For X remapping was done by xmodmap
| is remapped to right AltGr + Y
< is remapped to right AltGr + ;
> is remapped to right AltGr + :
.Xmodmap
keycode 52 = y Y y Y bar U203A guillemotrightBut under wayland i had to change to evremap (https://github.com/wez/evremap)
keycode 59 = comma semicolon comma semicolon less multiply periodcentered
keycode 60 = period colon period colon greater division U2026
To automatically activate remapping by a systemd service i did following
discover usb keyboard
#> dmesg
[ 4920.421719] usb 3-4.2: new low-speed USB device number 17 using xhci_hcdSearch for name attribute
[ 4920.539376] usb 3-4.2: New USB device found, idVendor=0e8f, idProduct=0022, bcdDevice= 2.10
[ 4920.539386] usb 3-4.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 4920.539390] usb 3-4.2: Product: USB KB V11
[ 4920.539392] usb 3-4.2: Manufacturer: GASIA
[ 4920.614311] input: GASIA USB KB V11 as /devices/pci0000:00/0000:00:08.1/0000:03:00.4/usb3/3-4/3-4.2/3-4.2:1.0/0003:0E8F:0022.001A/input/input57
#> udevadm info -a -p /devices/pci0000:00/0000:00:08.1/0000:03:00.4/usb3/3-4/3-4.2/3-4.2:1.0/0003:0E8F:0022.001A/input/input57
ATTR{name}=="GASIA USB KB V11"and build an udev rule for systemd tagging
/etc/udev/rules.d/10-local.rules
ACTION!="remove", SUBSYSTEMS=="input", ATTRS{name}=="GASIA USB KB V11", TAG+="systemd"and reload udev and trigger
#> udevadm control --reload-rules
#> udevadm trigger --attr-match=subsystem=input
and search for a systemd device name with
#> systemctl list-units --type device --no-pager -a | grep V11
dev-input-by\x2did-usb\x2dGASIA_USB_KB_V11\x2devent\x2dkbd.device loaded active plugged USB_KB_V11and check for status with
dev-input-by\x2dpath-pci\x2d0000:03:00.4\x2dusb\x2d0:4.2:1.0\x2devent\x2dkbd.device loaded active plugged USB_KB_V11
dev-input-event12.device loaded active plugged USB_KB_V11
sys-devices-pci0000:00-0000:00:08.1-0000:03:00.4-usb3-3\x2d4-3\x2d4.2-3\x2d4.2:1.0-0003:0E8F:0022.001A-input-input57-event12.device loaded active plugged USB_KB_V11
sys-devices-pci0000:00-0000:00:08.1-0000:03:00.4-usb3-3\x2d4-3\x2d4.2-3\x2d4.2:1.0-0003:0E8F:0022.001A-input-input57.device loaded active plugged USB_KB_V11
#> systemctl status "dev-input-by\x2did-usb\x2dGASIA_USB_KB_V11\x2devent\x2dkbd.device"
● dev-input-by\x2did-usb\x2dGASIA_USB_KB_V11\x2devent\x2dkbd.device - USB_KB_V11and install evremap with correct permission and ownership
Follows: unit currently follows state of sys-devices-pci0000:00-0000:00:08.1-0000:03:00.4-usb3-3\x2d4-3\x2d4.2-3\x2d4.2:1.0-0003:0E8F:0022.001A-input-input57-event12.device
Loaded: loaded
Active: active (plugged) since Mon 2023-09-25 09:32:57 CEST; 1h 27min ago
Until: Mon 2023-09-25 09:32:57 CEST; 1h 27min ago
Device: /sys/devices/pci0000:00/0000:00:08.1/0000:03:00.4/usb3/3-4/3-4.2/3-4.2:1.0/0003:0E8F:0022.001A/input/input57/event12
#> ls -la /usr/bin/evremap
-rwxr-xr-x 1 root root 15726808 Sep 20 15:37 /usr/bin/evremapand discover the name with
#> sudo evremap list-devices
and build the remapfile (using evtest to discover keycodes)
/etc/evremap.toml
device_name = "GASIA USB KB V11"/etc/systemd/system/evremap.service
[[remap]]
input = ["KEY_RIGHTALT", "KEY_Z"]
output = ["KEY_RIGHTALT", "KEY_102ND"]
[[remap]]
input = ["KEY_RIGHTALT", "KEY_COMMA"]
output = ["KEY_102ND"]
[[remap]]
input = ["KEY_RIGHTALT", "KEY_DOT"]
output = ["KEY_LEFTSHIFT", "KEY_102ND"]
[Unit]#> systemd enable evremap
Description=Keyboard Remap
BindsTo=dev-input-by\x2did-usb\x2dGASIA_USB_KB_V11\x2devent\x2dkbd.device
[Service]
WorkingDirectory=/
ExecStart=/usr/bin/evremap remap /etc/evremap.toml -d 0
Restart=always
[Install]
WantedBy=dev-input-by\x2did-usb\x2dGASIA_USB_KB_V11\x2devent\x2dkbd.device
[ view entry ] ( 3308 views ) | print article
check wifi device name
~# ip addr | grep -A 5 wlan10: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
IP configuration of your Wifi Stick for systemd-networkd
/etc/systemd/network/hostapd.network
[Match]
Name=wlan0
[Network]
Address=192.168.0.1/24
DHCPServer=yes
IPMasquerade=true
IPForward=true
[DHCPServer]
PoolOffset=100
PoolSize=20
EmitDNS=yes
DNS=your_dns_server
Autostart of hostapd
/etc/systemd/system/hostapd.service.d/override.conf
[Unit]
Requires=sys-subsystem-net-devices-wlan0.device systemd-networkd.service
After=sys-subsystem-net-devices-wlan0.device
BindsTo=sys-subsystem-net-devices-wlan0.device
[Install]
WantedBy=sys-subsystem-net-devices-wlan0.device
~# systemctl enable hostapdAutostop of hostapd
/etc/system/systemd-networkd.service.d/override.conf
[Unit]
After=hostapd.service
BindsTo=hostapd.service
[ view entry ] ( 9601 views ) | print article
I got multiple USB devices working with em28xx module.
Usually a module option gives the em28xx module the order of the devices if not automatically detected
(ex. options em28xx card=80,92,9,9).
But the order at boot is every time different (order for module option not usb detection).
The only working solution for me is to manual loading, scan the order from kernel logs, unload and load with the scanned order:
/etc/modprobe.d/em28xx
blacklist em28xx
blacklist em28xx_v4l
blacklist em28xx_dvb
blacklist em28xx_rc
/etc/systemd/system/em28xx.service
[Unit]
Description=em28xx card sequence detection
After=local-fs.target
Before=motion.service vdr.service
[Service]
ExecStart=/usr/local/bin/em28xx_detect.sh
Type=oneshot
[Install]
WantedBy=multi-user.target
/usr/local/bin/em28xx_detect.sh
#!/bin/sh
modprobe em28xx
sleep 1
modprobe -r em28xx_rc
modprobe -r em28xx_v4l
modprobe -r em28xx_dvb
modprobe -r em28xx
IFS="
"
for line in $(dmesg|grep em28xx|grep 'New device'|tail -4)
do
[ -z "$cards" ] || cards="${cards},"
case "$line" in
*eb1a:2821*) cards="${cards}9" ;;
*2013:024c*) cards="${cards}80" ;;
*2013:0258*) cards="${cards}92" ;;
esac
done
modprobe em28xx card=$cards disable_ir=1 disable_usb_speed_check=1
sleep 10
[ view entry ] ( 8317 views ) | print article
/etc/ssh/sshd_config:
...
Match user USER
PasswordAuthentication no
AllowTcpForwarding yes
X11Forwarding no
PermitTunnel no
GatewayPorts no
AllowAgentForwarding no
ChrootDirectory /home/USER
But if the client needs a login shell this failed.
Well you could tell the client to not use a login shell:
ssh -N -L2222:IP:22 USER@SERVER
putty: SSH / Protocol Option enable "Don't start a shell or command at all"
or use an own loginshell where the user only can press return to disconnect:
sudo useradd USER -d /home/USER -s /bin/bash
sudo mkdir /home/USER
sudo chown USER:USER /home/USER
sudo su USER
cd
touch .hushlogin (is used to not display motd's)
mkdir .ssh
chmod 0700 .ssh
cd .ssh
ssh-keygen -t rsa -b 4096
mv id_rsa.pub authorized_keys
exit
sudo passwd -d USER
sudo chown root:root /home/USER (for sshd chroot)
sudo cp own_loginshell /home/USER/
move /home/USER/.ssh/id_rsa out to your test account and test with "ssh -i id_rsa USER@IP"
I had some troubles with a chrooted environment:
/etc/passwd USER:x:ID:ID::/home/USER:/own_loginshell
.hushlogin is NOT working and motd with last login is shown!
pam.d/sshd is running all scripts in /etc/update-motd.d.
Solution move .hushlogin to /home/USER/home/USER
To hide motd and have no delays at login we could add an exception in pam.d/sshd for our user USER
session [default=2 success=ignore] pam_succeed_if.so quiet user != USER
before
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
/etc/passwd USER:x:ID:ID::/:/own_loginshell
.hushlogin is working but before sshd is doing a chroot it checks the key against
authorized_keys based on our homedir (is / for chroot) wee need to
add "AuthorizedKeysFile /home/USER/.ssh/authorized_keys" to sshd_config
Compiling
For 64Bit there is something different to 32Bit and with my studies i compiled with
gcc -s -Os -nostdlib -ffreestanding own_loginshell.c -o own_loginshell
#> chroot /ROOTDIR ./own_loginshell
chroot: failed to run command ‘./own_loginshell’: No such file or directory
With
#> strace chroot /ROOTDIR ./own_loginshell
you only see
execve("./own_loginshell", ["./own_loginshell"], 0x7fff17d94fe8 /* 24 vars */) = -1 ENOENT (No such file or directory)
But with the help of "readelf -l own_loginshell" you see
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
You have to copy /lib64/ld-linux-x86-64.so.2 to CHROOT/lib64/
Or compile with "-static"
own_loginshell.c:
/*
simple program to print to stdout and read from stdin without libc for x86-64
taken from https://hero.handmade.network/forums/code-discussion/t/861-compiling_without_libc_on_linux
gcc -s -Os -nostdlib -ffreestanding -static own_loginshell.c -o own_loginshell
*/
#include <stddef.h>
#include <syscall.h>
static void exit(int code)
{
__asm__ __volatile__(
"syscall"
:
: "a"(__NR_exit)
: "cc", "rcx", "r11", "memory");
__builtin_unreachable(); // syscall above never returns
}
// returns negative value for error (for example, if error is EINVAL, then -EINVAL is returned)
static int write(int fd, const void *buf, size_t size)
{
long result;
__asm__ __volatile__(
"syscall"
: "=a"(result)
: "0"(__NR_write), "D"(fd), "S"(buf), "d"(size)
: "cc", "rcx", "r11", "memory");
return result;
}
static int read(int fd, char *buf, size_t size)
{
long result;
__asm__ __volatile__(
"syscall"
: "=a"(result)
: "0"(__NR_read), "D"(fd), "S"(buf), "d"(size)
: "cc", "rcx", "r11", "memory");
return result;
}
void _start()
{
char text[] = "press enter to close connection";
// for this example let's ignore result of write
// but you should really handle it
// 1 is stdout file handle
write(1, text, sizeof(text) - 1);
read(0, text, 1);
exit(0);
}
[ view entry ] ( 2153 views ) | print article
Install oathtool.
sudo apt-get install oathtool libpam-oath
Generate a secret.
export HEX_SECRET=$(head -10 /dev/urandom | md5sum | cut -b 1-30)
Generate the TOTP details, 6 digits long.
oathtool --verbose --totp $HEX_SECRET
Enter the base32 secret in Android FreeOTP.
Create and populate the /etc/security/users.oath file.
sudo bash -c "echo HOTP/T30 $USER - $HEX_SECRET >> /etc/security/users.oath"
sudo chmod 0600 /etc/security/users.oath
Forget the secret!
unset HEX_SECRET
prefix /etc/pam.d/sshd with
auth sufficient pam_oath.so usersfile=/etc/security/users.oath window=10 digits=6
Allow this in sshd and restart.
sudo sed -Ei -e 's/(ChallengeResponseAuthentication) no/\1 yes/' /etc/ssh/sshd_config
sudo service ssh restart
Test with
ssh localhost
You should see:
One-time password (OATH) for `USER':
To avoid otp for some users prefix /etc/pam.d/sshd with
auth [success=1 default=ignore] pam_succeed_if.so user in user1:user2
[ view entry ] ( 2105 views ) | print article
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Next> Last>>