sftp and port forward only login 
I need a ssh login for restricted portforward but without a shell for the user.

This got realized with /etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp

Match user USER
PasswordAuthentication yes
AllowAgentForwarding no
X11Forwarding no
ForceCommand internal-sftp
PermitOpen localhost:22
ChrootDirectory /home/USER

"PermitOpen"restricts portforward to localhost:22 (remote port forward is not restricted)

But if the client needs a login shell this failes.

Well you could tell the client to not use a login shell:

ssh -N -L2222:IP:22 USER@SERVER

putty: SSH / Protocol Option enable "Don't start a shell or command at all"

or use an own loginshell where the user can only press return to disconnect:

/etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp

Match user USER
PasswordAuthentication yes
AllowAgentForwarding no
X11Forwarding no
PermitOpen 127.0.0.1:2222
ChrootDirectory /home/USER

sudo touch /home/USER/.hushlogin
sudo cp own_loginshell /home/USER/
/etc/passwd:USER:x:ID:ID::/:/own_loginshell

own_loginshell.c:
/*
simple program to print to stdout and read from stdin without libc

taken from http://crazychenz.com/archives/107
(http://stackoverflow.com/questions/2548486/compiling-without-libc)

modified 2011 by Peter Holik (peter@holik.at)

gcc -nostdlib -nostartfiles -fno-builtin own_loginshell.c -o own_loginshell
*/

/* Types - I've defined these just to match the kernel's macros, typedefs, and structs */
typedef unsigned int size_t;

/* Syscalls */
exit(int error_code) {
/* The asm call is a GCC thing that allows us to put assembly
* inline with our C code. This particular use is the extended version,
* which provides a very clean and easy way to map variables in
* our code with registers in the assembly code.
*/
asm("int $0x80"
: // no output registers
: "a" (1), "b" (error_code)
);
}

size_t read(unsigned int fd, char * buf, size_t count) {
size_t ret;
/* In this call, we have a return value, which know will be
* of type size_t, so we put the value of %eax into ret.
*/
asm("int $0x80"
: "=a" (ret)
: "a" (3), "b" (fd), "c" (buf), "d" (count)
);
return ret;
}

size_t write(unsigned int fd, const char * buf, size_t count) {
size_t ret;
asm("int $0x80"
: "=a" (ret)
: "a" (4), "b" (fd), "c" (buf), "d" (count)
);
return ret;
}

/* Notice that there is no main in this code, that is because
* main is not _really_ required. All that is _really_ required
* is the entry point for Linux to execute. I'd suggest
* always using a main() for compatibility reasons.
*/
void _start() {
char *buf = "press enter to close connection";

write(1, buf, 31);
read(0, buf, 1);
exit(0);
}


[ view entry ] ( 2989 views )   |  print article
change xorg screen dimension on login with xrandr 
* create modline setting with cvt for desired resolution

* add new modline with xrandr --newmode

* add mode to output with xrandr --addmode

* set output and dimension with xrandr --output and --mode

The needed steps are done in

/etc/X11/Xsession.d/45custom_xrandr-settings

# $ cvt 1280 1024 60
# 1280x1024 59.89 Hz (CVT 1.31M4) hsync: 63.67 kHz; pclk: 109.00 MHz
# Modeline "1280x1024_60.00" 109.00 1280 1368 1496 1712 1024 1027 1034 1063 \
# -hsync +vsync
# $ xrandr
# Screen 0: minimum 320 x 200, current 1024 x 768, maximum 8192 x 8192
# HDMI-1 disconnected (normal left inverted right x axis y axis)
# VGA-1 connected 1024x768+0+0 (normal left inverted right x axis y axis) 0mm x 0mm
# 1024x768 60.0*
# 800x600 60.3 56.2
# 848x480 60.0
# 640x480 59.9
xrandr --newmode "1280x1024_60.00" 109.00 1280 1368 1496 1712 1024 1027 1034 1063 \
-hsync +vsync
xrandr --addmode VGA-1 1280x1024_60.00
# $ xrandr
# Screen 0: minimum 320 x 200, current 1024 x 768, maximum 8192 x 8192
# HDMI-1 disconnected (normal left inverted right x axis y axis)
# VGA-1 connected 1024x768+0+0 (normal left inverted right x axis y axis) 0mm x 0mm
# 1024x768 60.0*
# 800x600 60.3 56.2
# 848x480 60.0
# 640x480 59.9
# 1280x1024_60.00 59.9
xrandr --output VGA-1 --mode 1280x1024_60.00


[ view entry ] ( 1372 views )   |  print article
usb modem dialin 
Server

needed packages: mgetty, pppd

start and stop mgetty on plugin of usbmodem (0572:1329 Conexant Systems (Rockwell), Inc.)

/etc/init/mgetty.conf
# mgetty - dialin daemon

description "mgetty daemon"

start on tty-device-added KERNEL=ttyACM0
stop on tty-device-removed KERNEL=ttyACM0

respawn
exec /sbin/mgetty -s 115200 -D /dev/ttyACM0

/etc/mgetty/login.config
/AutoPPP/ - a_ppp /usr/sbin/pppd auth +chap -pap name dialinserver remotename dialer debug

I use chap instead of pap because of plain password used by pap.

/etc/ppp/chap-secrets
dialer dialinserver password *

/etc/ppp/options.ttyACM0
10.0.0.1:10.0.0.2


Client

needed packages: pppd

/etc/ppp/peers/dialinserver
noauth
connect "/usr/sbin/chat -v -f /etc/chatscripts/dialinserver"
debug
/dev/ttyS0
115200
defaultroute
noipdefault
name dialer
remotename dialinserver

/etc/chatscripts/dialinserver
ABORT BUSY ABORT 'NO CARRIER' ABORT VOICE ABORT 'NO DIALTONE' ABORT 'NO DIAL TONE'
ABORT 'NO ANSWER' ABORT DELAYED
'' ATZ
OK-AT-OK "ATDTnumber"
CONNECT \d\c

/etc/ppp/chap-secrets
dialer dialinserver password *

Connect with "pon dialinserver" and disconnect with "poff dialinserver"

[ view entry ] ( 1038 views )   |  print article
route icmp to a different gateway 
echo 100 icmp_route >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table icmp_route
ip route add default via IP_OF_NOT_DEFAULT_GATEWAY dev eth0 table icmp_route

iptables -t mangle -A OUTPUT -d IP_TO_PING -p icmp -j MARK --set-mark 1


[ view entry ] ( 1174 views )   |  print article
USB: uss720 fixup refcount position 
My testprog do a lot of bitbang - after hours i got following warning and my machine lockups:

WARNING: at /build/buildd/linux-2.6.38/lib/kref.c:34

After debugging uss720 driver i discovered that the completion callback was called before usb_submit_urb returns.
The callback frees the request structure that is krefed on return by usb_submit_urb.
--- a/drivers/usb/misc/uss720.c
+++ b/drivers/usb/misc/uss720.c
@@ -177,12 +177,11 @@ static struct uss720_async_request *submit_async_request(...
spin_lock_irqsave(&priv->asynclock, flags);
list_add_tail(&rq->asynclist, &priv->asynclist);
spin_unlock_irqrestore(&priv->asynclock, flags);
+ kref_get(&rq->ref_count);
ret = usb_submit_urb(rq->urb, mem_flags);
- if (!ret) {
- kref_get(&rq->ref_count);
+ if (!ret)
return rq;
- }
- kref_put(&rq->ref_count, destroy_async);
+ destroy_async(&rq->ref_count);
err("submit_async_request submit_urb failed with %d", ret);
return NULL;
}

http://git.kernel.org/?p=linux/kernel/g ... 5b45be8688

[ view entry ] ( 1728 views )   |  print article

<<First <Back | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next> Last>>