Search Results

Change the default "khadas" password in Ubuntu Mate to something more secure. Login To Your Khadas VIM Via SSH or VNC $ passwd $ (current) UNIX password: khadas $ Enter new UNIX password: $ Retype new UNIX password: Remember that the passwd command will change the password for whichever account you’re logged in as. If it’s the default khadas account, you will be changing the password for that! Khadas Products Used In This Post: VIM2 Pro — $119.90 Links To Other Articles: Encrypting Your VNC Sessions In Ubuntu Encrypting Your VNC Sessions In Mac OS X Changing Your VNC Server’s Password Adding A New SSH User Account

You may want to encrypt your VNC sessions to protect passwords and other sensitive information. Encrypting using Ubuntu is easy, simply click on the SSH tab in the Remote Desktop Preference pane, and add the following settings: ...inside Remmina Client...SSH tab... - Enable SSH tunnel - Tunnel via loopback address - Same server at port 22 - Username: khadas - Password One thing to note! The VNC password and your SSH passwordcould be different! In the next article, I’ll show you how to change both passwords. Basically, your VNC server daemon has one password, and the SSH tunnel used for encryption has another password, that is the same as the account you’re using for your SSH tunnel. However, if you’re using the defaults, then both the VNC password and the SSH password should be khadas. ...your default username is... khadas ...your default password is... khadas Khadas Products Used In This Post: VIM2 Pro — $119.90 Links To Other Articles (in progress): Encrypting Your VNC Sessions In Mac OS X Changing Your VNC Server’s Password Changing Your SSH Password Adding A New SSH User Account

Turn your Khadas VIM into an OpenVPN, SSH tunnel, for your iPhone or iPad! 0. Why Tunnel OpenVPN Over SSH? In certain parts of the world, the OpenVPN protocol is blocked, and even modifying it’s config-file to run on port 443 doesn’t help. This means that even with OpenVPN, access to the free-internet is restricted. In such cases, our only method to access the internet is through an SSH Tunnel. Popularly, Linux and Unix machines can use an app like sshuttle to route all network traffic via an SSH Tunnel. However, devices like iPhones and iPads, don’t support SSH tunnelling, *ahem* Apple. They do however support OpenVPN. This guide will be about connecting your iPhone or iPad via OpenVPN, over an SSH tunnel hosted by your Khadas VIM SBC, that will act as a “local tunnelling proxy” on your LAN. 1. Before We Begin This guide is for intermediate to advanced users, and assumes that you’ve already installed Ubuntu into your Khadas VIM, and know how to login to it using VNC or SSH. If you don’t know, please refer to my previous guide here: Khadas VIM Remote Control Via VNC. You’ll also need the following tools: Cloud Server, on Digitalocean.com, Vultr.com (AWS doesn't work). Laptop with Sublime Text, so you can edit the OpenVPN config-files. Your iPhone or iPad, with OpenVPN app. Khadas VIM, with Ubuntu Mate installed. 2. Generate SSH Keys For Your Khadas VIM Once logged into your Khadas VIM via VNC or SSH, generate an SSH key pair for the khadas user (ssh khadas@x.x.x.x). We will use this key-pair for logging into your Cloud Server later. $ ssh-keygen -t rsa # leave the passphrase empty! Once key generation is complete, you should see 3 files, id_rsa, id_rsa.pub, and known_hosts, in the directory /home/khadas/.ssh/. We will need these files so that your Khadas VIM can automatically generate an SSH tunnel with your remote OpenVPN Cloud Server when it boots up. Next you’ll need to copy these SSH key files from the khadas user to the root user, this is because, when the system boots, root will be the one opening the SSH Tunnel, so it needs the key files too. # login as root $ su root $ Password: khadas (default root password) # copy files to /root/.ssh/ $ cd .ssh $ ls $ cp id_rsa /root/.ssh/id_rsa $ cp id_rsa.pub /root/.ssh/id_rsa.pub $ cp known_hosts /root/.ssh/known_hosts # check that you've copied the files successfully $ cd /root/.ssh/ $ ls 3. Add Your Public SSH Key To Vultr This guide assumes you’ll be using Vultr.com as your cloud hosting provider for the OpenVPN server. At the same time, similar steps should work just fine for Digitalocean.com. Open LibreOffice Writer, it can be found in Applications/Office/. In LibreOffice Writer, go to File/Open, then switch your “Location” to /home/khadas/.ssh/. And then select and open the id_rsa.pub key file. Copy the entire text, which is your SSH public key. Next, using the Chromium Browser on your Khadas VIM, login to Vultr.com and select “SSH Keys”, and then “Add SSH Key”. Paste in your Public SSH Key, and give it a nice name, in my case, I gave it a very logical “Khadas VIM” name. Then press “Add SSH Key” to save. 4. Deploy A Cloud Server With Your Khadas’ SSH Key Press the “+” button in the upper-right-hand corner, and deploy a $5/month, CentOS server, in any location of your choosing. I usually like Tokyo, because for some reason, that datacenter is fast. The worst is New Jersey and Miami! Remember to add your Khadas’ public SSH key to the server! Give your server a nice Hostname and Label, then click “Deploy Now”. 5. Install OpenVPN Into Your Cloud Server This step is relatively straightforward, you’ll need to install OpenVPN into your Cloud Server, and configure it to run via TCP only. Remember that SSH can only forward TCP connections and not UDP connections. Open your Mate Terminal, and SSH to root@x.x.x.x, whereby x.x.x.x is the IP-address of your deployed cloud server. Then enter yes. You will realise that it won’t ask you for a password, because it’s using your public SSH key. $ ssh root@x.x.x.x $ ... (yes/no)? yes # x.x.x.x is the ip-address of your deployed cloud server! Next navigate to the root directory, and create a bash file called install_vpn.sh, it can be any name really. $ sudo nano install_vpn.sh Then paste in this OpenVPN installation script, from here. Yes nobody has time for a manual install — “ain’t nobody got time for that”. install_vpn.sh : https://pastebin.com/R4M0nSms After saving the bash-script, run it! $ sudo bash install_vpn.sh The script will ask you some questions before it runs the install process, just follow the steps I’ve pasted below: # OpenVPN Installation Script IP address: x.x.x.x (default one works fine) Protocol [1–2]: 2 (choose TCP!!!) Port: 1194 (you can try 443 if it works better for you) DNS [1–5]: 4 (I like to use 4, you can choose 3, or 5) Give it a meaningful name, like khadas, actually the name doesn’t matter, just keep it simple, it must not have illegal characters like spaces and dashes! # some tips for the client name Client name: khadas (this is ok) Client name: apple, orange, pearapple (these are all ok) Client name: my client (this is not ok) Client name: my-client (this is not ok) Key generation will take a minute or two, be patient. Once key generation is complete, it should save your OpenVPN configuration file to /root/khadas.ovpn, for example. If the file is not saved, it means that your specified file-name contains illegal characters. So it’s best to choose a simple name like khadas. Now it’s time to logout, our work here is done. $ exit 6. Configure The SSH Tunnel On Your Khadas VIM Finally the fun part, we get to turn your Khadas VIM into a permanent “local tunnelling proxy” via SSH for your iPhone or iPad! Run the command below to open the SSH tunnel. # open the ssh tunnel on port 5252 (local) to 1194 (remote) $ ssh -N -f -L *:5252:localhost:1194 root@x.x.x.x Your local port can be anything that’s unused e.g. 5252, your remote port should be either 1194 or 443, depending on what you specified earlier during installation. x.x.x.x is the ip-address of your OpenVPN Cloud Server. Your tunnel is now opened. Next we want to configure your Khadas VIM to open this SSH tunnel everytime it boots up, so we need to edit your/etc/rc.local file. $ sudo nano /etc/rc.local Add the same line into your rc.local file, so its executed on boot. # ... ssh -N -f -L *:5252:localhost:1194 root@x.x.x.x exit 0 Then press Control-X to save and exit /etc/rc.local. If you find that your Khadas VIM is having trouble opening the SSH tunnel on reboot, you'll need to check your systemctl diagnostics by running the command: $ sudo systemctl status rc.local It will usually be an error with your SSH key files, you may not have copied them properly. 7. Download & Modify The OpenVPN Client Configuration File Created In Step 5 (.ovpn) Using your laptop or Khadas VIM, use sftp to login to your OpenVPN Cloud Server. You may have to input your server password, if your laptop SSH keys are not registered. The password can be found from vultr.com. $ sftp root@x.x.x.x $ (yes/no)? yes $ cd /root/ $ ls $ get khadas.ovpn The .ovpn file, as saved to my home-directory in Mac OS X. Open this file in Sublime Text, and edit the ip-address and port-number of the remote host. # open your .ovpn file in Sublime Text, or VIM, or Nano, remote # in my case, it was, remote 10.0.1.18 5252 If you still don’t know the IP address of your Khadas VIM, you really shouldn’t be reading this guide. Anyway, you can find it from: # from MATE Terminal... $ su root $ Password: khadas #default password for root $ ifconfig wlan0 # see inet addr: x.x.x.x Once you’ve modified and saved your .ovpn file, it’s time to load it into your iPhone or iPad. You can send it in an email to yourself, or a Whatsapp message, or even host it on an Apache server somewhere — it doesn’t matter. For me, I simply save it to my iCloud Drive, and use the Files App on my iPhone to download it. 8. Load The OpenVPN Configuration File Into Your iPhone or iPad Open the Files app on your iDevice. Navigate to the folder containing your .ovpn file, and download it. Open the file in your OpenVPN app. If you haven’t already installed it, download it from the App Store. Press the green-coloured “+” button to add this configuration profile to the app. You’ll notice it says 10.0.1.18, which is the LAN ip-address of our Khadas VIM! 9. Connect Your iPhone to OpenVPN Press “Connect” to start OpenVPN! 10. You’re Done! Great Work, Genius! So that’s it really, your iPhone is connected to your Khadas VIM via OpenVPN on port 5252, and your Khadas VIM is forwarding that OpenVPN connection via SSH Tunnel to port 1194 on your remote cloud server, on Vultr.com. 11. Adding More OpenVPN Server Users So let’s say your buddy in the office is getting jealous that you can surf the web freely, and he wants to use your OpenVPN server too, what can you do? Well unlike running OpenVPN via UDP protocol, whereby you can use the same .ovpn configuration for multiple users, running your OpenVPN server via TCP, means you need a new configuration file for each OpenVPN user. To do this, login to your Vultr.com cloud server via SSH, and run the install_vpn.sh file again, and then repeat steps 7 to 10. # from MATE Terminal, or your favourite SSH client $ ssh root@x.x.x.x $ cd / $ bash install_vpn.sh # install_vpn.sh bash-script Select an option [1-4]: 1 Client name: buddyuser # can be anything simple Take note of where the .ovpn file is stored. In my case, it’s /root/buddyuser.ovpn. You’ll then need to follow steps 7 to 10, to download it and get it working on your buddy’s phone or laptop. 12. Discussions On Performance Running OpenVPN via TCP instead of UDP is a definite performance hit, because TCP is slower than UDP. Running OpenVPN via TCP, via an SSH Tunnel, is an even larger performance hit — it’s like double encryption. Personally, I found performance to be acceptable, whereby I had two devices stream YouTube simultaneously, with no hiccups. You can download an app to your Khadas VIM to monitor the network performance. # how to install iftop to your Khadas VIM $ sudo apt-get install iftop $ sudo iftop -i wlan0 For the technically inclined here’s some performance data from speedtest.net. Okay that’s all. This article was written and published via OpenVPN tunnelled through SSH using TunnelBlick for Mac (freedom)! If you liked it, do remember to share, and leave comments if you have any ways to improve it. :) Khadas Products Used In This Post: VIM2 Pro — $119.90 Links To Other Articles: How To Install VNC Server On Ubuntu Mate

Get your Khadas VIM SBC to notify you when it boots up! 1. Login To Your Khadas VIM Via SSH $ ssh khadas@x.x.x.x $ khadas@x.x.x.x's password: khadas 2. Create A Bash Script $ cd /home/khadas $ nano notify.sh 3. Paste The Following Telegram Web-Request String ...paste this into the nano editor...but edit it first! !/bin/bash curl "https://api.telegram.org/bot/sendMessage?chat_id=&text="$(hostname -I | sed 's| |%20|g')"" Substitute these variables with your own, I will explain how to get them later: ...save and exit nano...press the following keys... [ Control-X ] [ y ] [ Enter ] Do note that you can modify $(hostname -I | sed ‘s| |%20|g’) to include additional information that you want to pull from the Khadas VIM. Just remember to substitute all spaces with %20 using sed! 4. Edit The rc.local File To Run The Bash Script On Boot $ sudo nano /etc/rc.local ...above the line that says "exit 0"...add the following line... /home/khadas/notify.sh ...save and exit rc.local...press the following keys... [ Control-X ] [ y ] [ Enter ] 5. Reboot Your Khadas VIM To Test Alternatively, just run the bash script within the ssh session, to see if it works, before you reboot to do a final test. $ bash /home/khadas/notify.sh You should see this as the result: 6. How To Get A Open your Telegram Chat app for your smartphone or PC, and type “botfather” into the search field. Here’s a link if you can’t find him: https://t.me/BotFather ...search for... botfather ...talk to botfather using these commands... /start /newbot The will be highlighted in red colour! Copy it! 7. How To Get A Create a new group. Press the compose button, then press New Group. Add at least one user into this group. Don’t add TeleCast v1.0, add another user or even the bot you created earlier in step 6. Just press “next” to continue on. Give your group a name…in my case, I called it the “VIM_Demo_Group”. Press the three dots … and then press Info. Inside the information pane, press + Add Member. Add the bot you had created previously in step 6. Telegram search is a bit flaky, be sure to type your bot’s full name, exactly. Now visit the TeleCast v1.0 bot for real, and type /start, to begin interacting with it. Here’s a link if you can’t find it: https://t.me/telecast_v1_0_bot Now you may add TeleCast v1.0 into your newly created Telegram Group. After TeleCast v1.0 has been added to your group, type /telecast. Return to the TeleCast v1.0 bot (https://t.me/telecast_v1_0_bot), and type /chn, it will then display your of the group you just created! Copy it! It always starts with a -minus sign. Remember to copy the minus sign as well! 8. Naming Your Khadas VIM With You can name your Khadas VIM anything you like, just be sure that it follows some rules… "My Name" should be spelt as "My%20Name" without the double-quotes. Any special characters should be converted to web-safe characters, please refer to: https://www.w3schools.com/tags/ref_urlencode.asp For The Lazy: If you don't want to go about getting your own , and , you're welcome to use mine first. Simply copy this exact string into your notify.sh bash script. #!/bin/bash curl "https://api.telegram.org/bot606694295:AAEnUENJJwhDBBQzehVtupaxFdQ-2T6p0LA/sendMessage?chat_id=-285153354&text=VIM%20Booted%20"$(hostname -I | sed 's| |%20|g')"" 606694295:AAEnUENJJwhDBBQzehVtupaxFdQ-2T6p0LA -285153354 VIM%20Booted%20 You can visit the Telegram Group here, its not a secret, you're welcome to add your own bots, just don't spam please: https://t.me/joinchat/GXXcFRD_GEqU1eNPmkkCCQ Khadas Products Used In This Post: VIM2 Pro — $119.90 Links To Other Articles (in progress): How To Install VNC Server On Ubuntu Mate Installing Ubuntu Mate into Khadas VIM2 Encrypting Your VNC Sessions In Ubuntu Encrypting Your VNC Sessions In Mac OS X Changing Your VNC Server’s Password Changing Your SSH Password Adding A New SSH User Account

Remote control your Khadas VIM from a smartphone or PC, without a monitor! 0. Why Install VNC Into Your Khadas VIM SBC? In many instances, you may not have or want an external monitor connected to your Khadas VIM. Or you may have a need to connect to your VIM remotely, but still want a Graphical User Interface (GUI), instead of just an SSH shell. This is when a VNC server comes in handy! Using VNC, you can also connect to your Khadas VIM via your smartphone to impress your friends! 1. Ensure You Have Ubuntu Installed In Your Khadas VIM SBC This guide will assume that you’ve already installed Ubuntu Mate into your Khadas VIM, using the Android-Ubuntu Dual-Boot image found here. If you have not installed Ubuntu yet, check out my other guide, “How to Install Ubuntu Into Khadas VIM”. 2. Get Ethernet Or Wi-Fi Working On Khadas VIM The next step is to get the Ethernet or Wi-Fi to work, we need this because we will need to use the SSH shell to install the VNC server. You have 2 options: Method 1 — The easier method, is to just plug in an external monitor via HDMI cable, so that you can use a keyboard and mouse to connect to your home Wi-FI. Method 2 — The not so easy method, is to plug an Ethernet cable into your VIM, and then use a LAN scanner like the Fing app, to find it on your LAN. What do I use? I wrote a little startup bash script, that sends me a Telegram notification every time my Khadas VIM boots up. That’s another story for yet another guide. 3. Logging Into Khadas VIM Using SSH Once you’ve found the IP-address of your Khadas VIM, simply open Terminal on your Mac to use SSH to login to it. For Windows users, you will need to download Putty. By default, both the username and password are khadas. Username: khadas Password: khadas $ ssh khadas@x.x.x.x $ khadas@x.x.x.x's password: khadas x.x.x.x = your Khadas VIM’s IP address. 4. Update Your Khadas VIM’s Ubuntu Mate OS This step may seem weird and unfamiliar to people who are not acquainted with Linux. Although Linux doesn’t have a GUI updater, updating is done easily via the terminal. $ sudo apt-get update && sudo apt-get upgrade 5. Install The VNC4Server Into Your Khadas VIM’s Ubuntu Mate OS This step is the easiest, simply respond yes to any questions that arise, and the process will complete itself automatically. $ sudo apt-get install vnc4server 6. Startup The VNC4Server, Then Kill It We need to start the VNC server so that we can figure out where it’s configuration files are stored. After that we need to kill it, so that we can modify the configuration file. $ vncserver :1 $ vncserver -kill :1 Let’s explain some things for the beginners, vncserver is the shell command to launch a new VNC daemon in Ubuntu Mate. -kill is the used when you need to kill the daemon. Finally, :1 is the network on which you want to run the daemon on. For example, if you want to run two VNC daemons simultaneously, type vnc server :1 && vncserver :2 into the terminal. You can then connect to them on ports 5901 and 5902 respectively. If you need to kill them both, type vncserver -kill :1 && vncserver -kill :2. && is just the command used when you want to run two shell commands on the same line. 7. Edit your VNC4Server’s Configuration File Now we need to edit your config file so that when you login to your Khadas VIM via VNC, it will start up the graphical user interface. By default it does not! You can find the configuration file’s directory, when you previously issued the command vncserver :1. You will find it on the line that says “Starting applications specified in …”. Now that you know where the configuration file is…you can then issue the command to edit the configuration file. sudo is the command given to execute your command as root. If you do not have sufficient privileges to do something, just add sudo in front. $ sudo nano /home/khadas/.vnc/xstartup ...move the cursor to the bottom of the file, using the arrow keys on your keyboard, then type in... mate-session ...press the following keys on your keyboard... [ Control-X ] [ y ] [ Enter ] If you did all the above correctly, and in the correct sequence, you would have saved your configuration file with the line mate-session at the bottom! mate-session is the command for starting up Ubuntu Mate’s graphical user interface (GUI). 8. Ensure Your VNC4Server Starts On Ubuntu Mate Boot Up This step is very important, if you don’t do this, you will not be able to reconnect to your Khadas VIM via VNC if it is rebooted, or loses power. $ crontab -e ...move the cursor to the bottom of the file, using the arrow keys on your keyboard, then type in... @reboot /usr/bin/vncserver :1 You can also add additional VNC daemons to run on startup by adding additional lines such as: ...this step is OPTIONAL... @reboot /usr/bin/vncserver :2 #port 5902 @reboot /usr/bin/vncserver :3 #port 5903 Once you’re done, use your keyboard to exit the text editor. ...press the following keys on your keyboard... [ Control-X ] [ y ] [ Enter ] 9. Start the VNC4Server Daemon $ vncserver :1 You can check if the server is listening on port 5901 by using netstat. You should see a TCP6 Protocol, running on port 5901. That port should be in a LISTEN state, which means that it is listening for inbound connections. ...this step is OPTIONAL... $ netstat -a 10. Connect To Your Khadas VIM By VNC Client This is the fun part that we’ve all been waiting for…actually connecting to our Khadas VIM via VNC, so we get the full desktop experience! First you’ll need to download the RealVNC Client. https://www.realvnc.com/en/connect/download/vnc/ If you’re on iOS, you can also download their iOS app. https://itunes.apple.com/bt/app/vnc-viewer-remote-desktop/id352019548?mt=8 On your Mac, run the RealVNC app, and type in your VIM’s ip-address, followed by the port that your VNC daemon is running on. In my case it’s 192.168.0.37:1. ...inside the RealVNC desktop app... x.x.x.x:1 If your VNC daemon is running on another port such as 5902, then type: ...change the number, depending on the port you chose... x.x.x.x:2 Password: khadas Tada, you’re done! If you’ve got this far, you’re a genius! Khadas Products Used In This Post: VIM2 Pro — $119.90 Heat Sink — $9.90 DIY Case — $14.90 HDMI Cable — $2.90 USB-C Cable — $2.90 Metal Plate — $8.90 Minimally, you’ll need the VIM2 Pro. If you want the DIY Case, then get the Heat Sink too. HDMI, USB-C cables, and the metal plate are optional. Links To Other Articles (in progress): Installing Ubuntu Mate into Khadas VIM2 Sending Telegram Notifications On Boot-Up Encrypting Your VNC Sessions In Ubuntu Encrypting Your VNC Sessions In Mac OS X Changing Your VNC Server’s Password Changing Your SSH Password Adding A New SSH User Account