ssh otp 
Install oathtool.
sudo apt-get install oathtool libpam-oath

Generate a secret.
export HEX_SECRET=$(head -10 /dev/urandom | md5sum | cut -b 1-30)

Generate the TOTP details, 6 digits long.
oathtool --verbose --totp $HEX_SECRET

Enter the base32 secret in Android FreeOTP.

Create and populate the /etc/security/users.oath file.
sudo bash -c "echo HOTP/T30 $USER - $HEX_SECRET >> /etc/security/users.oath"
sudo chmod 0600 /etc/security/users.oath

Forget the secret!

prefix /etc/pam.d/sshd with
auth sufficient usersfile=/etc/security/users.oath window=10 digits=6

Allow this in sshd and restart.
sudo sed -Ei -e 's/(ChallengeResponseAuthentication) no/\1 yes/' /etc/ssh/sshd_config
sudo service ssh restart

Test with
ssh localhost

You should see:
One-time password (OATH) for `USER':

To avoid otp for some users prefix /etc/pam.d/sshd with
auth [success=1 default=ignore] user in user1:user2

[ view entry ] ( 2038 views )   |  print article
hostap with a wifi usb stick on demand 
After plug in of a wifi usb stick linux act's as a hostap.

apt-get install isc-dhcp-server hostapd

changes in /etc/hostapd/hostapd.conf
wpa_pairwise=TKIP CCMP

iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
up /etc/init.d/isc-dhcp-server restart
down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
down killall hostapd

first check vendor and product id with lsusb:

ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="148f", ATTRS{idProduct}=="3070", \
RUN+="/sbin/ifup wlan0"
ACTION=="remove", SUBSYSTEM=="net", KERNEL=="wlan0", RUN+="/sbin/ifdown wlan0"

On booting this does not work for me so i started the hostap by

lsusb | grep -q "148f:3070" && /sbin/ifup wlan0

[ view entry ] ( 1515 views )   |  print article
transcode a mjpeg ip cam on demand with a cgi script using ffmpeg 
To minimize bandwidth for video streaming i have to transcode mjpeg to h264.
To do this on demand ffserver is no option for me.
Therefore a small cgi script on the webserver with ffmpeg did the trick:


echo -e "Content-type: video/avi\n"

#ffmpeg -an -analyzeduration 0 -f mjpeg -r 8 -i http://IP_CAM:PORT \
# -c:v libx264 -preset ultrafast -r 8 -threads 2 -b:v 150k -f avi - 2>/dev/null &

avconv -an -analyzeduration 0 -f mjpeg -r 8 -i http://IP_CAM:PORT \
-c:v libx264 -pre ultrafast -r 8 -threads 2 -b:v 150k -f avi - 2>/dev/null &
trap "kill $pid" SIGTERM SIGPIPE

[ view entry ] ( 2584 views )   |  print article
port forward with iptables 
iptables -I FORWARD -i INTERFACE -p tcp --dport PORT -j ACCEPT
iptables -A PREROUTING -t nat -i INTERFACE -p tcp --dport PORT -j DNAT --to-destination LOCAL_IP

[ view entry ] ( 1289 views )   |  print article
apt-get behind a server port redirected with ssh to a proxy 
There is an apt proxy (Apt-Cacher NG), a workstation, a server and a server behind that server.
workstation> ssh -R3142:proxy:3142 server

server> ssh -R3142: server_behind

server_behind> cat /etc/apt/apt.conf.d/01proxy
Acquire::http { Proxy "http://localhost:3142"; }

server_behind> apt-get update; apt-get upgrade

[ view entry ] ( 1095 views )   |  print article

<<First <Back | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Next> Last>>