Monday, March 14, 2011

SSH to a server through a bastion host with a single command

With command-line SSH, it's easy, just do:

ssh -t <intermediate> ssh <destination>

With putty, the following batch file will do the trick (pass the destination host as the first argument):

SET DATFILE="%TEMP%\bastion.tmp"
echo ssh %1 > "%DATFILE%"
start putty -load "<putty session name>" <intermediate> -t -m "%DATFILE%"

Sunday, March 6, 2011

Fix for communicating with Pageant from a cygwin process

As I mentioned previously, Pageant's security measures reject messages coming from cygwin processes (and their children). I submitted a patch that fixes this for charade. The trick is to copy the security descriptor from the Pageant process so they'll be an exact match. Any app should be able to use this same technique.

Sadly, the Putty folks have failed to incorporate the change into winpgntc.c.

Saturday, February 12, 2011

How to fix horrible performance of Java apps in Remote Desktop

Raymond Chen has a great article about developer "taxes". One of the taxes is making sure your app works well in Remote Desktop. Java apps are notoriously bad about getting details like these right. IntelliJ and NetBeans (probably two of the top three IDEs) perform so horribly over Remote Desktop that they're basically unusable.

I tracked the problem down to a Java property that disables use of DirectDraw. A lot of Java apps seem to do this due to a poor implementation in earlier versions of java (*sigh*). Fortunately, there's an easy fix -- the property can be changed by adding this to the command line:

-J-Dsun.java2d.noddraw=false

Enhanced by Zemanta

Saturday, February 5, 2011

KeyFix4000 now available on GitHub

The source code for KeyFix4000 has always been available, but it's now up on GitHub. Enjoy.

Thursday, February 3, 2011

Using charade to proxy cygwin ssh-agent requests to pageant

See charade’s readme for some background. It’s really handy if you want to use pageant as the agent for the cygwin ssh client (in addition to putty). There are two problems I’ve encountered:
  1. Pageant’s security measures reject the proxy request due to the two processes running with different SIDs.
  2. The proxy agent isn’t seen by any processes launched from your outside your shell (since the environment variables only get set in ~/.bash_profile)
Issue #1 can be solved by running both pageant and putty with cygstart – see the issue page for more info.

Here’s my solution for issue #2. Instead of running keychain at the start of every login shell, just run it once at Windows startup, and set the environment variables system-wide using setx. Here’s my shell script that does that:

#!/usr/bin/sh
# Be sure to run this script in a login shell so that cygwin paths are properly
# set, otherwise the Windows version of hostname will run and mess things up

/usr/bin/keychain -q -Q

# The -csh script works perfectly since we can just substitute setx for setenv
alias setenv=setx
. ~/.keychain/`hostname`-csh
Update:
Since this is only running once at startup, keychain isn’t really needed. And to simplify a bit more, it can be done in a batch file:

REM Kill any existing instances first
killall charade
SET FN=%TEMP%\ssh-agent-init.bat
REM The -csh script works perfectly since we can just substitute setenv for setx
charade -c | sed 's/setenv/setx/' | sed 's/;$//' > %FN%
call %FN%
del %FN%

Saturday, January 8, 2011

A solution for sharing Perforce workspaces using AltRoots

Perforce lets you share workspaces between Cygwin and Windows. The same technique can be used to share between Linux and Windows, when sharing the data via Samba – but there’s a pretty big catch.

If you run p4 sync in Linux from outside the AltRoot location, p4 will sync to a new directory with the name of the p4 Root. Say you accidentally run p4 sync from the /etc dir – you’ll end up with a directory like /etc/S:\workspace, and your real workspace directory will now be out of sync. (This isn’t a problem with p4 for cygwin, since cygwin can interpret Windows paths.)

Here’s a workaround:
1) Remove the base directory from the Root and AltRoot paths
2) Add the base directory to all paths in the workspace mapping
3) Add / as a second AltRoot
4) Create a symlink in / with the name of the base directory, pointing to the real location.

By using / as a second AltRoot, every linux directory will match, and the default root will never be used.

Update:
Here's a simpler workaround that instead just results in a an error message when running p4 outside of the workspace root.

1) Set P4CLIENT to something invalid like `XXXXX - Running from invalid root`
2) Set P4CONFIG to `.p4config`
3) Create a file called `.p4config` in your workspace root. Inside add the line `P4CLIENT=[Name]` substituting [Name] with your real client name

Wednesday, January 5, 2011

Synergy patch

Synergy has a nasty bug where if you switch screens with a hotkey, then switch again with the mouse, the hotkey modifier key gets stuck in the down state. I submitted a patch a few years ago, but it never got integrated since the project wasn't being maintained. Synergy has now been resurrected and merged with Synergy+, and the bug still exists. Here's the patch (which will need some tweaking for the new codebase).

Sunday, January 2, 2011

Rooting the Android emulator

There's surprisingly little information out there about how to do this. Perhaps it's because you can already get a root shell on the emulator with adb. But if you're developing an android app that is meant to run su commands on a rooted phone, it won't just magically work in the emulator. I'll explain how to change that, so you won't have to develop and test your su-using apps directly on your phone.

What a rooted phone has that the emulator lacks is a custom su binary and the SuperUser app. The app is easy - just install it with adb. The su binary is a different beast. It requires some custom steps every time you start the emulator. Luckily, it can all be easily automated. I created a batch file that launches the emulator and runs all the necessary commands. For non-Windows users, it should be trivial to convert to a bash script. Explanations are in the script's comments, so I'll let it speak for itself:

@echo off
REM --------------------------------------------------------------------------
REM Starts the android emulator and sets up the custom su executable on the
REM system image. This must be done each time the emulator starts, since the
REM emulator will not persist the system image when it exits (see
REM http://developer.android.com/guide/developing/tools/emulator.html).
REM
REM Usage:
REM * Arguments to this command are passed on to the emulator command. You'll
REM need to pass in an AVD name.
REM * The android sdk tools directory must be your path.
REM * You'll need to put the appropriate su binary in the same directory as
REM this script. You can get it from the zip files linked here:
REM http://forum.xda-developers.com/showthread.php?t=682828
REM * You'll need to a separate, one-time install of the superuser app. Just
REM run adb install with the apk in the zip file from the previous step.
REM
REM
REM A few implementation details:
REM * By default, the emulator's system image has no free space, since it's
REM meant to be read-only. The -partition-size argument makes it bigger so
REM there's space to work with (I gave it a somewhat arbitrary 160MB). The
REM adb remount command gives write access to the system the image.
REM * The emulator is launched via runhidden.js to hide the useless console
REM window that pops up.
REM --------------------------------------------------------------------------

if (%1)==() echo "MUST SPECIFY AN AVD!" && exit /B
cd /d %~dp0
@echo on

wscript runhidden.js "emulator -partition-size 160 %*"
adb wait-for-device
adb remount
adb push su /system/bin
adb shell chmod 6755 /system/bin/su
adb shell rm /system/xbin/su
adb shell ln -s /system/bin/su /system/xbin/su


Here is the source for runhidden.js:

// Runs a command with it's initial window hidden. Useful for programs that
// allocate a useless console (many java apps do this, and you don't always
// have the ability to run them with javaw).
//
// Requires the entire command to be passed in as the first parameter
// (because WSH doesn't provide simple access to the entire command line).
WScript.CreateObject("WScript.Shell").Run(WScript.Arguments(0), 0)


Screenshot of a superuser request in the emulator:

Enhanced by Zemanta