chrooted sftp only 
useradd -s /bin/false -m SFTPUSER
mkdir /home/SFTPUSER/.ssh
ssh-keygen -t rsa -b 2048 -N '' -f /home/SFTPUSER/.ssh/id_rsa
chmod 600 /home/SFTPUSER/.ssh/id_rsa

Subsystem       sftp    internal-sftp

Match user SFTPUSER
PasswordAuthentication no
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp
ChrootDirectory /chroot
chown root:root /chroot
mkdir /chroot/SFTPUSERDIR

echo "put FILENAME" | \
sftp -oIdentityFile=/home/SFTPUSER/.ssh/id_rsa \
-oTCPKeepAlive=no -oServerAliveInterval=15 \

[ view entry ] ( 2260 views )   |  print article
secure rsync to only one directory 
I want to rsync to a remote host to a given directory.

ssh-keygen -t rsa
keyfilename: ~/.ssh/rsync
ssh-copy-id -i .ssh/rsync rsyncuser@remote-host

rsync files with ssh:
rsync -vaHxr --delete \
-e "ssh -i ~/.ssh/rsync -c arcfour -o Compression=no -x" \
LOCALDIR rsyncuser@remote-host:


ssh-dss 012345678...
limit access with from (optional).
On sucessfully ssh login command is executed.

[ view entry ] ( 2265 views )   |  print article
ip crossover: send packets on eth0 out and receive them via eth1  
For testing my intellon driver on one pc i need to send packets on eth0 (intellon usb) out and receive them via eth1 (intellon ethernet).

The only solution i found was a not anymore supported module for netfilter from Rusty Russell.

I tried to fix the compiler errors/warnings and finally it worked.


ifconfig eth0
ifconfig eth1
arp -s <hardware address of eth1> -i eth0
arp -s <hardware address of eth0> -i eth1
modprobe ip_crossover dev1=eth0 dev2=eth1

Then doing ping, ICMP ping goes out eth0 and comes back in eth1.


for testing packets with differenz sizes i did:

for i in $(seq 0 1472); do ping -q -c1 -s$i >/dev/null || echo fail $i; done

for i in $(seq 0 1472); do ping -q -c1 -s$i >/dev/null || echo fail $i; done

[ view entry ] ( 1327 views )   |  print article
Intellon int51x1 PLC usb net driver for devolo dlan duo 
Here is how i made the patch for inclusion:

git config --global "Peter Holik"
git config --global "peter AT"

check kernel out with git

git clone git://

first i had to export usbnet_get_ethernet_addr from usbnet.c
and to fix cdc_ether.c

git commit -am "export get_ethernet_addr from cdc.ether.c in usbnet"

then copy my new driver int51x1.c to /usr/src/linux-2.6/drivers/net/usb/ and modify /usr/src/linux-2.6/drivers/net/usb/Kconfig and /usr/src/linux-2.6/drivers/net/usb/Makefile

git add /usr/src/linux-2.6/drivers/net/usb/int51x1.c

git commit -am "usb driver for intellon int51x1 based PLC like devolo dlan duo"

git format-patch -s origin/master

Then mail the created file to linux kernel mailinglist:

cat 0001-export-usbnet_get_ethernet_addr-from-usbnet-and-fixe.patch | \

cat 0002-usb-driver-for-intellon-int51x1-based-PLC-like-devol.patch | \

Many thanks to the guys at for suggestions and improvements.

Undo last commit with git reset --soft HEAD^

My driver will be part of linux kernel 2.6.31

git quick reference

[ view entry ] ( 974 views )   |  print article
block ssh brute force attacs / prevent synflooding 
With iptables module recent you can limit the count of tcp connection attempts. In my case i allow only 3 ssh connection attempts per minute. This stops script kiddies doing ssh brute force attacs.
iptables -N synflood
iptables -A synflood -p tcp --dport ssh -m recent --set --name SSH
iptables -A synflood -p tcp --dport ssh -m recent --update \
--seconds 60 --hitcount 4 --name SSH -j DROP

iptables -A INPUT -p tcp -m state --state NEW -j synflood
iptables -A FORWARD -i $OUT -p tcp -m state --state NEW -j synflood

[ view entry ] ( 646 views )   |  print article

<<First <Back | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | Next> Last>>