2718.us blog » firewall

OS X, Wake-on-LAN, and Passworded Screensavers

2718.us — Wed, 13 Aug 2008 20:35:04 +0000

The other day, I realized while I was at work that I needed some files from my Mac desktop at home. Normally, no problem, ssh into my firewall and open a tunnel to my desktop (this is better done with authpf, but that’s a post for another time), use sftp, and done. The problem is that because of unexplained kernel panics (probably a bad RAM module), my desktop would crash hard if left on all day, so I’ve been putting it to sleep when I go to work. Now, with my Mac set to wake for remote admin access, I ought to be able to run a wake-on-LAN utility to wake it up and be fine, except that I use a passworded screensaver. With a passworded screensaver, waking the machine locally or remotely will give 30-60-second window during which the computer is awake and expecting a password to be entered at the physical machine; there doesn’t seem to be a way to do this remotely and unlike earlier versions of OS X, since 10.3 or 10.4 or so, you can’t just kill the screensaver process from the command line (i.e. by logging in with ssh).

On the other hand, ssh is a very robust protocol and somehow ssh sessions seem to readily survive disconnect/reconnect cycles. Making use of this, it is possible to get a workable, if slow, connection to a passworded-and-sleeping Mac. On one connection to the firewall machine, run a loop of the wake-on-LAN command so that the magic packets that make the Mac wake are being sent every second or so. Use another connection to ssh into the Mac and do whatever you need to do. It helps to plan out what you need to do so that you can get the commands in fast, but even during the cycle where the Mac goes back to sleep and gets reawakened by the wake-on-LAN loop, you can type commands; they just won’t appear (not even echoed) until ssh recovers the connection.

While this is an annoying way to use a machine and it’s probably not good for the hardware to cycle in and out of sleep repeatedly in such a short time span, it does give a way to get at a passworded and sleeping Mac remotely.

Small *nix Devices

2718.us — Thu, 22 May 2008 07:35:22 +0000

Today, not only did the NSLU2 that I bought on eBay arrive, but the red anodized aluminum case for my Alix arrived, too. Getting the NSLU2 to run “unslung” from a 1GB flash drive was a royal pain. If I do a second one, I’ll have to verify my technique, but it seems that the direction to format the drive before reflashing is just a mess (since it’s nearly impossible to get the Linksys firmware to format a flash drive), but once the firmware is reflashed to non-stock, it’s easy to format the flash drive, then run the script to move the boot stuffs off to the flash drive, where there’s room to install stuff. The problem is that the device seems to be spending about 90% of its time completely hung and non-responsive (telnet and ssh freeze ior maybe just hang, web interface unresponsive, intermittent “thrashing,” if you can call it that, of the flash drive) for reasons I can’t quite figure out. It may not turn out to be as useful as I’d hoped, but even if it doesn’t do what I want, it will have been an interesting experiment. Plus, I realized it’s the only linux box i’ve got on hand (my other machines are various Macs and OpenBSD boxes and a few PCs).

Speaking of OpenBSD boxes, the Alix seems to be much closer to usable than I’d expected now, having restarted from a newer pre-built flashdist image. The hokey thing I’d forgotten about is how few of the standard basic *nix command programs are in the base flashdist, so I end up copying over program after program from another running OpenBSD box. I’m hoping to get BIND and dhcpd up and running soon, get pf all set up for router/NAT/firewall use, and try it out with a DSL modem before the weekend is up.

And, with a little luck, by the end of the weekend, all these various devices will be self-updating the various common config files (BIND zones, dhcpd.conf, etc.) from a common server. I’ve already got a shell script that can check for an update to itself and replace itself with the newer version; I just have to make it check for and retrieve updates for the actual config files.