get install tightvncserver

When installation of tightvncserver is complete, execute this command:

sudo apt-get install xrdp

When this is complete, the Pi should be running a remote desktop server.  To access the Pi on Windows, choose “Remote Desktop Connection” from the start menu.  The remote desktop client will appear and ask you for the IP address of the Pi.  My Pi is at 10.0.0.129.

Hit Connect.

A login screen will appear and ask for your username and password.  The default username for the Pi is “pi”  — and the default password is “raspberry”

Congratulations!  The Raspberry Pi’s desktop should appear.  Now, you can access the Pi from anywhere on your network and there is no need to lug around a monitor, keyboard, mouse, cables, etc.

 

Browser Add-ons — Read Terms and Conditions

I found this wonderful sounding add-on to Chrome this morning. It lets you select one or more Gmail emails to convert to PDF. Then, you can download the PDF or put it on Google Drive. I was quite excited and downloaded the add-on.
 
When I installed it, I learned that I have to create a CloudHQ account and give CloudHQ permissions to have read-only access to my emails.
 
No. Just no.
 
Always read Terms and Conditions when installing anything on your computer. The more companies that have access to your information, the more likely you will become a victim to a data breach and identity theft.
 

Cost of Goods (COGS) – or Cost of Sales

The terms Cost of Goods Sold (COGS), Cost of Sales, and Cost of Revenue are synonymous.  They describe the direct costs of producing a good or service that is sold to customers.   In this post, let’s just refer to this as COGS.

Direct costs include direct labor and materials, and facility or plant overhead that is directly tied to producing the good or service.  For example, the salary of a person assembling a television would be a direct cost.  Extra electricity used to run a machine used only to produce the good or service would also be included.

But, the salary of the janitor at a plant that makes televisions, phones, and alarm clocks would be an indirect cost.   The reason is that the cost of the janitor does not increase or decrease as a result of making more or less televisions.  The amount of floor space to sweep in the facility is the same regardless of the number of televisions produced (within reason.)  The janitor’s salary is an example of SG&A costs.  SG&A stands for selling, general, and administrative.  SG&A expenses occur when the company incurs an expense for

  • Promoting, selling, or delivering products and services
  • Managing the overall company

These types of costs will appear on the company’s quarterly (or annual) income statement for the period they were incurred.  More specific examples of indirect SG&A costs include sales commissions, advertising and promotional materials, management compensation, compensation for support staff, rent, utilities, and office supplies.

The general rule is that direct costs do not include general overhead or administrative expenses.  These expenses are not part of the COGS calculation.

COGS is key metric for cost analysis because shows the operational costs of producing a good and service. If cost of sales is rising while gross revenue is flat, net earnings (gross profit) will decrease.  Remember that:

(Gross Revenue) – (COGS) = (Gross Profit)

Note that for a service business without a tangible, physical, product, COGS is a bit of a misnomer since there is not a “good.”  That is why the term Cost of Sales is often used.  But, the terms mean the same thing.

 

Avoid Reusing Passwords

Do you use the same password on multiple websites?
 
If so, it is possible that hackers can download a list of email addresses and associated passwords with your information. Are you on a list like this?
 
This is the reason that everyone should use strong passwords along with a password management program like Keepass. Keepass helps you keep track of passwords so that it is easier to use unique ones for each website.
 

Google Knows…

If you have an Android phone, Google likely has a history of most of the places that you have been over the past 10 years.  You can view that history by signing onto your Google account (via Gmail, etc.) and then going to:

https://myactivity.google.com/more-activity

Under location history, click “View Timeline.”  A map will appear with dots showing where you have been.   Based on my map, it appears that the history may only include locations within the United States and Canada.  And there are missing places.  But, the accuracy of the information displayed is quite refined.  For example, I can zoom into a location I visited on a business trip a few years ago and can tell the hotel I stayed at.  I can tell when I arrived at the hotel for the evening and when I left for the airport the next morning.

This location tracking is turned on by default on Android devices.  It can be turned off in theory.  But, it is entirely possible that Google collects and retains this information anyway.

World GDP by Top Ten Countries – 1961 to 2017

This video is fascinating.  To me, the interesting parts are

  1. The US is on top.  Growth is steady and consistent.
  2. Japan has blossomed and then dramatically crashed.
  3. China’s rise is amazing.   Can it continue?

It would be interesting to know what policies of these countries contribute the most to the end results.