Saturday 23 February 2008

ACPI and WiFi card Intel PROWireless on Asus M5200ae M5A

In this post tweaking wireless card Intel PROWireless 2200 is described. It is a little bit tricky to get such card to work on Asus M5200AE notebook. But using latest extras from acpi4asus project, my wifi card works perfectly.


Intel PRO/Wireless 2200
Because this adapter is made by Intel, no problems should appear during installation of the drivers. It is required to download the firmware from here, unpack it and copy to /usr/share/firmware

Also you must install the packages for wireless networking:

aptitude install wireless-tools, kwifimanager, kwirelessmonitor-net kwirelessmonitor kwrapper
And also install packages for ACPI:
aptitude install acpi-support acpid laptop-mode-tools
If all steps were performed correctly then during boot process should be such strings:
ieee80211_crypt: registered algorithm 'NULL'
ieee80211: 802.11 data/management/control stack, 1.1.14
ieee80211: Copyright (C) 2004-2005 Intel Corporation
ipw2200: Intel(R) PRO/Wireless 2200/2915 Network Driver, 1.1.3dmprq
ipw2200: Copyright(c) 2003-2006 Intel Corporation
ACPI: PCI Interrupt 0000:01:05.0[A] -> GSI 18 (level, low) -> IRQ 17
ipw2200: Detected Intel PRO/Wireless 2200BG Network Connection
ipw2200: Radio Frequency Kill Switch is On:
Kill switch must be turned off for wireless networking to work.
ipw2200: Detected geography ZZM (11 802.11bg channels, 0 802.11a channels)
It seems to work, but there are suspicious string emphasized by red bold font. What is a "Kill Switch" and why you can not connect to wireless networks when it activated?

Radio frequency killer
There is a combination of keys that turns on and off a radio transmitter of the WIFI chip. Such combination is often mentioned as "Kill Switch", thus is you did not deactivated such kill switch then yours WiFi ciph is turned off and nothing can help you.

To test Kill Switch is on or off, you can type such command:
# cat /sys/bus/pci/drivers/ipw2200/0000\:01\:05.0/rf_kill
2
According to the documentation we have:
rf_kill
read -
0 = RF kill not enabled (radio on)
1 = SW based RF kill active (radio off)
2 = HW based RF kill active (radio off)
3 = Both HW and SW RF kill active (radio off)

End of story: Kill Switch is on, Wifi's radio transmitter is turned off. It also can be checked by iwconfig:

eth3 radio off ESSID:"virens"
Mode:Ad-Hoc Frequency:2.412 GHz Cell: Not-Associated
Bit Rate:0 kb/s Tx-Power=off Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

As usual, Kill Switch key combination on notebooks is Fn+F2 but on your notebook it may be different.

For the key combination to turn on you need to activate ACPI extras for your notebook. For Asus laptops it is Asus Extras. You need to obtain latest version of the asus_extras driver from SVN of the Acpi4Asus project.
For those who compiled the kernel by themselves, here are some guidelines:

Power management options (ACPI, APM) --->
[*] Power Management support ---->
[*] ACPI Support:
<М> AC Adapter
<М> Battery
<М> Button
<М> Video
<М> Fan
<М>Processor
<М>Thermal Zone
< > ASUS/Medion Laptop Extras
<--- TURN OT OFF!
Next, turning on the support of a Radio Frequency Kill Switch

Networking --->
[*] Networking support -->
Improved wireless configuration API
--- Wireless extensions
<М> Generic IEEE 802.11 Networking Stack (mac80211)
[ ] Enable debugging output
<М>Generic IEEE 802.11 Networking Stack
[ ] Enable full debugging output
--- IEEE 802.11 WEP encryption (802.1x)
<М> IEEE 802.11i CCMP support
<М> IEEE 802.11i TKIP encryption
<М> Software MAC add-on to the IEEE 802.11 networking stack
[ ] Enable full debugging output

In the Networking section turn on:
<*> RF switch subsystem support --->
<*> Input layer to RF switch connector
It is certainly that you need the NAT for providing Internet connections from you laptop, thus you need to activate NAT and Masquerading:

Networking --->
[*] Networking support -->
Networking options --->
[*] Network packet filtering framework (Netfilter) --->
Core Netfilter Configuration --->

<*> Netfilter netlink interface
...
<*> Netfilter connection tracking support

IP: Netfilter Configuration --->
<*> IPv4 connection tracking support (required for NAT)
[*] proc/sysctl compatibility with old connection tracking
<*> IP tables support (required for filtering/masq/NAT)
<*> IP range match support
<*> TOS match support
<*> recent match support
<*> ECN match support
<*> AH match support
<*> TTL match support
<*> Owner match support
<*> address type match support
<*> Packet filtering
<*> REJECT target support
<*> LOG target support
<*> ULOG target support
<*> Full NAT
<*> MASQUERADE target support
<*> REDIRECT target support
<*> NETMAP target support
<*> SAME target support
...
<*> Packet mangling
<*> TOS target support
<*> ECN target support
<*> TTL target support

Next thing to do is activation of the wireless card.

Device Drivers ---->
Network device support --->
[*] Network device support
.................
Wireless LAN --->

[*] Wireless LAN (IEEE 802.11)
<М> Intel PRO/Wireless 2200BG and 2915ABG Network Connection
<------- this is our driver, let's compile it as a module
[*] Enable promiscuous mode
--- Enable radiotap format 802.11 raw packet support
[*] Enable creation of a RF radiotap promiscuous interface
[*] Enable QoS support
[*] Enable full debugging output in IPW2200 module.


Enabling firmware load:
Device Drivers ---->
Generic Driver Options ---->
Hotplug firmware loading support

For the connection to be encrypted you need to turn on encryption support:

Cryptographic options ->
<*>ARC4 cipher algorithm
<*>Michael MIC keyed digest algorithm
<*>AES cipher algorithms (i586)

And also this one:
Library routines ->
<*>CRC32 functions


After all you need to turn on the LED's support for indication of a wireless status. In the Device Drivers section:

Device Drivers ---->
LED devices --->
[*] LED Support
<*> LED Class Support
--- LED drivers
--- LED Triggers

That's all; compile the kernel and reboot with it.

Let's fire up!
It is practically all that needed for your wireless happiness. During the boot process our kernel must detect the wireless card and turn it on. Now press Fn+F2 and the WiFi LED must turn on. If it works then all is done correctly and WiFi now can be used. Let's check the state of Kill Switch:
# cat /sys/bus/pci/drivers/ipw2200/0000\:01\:05.0/rf_kill
0
That's it, the radio is turned ON. Now type:
# iwconfig
lo no wireless extensions.

eth1 no wireless extensions.

Warning: Driver for device eth3 has been compiled with version 22
of Wireless Extension, while this program supports up to version 20.
Some things may be broken...

eth3 unassociated ESSID:"virens"
Mode:Ad-Hoc Frequency=2.412 GHz Cell: Not-Associated
Bit Rate:0 kb/s Tx-Power=20 dBm Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
It works! The rest of the job is simple: just configure an ad-hoc network. For the network to be configured you need to edit /etc/network/interfaces like this:

auto eth3
iface eth3 inet static
address 10.106.146.1
netmask 255.255.255.0
wireless-mode ad-hoc
wireless-channel 1
wireless-rate auto
wireless-essid virens

Now let's tweak network card:
iwconfig eth3 mode Ad-Hoc channel 1 essid virens
That's all and you got simple ad-hoc network with identifier virens .
Read more...

Sunday 10 February 2008

SSH for mere mortals

There are a lot of documents about the SSH, but in this post I want to tell about simple things. Let me explain some simple and obvious SSH tricks...


How to install SSH in Debian

From the Etch's release, packages for the SSH client and server are separated. Hence let's install SSH using command:

# aptitude install ssh
or
#
aptitude install openssh-server openssh-client
and wait a few moments for configuration of the packages.

On a client side
Now we must edit the configuration files located in the /etc/ssh directory. A client-side config file is ssh-config and a server-side config file is sshd-config. On a client-side let's allow to receive X11Forward; or such purposes, changing:
ForwardX11 yes
ForwardX11Trusted yes
Now the client machine can start the graphical applications on a server. Now let's go to the admin of the far-far-away kingdom server...


On a server-side
We need to edit config file (you have root password from the server, aren't you? :-)) in  /etc/ssh/sshd-config and changing the keys to such ones:
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
Here we allowed to start graphical applications remotely and redirect them in the client machine. Restart the SSH daemon:
sudo /etc/init.d/ssh restart
That's practically all.

If there is necessity to restrict access to the machine, one need to change config file /etc/ssh/sshd_config in such way:
AllowUsers hacker@*
AllowUsers *@192.168.1.*


SSH in work
It's all done, now open console and type:
$ ssh remoteusername@ip_address_remotemachine
For example, in my case I write: ssh beast@192.168.1.5

After that, the SSH daemon asks us: this IP address isn't recognized yet, can I trust them? Sure! :-) Next, type the password of remote system, and if the password is correct then you log in into shell of the remote machine. During password typing you see nothing; you have 3 attempts or connection lost.
So, the SSH system will greet us like this:

penta4@penta4rce:~$ ssh beast@192.168.1.5
Password:
Linux notebeast 2.6.15.7 #3 PREEMPT Sun Jul 2 12:51:07 MSD 2006 i686 GNU/Linux

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Tue Oct 10 19:23:57 2006 from 192.168.1.1
beast@notebeast:~$

Now we control remote computer: don't entangle machines or you shut down the wrong one! :-)


Remote using of the graphical applications
When you logged in, just type the name of the program with ampersand at the end of command:
$ gimp&

This command starts the GIMP on the remote machine and returns command prompt to you. If you do not enter ampersand then command prompt of the current SSH shell locks and returns only after application's over.

Thus, started remotely application is redirected to your machine and works the same as it started on your machine. Of course, the remotely started application will use files on the remote filesystem.


Conclusion
It is clear that SSH can be useful to mere mortals and not only for gurus. More about SSH one can  read in Goooogle or in this  this or this inks.


Read more...