December 2009 Archives

2009年的最后一天

| No Comments

1.闺女长大了 --  会喊爸爸妈妈了,会走路了,有她的喜怒哀乐还很乐于表达了

2.LP重新上班了 --  更盛气凌人了

3.买车了 --  烧钱钱开始

4.买新手机了 --  6年了哈,入3个,当然有一个贡献给LP了

5.用上3G了 --  体验卡,不要钱的

6.没更新笔记本 -- 我期待的T60p曾经离我是那么的近:(

7.没入得iPhone 3GS  --  为啥不卖了?

8.忙坏了 --  8月底死命加班一直还要持续到啥时候?

9.荒废了  --  没时间看股票,庆幸还是?

10.睡觉了 -- 这一年最缺的就是睡眠

--EOF--

和FastDomain的多个客服线上确认,即使购买了Dedicated IP,也无法更改SSHD的访问端口,而对于我来说,这个东西实际上还是很重要的。

但经过前几天的一些探索,有了另外一个想法,直接使用ssh提供的Port Forward功能或许可以达到类似的效果,前提当然是能让我绑定很多其它端口了:)

 

https://www.fastdomain.com/cgi/dedicated_ip

 

What is a Dedicated IP Address?
An IP address is a number like 234.123.66.7 that identifies the unique server where your website can be found. In shared hosting, you share the same IP address as other web sites on your server. By upgrading to a Dedicated IP address, you can enable your site for e-commerce and other advanced capabilities, and minimize the risk of being impacted by other sites on your shared server.


Top Reasons to get a Dedicated IP:
So you can enable SSL on your web site - SSL Certificates are crucial if you have a business oriented website, especially if you want to accept secure transactions like credit card payments or sending personal information through your site. Secure SSL Certificates require your site to have a Dedicated IP in order to work.
Ability to run more software on your server - Certain programs require a dedicated IP address before they can be setup and used. With a dedicated IP you will have more options on the type of scripts you can run.
Ability to open non-standard ports - Purchasing a dedicated IP will allow us to grant you access to additional ports you may need to run special services on that are blocked for shared IPs.
So you won't be negatively impacted by the actions of others - On a shared IP, if someone else sharing your same IP happens to get blocked by IP or censored, as some countries or ISPs sometimes do. Their IP (and yours) could get banned or blacklisted, causing problems for your web site or search engine rankings.
Your website may perform better in the search engines - Although difficult to prove, many people believe that sites with a dedicated IP address rank better in the search engine results than those utilizing shared IP addresses.
You can view your web site by typing its IP address - This is handy for situations where you want to access your site, but your domain name is inaccessible, such as during domain name propagation periods.

Only $2.50 per month ($30.00 per year)*

--EOF--

PageArchives插件

http://www.hinn.cn/mt/plugins/pagearchives.html

先记录到这里,有空了再参考这里的折腾上~

 

Paged Archives Plugin

http://www.aldenbates.com/plugins/pagedarchives.html

 

--EOF--

魅族M8 ROM升级

| No Comments

从同事那里收了个M8 se,固件比较低,软件装的乱七八糟,经常死机。因此拿到手第一件事当然就是要刷ROM。

M8的相关社区资源非常丰富,官方网站已经提供了刷机说明:

http://www.meizu.com/help/M8upgrade.html

 

另外

http://bbs.meizu.com/

http://www.m8fans.com/

也提供了非常多的资讯和使用经验,以及常用的软件说明等等。

 

当你想刷的时候,就上去看看吧~~

--EOF--

i780 GPS软件之Route66_V9

| No Comments

 

http://bbs.pdafans.com/viewthread.php?tid=815722
ROUTE66_V9(最新主程序+Q4地图)

 

http://bbs.pdafans.com/thread-819826-1-1.html
ROUTE66_V9(最新主程序+2009年Q4地图)详细步骤和问题解决

这个说明一定要仔细的看,完全照做即可,zz如下:

自从ROUTE66_V9出了以后我发现大部分朋友都是问问题。没有一个上图详细展示ROUTE66_V9的精彩。我把我的上传给大家看看是不是解锁的都一样。有的朋友说手写的时候会飞笔。其实这个问题很好解决,写慢点就行。这是最简单的办法。还有朋友说规划慢,我觉得还是挺快的。和以前的老版本没什么区别。可能和手机的CPU速率有关系。还有的朋友说地图可以用,但是显示导航未激活,那说明你主程序没XX成功。要修改device.ini和3DNavigator 。而且放在内存卡根目录的是三个文件。3DNavigator和Data 还有自己新建的Route9文件。起先下载完风大的链接我头大了。怎么安装都不知道。现在说下顺序。
        1-先需要下载3个程序,2009Q4地图,R66_V9主程序,CyberfansXX文件(内含两个文件R66_Cyberfans.exe和navkeys.dat)。
        2-下载完我们开始解压。R66_V9解压后会有很多个文件。有的朋友看到就懵了,怎么装?别急,慢慢来。首先把R66_V9得文件名改为Route9。这个是第一步。改文件名。我们把V9主程序里解压后的Data文件和3DNavigator.ini这两个文件复制到内存卡的根目录。记住,一定要根目录。不要又套个文件夹。这是第二步。
        3-解压2009Q4地图,解压后的地图文件名是China.cmap。把Q4地图复制放入Data文件下的Maps里。当你点开Maps的时候你会发现里面还有三个兄弟已经在里面了。那是港澳台的地图。现在加上我们的China.cmap一共4个文件就全了。这是第三步。然后在R66_V9文件夹里找到ROUTE 66 Mobile 9.exe。删之,因为它是假的。真的在哪里呢??我们不是还剩一个解压文件Cyberfans吗??.点开后把R66_Cyberfans.exe复制到Route9文件里我们的真版启动程序就安装完成了。
        4-把Cyberfans文件里还剩的最后一个文件navkeys.dat.复制。粘贴到Data----》Res里。最后检查我们的内存卡根目录是不是有三个文件。Data----3DNavigator.ini----Route9。别急,还有第五步。第五步就比较关键。详细邀请我们论坛风大图文并茂的来讲解。只要照着他贴子里的的1.2.3.4修改device.ini和3DNavigator 两个文件就完全OK了。详细地址http://bbs.pdafans.com/viewthread.php?tid=815722&extra=page%3D1%26amp%3Bfilter%3Dsort%26amp%3Bsortid%3D263。修改完以后恭喜你。去空旷的地方搜星吧。记住先用小蜜蜂搜星。搜到星以后再启动Route9下的R66_Cyberfans.exe就大功告成了。祝大家导航快乐。快乐导航生活。


 

--EOF--

i780 刷机之路

| No Comments

如果不是因为之前的版本总是自动锁屏,我还没法解除,我也不会尝试去刷机了,其实至今,我也没找到如何去除自动锁屏:(

买机器的时候安装的版本是WM6.1 V3 by CoinJun,当时在公司,同事有WM6.5的ROM,也尝鲜刷了一下,但发现鼠标基本无用,遂回家之后收集资料,重新开始刷机之路。

下面是11月份刷机时候找的相关资料的一些记录,目前仍然是CoinJun的版本,对付自动锁屏的问题,现在是使用Spb Backup来备份系统,如果出现锁屏,就直接恢复系统:)

大概如下:

操作步骤:
1.下载好rom文件和刷机文件放入同一个目录
2.点mirage启动刷机文件
3.在select profile下拉框选择mirage lv image
4.点下面的"pda"按钮,选择i780的rom文件
5.等一下以后会读取成功
6.点一下"DeTect"按钮
7.关闭i780后用usb线连接i780
8.同时按住回车和左下角的Fn开机
9.不要放直到软件会自动开始刷rom

http://www.hi-pda.com/forum/search.php?searchid=1669&orderby=lastpost&ascdesc=desc&searchsubmit=yes


http://www.hi-pda.com/forum/forumdisplay.php?fid=9

http://www.hi-pda.com/forum/viewthread.php?tid=424567
关于删除i780我做的所有rom的说明

http://www.hi-pda.com/forum/viewthread.php?tid=420325
发布个i780的大集成V4最终版


http://bbs.pdafans.com/viewthread.php?tid=811424
三星i780刷机软件 Mirage_LV_v1.8

http://bbs.pdafans.com/viewthread.php?tid=627029
i780wm6.1chsV3大集成版和精简版已发布  --- 可以下载相关ROM

http://diywm.com/2009/05/22/i780-rom-e5-88-b7-e6-9c-ba-e6-95-99-e7-a8-8b/
I780 ROM 刷机教程

--EOF--

最近入手的数码小玩意

| No Comments

华为E620 无线上网卡:100 RMB

最大优点:支持语音,支持发短信,支持我的联通3G体验卡,最高1.8Mbps,和家里的宽带差不多了。

http://auction1.paipai.com/9D05510000000000001D38FF0585EAA4

华为公司推出的中国首款商用HSDPA数据卡,E620作为一款支持HSDPA主流标准的无线上网卡,E620既可以在3G环境中实现无线极速冲浪,也支持在目前EDGE无线网络中的高速应用,极致的配置可保您既能在目前部分地区开通的EDGE网络中畅游,又为未来的3G高速网络买了双保险,尤其适合经常往来于世界各地的高端商务人士。该数据卡采用内置天线,信号接收灵敏度高,功能也非常强大。笔记本用户在利用E620无线上网的同时,可以方便地进行语音通话和短信收发,人性化的界面设计也使用户更加得心应手。
   华为E620外型简约,内置的隐性天线更加方便携带与使用,用户根据需要,还可以外接天线。E620支持 PCMCIA CardBus标准,在与笔记本电脑连接后,实现更高的性能和更低的功耗。为了方便用户识别所使用的网络类型,该数据卡还设置了绿色和蓝色两个指示灯,尽显华为对用户的人性化关怀。
    HSDPA作为WCDMA的增强型无线技术,能有效提升网络的性能和容量,对未来3G数据业务开展将起到举足轻重的作用。华为E620作为一款UMTS/ HSDPA/WCDMA/EDGE/ GPRS 多模数据卡,全面支持HSDPA分组数据业务,最大传输速率可达1.8Mbps,令在线视听流畅自如,移动商务更为高效。即便在WCDMA数据业务应用中,传输速率达到了384kbps。而在目前EDGE无线网络中,E620最大传输速率达到236.8kbps,能充分提高用户的工作效率,满足不同用户对数据业务的广泛需求。笔记本电脑用户只需将它插入PCMCIA插槽中,即可实现无线上网,进行高速无线数据传输、收发邮件、网上冲浪等。
华为E620主要功能:
支持 HSDPA/WCDMA 2100MHz和GSM/GPRS/EDGE 900/1800/1900MHz
支持HSDPA分组数据业务,最大传输速率可达1.8Mbps
支持WCDMA分组数据业务,最大传输速率可达384kbps
支持EDGE分组数据业务,最大传输速率可达236.8kbps
基于WCDMA / GSM 的高清晰语音业务
支持基于WCDMA / GSM 的电路交换 (CS) 数据业务
支持基于 WCDMA /HSDPA 的语音、数据并发业务
支持基于GSM / GPRS / WCDMA 的短信业务,支持群发
支持大容量电话本、短信信箱和通话记录
华为E620规格参数:
技术标准:HSDPA/ WCDMA: 3GPP R5 2004/06
          GSM/GPRS/EDGE: 3GPP R99 2003/12
工作频率:HSDPA/ WCDMA 2100MHz
          GSM/GPRS/EDGE 900MHz
          GSM/GPRS/EDGE 1800MHz
          GSM/GPRS/EDGE 1900MHz
外部接口:PCMCIA: Type II, 遵循PC Card Release 8.1 CardBus
          LED:绿灯指示在HSDPA/ WCDMA状态,蓝灯指示在GPRS/EDGE状态
          天线:内置,有外接天线接口
          耳机插孔:三线耳机,支持线控模式
          SIM/USIM card: 标准6 PIN SIM卡界面
硬件要求:Type II PCMCIA插槽,支持CARDBUS
          建议:
          Pentium500 CPU以上
          128MB RAM以上
          分辨率800*600以上,推荐1024*768
尺寸:120 mm x 54 mmx 10 mm
重量:大约55g

 

魅族M8 se:1200 RMB

http://www.meizu.com/cn/m8.html

 

联通3G体验卡:96元套餐

当然~体验卡是不要钱的,有效期一年。

    1.套餐名称:96元3G基本套餐

    2.套餐特点:

  • 套餐中语音资费采用"长市漫一体化"结构,全国单向;
  • 套餐内含3G特色业务(M&T、可视电话);
  • 赠送手机邮箱、来电显示。
  • 3.资费描述:

月费(元/月)
包含国内语音拨打分钟数
包国内流量
包M个数
包T个数
包国内可视电话拨打分钟数
接听免费范围
超出部分国内语音拨打
超出部分国内可视电话拨打
超出流量
赠送增值业务
其他资费
96
240
300 MB
12
20
10
全国(含可视电话)
0.15元/分钟
0.9元/分钟
0.0003元/KB
手机邮箱,来电显示
标准资费
    4.温馨提示:

  • 套餐内所包含"国内语音拨打分钟数"指用户在本地和国内漫游地发起的任何3G、2G语音国内拨打时长。(不含港澳台)
  • 套餐包内赠送的手机邮箱为6元版(10G)。
  • 手机上网流量6G封顶;当月数据流量超过6G后自动关闭数据功能,下月自动开通,并提供短信流量提醒。

 
标准资费


3G标准资费

月租

50元/月

语音

基本通话费

拨打0.36元/分钟,接听免费

国内漫游费

拨打0.6元/分钟,接听0.4元/分钟

国内长途费

0.07元/6秒

短信

0.1元/条

手机上网流量费

0.01元/KB

彩信

0.9元/条

多媒体使用费

1.0元/M(M为多媒体使用单位)

文本使用费

0.2元/T(T为文本使用单位)

可视电话

基本通话费

拨打0.9元/分钟,接听免费

国内漫游费

拨打1.2元/分钟,接听0.9元/分钟

国内长途费

1.2元/分钟

 
什么是M,什么是T?
    用户使用中国联通3G手机门户内的多媒体或文本内容采用统一计价,不再区分通信费和信息费,仅收取M、T或M+¥、T+¥("¥"的中文名称为"x元",指中国联通代合作伙伴收取的业务内容费用,简称"代收内容费"),不另收取流量费。
    M即Media的首个字母,是多媒体内容的计价单位,多媒体内容包括图像、音频、视像及相关应用程序内容下载及流媒体播放服务等,如看一段视频或下载一首歌曲,一个多媒体内容的价格为n个M。
    T即Text的首个字母,是文本内容的计价单位,文本内容包括以文字为主的内容浏览和下载,如浏览一条新闻,下载一段文字,一个文本内容的价格为n个T。

--EOF--

SSH Port Forward

| No Comments

http://hi.baidu.com/davyup/blog/item/229e99cb25e8b51abf09e66d.html

向隧道-隧道监听本地port,为普通活动提供安全连接

   ssh -qTfnN -L port:host:hostport -l user remote_ip

2.反向隧道----隧道监听远程port,突破防火墙提供服务

ssh -qTfnN -R port:host:hostport -l user remote_ip

3.socks代理

SSH -qTfnN -D port remotehost(用证书验证就直接主机名,没用的还要加上用户名密码)

-q Quiet mode. 安静模式,忽略一切对话和错误提示。
-T Disable pseudo-tty allocation. 不占用 shell 了。
-f Requests ssh to go to background just before command execution. 后台运行,并推荐加上 -n 参数。
-n Redirects stdin from /dev/null (actually, prevents reading from stdin). -f 推荐的,不加这条参数应该也行。
-N Do not execute a remote command. 不执行远程命令,专为端口转发度身打造。

虽然反向隧道在穿透内网放火墙的时候很好用,cron加上ssh-agent能实现无人职守下的主动连接,但是目前面临一个比较严重的问题,那就是隧道的不稳定性,基本上ssh反向隧道只能坚持10分钟左右就莫名奇妙的关闭掉了,是网路太差引起的断线?还是反向隧道本身的不完善性?我试图在网上找一个ssh社区去询问一下高手,但是我发现这样的社区是不存在的....也许有人会说可以每隔十分钟再重新发一次反向连接阿,但是经我尝试,发现即使是每隔10分钟重发一次反向隧道也不能解决问题,因为虽然反向隧道中断但反向隧道的进程还在,即使重发请求也不能将反向隧道重新接通...

 

http://sdfclub.cn/viewtopic.php?t=118&sid=cb71241647edd5cdc82b454bbdb9aa5c

There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively. Local port forwarding forwards traffic coming to a local port to a specified remote port.

For example, if you issue the command


ssh2 -L 1234:localhost:23 username@host

all traffic coming to port 1234 on the client will be forwarded to port 23 on the server (host). Note that localhost will be resolved by the sshdserver after the connection is established. In this case localhost therefore refers to the server (host) itself.


Remote port forwarding does the opposite: it forwards traffic coming to a remote port to a specified local port.

For example, if you issue the command


ssh2 -R 1234:localhost:23 username@host

all traffic which comes to port 1234 on the server (host) will be forwarded to port 23 on the client (localhost).

It is important to realize that if you have three hosts, client, sshdserver, and appserver, and you forward the traffic coming to the client's port x to the appserver's port y, only the connection between the client and sshdserver will be secured. See Figure Forwarding to a third host. The command you use would be something like the following:
ssh2 -L x:appserver:y username@sshdserver

 

http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_Command_Line#Remote_Port_Forwarding

Remote Port Forwarding
This is useful to tunnel things like RDP (Remote Desktop) through an encrypted SSH tunnel over the internet. For example, you want to be able to access your work computer from home.

If you had:

HomePC <-> Router <-> Internet <-> Firewall <-> WorkPC

WorkPC, which is running RDP on port 3389, issues ssh -R 5555:localhost:3389 root@router.home

HomePC can use his RDP client to connect to port 5555 on the router and this would create an SSH tunnel which will connect HomePC to port 3389 on the WorkPC

 

注解:

在WorkPC 执行  ssh -R 5555:localhost:3389 root@router.home

这样 localhost会解析为WorkPC

HomePC对router.home的5555端口的访问被转发到WorkPC的3389端口

--EOF--

SSH And Port Forwarding

| No Comments

SSH

zz From http://zhigang.org/wiki/SSH


目录

通过ssh建立安全隧道(ssh tunnelling,也称端口映射,Port Forwarding)
本地映射(Local Forward)
远程映射(Remote Forward)
公钥认证
配置ssh使用代理服务器,穿越企业防火墙
加快SSH连接速度方法
使用expect实现ssh自动交互
SSH保持连接(KeepAlive)
参考资料
本章记录了自己在使用SSH的过程中遇到的一些问题,及其解决方法。


通过ssh建立安全隧道(ssh tunnelling,也称端口映射,Port Forwarding)
通过ssh的端口映射功能可以方便地存取一下无法直接访问的资源。又分为本地映射(Local Forward)和远程映射(Remote Forward)。


本地映射(Local Forward)

$ ssh -f -g -A -X -N -T -L 1234:remote-host2:5678 user@remote-host或者通过修改ssh的配置文件:

$ cat ~/.ssh/config
Host remote-host
     Hostname x.x.x.x (your remote host IP)
     LocalForward 1234:remote-host2:5678
     User user
$ ssh user@remote-host所有对本地1234端口的访问都通过remote-host被转发到remote-host2的5678端口。有些DMZ中只开放sshd的22端口,通过本地映射,你可以访问远程计算机上的所有服务。


远程映射(Remote Forward)

$ ssh -f -g -A -X -N -T -R 1234:remote-host2:5678 user@remote-host或者通过修改ssh的配置文件:

$ cat ~/.ssh/config
Host remote-host
     Hostname x.x.x.x (your remote host IP)
     RemoteForward 1234:remote-host2:5678
     User user
$ ssh user@remote-host所有对remote-host的1234端口的访问都通过本机被转发到remote-host2的5678端口。通过远程映射,你可以通过家中的机子(有公网IP,可以ssh登录)来访问公司防火墙内部的计算机。


公钥认证
使用公钥认证经常遇到的问题就是一些文件的权限问题。一些问题可以通过查看/var/log/secure来发现。

要配置两台计算机使用公钥认证,可以通过分别在两台机子host1、host2上运行如下脚本:

$ ssh-keygen -t rsa -b 1024 # don't input any password
$ ssh $host1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ ssh $host2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys # important!
配置ssh使用代理服务器,穿越企业防火墙
通过 http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html 下载connect.c,编译,拷贝到系统/usr/bin目录:

$ gcc connect.c -o connect
$ sudo cp connect /usr/bin编辑ssh的配置文件~/.ssh/config,增加:

$ cat ~/.ssh/config
Host remote-host
     ProxyCommand connect -H your.proxy.com:port %h %p
$ ssh user@remote-host
加快SSH连接速度方法
SSH登录时会进行DNS反查,如果你的DNS Server速度比较慢,会发生等待。知道了原因解决方法就出来了:就是提高域名解析的速度。可以将主机名写到/etc/hosts中来解决。


使用expect实现ssh自动交互
下面是使用expect实现的自动远端命令执行的脚本remote-exec:

# \
exec expect -- "$0" ${1+"$@"}
# remote-exec - execute command on remote host
# Version 0.1
# Zhigang Wang <zhigang.x.wang@oracle.com>
exp_version -exit 5.0

if {$argc!=2} {
    send_user "usage: remote-exec command password\n"
    send_user "Eg. remote-exec \"ssh user@host ls\\; echo done\" password\n"
    send_user "or: remote-exec \"scp /local-file user@host:/remote-file\" password\n"
    send_user "or: remote-exec \"scp user@host:/remote-file local-file\" password\n"
    send_user "or: remote-exec \"rsync --rsh=ssh /local-file user@host:/remote-file\" password\n"
    send_user "Caution: command should be quoted.\n"
    exit
}

set cmd [lindex $argv 0]
set password [lindex $argv 1]

eval spawn $cmd

set timeout 120

while {1} {
    expect -re "Are you sure you want to continue connecting (yes/no)?" {
            # First connect, no public key in ~/.ssh/known_hosts
            send "yes\r"
        } -re "assword:" {
            # Already has public key in ~/.ssh/known_hosts
            send "$password\r"
        } -re "Permission denied, please try again." {
            # Password not correct
            exit
        } -re "kB/s|MB/s" {
            # User equivalence already established, no password is necessary
            set timeout -1
        } -re "file list ..." {
            # rsync started
            set timeout -1
        } -re "bind: Address already in use" {
            # For local or remote port forwarding
            set timeout -1
        } -re "Is a directory|No such file or directory" {
            exit
        } -re "Connection refused" {
            exit
        } timeout {
            exit
        } eof {
            exit
        }
}
SSH保持连接(KeepAlive)
可以使用下面的方法:

增加下面的内容到~/.ssh/config或者/etc/ssh/ssh_config:

Host *
  ServerAliveInterval 60 # in second执行下面的脚本:

while date; do sleep 10; done当要输入命令时,只需要按下ctrl-c.


参考资料
OpenSSH official site.

OpenSSH Manual Pages.

The Secure Shell(tm) Frequently Asked Questions.

SSH Tunnelling (Port Forwarding).

SSH Port Forwarding.

SSH Proxy Command -- connect.c.

Corkscrew -- tool for tunneling SSH through HTTP proxies.

SSH Host Key Protection.

SSH and ssh-agent.

The Expect Home Page.

Pexpect - a Pure Python Expect-like module.

 

--EOF--

ssh local port forwarding

| No Comments

1.公司只提供23 443 80 端口访问

2.FastDomain主机只提供22端口ssh访问

 

1.路由器设置端口转发: 443 -> 192.168.1.1:1080

2.路由器运行:ssh -N -g -L 1080:guduo.net:22 xxx@guduo.net

   转发所有访问路由器1080端口的请求到guduo.net的22端口

   ssh访问路由器1080端口时,实际就是访问guduo.net的22端口,可以看putty访问示例日志:

login as: xxx
xxx@192.168.1.1's password:
Last login: Fri Dec 25 08:07:06 2009 from fast22.fastdomain.com

[xxx@fast22 /home/xxx]
$

3.本地通过plink连接路由器再连接FastDomain建立代理访问:

d:\green_soft\putty\plink.exe -N xxx@路由器WAN -P 443 -pw "xxx_pw" -D 127.0.0.1:1080

 

如果我在FastDomain购买了Dedicated IP,是否可以通过

ssh -N -g -L 8000:localhost:22 xxx@localhost 来直接开启一个8000端口的ssh服务呢?

 

路由器上测试:


~ # ssh -N -g -L 1080:192.168.1.1:80 root@192.168.1.1
root@192.168.1.1's password:

将1080也直接指向httpd的80服务~

 

ssh -N -g -L 1080:guduo.net:22 xxx@guduo.net
所有对本地的1080端口的访问都通过guduo.net被转发到guduo.net的22端口
ssh -N -g -L 1080:guduo.net:22 root@127.0.0.1
所有对本地的1080端口的访问都通过127.0.0.1被转发到guduo.net的22端口

 

zz From http://zhigang.org/wiki/SSH

本地映射(Local Forward)
$ ssh -f -g -A -X -N -T -L 1234:remote-host2:5678 user@remote-host或者通过修改ssh的配置文件:
$ cat ~/.ssh/config
Host remote-host
     Hostname x.x.x.x (your remote host IP)
     LocalForward 1234:remote-host2:5678
     User user
$ ssh user@remote-host所有对本地1234端口的访问都通过remote-host被转发到remote-host2的5678端口。有些DMZ中只开放sshd的22端口,通过本地映射,你可以访问远程计算机上的所有服务

 

--EOF--

升级MT到4.32

| No Comments

参考之前的升级说明,直接照做就可以了,当然,升级之前一定做好mysql备份和MT自己的备份.

 

本次升级,解决了一个小错误提示,参考:

Problems with Movable Type and ImageMagick

http://www.guduo.net/2009/12/000231.html

 

mt-config.cgi加了一行:

ImageDriver NetPBM

 

 

 

--EOF--

http://kb.siteground.com/article/Problems_with_Movable_Type_and_ImageMagick.html

Problems with Movable Type and ImageMagick

The default image driver used by Movable Type is ImageMagick. Sometimes, however, there is a problem with Movable Type and ImageMagick resulting in the following error message in the Movable Type admin area:

 

Image::Magick is either not present on your server or incorrectly configured. Due to that, you will not be able to use Movable Type's userpics feature. If you wish to use that feature, please install Image::Magick or use an alternative image driver.

 

The solution is to change the image driver to NetPBM. You can do this by adding the following line to your mt-config.cgi file:

ImageDriver NetPBM

 

This should resolve the Movable Type image driver issue for good.


http://forums.movabletype.org/2009/03/removing-error-message-on-dashboard.html

 

--EOF--

ssh server dropbear 测试失败

| No Comments

dropbear -w -F -E -p 8000 -P /home/xxx/sshd/dropbear_sshd.pid  -d /home/xxx/sshd/dropbear_dss_host_key -r /home/xxx/sshd/dropbear_rsa_host_key

 

dropbearkey -t rsa -f dropbear_rsa_host_key -s 1024
dropbearkey -t dss -f dropbear_dss_host_key -s 1024


ssh xxx@127.0.0.1 -p 8000
chsh --list-shells
chsh -s /bin/sh yimutian

 

$ chsh -s /bin/sh xxx
Changing shell for xx.
Password:


[25376] Dec 19 05:56:32 Child connection from ::ffff:127.0.0.1:58456
[25376] Dec 19 05:56:38 user 'xxx' has invalid shell, rejected

 

From FastDomain Support:

1.Can't Change Login Shell

2.Can't Change sshd port

3.What Can I Do ?

--EOF--

编译安装:

socks proxy:

ss5

antinat-0.90  依赖 expat-2.0.1

ssh server:

dropbear-0.52

lsh-2.0 依赖 liboop-1.0

 

注意使用编译选项:

./configure CPPFLAGS="-I/path/to/expat/include" LDFLAGS="-L/path/to/expat/lib" --prefix=xxx

--EOF--

Comparison of SSH servers

| No Comments

zz From http://en.wikipedia.org/wiki/Comparison_of_SSH_servers

Comparison of SSH servers

From Wikipedia, the free encyclopedia

Jump to: navigation, search

SSH servers is a software program which uses the secure shell protocol to accept connections from remote computers. This article compares a selection of popular servers.

Contents

[hide]

[edit] General

Name  ↓ Developer  ↓ Status  ↓ Date of first release  ↓ Last release  ↓ Date of last release  ↓ License  ↓ Official web page  ↓
CopSSH Itefix Active 2009-01-16 3.0.1 2009-10-12 BSD CopSSH
Dropbear Matt Johnston Active 2003-04-06 [1] 0.52 2008-11-12 MIT Dropbear
F-Secure SSH Server F-Secure  ? 2004? commercial
freeSSHD Kresimir Petri  ? 1.2.6 2009-??-??  ? [1]
KpyM KpyM Active 1.18 2009-08-01 [2] BSD [2]
lsh Niels Möller Active 1999-05-23 [3] 2.9-exp 2007-04-04 GPL LSH
OpenSSH The OpenBSD project Active 1999-12-01 5.3 2009-10-01[4] BSD OpenSSH
Reflection for Secure IT Attachmate Active 7.1 commercial [3]
Tectia SSH Communications Security Active 1995 6.1 commercial SSH Communications Security
VShell server VanDyke Software, Inc. Active 1995 3.6 2009-12-10 commercial VanDyke VShell

[edit] Platform

The operating systems or virtual machines the SSH servers are designed to run on without emulation; there are several possibilities:

  • No indicates that it does not exist or was never released.
  • Partial indicates that while it works, the server lacks important functionality compared to versions for other OSs but may still be under development.
  • Beta indicates that while a version is fully functional and has been released, it is still in development (e.g. for stability).
  • Yes indicates that it has been officially released in a fully functional, stable version.
  • Dropped indicates that while the server works, new versions are no longer being released for the indicated OS; the number in parentheses is the last known stable version which was officially released for that OS.
  • Included indicates that the server comes pre-packaged with or has been integrated into the operating system.

The list is not exhaustive, but rather reflects the most common platforms today.

Name  ↓ Mac OS X  ↓ Mac OS Classic  ↓ Windows  ↓ Cygwin  ↓ BSD  ↓ Linux  ↓ Solaris  ↓ Palm OS  ↓ Java  ↓ OpenVMS  ↓ Windows Mobile  ↓ IBM z/OS  ↓ AmigaOS  ↓ AIX  ↓ HPUX  ↓ iPhone / iPod Touch  ↓ WebOS  ↓
CopSSH No No Yes Yes No No No No No No No No No No No No No
Dropbear Yes No No Yes Yes Yes Yes No No No No No No No No No Yes
lsh Yes No No No Partial Yes Yes No No No No No No No No No No
OpenSSH included No Yes included included included Yes No No Yes No Yes Yes Yes Yes Yes Yes
KpyM No No Yes No No No No No No No No No No No No No No
freesshd No No Yes No No No No No No No No No No No No No No
  • ^  lsh supports only one BSD platform officially, FreeBSD.[citation needed]
  • ^  The majority of Linux distributions have OpenSSH as an official package, but a few do not.
  • ^  Openssh 3.4 was the first release included since AIX[citation needed]
  • ^  Unless otherwise noted, iPhone refers to non-jailbroken devices.
  • ^  [4]
  • ^  Only for jailbroken devices.
  • ^  OpenSSH and Dropbear are available as optware packages installed by PreWare (maintained by WebOS-Internals.org)

[edit] Features

Name  ↓ SSH1  ↓ SSH2  ↓ Port forwarding  ↓ SFTP  ↓ SCP  ↓ Compatible with OpenSSH authorized keys  ↓ Privilege separation  ↓
CopSSH Yes Yes Yes Yes Yes Yes Yes[5]
Dropbear (software) No Yes Yes No No[6] Yes  ??
Lsh No Yes Yes Yes Yes  ??  ??
OpenSSH Yes Yes Yes Yes Yes Yes Yes[7]

[edit] See also

[edit] References

--EOF--

sock5 proxy server

| No Comments

Antinat

For UNIX-like environments, Antinat uses the autoconf system to provide "./configure && make && make install" style compilation.

However, you will need to have installed expat (including expat-devel) in order to compile. If the configure script is unable to locate your installation of expat, you may need to specify it on the command line:

./configure CPPFLAGS="-I/path/to/expat/include" LDFLAGS="-L/path/to/expat/lib"
The only compiler being supported on UNIX is gcc, version 2.95.3 or newer. If you use a different compiler and encounter compilation problems, by all means send in patches or bug reports, but there is no guarantee that compilation will always work with your compiler.

If you wish to include verbose output in your build, use the --with-feedback switch to configure; if you want compilation warnings turned on (gcc only!) use --with-warnings.

IPv6 is not compiled by default. If you want to include it (and know what you're doing) use --with-ipv6. Note that IPv6 support is incomplete (no filtration) and not well tested. You have been warned.

 

ss5

Description
SS5 is a socks server that implements the SOCKS v4 and v5 protocol. As a proxy server, SS5 authenticates, profiles and processes network requests for clients. It establishes connections to application hosts for client applications. When the client attempts to access the network, the client connects to the SS5 daemon instead of the application host.

Following authentication, clients request that SS5 perform network activities for the client. The activities might include:
Connect
Bind
Udp Associate
The SS5 protocol is independent of application protocols, and can assist with different networking services, including telnet, ftp, finger, whois, gopher, and WWW access.

 

socks5-v1.0r11

 

--EOF--

家中的DD-WRT还是两年前买的时候热心刷过,一年前因为公司网络限制进行了一些配置。

这几天Linksys被LP无情折腾,可能是插拔电源的时候有异常,这2天在公司忙,也没细看,反正是发现无法在公司访问路由器了,动态域名根本就没更新,心里想着不会最近的YD把动态域名服务商也搞残废了吧?

晚上回来痒痒着试了试,发现居然无法web登录进入管理界面,很郁闷。因为我一直是没有设置安全机制来使用WIFI的,还担心密码被窃取,郁闷了一阵。后来上网找到默认的用户和密码居然可以登录,进去后竟然发现所有的配置信息都已经丢失,无奈只好重新配置。

1)service->Secure Shell(安全外壳)->SSHd  启用

2)应用程序->端口转发进行配置:

   源端口: 443 8000 8080

   目的端口: 22

3)管理->远程管理->ssh 管理 启用,ssh 端口 80

4)继续增加MAC地址过滤

 

 

--EOF--

MIE没法用了:(

| No Comments

最新消息
2009年11月13日 「福中寶加強版」及「博達智財動力報價系統」將會於2009年12月1日起停止服務 
 
「福中寶加強版」及「博達智財動力報價系統」將會於2009年12月1日起停止服務。

 我們推介功能更強大的「福中寶閃電交易版」或其他取代以上兩個報價。

 

这个东西导致我之前的n个帐户无法继续使用,可怜:(

--EOF--

Pages

May 2016

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

About this Archive

This page is an archive of entries from December 2009 listed from newest to oldest.

November 2009 is the previous archive.

January 2010 is the next archive.

Find recent content on the main index or look in the archives to find all content.