Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

18May/1616

WD MyPassport Wireless with BitTorrent Sync

SD-card backups in the field as well as automatic upload to your NAS whenever you have an internet connection? Yes it can be done with Western Digital MyPassport Wireless and BitTorrent Sync!

In the past I have always uploaded the footage from my GoPro and compact camera via my laptop in the hotel rooms (or where ever I can find an internet connection). I wanted a more streamlined process and an easy way to empty an SD-card in the field. The MyPassport Wireless takes care of the first problem out of the box. With a built in SD-card reader you can move all content on an SD-card to the built in hard drive. Just set it up to do an automatic copy as soon as an SD-card is present in the reader and it will dump everything to disc.

I also wanted to make an "of site" backup whenever possible. I have been setting up a geo-location backup built on BitTorrent Sync so I already have those servers in place. Since the MyPassport Wireless is ARM based, like a Raspberry Pi, it's pretty straight forward to setup BtSync on this device. It also has built in support for accessing wifi hotspots and connect to the Internet. This can be done via the mobile app. So this guide will give you the following functionality:

  • Dump SD-cards to a hard drive just by carrying the small WD MyPassport Wireless
  • When ever it's conected to the Internet it will start to sync all the new data to your BitTorrent Sync servers.

I'm not sure what the WD warranty would say about this so you do this on your own risk. There is no package manager installed on the MyPassport Wireless so it all have to be done manually. I'm making no claims that this is the best way to do it but I have been testing it out for a while now and it works great so far. Continue reading...

5May/162

WD NAS: Enable FTPS

Sending unencrypted FTP across the internet is a bad idea! You send your credentials in plain text compromising access security as well as the data your sending. My book live duo has, as most NAS products, support for unencrypted FTP. Since it's based on vsftpd it's only a matter of configuration to make it a much more secure FTPS implementation instead. In this post I'm using my Western Digital My Book Live Duo but this is applicable to most Western Digital NAS products and many other brands as well.

Enable SSH

First of all we need to enable SSH to be able to get access more configuration options for the FTP service. By accessing http://{WD IP-address}/UI/ssh you will see a screen where you can enable SSH access and get the root password.

Enable SSH

After this we can connect to the Live Duo via SSH. I recommend that you change the root password the first thing you do, use the passwd command to accomplish this.

Create certificate

The My Book Live Duo, and probably most of the other models as well (since the share much of the firmware), already have openssl installed which we can use to create the certificate. First we need to create a folder for the certificates and generate them. I generate both 2048bit and 4096bit certificates since I want to test the performance difference (see below). You should not use the 1024bit key length since that has been proven to be weak and can be broken.

mkdir /etc/ssl/ftp
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/ftp/vsftpd_2048.key -out /etc/ssl/ftp/vsftpd_2048.pem
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl/ftp/vsftpd_4096.key -out /etc/ssl/ftp/vsftpd_4096.pem

You will be asked a bunch of questions about location and other stuff. You can more or less put in whatever you like since this is a self signed certificate it will never automatically be trusted by clients anyway so the information is pretty much irrelevant.

Configure FTP (vsftpd)

The My Book Live Duo already have an FTP service that you can enable from the UI. It use vsftpd which supports SSL and TLS, which we want to use for this, as long as OpenSSL is available on the box and apparently it is since we generated the certificates. First we make a copy of the original conf file for save keeping and then open it for editing.

cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
nano /etc/vsftpd.conf

At the end of the file we add:

#SSL CONF
rsa_cert_file=/etc/ssl/ftp/vsftpd_2048.pem
rsa_private_key_file=/etc/ssl/ftp/vsftpd_2048.key

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

require_ssl_reuse=NO
ssl_ciphers=HIGH

Then CTRL + O to save and then CTRL + X to exit nano. Then we restart the FTP service.

/etc/init.d/vsftpd restart

filezilla_ssl_warning

Now you can try it from Filezilla, or what ever client software you like that supports ftps. In Filezilla you will get this certificate warning where you can see the additional information you put in when you created the certificate.

Performance - 2048 vs 4096

First run with the configuration above gave me around 8.9MiB/s transfer speeds and the CPU of the Live Book Duo was around 89%. I change the certificates to the 4096bit ones, restart the service and try again. More or less got the same numbers with the higher encryption so the CPU is not the bottleneck for the throughput. At the same time I'm not running any other services besides the SMB shares on this device.

Make backup of the config file

cp /etc/vsftpd.conf* /shares/Backup/

The backup is good to have if a firmware update changes the config file back. I have tried to enable and disable the FTP service and that doesn't effect the configuration at least.