workstation> ssh -R3142:proxy:3142 server
server> ssh -R3142:127.0.0.1:3142 server_behind
server_behind> cat /etc/apt/apt.conf.d/01proxy
Acquire::http { Proxy "http://localhost:3142"; }
server_behind> apt-get update; apt-get upgrade
[ view entry ] ( 1164 views ) | print article
If ethtool ethX doesn't contain Wake-on: g then add pre-down /sbin/ethtool -s ethX wol g to /etc/network/interfaces
Add NETDOWN=no to /etc/default/halt
Test with /sbin/shutdown -P now and wakeonlan [-i BROADCASTADDR] MAC (apt-get install wakeonlan)
[ view entry ] ( 1141 views ) | print article
find -type f -printf "%f\n" | sort | uniq -d
[ view entry ] ( 883 views ) | print article
#> hdparm -tT /dev/sda
Timing buffered disk reads: 398 MB in 3.00 seconds = 132.45 MB/sec
write:
#> dd if=/dev/zero of=./tempfile bs=1M count=1024 conv=fdatasync,notrunc
1073741824 Bytes (1,1 GB) kopiert, 12,8038 s, 83,9 MB/s
read:
#> echo 3 > /proc/sys/vm/drop_caches
#> dd if=./tempfile of=/dev/null bs=1M count=1024
1073741824 Bytes (1,1 GB) kopiert, 6,79724 s, 158 MB/s
[ view entry ] ( 1587 views ) | print article
I need a ssh login for restricted portforward but without a shell for the user.
This got realized with /etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp
Match user USER
PasswordAuthentication yes
AllowAgentForwarding no
X11Forwarding no
ForceCommand internal-sftp
PermitOpen localhost:22
ChrootDirectory /home/USER
"PermitOpen"restricts portforward to localhost:22 (remote port forward is not restricted)
But if the client needs a login shell this failes.
Well you could tell the client to not use a login shell:
ssh -N -L2222:IP:22 USER@SERVER
putty: SSH / Protocol Option enable "Don't start a shell or command at all"
or use an own loginshell where the user can only press return to disconnect:
/etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp
Match user USER
PasswordAuthentication yes
AllowAgentForwarding no
X11Forwarding no
PermitOpen 127.0.0.1:2222
ChrootDirectory /home/USER
sudo touch /home/USER/.hushlogin
sudo cp own_loginshell /home/USER/
/etc/passwd:USER:x:ID:ID::/:/own_loginshell
own_loginshell.c:
/*
simple program to print to stdout and read from stdin without libc
taken from http://crazychenz.com/archives/107
(http://stackoverflow.com/questions/2548486/compiling-without-libc)
modified 2011 by Peter Holik (peter@holik.at)
gcc -nostdlib -nostartfiles -fno-builtin own_loginshell.c -o own_loginshell
*/
/* Types - I've defined these just to match the kernel's macros, typedefs, and structs */
typedef unsigned int size_t;
/* Syscalls */
exit(int error_code) {
/* The asm call is a GCC thing that allows us to put assembly
* inline with our C code. This particular use is the extended version,
* which provides a very clean and easy way to map variables in
* our code with registers in the assembly code.
*/
asm("int $0x80"
: // no output registers
: "a" (1), "b" (error_code)
);
}
size_t read(unsigned int fd, char * buf, size_t count) {
size_t ret;
/* In this call, we have a return value, which know will be
* of type size_t, so we put the value of %eax into ret.
*/
asm("int $0x80"
: "=a" (ret)
: "a" (3), "b" (fd), "c" (buf), "d" (count)
);
return ret;
}
size_t write(unsigned int fd, const char * buf, size_t count) {
size_t ret;
asm("int $0x80"
: "=a" (ret)
: "a" (4), "b" (fd), "c" (buf), "d" (count)
);
return ret;
}
/* Notice that there is no main in this code, that is because
* main is not _really_ required. All that is _really_ required
* is the entry point for Linux to execute. I'd suggest
* always using a main() for compatibility reasons.
*/
void _start() {
char *buf = "press enter to close connection";
write(1, buf, 31);
read(0, buf, 1);
exit(0);
}
[ view entry ] ( 3056 views ) | print article
<<First <Back | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next> Last>>