Non-XO Clients as “XO Buddies” in Sugar Chat and Network Home

Per my previous post, now you can join a XO Sugar chat from other clients, but to the XO, you’ll show up as ??? in the chat instead of as an “XO Buddy.”  An XML stanza will fix that.

Once you go through all this and set up your login to be an “XO Buddy,” it’s persistent.  In other words, you only have to do this once per user.

First of all, your client needs to be able to send XML.  See below for specific client instructions.

Here’s an example of the stanza to send.

 <iq type=”set” id=”18″ from=’anna@schoolserver.example.org’>
     <pubsub xmlns=”http://jabber.org/protocol/pubsub”>
       <publish node=”http://laptop.org/xmpp/buddy-properties”>
         <item>
           <properties xmlns=”http://laptop.org/xmpp/buddy-properties”>
             <property type=”str” name=”ip4-address”>172.18.0.1</property>
             <property type=”bytes” name=”key”>123456=</property>
             <property type=”str” name=”color”>#660066,#003366</property>
           </properties>
         </item>
       </publish>
     </pubsub>
 </iq>

Things to change in the stanza:

First line  <iq type=”set” id=”18″ from=’anna@schoolserver.example.org’>

Add more numbers to the id.  No, I don’t know how many.  This has been a source of mystery.  All I know is that adding more numbers sometimes makes it work.  And of course change anna to your Jabber login name.

Sixth line <property type=”str” name=”ip4-address”>172.18.0.1</property>

Usually the public IP address of the Jabber server works.  I haven’t tried other addresses, so YMMV.

Seventh line <property type=”bytes” name=”key”>123456=</property>

Change “key” to something else.  Your id_rsa.pub or just a random id_rsa.pub seems to be a good choice.  How to generate one?

anna@anna-desktop:~$ mkdir /home/anna/temp
anna@anna-desktop:~$ ssh-keygen -t rsa -C “anna-jabber”
Generating public/private rsa key pair.
Enter file in which to save the key (/home/anna/.ssh/id_rsa): /home/anna/temp/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/anna/temp/id_rsa.
Your public key has been saved in /home/anna/temp/id_rsa.pub.
The key fingerprint is:
9f:e2:2b:97:13:b0:3a:03:14:c1:dc:7e:ba:41:2b:52 anna-jabber
The key’s randomart image is:
+–[ RSA 2048]—-+
| o.o             |
|  + .            |
|   o             |
|  E o o          |
| o . + oS        |
|. o + . .. .     |
| . o +  .oo      |
|    = ..+.       |
|     o ooo       |
+—————–+

anna@anna-desktop:~$ cd temp/
anna@anna-desktop:~/temp$ ls
id_rsa  id_rsa.pub
anna@anna-desktop:~/temp$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv6aK3/bwZY3OcjLuDILPUio+adTxuCd0GXkKQ0884qtWPLkQKC0fi0m3idwKrbIngdkzrPvMXi/X16WeGWQ/lY3G5g9tCnOTlftAvEzodXGAogPdlzaxnWVAfftU2Tt6Azgf/yhMJzoFYt+OZbwStAZTK0KVnrYdtTQ/ECt7WcyyRUW7RnQrMhulHrERohtk5ZcDu9fA4HH0b/GGmcTs7BLJIwRM5K2PumDX4Ocd/pYbGgKCAgLOaZFJ/GzVc2zQJF61Vhirk0FAooskgzcHgQ9yR7YZmRgmUjL/2VN5TDfOgWsC8ZBdxgkH+JzSb88uIkhPcEnxhZ9ETldOCTs4Pw== anna-jabber

Now I paste all that gobbledygook into that line.

             <property type=”bytes” name=”key”>AAAAB3NzaC1yc2EAAAABIwAAAQEAv6aK3/bwZY3OcjLuDILPUio+adTxuCd0GXkKQ0884qtWPLkQKC0fi0m3idwKrbIngdkzrPvMXi/X16WeGWQ/lY3G5g9tCnOTlftAvEzodXGAogPdlzaxnWVAfftU2Tt6Azgf/yhMJzoFYt+OZbwStAZTK0KVnrYdtTQ/ECt7WcyyRUW7RnQrMhulHrERohtk5ZcDu9fA4HH0b/GGmcTs7BLJIwRM5K2PumDX4Ocd/pYbGgKCAgLOaZFJ/GzVc2zQJF61Vhirk0FAooskgzcHgQ9yR7YZmRgmUjL/2VN5TDfOgWsC8ZBdxgkH+JzSb88uIkhPcEnxhZ9ETldOCTs4Pw=</property>

Delete the temp directory you generated the keys in.

rm -rf /home/anna/temp

Eighth line: <property type=”str” name=”color”>#660066,#003366</property>

This is the fun part.  Pick out a couple of html colors for your XO buddy.  This is a good resource.

http://html-color-codes.com/

So here’s an example of the stanza I’m going to send:

 <iq type=”set” id=”97247835581234″ from=’anna-gajim@schoolserver.example.org’>
     <pubsub xmlns=”http://jabber.org/protocol/pubsub”>
       <publish node=”http://laptop.org/xmpp/buddy-properties”>
         <item>
           <properties xmlns=”http://laptop.org/xmpp/buddy-properties”>
             <property type=”str” name=”ip4-address”>172.18.0.1</property>
             <property type=”bytes” name=”key”>AAAAB3NzaC1yc2EAAAABIwAAAQEAv6aK3/bwZY3OcjLuDILPUio+adTxuCd0GXkKQ0884qtWPLkQKC0fi0m3idwKrbIngdkzrPvMXi/X16WeGWQ/lY3G5g9tCnOTlftAvEzodXGAogPdlzaxnWVAfftU2Tt6Azgf/yhMJzoFYt+OZbwStAZTK0KVnrYdtTQ/ECt7WcyyRUW7RnQrMhulHrERohtk5ZcDu9fA4HH0b/GGmcTs7BLJIwRM5K2PumDX4Ocd/pYbGgKCAgLOaZFJ/GzVc2zQJF61Vhirk0FAooskgzcHgQ9yR7YZmRgmUjL/2VN5TDfOgWsC8ZBdxgkH+JzSb88uIkhPcEnxhZ9ETldOCTs4Pw=</property>
             <property type=”str” name=”color”>#333300,#660000</property>
           </properties>
         </item>
       </publish>
     </pubsub>
 </iq>

Pidgin:

Go to Tools -> Plugins.  Check XMPP Console.  Click Close.
Now you can go to Tools -> XMPP Console -> XMPP Console

In the dialog window underneath the larger window, paste your stanza and hit enter.

PSI:

Go to General -> Options -> Toolbars
In the left hand panel, under “Available actions” click on XML Console.  Use the right arrow button in the middle to add it to the Current Actions list.  Click Apply, then OK.  At the bottom of the Buddy List window, you should see a Terminal looking icon.  Click on that, then click the XML input button.  Paste your stanza and click Transmit.

Gajim:

Go to Actions -> Advanced -> for account schoolserver.example.org -> Show XML Console

In the XML Input box, paste the stanza and click send.

Which ever client you use, restart it after you send the XML and then you should show up as an “XO Buddy” in an XO’s network neighborhood, provided everyone’s on the same Jabber server.

If you can’t get this to work and are feeling frustrated, or you don’t have a client capable of sending XML, ask the server admin to create an account for you, or log in as you, and try to send the XML from one of her clients.  Then you can use that to login and be an “XO Buddy.”

References:
http://dev.laptop.org/~morgan/telepathy-docs/olpc.html
http://wiki.laptop.org/go/Jabber

Configuring a Sugar Chat Room so other clients can see it

By default, the chat rooms that XOs create with Sugar are not searchable.  Meaning that when you list available chat rooms in a regular client, you won’t see them and thus can’t join them.

You can use Psi or Pidgin to configure the XO Chat room so everyone can see it and join it.

Psi

In the Psi buddy list window, go to General -> Service Discovery

Expand the Chatrooms list.  If there’s a Sugar chat, you’ll see it listed as a bunch of letters and numbers.  Right click on it and select Join.  You’ll be placed in the chat with the XOs.

We still need to configure the room so everyone can see it.  In the upper right of the chatroom, you’ll see a button that looks like a couple of down arrows.  Click that and select “Configure Room.”

Under the General tab, click the tick box next to “Make room public searchable.”  Click Apply, then Close.

Now the XO chat room is visible so everyone can select it from the chat room list like a “regular” chatroom and join it.

Pidgin

Go to Tools -> Plugins

Click the tick box next to XMPP Service Discovery.

Now you can go to Tools -> XMPP Service Discovery -> XMPP Service Discovery

Make sure the account and server you want is listed in the Account box.  Click Browse and Find Services.

Expand the Chatrooms item.  It should start with the word “conference.”  You’ll see the Sugar chat listed by a bunch of letters and numbers.  Right click on it and Add to Buddy List.  Click Add.  Close the Service Discovery window.

In your Buddy List, right click on the Sugar chat you just added and select Join.  The chat room window will open and place you in the chat with the other XOs.

In the message window, type /configure and hit enter.  A box very similar to the Psi chat room configuration box will pop up.  Click the tick box next to “Make room public searchable.”  Click OK.  Now everyone can see the room in the chat room list.

One thing I have noticed is that this doesn’t seem to “stick.”  You might have to set this option again.  However, once a user is in the chatroom, regardless of whether it’s still searchable or not, they’ll stay there until they close it.

Apache for Secret Agents

“This file will be destroyed in 15 minutes.  Or whatever it was I set the cron job for.”

I have a user who’s rather obsessive about her security and privacy.  Which is fine, but as a server admin, I have to figure out how best to fill her requirements.  And it’s a fun challenge, too, I’ll admit.

I’m on an XS 0.6 which by default lets you define stuff in /etc/httpd/conf.d/<file>.conf instead of having to throw it into the regular httpd.conf file.  Here’s the definition in the regular httpd.conf file (actually httpd-xs.conf on the XS).

# Load config files from the config directory “/etc/httpd/conf.d”.
#
Include conf.d/*.conf

Let’s call this user Jane Bond.  Jane often needs to access files she keeps on my server, but sometimes she’s blocked because I run ssh on a non-standard port.  What to do?  Let’s put Jane in control of her own private, password protected directory in Apache so she can change her password at will.  She can even use a cron job to copy the directory to be served by Apache during the hours she needs it and then another cron job to delete everything when she knows she’ll be done.

As the admin, all I need to know is where she wants to keep it and the user name she wants to use to access it.  She controls everything else.  So, as root, I define Jane’s private Apache directory access parameters in /etc/httpd/conf.d

[root@schoolserver conf.d]# cat jane.conf
<Directory /var/www/html/jane/private>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride AuthConfig
  AuthName “These are Jane’s Secret Files!”
  AuthType Basic
  AuthUserFile /var/www/html/jane/private/.htpasswd
  Require user hello
</Directory>

I restart httpd and it’s all set up for her.

Jane takes it from here. 

She ssh’s into my server and creates /home/jane/private, bearing in mind that everything she puts in that directory will eventually be rsync’ed to her password protected Apache directory.

She creates the password for the user that I defined in her configuration file.

htpasswd -c /home/jane/private/.htpasswd hello

It automatically prompts for the password.

New password:
Re-type new password:
Adding password for user hello

When she’s ready, Jane can simply:

rsync -avh /home/jane/private /var/www/html/jane/
sending incremental file list
private/
private/.htpasswd
private/notes.txt

sent 225 bytes  received 54 bytes  558.00 bytes/sec
total size is 40  speedup is 0.14

Now she can go to http://mysite/jane and verify the private directory is not listed in the Directory listing.  She’ll have to manually enter http://mysite/jane/private into the browser, enter the username and password to gain access, and now when she goes back to http://mysite/jane it will appear.

At any point, Jane can create a new password by simply

htpasswd -c /home/jane/private/.htpasswd hello

And then rsync to her Apache directory to change the password.

“This site does not support Microsoft”

Have you ever wanted Windows and/or Internet Explorer users to feel your irritation when a site tells you it doesn’t support Linux?  Well, a few lines of php in your index page will spread the pain.


Now, my server, such as it is, is in my house and I do not get much if any traffic from Windows users.  Actually, I don’t even want the hits, as I really try to stay off the radar.  So what would block about 90% of the internet off my server unless they’re in the Linux club (or Mac, but they don’t have scads of market share either).

In my index.html, I stick this at the top:

<?php
if (eregi(“Windows”,getenv(“HTTP_USER_AGENT”)) ||
eregi (“MSIE”,getenv(“HTTP_USER_AGENT”)) ||
eregi(“Internet Explorer”,getenv(“HTTP_USER_AGENT”))) {
Header(“Location: windows.txt”);
exit;
}
?>

I rename the file from index.html to index.php.  I also create a terse message in /var/www/html named windows.txt:


This site does not support Microsoft.

And now only Linux (or Mac) users can go to my server’s index page!  That’ll show you, people who never go to my server anyway.

Now, you might be thinking, “What if you have to borrow your Mom’s laptop to access a file?”  Duh, it’s only the home page in the Apache root that redirects.  I can still go to http://mysite/anna or other subdirectories of /var/www/html just fine.

Going Crazy over Cron!

We all know that cron doesn’t use most of your variables, but it was driving me crazy trying to figure out how to get a text file output with a certain column width.

I used at to help me figure out what was going on.


The XS 0.6 doesn’t have at installed by default, so first off:

yum install at

Start the service

service atd start

The script I was trying to run from cron used fbcmd to output my Facebook wall to a text file so my Facebook phobic friends can read it from my Apache server so they don’t feel left out.  Running it manually worked just fine, but the text output from cron was messed up.  Specifically, lines weren’t wrapping properly.

The myfacebook script is just this:

#!/bin/bash
DATE=`date +%Y-%m-%d`
TIME=`date +%H:%M`
/bin/echo “Last Updated” $DATE $TIME > /var/www/html/private/anna/facebook.txt
/bin/echo “———————————————————-” >> /var/www/html/private/anna/facebook.txt
/usr/local/bin/fbcmd fstream =me 20 -satt -sd >> /var/www/html/private/anna/facebook.txt

I have a password protected web directory on my server, so that’s where I output it.  This would be really nice to have in a cron job so my users don’t have to nag me to manually update it.

After some Googling, I used at to generate a script with all my environment variables to run from cron.

Here’s what I typed in:

at now + 1 hour < ENTER >
/home/anna/bin/myfacebook < ENTER >
< CTRL+D >

And here’s what that looks like:

[anna@schoolserver ~]$ at now + 1 hour
at> /home/anna/bin/myfacebook
at> < EOT >
job 9 at 2010-12-17 00:31

As root, I meander over to where at keeps the spooled jobs.

[root@schoolserver ~]# cd /var/spool/at
[root@schoolserver at]# ls
a000090148b787  spool

The a000090148b787 file is the script that anna just generated with at.  I move it over to /home/anna/bin as facebookcron and chown anna:anna /home/anna/bin/facebookcron

Well, it didn’t make any difference at first.  The lines still weren’t wrapping.  So I look in my mailbox and at sent me a message!

tput: No value for $TERM and no -T specified

Well, that might explain it.  In the facebookcron script, I added these two variables amongst the slew that at had already defined for me.

TERM=linux; export TERM
COLUMNS=130; export COLUMNS

And wouldn’t you know the fbcmd text output wrapped quite nicely when I ran facebookcron with cron!

I stopped the at service until I need it again.

service atd stop

I want to run it every two hours at a quarter after, so here’s the crontab entry.

15 */2 * * * /home/anna/bin/facebookcron >/dev/null 2>&1

SSH keypair setup on the XS

SSH into the XS with a keypair

Here’s how I did it for my Ubuntu desktop client and the XS 0.6.

First, on the XS, uncomment these lines in /etc/ssh/sshd_config and sshd_config.in

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile    .ssh/authorized_keys

Restart the ssh service

service sshd restart

Now generate keys on your client machine.

ssh-keygen

You might have to add -t rsa to that.

Sometimes you’ll have to do this as well, but not on the XO:

ssh-add

On the client machine, set the appropriate permissions in your home directory:

.ssh = 700
.ssh/id_rsa = 600

Copy .ssh/id_rsa.pub on the client over to .ssh/authorized_keys on the XS.  Make sure it’s all in one line.  From the client, this should work, if .ssh/authorized keys already exists on the remote machine.

cat ~/.ssh/id_rsa.pub | ssh -p <port> user@server ‘tee -a .ssh/authorized_keys’

On the XS, set the appropriate permissions in your home directory:

.ssh = 700
.ssh/authorized_keys = 644

Now you should be able to ssh into the XS without having to supply a password.

To make things even easier, especially if you’re using a nonstandard port and/or your username on the server is different from your username on the client machine, you can put an entry in ~.ssh/config

Here’s an example of my /home/anna/.ssh/config

Host schoolserver
    Hostname schoolserver.org    
    User anna
    Port 1985
    ServerAliveInterval 30
    ServerAliveCountMax 120

If you get an error about bad permissions when you use an ssh config file, simply

chmod 600 ~/.ssh/config

So now to ssh, all I have to do is:

ssh schoolserver

To scp, all I have to do is:

scp file.txt schoolserver:/home/anna

In ~.ssh/config, Host can be anything and Hostname can point to an IP.  It doesn’t have to be a domain name.