sftp and port forward only login 
I need a ssh login for restricted portforward but without a shell for the user.

This got realized with /etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp

Match user USER
PasswordAuthentication yes
AllowAgentForwarding no
X11Forwarding no
ForceCommand internal-sftp
PermitOpen localhost:22
ChrootDirectory /home/USER

"PermitOpen"restricts portforward to localhost:22 (remote port forward is not restricted)

But if the client needs a login shell this failes.

Well you could tell the client to not use a login shell:

ssh -N -L2222:IP:22 USER@SERVER

putty: SSH / Protocol Option enable "Don't start a shell or command at all"

or use an own loginshell where the user can only press return to disconnect:

/etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp

Match user USER
PasswordAuthentication yes
AllowAgentForwarding no
X11Forwarding no
PermitOpen 127.0.0.1:2222
ChrootDirectory /home/USER

sudo touch /home/USER/.hushlogin
sudo cp own_loginshell /home/USER/
/etc/passwd:USER:x:ID:ID::/:/own_loginshell

own_loginshell.c:
/*
simple program to print to stdout and read from stdin without libc

taken from http://crazychenz.com/archives/107
(http://stackoverflow.com/questions/2548486/compiling-without-libc)

modified 2011 by Peter Holik (peter@holik.at)

gcc -nostdlib -nostartfiles -fno-builtin own_loginshell.c -o own_loginshell
*/

/* Types - I've defined these just to match the kernel's macros, typedefs, and structs */
typedef unsigned int size_t;

/* Syscalls */
exit(int error_code) {
/* The asm call is a GCC thing that allows us to put assembly
* inline with our C code. This particular use is the extended version,
* which provides a very clean and easy way to map variables in
* our code with registers in the assembly code.
*/
asm("int $0x80"
: // no output registers
: "a" (1), "b" (error_code)
);
}

size_t read(unsigned int fd, char * buf, size_t count) {
size_t ret;
/* In this call, we have a return value, which know will be
* of type size_t, so we put the value of %eax into ret.
*/
asm("int $0x80"
: "=a" (ret)
: "a" (3), "b" (fd), "c" (buf), "d" (count)
);
return ret;
}

size_t write(unsigned int fd, const char * buf, size_t count) {
size_t ret;
asm("int $0x80"
: "=a" (ret)
: "a" (4), "b" (fd), "c" (buf), "d" (count)
);
return ret;
}

/* Notice that there is no main in this code, that is because
* main is not _really_ required. All that is _really_ required
* is the entry point for Linux to execute. I'd suggest
* always using a main() for compatibility reasons.
*/
void _start() {
char *buf = "press enter to close connection";

write(1, buf, 31);
read(0, buf, 1);
exit(0);
}


[ view entry ] ( 3029 views )   |  print article
php script for sispmctl (power supply switching) 
#> apt-get install sispmctl

Switch Socket on with sispmctl -o 1, off with sispmctl -f 1 and get status with sispmctl -m all

To have premission for a webserver to execute the command:

/etc/udev/rules.d/90-local.rules:
ACTION=="add", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
ATTRS{idVendor}=="04b4", ATTRS{idProduct}=="fd13", \
GROUP="www-data", MODE="0660"
Because sometimes a wrong status came back i read it twice and compare it
<?php

function sispm_status() {
$pins1=array(0=>'0'); $pins2=array(0=>'1');
while ($pins1 !== $pins2) {
unset($pins1);
unset($pins2);
exec("/usr/bin/sispmctl -qnm all", $pins1);
exec("/usr/bin/sispmctl -qnm all", $pins2);
}
return $pins1;
}
$pins = sispm_status();

if (isset($_POST['update']))
for ($i = 0; $i <= 3; $i++)
if (isset($_POST["pin$i"])) {
if (!$pins[$i]) exec("/usr/bin/sispmctl -qno ".($i+1)); }
else if ($pins[$i]) exec("/usr/bin/sispmctl -qnf ".($i+1));

$pins = sispm_status();

?>
<html>
<body>
<form method="post">
<input type="checkbox" name="pin0" value="1" <?= ($pins[0]?'checked':'') ?>> Socket 1<br>
<input type="checkbox" name="pin1" value="1" <?= ($pins[1]?'checked':'') ?>> Socket 2<br>
<input type="checkbox" name="pin2" value="1" <?= ($pins[2]?'checked':'') ?>> Socket 3<br>
<input type="checkbox" name="pin3" value="1" <?= ($pins[3]?'checked':'') ?>> Socket 4<br>
<input type="submit" name="update">
</form>
</body>
</html>

perl:
#!/usr/bin/perl

use strict;
use warnings;
use CGI;

my $cgi = CGI->new();

my @ports=("PC","Printer","-","-");

print "Content-type: text/html\n";

print "\n";

print "<HTML><HEAD><TITLE>USB Steckdosenleiste</TITLE><META http-equiv=\"refresh\" content=\"60;steckdose.cgi\"></HEAD>\n\n";

print "<BODY>\n";

for my $port ($cgi->param()) {
if ($cgi->param($port) eq "on") { system "/usr/bin/sispmctl -q -o $port"; }
elsif ($cgi->param($port) eq "off") { system "/usr/bin/sispmctl -q -f $port"; }
}

print "<H1>USB Steckdosenleiste</H1><UL>\n";
my @states = `/usr/bin/sispmctl -q -g all`;
my $cnt = 1;
for my $state (@states) {
if ($ports[$cnt-1] ne "-") {
if ($state eq "off\n") { print "<LI>".$ports[$cnt-1]." ist ausgeschaltet [<A href=\"steckdose.cgi?$cnt=on\">einschalten</A>]\n"; }
else { print "<LI>".$ports[$cnt-1]." ist eingeschaltet [<A href=\"steckdose.cgi?$cnt=off\">ausschalten</A>]\n"; }
}
$cnt++;
}
print "</UL>\n";

print "</BODY></HTML>"


[ view entry ] ( 1574 views )   |  print article
How to recompile / rebuild a debian package 
$ sudo apt-get install build-essential fakeroot dpkg-dev
$ mkdir build
$ cd build
$ sudo apt-get source foo
$ sudo apt-get build-dep foo
$ cd foo
$ dpkg-buildpackage -rfakeroot -b -us -uc -nc

-nc does not clean, usefull if you change something and rebuild

http://www.cyberciti.biz/faq/rebuilding ... y-package/

[ view entry ] ( 1306 views )   |  print article
ugly rename hack 
find -name 'Pic*' -exec sh -c 'mv $1 "$(echo $1 | sed s/\\./_/g | sed s/^_/\\./g | sed s/_-//g)"' {} {} \;

[ view entry ] ( 999 views )   |  print article
atomic ops in c with help of gcc 
atomic.h Read More...

[ view entry ] ( 1049 views )   |  print article

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Next> Last>>