Browse Securely Using an SSH Tunnel and Raspberry Pi

Any time you use an unsecured wifi connection at a public location such as a coffee shop, you run the risk of a nearby device spying on data you are sending and receiving. This post will go over setting up an SSH tunnel connected to a Raspberry Pi (or other linux device) at home that will not only secure your connection, but also get around any content filtering the location may have in place. It is also a quick and easy way to remote into your home network without having to use a VPN.

The Raspberry Pi is an ideal device for this because it is cheap, easy to setup, and uses very little power. 

Keep in mind, this does not anonymize your internet activity so don't get any ideas about using this for nefarious purposes.

If you already have your SSH server configured, skip ahead to the computer setup.
Mac
Linux
Windows

Hardware Requirements
1. Raspberry Pi Model B running Raspbian and connected to your home LAN.
2. Internet router capable of port forwarding
2a. Internet router capable of Dynamic DNS (Optional)
2b. Dynamic DNS Service (Optional)

Actually, any model Raspberry Pi will do. I list the Model B because all you need to do is plug it into your home network.
For the router, I think it would be harder to find a device that doesn't support port forwarding. Consult your manual for setup, as the process can be quite different depending on the brand you have.
I definitely recommend using a dynamic DNS service as it will make your life a lot easier in the long run. While I haven't used it, I have read good things about Duck DNS at https://duckdns.org/about.jsp

Raspberry Pi Setup
Follow one of the many multitudes of setup guides. This is an excellent place to start: http://www.raspberrypi.org/help/quick-start-guide/
For this guide, the Pi must:
1. Be able to reach the internet
2. Have a static IP on your LAN.

Please note your LAN IP address for the router setup.

Router Setup
Follow the instructions for your router to forward port 22 to the IP address of the Pi..

Note your home IP address
If you don't have a static WAN IP and are not using a Dynamic DNS service you need to check your IP before you leave home. There are many options to find your IP, here are a few:
  • Go to google.com and type "what is my ip" and your public address should be at the top of the page. 

Setup Your Device

OS X Yosemite
1. Open the terminal and type the command below. Change user to the username on the destination Raspberry Pi (usually "pi"), and home_fqdn to your Dynamic DNS name or WAN IP.

ssh -D 5000 -N user@home_fqdn

-D = Port to listen on
-N = Don't execute a remote command
-C = Compression (only use on very slow connections)

Type type yes if prompted about a security certificate, and then type the password for your user. When you hit enter the cursor will move down  to a new blank line. Leave the terminal window open until you are done using the internet.

2. Configure your internet browser.
  • Go to "System Preferences"
  • Go to "Network"
  • Click your connection (probably Wi-Fi) and then click the advanced towards the bottom right.
  • Click "Proxies" then check "SOCKS Proxy"
  • In the "SOCKS Proxy Server" field that appears on the right, type "localhost" in the first box, and "5000" in the  second box.  Click OK, then apply.

At this point Safari and any other browser that check the system preferences (Chrome and Firefox) will now use the SSH tunnel. You can test by going to http://dustinbarnett.com/ip and your home IP address should be displayed.

When you are done, go back to the terminal and press ctrl-c on the keyboard, then reverse the network configuration settings.

Linux
Open a terminal and type:

ssh -D 5000 -N user@home_fqdn

Type type yes if prompted about a security certificate, and then type the password for the user. When you hit enter the cursor will move down  to a new blank line. Leave the terminal window open. Configure a SOCKS proxy server that points to localhost:5000. The procedure for this depends on the browser and distribution you are using.
When done, hit ctrl-c on the terminal to end the ssh session, then reverse the proxy settings.

Windows
For Windows, the process is different since it doesn't have a built in SSH client. First download Putty here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
(Don't mind the sketchy-looking download link)

1. Open Putty, click on "Tunnels" located under Connection->SSH tree.


2. Type "5000" into the Source port field.
3. Click the "Dynamic" radio button.
3. At the top of the menu tree click "Session"
4. Enter your home IP in the host name field, Then click the save button. Next time you want to connect you can just use the saved session as long as your IP stays the same.
5. Edit the SOCKS proxy to localhost:5000 and you're good to go.

Hopefully my instructions are clear enough. Let me know if you have any questions!

Change The Firefox Default Search Engine

A new feature introduced in Firefox 34.0+ is that the default search engine has been changed from Google search, to Yahoo search. Yahoo search is actually just a front end for Microsoft's Bing search.
If you are one of those people that are highly adverse to change, fear not, you can quickly adjust the default search to whatever you like.
Here is the quickest way to change your default search Provider.

1. In Firefox, click the "Search" Magnifying glass and select "Change Search Settings." 


 2. Select your favorite provider from the dropdown menu. Done!





Or, you can do it the "complicated" way, click the link below for more info.

Graph Resources Using Gnuplot on Linux

My previous post dealt with retrieving some data and then dumping it into a csv file. Here is a script and gnuplot configs that creates an index page. The script finds all the csv files in the specified $DIRECTORY. For every csv file found, a new *_summary directory is created with an index.html files, and the png graph images.


This is the main script file. Make sure to adjust the DIRECTORY and GRAPHDIR variables for your environment.
create_graph.sh
       
#!/bin/bash

#directory that contains the csv files
DIRECTORY=/dashcam/resourcelog_archive
#directory that contains the gnuplot config files
GRAPHDIR=/dashcam/graphs

for f in $( ls "$DIRECTORY"/*.csv ); do
        HTMLDIR=$(echo "$f" | sed 's/.csv//g')
        #echo HTMLDIR is "$HTMLDIR"

        mkdir -vp "$HTMLDIR"_summary

        echo "$f" > "$DIRECTORY"/gnuplot_variable.txt

        /usr/bin/gnuplot -e "filename='$f'" "$GRAPHDIR"/temperature.gp > "$HTMLDIR"_summary/temperature.png
        /usr/bin/gnuplot -e "filename='$f'" "$GRAPHDIR"/memory.gp > "$HTMLDIR"_summary/memory.png
        /usr/bin/gnuplot -e "filename='$f'" "$GRAPHDIR"/cpu.gp > "$HTMLDIR"_summary/cpu.png

        #Create webpage
        echo "<center>"$HTMLDIR"</center><br><br>" > "$HTMLDIR"_summary/index.html
        echo "<center><img src="cpu.png"></center><br><br>" >> "$HTMLDIR"_summary/index.html
        echo "<center><img src="memory.png"></center><br>" >> "$HTMLDIR"_summary/index.html
        echo "<center><img src="temperature.png"></center><br>" >> "$HTMLDIR"_summary/index.html

done

#Create index webpage
echo "<center><b>Index</b></center><br><br>" > "$DIRECTORY"/index.html

for d in $( ls -d "$DIRECTORY"/*_summary | xargs -n 1 basename ); do
        echo  "<a href=$d>$d</a><br>" >> "$DIRECTORY"/index.html
done
       

All the *.gp files should be in $GRAPHDIR. All graphs are sized at 1000x400.

This template graphs 1, 5, and 15 minute CPU load over time.
cpu.gp
       

#!/usr/bin/gnuplot
reset
set terminal pngcairo size 1000,400
set datafile separator ","

set xdata time
set timefmt "%Y-%m-%d,%H:%M:%S"
set format x "%H:%M"

set xlabel "Time (Hour:Minute GMT)"
set ylabel "CPU"

set title "CPU"
set key below
set style data line
set grid

plot filename using 1:4 title "1 min", filename using 1:5 title "5 min", filename using 1:6 title "15 min"

       

This template graphs Free, Cached, and Total Memory.
memory.gp
       

#!/usr/bin/gnuplot
reset
set terminal pngcairo size 1000,400
set datafile separator ","

set xdata time
set timefmt "%Y-%m-%d,%H:%M:%S"
set format x "%H:%M"

set xlabel "Time (Hour:Minute GMT)"
set ylabel "Memory (KB)"

set title "Memory"
set key below
set style data line
set grid

plot filename using 1:8 title "Free", filename using 1:7 title "Total", filename using 1:9 title "Cached"

       

This template graphs degrees celcius over time.
temperature.gp
       

#!/usr/bin/gnuplot
reset
set terminal pngcairo size 1000,400
set datafile separator ","

set xdata time
set timefmt "%Y-%m-%d,%H:%M:%S"
set format x "%H:%M"

set xlabel "Time (Hour:Minute GMT)"
set ylabel "Celcius"

set title "CPU Temperature"
set key below
set style data line
set grid

plot filename using 1:3 title "Degrees Celcius"

       

Raspberry Pi Resource Monitor

There are plenty of resource monitors and graph utilities out there for the Raspberry Pi. RPi-Monitor is a great one. However, I wanted to learn a little more about how to collect data for the various resources, so I made my own simple bash script. Here are some basic commands that can be stringed together to monitor the basic resources of the Raspberry Pi. I output the data to a csv file that can be graphed using gnuplot.

Skip to the bottom for the full script.

First, create a new file using text editor.
nano resourcelog.sh
Start with the basics. Tell the shell to use bash.
#!/bin/bash
Most of the time I am getting time from a GPS dongle. Wait a minute to allow a GPS lock.
sleep 60
Create a date/time variable used to name the log file. I do this so that every time the Pi is powered on, it creates a new file with a name based on the date/time the logging was started.
LABELDATE=$(date +"%Y-%m-%d_%H:%M")
Make a directory to put the log files.
mkdir -vp /home/pi/resourcelog_archive/
Name the columns in the csv file. You can see we will be logging date, time, degrees celcius of the pi CPU, average CPU loads, free memory, cached memory, swap total, and swap free. This gets put into a new file in the resourcelog_archive directory, using the date variable defined above. (The command should be one line)
echo "Date,Time,Degrees Celcius,CPU 1 Min,CPU 5 min,CPU 15 min,Memory,Free Memory,Cached Memory,Swap Total,Swap Free" > /home/pi/resourcelog_archive/resourcelog_"$LABELDATE".csv
Create a while loop that will query for the info specified. I do this by defining a variable ($CYCLE) and the loop runs while the variable equals the original value (1).
CYCLE=1
while  [ $CYCLE -eq 1 ]
do
Create variables for data gathering. These variables are part of the while loop and are updated every 60 seconds.

Define the current date in YY-MM-DD format.
DATESTAMP=$(date +"%Y-%m-%d")
Define the current time in HH:MM format.
TIMESTAMP=$(date +"%H:%M")
Define the temperature of the APU (CPU) in degrees celcius. This command uses vcgencmd measure_temp, shows only data after the = symbol, and then removes the "'C" so we are left with only a decimal number.
TEMP=$(/opt/vc/bin/vcgencmd measure_temp | cut -d '=' -f 2 | sed s/\'C//g)
Define the CPU load average. This runs the loadavg command, only shows the last three fields, and then replaces the spaces with commas, giving an output formatted as 0.0,0.0,0.0
CPU=$(cat /proc/loadavg | cut -d ' ' -f -3 | sed 's/ /,/g')
Define the total amount of memory in kB. This uses /proc/meminfo, finds "MemTotal", displays only column 2, then removes the "kB" so only numbers are output.
 MEMTOTAL=$(cat /proc/meminfo | egrep MemTotal | awk '{print $2}' | sed 's/kB//g')
Define the total amount of free memory. Similar to above, but searches for "MemFree".
MEMFREE=$(cat /proc/meminfo | egrep MemFree | awk '{print $2}' | sed 's/kB//g')
Define the total amount of cached memory. Similar to above, but searches for only matches that start with Cached. (^Cached).
CACHED=$(cat /proc/meminfo | egrep '^Cached' | awk '{print $2}' | sed 's/kB//g')
Define the swap file allocation. Similar to above, but searches for "SwapTotal".
SWAPTOTAL=$(cat /proc/meminfo | egrep SwapTotal | awk '{print $2}' | sed 's/kB//g')
 Define the amount of swap available (unused).
SWAPFREE=$(cat /proc/meminfo | egrep SwapFree | awk '{print $2}' | sed 's/kB//g')
That's all the resources I monitor. Now the variables need to be written to the file created at the beginning of the script. This just writes a new line at the end of the file with the variable specified above seperated by commas.
echo "$DATESTAMP","$TIMESTAMP","$TEMP","$CPU","$MEMTOTAL","$MEMFREE","$CACHED","$SWAPTOTAL","$SWAPFREE" >> /home/pi/resourcelog_archive/resourcelog_"$LABELDATE".csv
 Wait for 60 seconds and then start again.
sleep 60
Close the loop.
done
 Save the file and exit. Make the file executable.
chmod +x resourcelog.sh
Make the file run on every reboot. This assumes you are logged in as the user "pi".
crontab -e
@reboot /home/pi/resourcelog.sh

That's it, the pi will run the resourcelog.sh script every time it's powered on, and record the results in a new file in the resourcelog_archive directory.  Feel free to tell me there's a better way to do this, I'm sure there is something more efficient. The next post will go over creating graphs automatically using gnuplot.

Here is the full code:
       
#!/bin/bash
# Wait for GPS time
sleep 60

LABELDATE=$(date +"%Y-%m-%d_%H:%M")
mkdir -vp /home/pi/resourcelog_archive/
echo "Date,Time,Degrees Celcius,CPU 1 Min,CPU 5 min,CPU 15 min,Memory,Free Memory,Cached Memory,Swap Total,Swap Free" > /home/pi/resourcelog_archive/resourcelog_"$LABELDATE".csv
CYCLE=1
while  [ $CYCLE -eq 1 ]
do

DATESTAMP=$(date +"%Y-%m-%d")
TIMESTAMP=$(date +"%H:%M")
TEMP=$(/opt/vc/bin/vcgencmd measure_temp | cut -d '=' -f 2 | sed s/\'C//g)
CPU=$(cat /proc/loadavg | cut -d ' ' -f -3 | sed 's/ /,/g')
MEMTOTAL=$(cat /proc/meminfo | egrep MemTotal | awk '{print $2}' | sed 's/kB//g')
MEMFREE=$(cat /proc/meminfo | egrep MemFree | awk '{print $2}' | sed 's/kB//g')
CACHED=$(cat /proc/meminfo | egrep '^Cached' | awk '{print $2}' | sed 's/kB//g')
SWAPTOTAL=$(cat /proc/meminfo | egrep SwapTotal | awk '{print $2}' | sed 's/kB//g')
SWAPFREE=$(cat /proc/meminfo | egrep SwapFree | awk '{print $2}' | sed 's/kB//g')


echo "$DATESTAMP","$TIMESTAMP","$TEMP","$CPU","$MEMTOTAL","$MEMFREE","$CACHED","$SWAPTOTAL","$SWAPFREE" >> /home/pi/resourcelog_archive/resourcelog_"$LABELDATE".csv
sleep 60
done

       
 

Virtual Box - Install WIndows 8.1 x64 Eval on OS X host

I recently tried to create a Windows 8.1 VM using virtual box on my Macbook pro, but ran into an error immediately after boot:
Your PC needs to restart.
Please hold down the power button.
Error code: 0x000000C4
The solution is here: http://4sysops.com/forums/topic/windows-server-2012-r2-on-virtual-box-error-0x000000c4/ but it needs to be tweaked slightly for OS X.

Open the terminal and do the following, making sure to use the name of your Win 8 vm instead of [name]

cd VirtualBox\ VMs
VBoxManage setextradata [name] VBoxInternal/CPUM/CMPXCHG16B 1
 That's it!

All Users Desktop in Windows 7

For some reason I have a hard time remembering this. The path for the directory that shows files on the desktop regardless the logged on user is:
C:\Users\Public\Desktop\
That text should be typed directly into an address bar in explorer, or the "Run" dialog box. 

Chrome - Disable Page Thumbnails in New Tabs

The Google Chrome browser has a feature enabled by default that shows thumbnail images of websites you have visited in the past when you open a new tab. I'm not sure about the specifics of the algorithm that determines what is displayed, but it seems to prioritize pages that you visit often. Of course there is also a link to Google's primary money making source, their search service. Why are there two search boxes needed?
Most of the sites I browse with chrome are on private nets...

It's all very convenient, except for when it's not... I think anyone who has spent any amount of time on the internet has clicked a link and seen something they didn't intend on seeing. And of course Chrome, trying to be helpful, decides to show that web page again when you open a new tab or a new browser session.

Enter the "Empty New Tab Page" Chrome app. https://chrome.google.com/webstore/detail/empty-new-tab-page/dpjamkmjmigaoobjbekmfgabipmfilij

Once installed, you get a whole lot of nothing when opening a new tab. The only flaw (if you want to call it that) is the new tab will have an unknown character square in the title of the tab until you navigate somewhere.

Happy browsing!

Quick Reference: Linux ln command

I'm constantly forgetting the correct syntax for the ln -s command. This post is mostly for my reference...
ln -s /path/to/original.file /path/to/target