ssh logins for any user on QNAP TS-409

The QNAP NAS servers run a Linux OS and out of the box supports ssh logins as the “admin” user (basically root with a different name). But if you add a user and try to log in, it just closes the connection. If you look at /etc/ssh/sshd_config you’ll notice that there is a configuration line for “AllowUsers admin” which may lead you to believe that you just need to modify this line. Unfortunately the ssh server itself is also hard coded to allow admin logins only.

There are several guides for how to get around this restriction. The solution involves installing openssh either in addition to or as a replacement of the built in sshd. Many of these guides seemed overly complex to me, so I took several of them and came up with what I think is the simplest approach to replace the existing sshd with one that allows logins by all users.

This guide is known to work with the QNAP TS-409 running firmware 2.1.2 Build 1112T. It will probably work with other QNAP models, or other firmware versions, but no guarantees. This assumes you know how to ssh to your NAS as admin, you’ve created a new user and you already have ipkg installed and working. If you don’t have ipkg, see this and follow the “Sit Back” approach.

First install openssh:

ipkg update
ipkg install openssh

Now let’s swap out the stock server with the ipkg version:

mv /usr/sbin/sshd /usr/sbin/sshd-orig
cp /opt/sbin/sshd /usr/sbin/

Now on QNAP servers the filesystems are a bit strange because the OS is loaded from firmware onto a ramdisk. As a side effect of this, some system modifications will disappear upon reboot unless you follow special procedures to preserve them. This is true of the /etc/ssh/sshd_config file. We will need to move it to a location outside of the ramdisk.

cp /etc/ssh/sshd_config /mnt/HDA_ROOT/.config/ssh/

Next we need to edit the relocated sshd_config file (use your preferred editor if you don’t like vi):

vi /mnt/HDA_ROOT/.config/ssh/sshd_config

You have two choices when editing this file. Option one is to edit AllowUsers to add the usernames you want to be able to log in. Each username is separated by a space. Alternatively, you can comment out the AllowUsers line completely which will allow any user to log in.

Next copy it back to the normal location:

cp /mnt/HDA_ROOT/.config/ssh/sshd_config /etc/ssh

At this point you can test your configuration. BUT… you are NOT done yet. There’s one more step to make your changes permanent, so don’t just quit after this step.

Log into the web admin interface of your NAS and under the “System Tools” category click on “Remote Login.” Untick “Allow SSH Connection” and press “Apply.” Wait a few seconds, then tick “Allow SSH Connection” and press “Apply” again. This will reset your ssh server and if you did everything right you should now be able to login as users besides admin.

If it does not work, don’t panic. You can restart your NAS and the configuration will be replaced with the original. If you really manage to screw things up, enable telnet and log in that way to try to fix things up.

(Be careful about restarting sshd while logged in via ssh. It is very easy to kill your own connection before the new sshd starts and then you will have to use the web admin interface anyways. If you know what you are doing and are very careful, you can restart it via the shell.)

Now if everything went well, we can make the configuration permanent. We need to create or edit an script which moves the configuration over during boot. First mount the config area:

mount -t ext2 /dev/mtdblock5 /tmp/config

(The device may differ if you have a different model. Check Google if the last step doesn’t work.)

Next we need to edit or create the file:

vi /tmp/config/

If the file doesn’t exist or is empty, insert all of the following. If there is already a script there, skip the first two lines and add the rest at the end of the file:


# SSH Config
cp /mnt/HDA_ROOT/.config/ssh/sshd_config /etc/ssh/sshd_config
/etc/init.d/ restart

After saving it, make sure it is made executable and unmount the filesystem:

chmod +x /tmp/config/
umount /tmp/config

Now you can reboot your NAS and confirm that the configuration was preserved. Keep in mind that it can take 3-4 minutes to reboot. There will be a couple of short beeps during the reboot process and one longer beep when it has completed booting. Be patient and wait for the long beep before trying to login.

In the future be sure to make any configuration changes to sshd_config by editing the non-ramdisk copy like follows:

vi /mnt/HDA_ROOT/.config/ssh/sshd_config
cp /mnt/HDA_ROOT/.config/ssh/sshd_config /etc/ssh

AviSynth Plugin ReduceFlicker on x64

If you are trying to use this plugin on XP 64-bit OS you may find that you follow all the directions to install it and then run into an error:

“unable to load …ReduceFlickerSSE3.dll”

The problem is that the instructions tell you to install AvsRecursion.dll in “C:\WINDOWS\system32”. On XP x64 it should actually be installed in “C:\WINDOWS\SysWOW64”. Move it there and it should work fine.

PowerDVD 8 HD-DVD and MoovieLive Tweak on 64-bit

If you are on a 64-bit OS and having trouble getting the PowerDVD 8 HD-DVD pack and MoovieLive tweak pack to be effective, it is probably because your registry structure is different. Here’s how to fix:

HD-DVD Pack:
Edit HDDVD64.reg and change all instances of “HKEY_LOCAL_MACHINE\SOFTWARE\Cyberlink” to “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Cyberlink” and then run Install64.bat again.

Tweak Pack:
Edit Disable_MoovieLive.reg and do the same changes as for the HD-DVD Pack and then add the file to the registry. DO NOT change “HKEY_CURRENT_USER\Software\Cyberlink”.

Media Player Classic could not render MEDIASUBTYPE_YV12

This is a bizarre problem I ran into on my new desktop that I wasn’t able to find a solution to by googling, so hopefully this post will help some other poor soul avoid hours of banging head against keyboard which is not good for either head or keyboard. Anyways…

Let’s say you have an XP Pro x64 64-bit system. You’ve installed Avisynth and DGMPGDEC and have run dgindex on some video and set up an avs project file for it. Most things read it in fine, like AvsP and Megui. But when you try to play it with Media Player Classic you get an error that it can not render MEDIASUBTYPE_YV12.

I’m not sure if this has anything to do with a 64-bit OS, but I’ve done the same thing on 32-bit systems before and never ran into the problem. It could also be a quirk in the software versions of the programs I use. Anyhow, I’m putting all this in so that the next person to search on the terms I was searching on will find some useful advice.

There is one easy workaround for it which is to stick “converttorgb()” at the end of the avs file, but that has issues of its own once you get to encoding or whatever else you were going to do with the avs project.

There are a few pointers in google to setting ffdshow to use the RGB YV12 output conversion settings to solve the problem, which is the wrong advice but put me on the right path.

The real solution is to bring up the ffdshow “Video decoder configuration” program, click on codecs, scroll all the way to the bottom and find the “Raw Video” format. Click on the second column (which probably says “disabled”) and a little pulldown menu will come up. Set it to “all supported” and then click on the “OK” button at the bottom.

Should play just fine now.

Converting Chinese HTC Touch Pro to English

WARNING: Changing the firmware on your HTC phone could cause it to become inoperable. A phone with changed firmware may not be eligible for warranty service. Any data on your phone will be erased! Make sure you follow directions carefully and never ever interrupt the firmware update until it is finished. I take no responsibility if this doesn’t work out for you.

So let’s say that you live in Taiwan and want to buy a fancy new HTC Touch Pro smartphone. You’ll quickly learn that in Taiwan you can only find the Chinese version of this phone. Importing a European version is expensive, plus you won’t get any contract signup discounts. US phones use provider-customized firmware that may not work correctly or optimally in Taiwan.

Don’t despair. There’s active communities of HTC enthusiasts who have extracted HTC firmware in English and other languages. It’s a fairly simple process to change the firmware on your phone, but the documentation is slim, so it’s difficult to know where to start. Here’s a simple guide on what you need to do. Each page referenced has additional information if you need more detail:

1 ) Download and install on your computer the English version of ActiveSync from Microsoft:

2 ) Turn on your phone and connect the USB cable that came with the phone (aka the charging cable) between your phone and computer and set up the phone to sync. You don’t need to actually sync anything yet, you just need to get ActiveSync on your computer to say it is “Connected”.

3 ) Download to your computer and extract from here: Normally you can only install ROM firmware versions intended for your version of the HTC Touch Pro. HardSPL will change the SPL firmware to allow any HTC Touch Pro ROM firmware to be installed.

4 ) Make sure your phone battery is more than 50% charged or the SPL and ROM firmware will not install.

5 ) Run RaphaelHardSPL-Unsigned_190_1_3.exe on your computer. Follow the prompts in the program to start the SPL upgrade. After the upgrade starts there may be an inquiry on your phone’s display asking permission to switch into the bootloader. Press “是” (yes). Do not do anything on your phone or computer until the installer says the process is completed and your phone has restarted. (Note that it says the firmware upgrade takes up the 10 minutes but the SPL is small so it will be much faster.)

6 ) Download to your computer RUU-Raphael-HTC-WWE-1.90.405.1-Radio-Signed-Raphael-CRC- from At this writing there are newer ROMs there but this one is the stable released version on shipping English phones. (In the future there may be a newer stable release.)

7 ) Run RUU-Raphael-HTC-WWE-1.90.405.1-Radio-Signed-Raphael-CRC- on your computer. The interface is similar to the SPL upgrade, but this upgrades the main ROM firmware. Again, do not do anything on your phone or computer until the installer says the process is completed and your phone has restarted. This firmware is very large so it will take several minutes.

8 ) When your phone restarts it’ll go through the install process just like a brand new phone. (Your dealer may have done this for you when you bought the phone.) It’ll take several minutes to install the OS and additional software, calibrate the display and setup your phone network settings.

9 ) Congratulations, your Chinese phone now speaks English.

Future Hosting seems unclear on the concept

So Future Hosting’s response to the payment problem is:

Your payment was received after the cutoff period for the invoice which is why it wasn’t automatically applied to the account.

There’s two problems with this response:

1) The payment confirmation email arrived 30 hours prior to my subscription being ended. Somehow in these 30 hours their system was unable to figure out that the payment had been made and the invoice should be credited.

2) The account is set up for automatic credit card payment. You know guys, that means that it’s YOUR responsibility to make sure that YOU charge my card AND credit my account on time. It’s not my problem unless there’s a declined charge or something similar. Don’t make it sound like my fault when you can’t figure out how to run a billing system.

Future Hosting continuing to act like clowns

I think it is finally time to look for another VPS host. Future Hosting seems to have botched this month’s billing and ended my subscription. Yesterday I received email from them saying that they had received my monthly payment. Today I open up my mail and find that my subscription has ended for non-payment. When I go to the control panel I see the following:

Balance $0.00
Documents to be paid $9.95
Unused payments $9.95

So it looks like they received my payment but forgot to apply it to my invoice, then ended the subscription because the invoice wasn’t paid. Brilliant!

Anyone have any suggestions for a basic VPS around $10-15/month with Debian Etch unmanaged/no-cpanel? Excluding Spry/VPSlink and anything in Seattle, not because I don’t like them, but because I want diversity in provider and geography for the secondary VPS.

Rose Hosting has a decent discount special with their basic plan at $15/month. I’ve used them previously and was happy with them except that VPSlink had a much better deal going at one point and I switched to them. If anyone has any other suggestions for me to consider, please let me know.

Where Future Hosting imitates circus clowns

So as most of you know, after the shutdown, I moved my hosting to VPSes. My main one is at vpslink who have been quite reliable. I’ve only had one extended outage when the server crapped out on them but otherwise it’s been fine with my VPS typically running undisturbed for months at a time.

I also have a small VPS at Future Hosting for backup mail and DNS. It hasn’t been terribly reliable. They seem to regularly have to reboot the VPS and usually don’t give any explanation. It usually gets rebooted about twice a month. They also had a server failure once, but recovered fairly quickly. Still, it’s not bad for what it is intended for, and it’s cheap so I can’t complain too much.

So a few days ago I get an email from them saying that they’ve had too many reliability problems with the service provider in the Dallas datacenter and that they’ve selected a new service provider there and would need to migrate everyone to the new provider’s servers. They offered several options and told us to pick one and open a migration ticket in the support system. As an incentive they offered a bonus of additional RAM to those who migrate first.

So, it looks like things might improve. If the problems I had were mostly due to their previous service provider then I’d be happy to move, so I immediately open a ticket to migrate. A while later I get a reply that the new server is ready and listed the new IP addresses. I immediately try to access the new VPS but can’t even ping the new addresses. I update the ticket asking what’s up.

Later I go into the control panel to check something else and notice that the server status is ‘stopped’. I press the reboot button and a few seconds later the VPS is starting up and then everything is normal. I guess I was foolish to think that the server being ‘ready’ and the ‘migration’ complete would mean that they would have actually started it for me. My mistake.

So then I’m going through the multitude of emails generated during the migration and notice something funny. Apparently during the migration they added two new IP addresses to the account for the new server. These are supposed to be replacements for the original addresses, but somehow the accounting system said “hey look, extra IP addresses; those cost $1.25 per month!” So I get a couple of invoices generated billing me for extra IP addresses.

I submit a ticket about the accounting error. Accounting goes at it and first tries removing the old addresses from the account, but that only results in a partial credit since the extra IP addresses had already been in place for a couple of days. So the mistake is now down to a few pennies and they could have just issued a credit or something to keep things simple. But no, it’s time to pull out the sledgehammer.

The next solution was essentially to change my plan type to the same plan and so reset everything back to normal. Just two problems with this. My plan type is now more expensive than when I signed up, and they also include an optional backup option by default. All told, this makes the plan cost just over double what I had before. So we’ve gone from a $2.50/month mistake to a few cents mistake to a $10/month mistake.

Now I’m waiting to see what else they can manage to screw up.

(Future Hosting already has their own backups in case a server fails, but this backs up only the latest state, and is only available in case of failure, not user error. The backup option is one that allows the user to do their own server-based backups and restores. I already do remote rsync snapshot backups on my own so I don’t need yet another backup option. Also it looks like though they added the bonus free RAM to my account, /proc/user_beancounters on the VPS says I don’t have any limits on anything. I’m afraid to point that out in case they come up with another solution that makes things worse than to begin with.)

UPDATE(2008-04-24): The billing problems have all been resolved.