Phoenix1969
Legendary
 Offline
Activity: 938
Merit: 1000
LIR DEV
|
 |
October 30, 2013, 06:31:35 PM |
|
The reset button resets both the ssh and gui passwords to origonal
Found out the "Hard way"...hehe
|
|
|
|
sickpig
Legendary
Offline
Activity: 1260
Merit: 1008
|
|
October 30, 2013, 06:41:50 PM |
|
I have a hypothetical question. If a 3rd party wants to rent a few days of hashtime on my Jupiter and I give him access including my password, if he changes the password without telling me is there any way to regain access without the new password or is the Juptier permanently hi-jacked?
hard reset should reset the passwords I believe. hard reset just copy a bunch of pristine files placed in /config in various places, among them /config/shadow.factory will be copied over /etc/shadow. that means that after an hard reset the pwd for root will be re-set to admin. what if during the period of time u rent your miner that guy just change /config/shadow.factory?  anyway as long as u have physical access to the miner u could reflash your miner using RecoveryFile ( https://www.kncminer.com/userfiles/file/SD_image_0.96.1.zip) and everything will be under your control again. |
Bitcoin is a participatory system which ought to respect the right of self determinism of all of its users - Gregory Maxwell.
|
|
|
|
-Redacted-
|
|
October 30, 2013, 06:45:59 PM |
|
Set up a non-root user and allow him to log onto the box with that. Restrict what can be executed via sudo.
Why does the user need SSH access to the box anyway? Give him web access, and move the web page that allows changing passwords out of the cgi-bin directory so it can't be accessed from the web interface until you put it back.
|
|
|
|
|
xyzzy099
Legendary
Offline
Activity: 1066
Merit: 1098
|
|
October 30, 2013, 06:52:05 PM |
|
I have a hypothetical question. If a 3rd party wants to rent a few days of hashtime on my Jupiter and I give him access including my password, if he changes the password without telling me is there any way to regain access without the new password or is the Juptier permanently hi-jacked?
hard reset should reset the passwords I believe. hard reset just copy a bunch of pristine files placed in /config in various places, among them /config/shadow.factory will be copied over /etc/shadow. that means that after an hard reset the pwd for root will be re-set to admin. what if during the period of time u rent your miner that guy just change /config/shadow.factory? anyway as long as u have physical access to the miner u could reflash your miner using RecoveryFile ( https://www.kncminer.com/userfiles/file/SD_image_0.96.1.zip) and everything will be under your control again. If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever... Maybe write a script that just blasts random values over I2C, and see if you can make something smoke  I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people... |
Libertarians: Diligently plotting to take over the world and leave you alone.
|
|
|
Phoenix1969
Legendary
Offline
Activity: 938
Merit: 1000
LIR DEV
|
|
October 30, 2013, 06:53:12 PM |
|
Set up a non-root user and allow him to log onto the box with that. Restrict what can be executed via sudo.
Why does the user need SSH access to the box anyway? Give him web access, and move the web page that allows changing passwords to somewhere else so it can't be accessed from the web interface until you put it back.
I'm sure there's a way to remove the reset password fieldsin the gui... but can't tell you how, because I'm not a linux efficienado maybe you can block the security page entirely...? |
|
|
|
|
-Redacted-
|
|
October 30, 2013, 06:58:32 PM |
|
cd /www/pages/cgi-bin
mv passwd.cgi /
done... It will produce a 404 error if they try to go to that selection.
To put it back
cd /www/pages/cgi-bin
mv /passwd.cgi .
Might want to do the same with upgrade.cgi, too...
|
|
|
|
|
dwdoc
Legendary
Offline
Activity: 966
Merit: 1000
- - -Caveat Aleo- - -
|
|
October 30, 2013, 07:07:05 PM |
|
cd /www/pages/cgi-bin
mv passwd.cgi /
done... It will produce a 404 error if they try to go to that selection.
To put it back
cd /www/pages/cgi-bin
mv /passwd.cgi .
Might want to do the same with upgrade.cgi, too...
Nice.  |
|
|
|
|
sickpig
Legendary
Offline
Activity: 1260
Merit: 1008
|
|
October 30, 2013, 07:17:32 PM |
|
If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever... Maybe write a script that just blasts random values over I2C, and see if you can make something smoke I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people... yeah this could be done I suppose and it's nasty. the best thing should do like -redacted- change web interface in such a way they could not gan control of the miner or just create a normal user and grant him the right to do the minimum amount of things to let him mining (using sudo maybe) |
Bitcoin is a participatory system which ought to respect the right of self determinism of all of its users - Gregory Maxwell.
|
|
|
|
FiatKiller
|
|
October 30, 2013, 07:23:13 PM |
|
suck if the "renter" installed malicious firmware... lol
|
|
|
|
texaslabrat
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 30, 2013, 07:39:49 PM |
|
If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever... Maybe write a script that just blasts random values over I2C, and see if you can make something smoke I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people... yeah this could be done I suppose and it's nasty. the best thing should do like -redacted- change web interface in such a way they could not gan control of the miner or just create a normal user and grant him the right to do the minimum amount of things to let him mining (using sudo maybe) I would set it up as a gimped version of the knc hosting model. No ssh access, and strip out all the web interface pages except the login, status, and mining pages. The only thing a 3rd party renter needs to be able to do is log on to the device, change pool settings, and restart the cgminer process. Everything else they can submit a "support ticket" for....and some sort of SLA for response time can be written into the rental agreement. |
|
|
|
|
Biffa
Legendary
Offline
Activity: 3234
Merit: 1220
|
|
October 30, 2013, 08:10:51 PM |
|
Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.
As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password. So change the root password and they can't ssh into the box, they can just use the web admin. To change the root password from ssh just type passwdTry it, change the root password, then logout of ssh and login again with the new root password. You will notice that the web account still uses the old password. If you want to change the web account password its: passwd admin |
|
|
|
Phoenix1969
Legendary
Offline
Activity: 938
Merit: 1000
LIR DEV
|
|
October 30, 2013, 08:12:40 PM
Last edit: November 01, 2013, 06:02:43 PM by Phoenix1969 |
|
Here are some steps to streamline access to your miner through putty..
1. Open the putty session window, and input your I.P. normally in the hostname field, but DO NOT HIT ENTR.
a. Instead, take your mouse pointer, highlight the saved sessions field(with a single left-click), and input your miner's I.P. again.
2. on the window/behavior tab to the left, un-check the "warn before exit" box.
3. on the connection/data tab, enter "root" to the auto-login username field.
4. on the SSH tab, enter "screen -r" into the "remote command" field.
5. back on the Session tab, at bottom of page, check the "close window on exit"....... "always"
6. now hit the SAVE button, and close putty
7. Go to your desktop & right-click for a context menu, and go to new/ shortcut.
8. input the location of putty for starting it. Use full file location to execute putty & input your miner's I.P. address as such...
C:\Users\Ewik\Desktop\putty.exe -load "123.123.123.4" -pw password
click next, input a name for your new shortcut, click finish.
Now, when you click on the shortcut, it will start putty with your miner's ip, and enter "root" for you, and enters your password, enters the "screen -r" for you, and jumps into cgminer window.
it all happens very fast then
click on shortcut... you're in!
BAM
|
|
|
|
Phoenix1969
Legendary
Offline
Activity: 938
Merit: 1000
LIR DEV
|
|
October 30, 2013, 08:15:55 PM
Last edit: October 30, 2013, 08:28:44 PM by Phoenix1969 |
|
Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.
As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password. So change the root password and they can't ssh into the box, they can just use the web admin. To change the root password from ssh just type passwdTry it, change the root password, then logout of ssh and login again with the new root password. You will notice that the web account still uses the old password. If you want to change the web account password its: passwd adminwhen you change the password in the GUI, it changes BOTH the GUI AND the Root passwords. if they don't match, I imagine you loose gui control alltogether, don't you? |
|
|
|
ASIC-K
Sr. Member
Offline
Activity: 280
Merit: 250
Hell?
|
|
October 30, 2013, 08:33:24 PM |
|
just a bit of an update. my mercury is running at 134.4 ghs (from the pool) 141.6 (from cgminer) since .98 firmware. everything is running great except hw errors actually went up for me. its steady at 6.9% and rejected (duplicates mostly) is around 3%. could be worse i guess...
|
|
|
|
|
xyzzy099
Legendary
Offline
Activity: 1066
Merit: 1098
|
|
October 30, 2013, 09:04:05 PM |
|
Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.
As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password. So change the root password and they can't ssh into the box, they can just use the web admin. To change the root password from ssh just type passwdTry it, change the root password, then logout of ssh and login again with the new root password. You will notice that the web account still uses the old password. If you want to change the web account password its: passwd adminI don't think that's actually true... The lighttpd daemon has it's own password file and pays no attention to /etc/shadow for its authentication. |
Libertarians: Diligently plotting to take over the world and leave you alone.
|
|
|
|
bobsmoke
|
|
October 30, 2013, 09:48:37 PM |
|
Did someone noted or ir aware if KNC already upgraded the hosted boxes to 0.98?
|
|
|
|
|
|
Elenelen
|
|
October 30, 2013, 09:58:47 PM |
|
Here are some steps to streamline access to your miner through putty..
1. Open the putty session window, and input your I.P. normally, but do not hit enter.
a. Instead, take your mouse pointer, highlight the saved sessions field, and input your miner's I.P. again.
2. on the window/behavior tab to the left, un-check the warn before exit box.
3. on the connection/data tab, enter "root" to the auto-login username field.
4. on the ssh tab, enter "screen -r" into the remote command field.
5. back on the session tab, at bottom of page, check the close window on exit "always"
6. now hit the SAVE button, and close putty
7. Go to your desktop & right-click for a context menu, and go to new/ shortcut.
8. input the location of putty for starting it. Use full file location to execute putty & input your miner's I.P. address as such...
C:\Users\Ewik\Desktop\putty.exe -load "123.123.123.4"
click next, input a name for your new shortcut, click finish.
Now, when you click on the shortcut, it will start putty with your miner's ip, and enter "root" for you, and wait for a password. as soon as you enter your password, it does the "screen -r" for you, and jumps into cgminer window.
it all happens very fast then
click on shortcut, enterpass, you're in.
BAM
Thank you !! |
|
|
|
|
Holographic
Member
Offline
Activity: 66
Merit: 10
Global Currency for Global Unity
|
|
October 30, 2013, 10:06:14 PM |
|
Did someone noted or ir aware if KNC already upgraded the hosted boxes to 0.98?
My hosted Jupiter jumped from ~490 GH/s to ~560 GH/s like 24 hours ago. I have previously seen similar changes, both negative and positive, around the time they release a new FW version. I think they pretty much upgrade all the hosted miners as soon as the new FW is ready, but I could be wrong. |
|
|
|
|
|
paranoidx
|
|
October 30, 2013, 10:29:09 PM |
|
I was getting 460-480 on eligius. .98 got me to 520-550! Woot! Good stuff.
|
|
|
|
|
shmadz
Legendary
Offline
Activity: 1512
Merit: 1000
@theshmadz
|
|
October 31, 2013, 01:09:52 AM |
|
btw... of all the experimenting on the sats...70-79 seems to be the optimum temp
It takes about 1 and 1/2 hours to 2 hours to see the results on the graph, but looks to be a signifigant difference when you include several machines... about 40 gh/s for me... just by monitoring temps to 70-79 instead of letting them drop to 55-60 overnight. I use cardboard to block a bit of the airflow, and monitor the temps on the GUI, then watch for the results on the graph, and how high they peak over a couple hours. Well worth it for me.
When they said "Over-cooled", they weren't kidding!
I'm running naked case with a huge blower fan blowing across it and my temps are low 40's but the hashrate reported is only around 450. I turned the blower fan off and my hashrate jumped to 550 in fairly short order (less than half an hour I think, probably closer to 15 minutes) but when I noticed that the temps were going into the 70's I immediately turned the fan back on, and the hashrate promptly dropped back to 450. Does anyone else know about the longevity concerns of running at 70+ degrees? Anyone else noticing similar results? This is on 0.98 firmware btw. |
"You have no moral right to rule us, nor do you possess any methods of enforcement that we have reason to fear." - John Perry Barlow, 1996
|
|
|
|
