Re: question about installing debian or some linux system on an external hard drive

[Dan Ritter]

Semih Ozlem wrote: 
> Is it possible and sensible to install debian or a linux system to an
> external hard drive connected to a system via the usb port, while keeping
> the current hard drive on the machine unchanged?

As a temporary measure, this is reasonable. USB-connected drives
tend to be much less reliable than internal drives (SATA or
NVMe).

Your computer will need to support booting from that drive.
Almost all computers do support booting from USB disks.

> Where does one install grub2 and is grub2 to be installed before or after
> the installation of the auxiliary system on the external hard drive?

grub2 will generally be installed by the operating system
installer during the installation process. In this case you
would want grub2 installed on the MBR (master boot record) of
the external disk, and use the computer's BIOS or EFI to select
that disk at power-on time.

> What are the various options for disk partitioning and if one intends to
> use docker as well would this change disk partitioning in particular
> logical volume management?

Disks generally use either the MSDOS partition table or a GPT
partition table. The number and layout of partitions is a very
complex subject, but if you don't know what you are doing, it is 
reasonable to have a single-drive system have:

EFI (if needed)
swap 
root 

as a simplest case, or

EFI
swap
root
home

(which preserves home in the case of reinstalls)

Docker does not really affect this. 

Can you tell us more about the hardware and what you're planning
to do with it?

-dsr-

Re: Incorrect password Debian 10.8 after installation

[Erwan David]

Le 09/02/2021 à 22:54, David Christensen a écrit :

On 2021-02-09 00:54, to...@tuxteam.de wrote:

On Mon, Feb 08, 2021 at 11:32:11PM -0800, David Christensen wrote:

On 2021-02-08 23:22, Anssi Saari wrote:

David Christensen  writes:



2.  How do I insert a tab character with the GRUB editor?  (Pressing
 causes the editor to attempt command completion.)


I guess you don't? There doesn't seem to be much about the editor's
capabilities in the Grub manual.


Agreed.  The editor has a note that it supports some Emacs stuff.
Perhaps an Emacs user would know?


I don't know how far "some" reaches, but try -Q then 
(mnemonics: Q like "quote").


Nope.



Not Emacs-y, but worth a try would be -I


Ctrl+I -- nope

Ctrl+I, then  -- nope.


David




In shells, Ctrl+V before character inserts character without 
interpreting it. In Emacs Ctrl+Q has same effect, so tryingh Ctrl+V Tab 
and Ctrl+Q Tab might be worthwile.

question about installing debian or some linux system on an external hard drive

[Semih Ozlem]

Hi everyone,

Is it possible and sensible to install debian or a linux system to an
external hard drive connected to a system via the usb port, while keeping
the current hard drive on the machine unchanged?

Where does one install grub2 and is grub2 to be installed before or after
the installation of the auxiliary system on the external hard drive?

What are the various options for disk partitioning and if one intends to
use docker as well would this change disk partitioning in particular
logical volume management?

I have already viewed documents on debian website, but I am still unsure
about the definitive steps.

Thank you in advance.

debian does not boot

[Semih Ozlem]

Hi everyone,

Debian 10 system does not boot. It gets stuck at the blue screen with the
logo.

In the start options, when a recovery mode is selected, after entering
password root prompt appears. What steps should be taken after that to
recover system. Also there is no connection to internet and nmcli command
does not get any responses so internet connection can't be established to
run commands like apt --fix-broken install.

Any ideas?

Thank you in advance.

Re: iptables -Z option

[john doe]

On 2/9/2021 11:18 PM, Will Mengarini wrote:

Your issue looks like this bug, but I don't know how to fix it:
.

* Bonno Bloksma  [21-02/09=Tue 15:52 +]:

For years I have had a firewall script the sets and/or resets my
firewall rules.  [It starts near] the top with some lines that have
been there for ever.  After upgrading to buster I got an error
executing this script and I cannot find out why.  Using the extra echo
lines I have been able to pinpoint the error to the iptables -Z line

[...]
IPTABLES=/usr/sbin/iptables
echo flush
# Flush all rules in all chains and then delete all chains
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do $IPTABLES -t $i -F; done
for i in $chains; do $IPTABLES -t $i -X; done
echo counters
# Reset all counters for default chains
$IPTABLES -Z
echo "return traffic"
[...]

This will produce the following output.
flush
counters
iptables v1.8.2 (nf_tables):  RULE_REPLACE failed (Invalid argument): rule in 
chain INPUT
return traffic

Can anyone tell me why the re reset counter line fails


The backend is 'nftables' starting with Buster.

Maybe (1) could be of interest to you.


1)  https://wiki.debian.org/nftables#Reverting_to_legacy_xtables

--
John Doe

Re: Incorrect password Debian 10.8 after installation

[David Christensen]

On 2021-02-09 07:35, David Wright wrote:

On Mon 08 Feb 2021 at 18:26:22 (-0800), David Christensen wrote:

On 2021-02-08 15:15, David Wright wrote:

On Mon 08 Feb 2021 at 13:02:21 (-0800), David Christensen wrote:

On 2021-02-08 00:40, Marco Möller wrote:


You could bypass any password request during boot to the console
and then fix it by setting the desired password newly. The boot
parameter for bypassing all password request an right away
becoming logged in as user root is:
       init=/sbin/sulogin --force


That is interesting.  But, how does the reader *use* that information[?] ...




My WAG (untested):

1.  Power up the computer.
2.  The GRUB menu should be displayed:

 *Debian GNU/Linux
  Advanced options for Debian GNU/Linux

3.  Press the down arrow key to highlight "Advanced options for Debian
GNU/Linux".  Press  to select it.


If you're heading for sulogin, I'm not sure it matters which line you
pick, as it means s(ingle)u(se)rlogin.


Testing confirms that I can edit either boot entry and get the same result.



4.  A second GRUB menu should be displayed (the OP should have a newer
kernel):


Yes, you warned us you're using stretch.


 *Debian GNU/Linux, with Linux 4.9.0-9-amd64
  Debian GNU/Linux, with Linux 4.9.0-9-amd64 (recovery mode)

5.  Press the down arrow key to select the "... (recovery mode)" boot
entry.  Press 'e' to edit it.

6.  The GRUB editor should start and display the contents of the
selected boot entry.  Look for the line that begins with 'linux'.  Use
the cursor keys to move the insertion point to the end of that line
and add the following kernel boot parameters:

 init=/sbin/sulogin --force

7.  "Press Ctrl+x or F10 to boot".

Is the above correct?


Yes. 


Testing confirms the above steps.



AIUI --force deals with the case where there is no root
password/the root account is locked.


Testing confirms that if there is a valid root password, it must be 
entered to obtain a root shell.




2.  How do I insert a tab character with the GRUB editor?  (Pressing
 causes the editor to attempt command completion.)


I think Greg's guess was good. You don't need tabs or any other cosmetics.


Testing confirms that leading tabs are not required in a GRUB boot entry.



3.  Will changes made to a boot entry with the GRUB editor persist for
subsequent boots?


No.


Testing confirms that changes made to a boot entry via the GRUB editor 
do not persist beyond one boot.



David

Re: Allow only selected USB

[Bhasker C V]

Fantastic ! thanks a ton ! thanks !  exactly what i was looking for


On Tue, Feb 9, 2021 at 7:43 PM  wrote:

> Hi,
>
> 9 févr. 2021, 19:44 de mailingl...@darac.org.uk:
>
> > Certainly. >
> https://www.kernel.org/doc/html/latest/usb/authorization.html
> >
> + https://usbguard.github.io based on it.
>
> Best regards,
> l0f4r0
>
>

Re: Incorrect password Debian 10.8 after installation

[Stefan Monnier]

> I don't know how far "some" reaches, but try -Q then 
> (mnemonics: Q like "quote").
>
> Not Emacs-y, but worth a try would be -I

You can also try `C-v` instead of `C-q` to quote the next key (not sure
where this comes from, but it works in bash and zsh, IIUC), i.e. use
`C-v TAB` to insert a TAB character.


Stefan "who can't be bothered to reboot to try it out"

Re: iptables -Z option

[Will Mengarini]

Your issue looks like this bug, but I don't know how to fix it:
.

* Bonno Bloksma  [21-02/09=Tue 15:52 +]:
> For years I have had a firewall script the sets and/or resets my
> firewall rules.  [It starts near] the top with some lines that have
> been there for ever.  After upgrading to buster I got an error
> executing this script and I cannot find out why.  Using the extra echo
> lines I have been able to pinpoint the error to the iptables -Z line
>
> [...]
> IPTABLES=/usr/sbin/iptables
> echo flush
> # Flush all rules in all chains and then delete all chains
> chains=`cat /proc/net/ip_tables_names 2>/dev/null`
> for i in $chains; do $IPTABLES -t $i -F; done
> for i in $chains; do $IPTABLES -t $i -X; done
> echo counters
> # Reset all counters for default chains
> $IPTABLES -Z
> echo "return traffic"
> [...]
> 
> This will produce the following output.
> flush
> counters
> iptables v1.8.2 (nf_tables):  RULE_REPLACE failed (Invalid argument): rule in 
> chain INPUT
> return traffic
> 
> Can anyone tell me why the re reset counter line fails
> with a reference to the INPUT chain?  There is loads of
> documentation about iptables but nothing about the -Z option.
>
> I have my iptables rules in a separate script that I can test and
> if I ever shut myself out I can simply restart the machine and
> the default / previous ruleset will load and all will be up and
> running again.  I'd like to keep that way of setting things up,
> it makes it easy to test a new set of rules and debug typo's.

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 16:00:23 David Christensen wrote:

> On 2021-02-09 05:15, Gene Heskett wrote:
> > On Tuesday 09 February 2021 02:29:02 David Christensen wrote:
> >> On 2021-02-08 21:01, Gene Heskett wrote:
> >>> Greetings all;
> >>>
> >>> I have sshfs setup so I can move files around between this box and
> >>> 4 others, 3 of which are now running buster.  Works only for the
> >>> user, me.
> >>
> >> I have previously installed my public SSH key from the local
> >> computer 'tinkywinky' to the remote computer 'po' with
> >> ssh-copy-id(1):
> >
> > Don't recall doing this, plz describe>
>
> I initially created an SSH keypair with a passphrase using
> ssh-keygen(1).  If a villian gets my SSH keypair, he also has to get
> my SSH passphrase to access the computers and accounts where I have
> installed the SSH public key.
>
>
> When I open a terminal, I run ssh-agent(1) and ssh-add(1) to manage my
> SSH keys.  I enter my passphrase once, and ssh-agent(1) will provide
> it to SSH-aware software for me:
>
> 2021-02-09 12:32:30 dpchrist@tinkywinky ~
> $ ssh-agent bash -l
>
> 2021-02-09 12:32:32 dpchrist@tinkywinky ~
> $ ssh-add
> Enter passphrase for /home/dpchrist/.ssh/id_rsa:
> Identity added: /home/dpchrist/.ssh/id_rsa
> (/home/dpchrist/.ssh/id_rsa)
>
>
> If I remove my SSH public key from po, I can demonstrate
> ssh-copy-id(1). ssh-agent(1) will provide my SSH passphrase, but I
> will need to enter the password for the account on the remote host:
>
> 2021-02-09 12:12:02 dpchrist@tinkywinky ~
> $ ssh-copy-id po
> /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
> to filter out any that are already installed
> /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you
> are prompted now it is to install the new keys
> dpchrist@po's password:
>
> Number of key(s) added: 1
>
> Now try logging into the machine, with:   "ssh 'po'"
> and check to make sure that only the key(s) you wanted were added.
>
>
> I can now login in to 'po' using ssh(1).  ssh-agent(1) will provide my
> passphrase.  I do not need to enter my SSH passphrase or my remote
> account password:
>
> 2021-02-09 12:12:10 dpchrist@tinkywinky ~
> $ ssh po
> Linux po 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1 (2019-04-12) x86_64
> Last login: Tue Feb  9 12:10:11 2021 from 192.168.5.74
>
> 2021-02-09 12:12:12 dpchrist@po ~
> $
>
>
> Similarly, scp(1), rsync(1), and others will operate without requiring
> passphrases or passwords.  This is especially useful for scripts,
> cron(8) jobs, etc..
>
> >> I created an fstab(5) entry on the local machine for mounting the
> >> remote root directory with my unprivileged account.  Note the
> >> options:
> >>
> >> 2021-02-08 22:37:51 dpchrist@tinkywinky ~
> >> $ grep 'po:/' /etc/fstab | perl -pe 's/\t+/ /g'
> >> po:/ /po fuse.sshfs ro,noauto,user 0 0
> >
> > I've never had any of this below in my fstab, haven't needed it for
> > the other 4 machines.
>
> fstab(1) is the canonical location for mount information.  By putting
> it there, standard tools will know where to find it.
>
> >> I created a mount point and I set the owner and group to match my
> >> unprivileged account.  The directory is empty:
> >>
> >> 2021-02-08 22:39:38 dpchrist@tinkywinky ~
> >> $ ls -la /po
> >> total 8
> >> drwxr-xr-x  2 dpchrist dpchrist 4096 Jan 21 13:32 .
> >> drwxr-xr-x 27 root root 4096 Jan 21 13:32 ..
> >
> > Matches mine. Difference is that I put all those mountpoints in the
> > /sshnet subdir gene@coyote:~$ ls -la /sshnet/
> > total 36
> > drwxr-xr-x  9 gene gene 4096 Feb  9 07:37 .
> > drwxr-xr-x 28 root root 4096 Dec 12 03:44 ..
> > drwxr-xr-x  1 root root 4096 Feb  4 15:59 GO704
> > drwxr-xr-x  2 root root 4096 Feb  8 10:10 Hardinge1
> > drwxr-xr-x  1 root root 4096 Feb  3 14:16 lathe
> > drwxr-xr-x  2 root root 4096 Apr 25  2019 redpitaya
> > drwxr-xr-x  1 root root 4096 Feb  1 04:46 rpi4
> > drwxr-xr-x  1 root root 4096 Feb  4 15:43 sixty40
> > drwxr-xr-x  2 root root 4096 May  2  2019 vna
>
> Assuming that command was run when /sshnet/Hardingel was not mounted
> (see below), the owner and group of Hardingel is root:root, not
> gene:gene.
>
> On 2021-02-09 07:05, David Wright wrote:
>  > Change the ownership of Hardinge1.
>
> Yes, that is the correct solution.
>
>
> We were all confused by a feature of mount(1) -- mounting a remote
> filesystem changes the owner and group of the mount point on the local
> machine while the remote filesystem is mounted:
>
> 2021-02-09 12:13:43 dpchrist@tinkywinky ~
> $ mount | grep '/po'
>
> 2021-02-09 12:23:26 dpchrist@tinkywinky ~
> $ ls -ld /po
> drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po
>
> 2021-02-09 12:23:29 dpchrist@tinkywinky ~
> $ mount /po
>
> 2021-02-09 12:24:14 dpchrist@tinkywinky ~
> $ mount | grep '/po'
> po:/ on /po type fuse.sshfs
> (ro,nosuid,nodev,noexec,relatime,user_id=13250,group_id=13250,user=dpc
>hrist)
>
> 2021-02-09 12:24:17 dpchrist@tinkywinky ~
> $ ls -ld /po
> drwxr-xr-x 1 root root 4096 Aug 30 18:09 /po
>
>
> T

Re: Incorrect password Debian 10.8 after installation

[David]

On Wed, 10 Feb 2021 at 08:57, David Christensen
 wrote:
> On 2021-02-09 04:42, Greg Wooledge wrote:
> > On Mon, Feb 08, 2021 at 06:26:22PM -0800, David Christensen wrote:

> >> 2.  How do I insert a tab character with the GRUB editor?  (Pressing 
> >> causes the editor to attempt command completion.)

> > Why would you want to?

> 1.  Tabs may be required (e.g. make(1)).

> 2.  To exercise my OCD.  ;-)

You seem to be conceptualising the grub editor as a file editor.
It is not a file editor.
Its edits are ephemeral, it has no ability to save any edits made.

It is an interactive tool which allows modifying the next boot by
allowing temporary changes to what grub has just read from the
its configuration file, before proceeding.

In that context, the Tab key is useless so it has been repurposed
to provide command completion.

Re: Incorrect password Debian 10.8 after installation

[David Christensen]

On 2021-02-09 04:42, Greg Wooledge wrote:

On Mon, Feb 08, 2021 at 06:26:22PM -0800, David Christensen wrote:

 *Debian GNU/Linux, with Linux 4.9.0-9-amd64
  Debian GNU/Linux, with Linux 4.9.0-9-amd64 (recovery mode)

5.  Press the down arrow key to select the "... (recovery mode)" boot entry.
Press 'e' to edit it.

[...]



2.  How do I insert a tab character with the GRUB editor?  (Pressing 
causes the editor to attempt command completion.)


Why would you want to?


1.  Tabs may be required (e.g. make(1)).

2.  To exercise my OCD.  ;-)


David

Re: Incorrect password Debian 10.8 after installation

[David Christensen]

On 2021-02-09 00:54, to...@tuxteam.de wrote:

On Mon, Feb 08, 2021 at 11:32:11PM -0800, David Christensen wrote:

On 2021-02-08 23:22, Anssi Saari wrote:

David Christensen  writes:



2.  How do I insert a tab character with the GRUB editor?  (Pressing
 causes the editor to attempt command completion.)


I guess you don't? There doesn't seem to be much about the editor's
capabilities in the Grub manual.


Agreed.  The editor has a note that it supports some Emacs stuff.
Perhaps an Emacs user would know?


I don't know how far "some" reaches, but try -Q then 
(mnemonics: Q like "quote").


Nope.



Not Emacs-y, but worth a try would be -I


Ctrl+I -- nope

Ctrl+I, then  -- nope.


David

iptables -Z option

[Bonno Bloksma]

Hi,

For years I have had a firewall script the sets and/or resets my firewall 
rules. Is starts of near the top with some lines that have been there for ever.
After upgrading to buster I got an error executing this script and I cannot 
find out why. Using the extra echo lines I have been able to pinpoint the error 
to the iptables -Z line

[...]
IPTABLES=/usr/sbin/iptables
echo flush
# Flush all rules in all chains and then delete all chains
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do $IPTABLES -t $i -F; done
for i in $chains; do $IPTABLES -t $i -X; done
echo counters
# Reset all counters for default chains
$IPTABLES -Z
echo "return traffic"
[...]

This will produce the following output.
flush
counters
iptables v1.8.2 (nf_tables):  RULE_REPLACE failed (Invalid argument): rule in 
chain INPUT
return traffic

Can anyone tell me why the re reset counter line fails with a reference to the 
INPUT chain? There is loads of documentation about iptables but nothing about 
the -Z option.
I have my iptables rules in a separate script that I can test and if I ever 
shut myself out I can simply restart the machine and the default / previous 
ruleset will load and all will be up and running again. I'd like to keep that 
way of setting things up, it makes it easy to test a new set of rules and debug 
typo's.

Bonno Bloksma

Re: Any hams here? Is there a program that lets me use a mouse as a CW paddle?

[Kent West]

http://goshen.acu.edu/westk/KCARC/MorseKeyer.html

On Tue, Feb 9, 2021 at 3:17 PM Kent West  wrote:

> Years ago I wrote a *very* rudimentary html document that allows you to
> use the left and right arrows for dits and dahs. It doesn't work well, but
> it might give you an idea for rolling your own.
>
>
> On Tue, Feb 9, 2021 at 3:11 PM Andrew M.A. Cater 
> wrote:
>
>> On Tue, Feb 09, 2021 at 09:37:50AM +, Ottavio Caruso wrote:
>> > Hi,
>> >
>> > I'm looking for a program (if there is no Debian binary, I'm willing to
>> > compile from sources) that:
>> >
>> > 1) emulates a iambic paddle using the left/right buttons of the mouse to
>> > send dits and dahs for training purposes;
>> >
>> > 2) (optional) could also be used to pilot a transceiver.
>> >
>> > Thanks.
>> >
>> > --
>> > Ottavio Caruso
>> >
>>
>> Have a look at things like cwcp and the general programs in the ham radio
>> category?
>>
>> Andy C.
>>
>>
>>
>
> --
> Kent West<")))><
> Westing Peacefully - http://kentwest.blogspot.com
>


-- 
Kent West<")))><
Westing Peacefully - http://kentwest.blogspot.com

Re: Any hams here? Is there a program that lets me use a mouse as a CW paddle?

[Kent West]

Years ago I wrote a *very* rudimentary html document that allows you to use
the left and right arrows for dits and dahs. It doesn't work well, but it
might give you an idea for rolling your own.


On Tue, Feb 9, 2021 at 3:11 PM Andrew M.A. Cater 
wrote:

> On Tue, Feb 09, 2021 at 09:37:50AM +, Ottavio Caruso wrote:
> > Hi,
> >
> > I'm looking for a program (if there is no Debian binary, I'm willing to
> > compile from sources) that:
> >
> > 1) emulates a iambic paddle using the left/right buttons of the mouse to
> > send dits and dahs for training purposes;
> >
> > 2) (optional) could also be used to pilot a transceiver.
> >
> > Thanks.
> >
> > --
> > Ottavio Caruso
> >
>
> Have a look at things like cwcp and the general programs in the ham radio
> category?
>
> Andy C.
>
>
>

-- 
Kent West<")))><
Westing Peacefully - http://kentwest.blogspot.com
Title: My Morse Code Keyer



 
  Welcome to Kent's Web-based Morse Code Keyer!
  Press the left arrow key for a dah, and the right arrow key for a dit.

  

Re: Any hams here? Is there a program that lets me use a mouse as a CW paddle?

[Andrew M.A. Cater]

On Tue, Feb 09, 2021 at 09:37:50AM +, Ottavio Caruso wrote:
> Hi,
> 
> I'm looking for a program (if there is no Debian binary, I'm willing to
> compile from sources) that:
> 
> 1) emulates a iambic paddle using the left/right buttons of the mouse to
> send dits and dahs for training purposes;
> 
> 2) (optional) could also be used to pilot a transceiver.
> 
> Thanks.
> 
> -- 
> Ottavio Caruso
> 

Have a look at things like cwcp and the general programs in the ham radio 
category?

Andy C.
 

Re: sshfs has fubared mount

[David Christensen]

On 2021-02-09 05:15, Gene Heskett wrote:

On Tuesday 09 February 2021 02:29:02 David Christensen wrote:


On 2021-02-08 21:01, Gene Heskett wrote:

Greetings all;

I have sshfs setup so I can move files around between this box and 4
others, 3 of which are now running buster.  Works only for the user,
me.



I have previously installed my public SSH key from the local computer
'tinkywinky' to the remote computer 'po' with ssh-copy-id(1):


Don't recall doing this, plz describe>



I initially created an SSH keypair with a passphrase using 
ssh-keygen(1).  If a villian gets my SSH keypair, he also has to get my 
SSH passphrase to access the computers and accounts where I have 
installed the SSH public key.



When I open a terminal, I run ssh-agent(1) and ssh-add(1) to manage my 
SSH keys.  I enter my passphrase once, and ssh-agent(1) will provide it 
to SSH-aware software for me:


2021-02-09 12:32:30 dpchrist@tinkywinky ~
$ ssh-agent bash -l

2021-02-09 12:32:32 dpchrist@tinkywinky ~
$ ssh-add
Enter passphrase for /home/dpchrist/.ssh/id_rsa:
Identity added: /home/dpchrist/.ssh/id_rsa (/home/dpchrist/.ssh/id_rsa)


If I remove my SSH public key from po, I can demonstrate ssh-copy-id(1). 
 ssh-agent(1) will provide my SSH passphrase, but I will need to enter 
the password for the account on the remote host:


2021-02-09 12:12:02 dpchrist@tinkywinky ~
$ ssh-copy-id po
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to 
filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you 
are prompted now it is to install the new keys

dpchrist@po's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'po'"
and check to make sure that only the key(s) you wanted were added.


I can now login in to 'po' using ssh(1).  ssh-agent(1) will provide my 
passphrase.  I do not need to enter my SSH passphrase or my remote 
account password:


2021-02-09 12:12:10 dpchrist@tinkywinky ~
$ ssh po
Linux po 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1 (2019-04-12) x86_64
Last login: Tue Feb  9 12:10:11 2021 from 192.168.5.74

2021-02-09 12:12:12 dpchrist@po ~
$


Similarly, scp(1), rsync(1), and others will operate without requiring 
passphrases or passwords.  This is especially useful for scripts, 
cron(8) jobs, etc..




I created an fstab(5) entry on the local machine for mounting the
remote root directory with my unprivileged account.  Note the options: 


2021-02-08 22:37:51 dpchrist@tinkywinky ~
$ grep 'po:/' /etc/fstab | perl -pe 's/\t+/ /g'
po:/ /po fuse.sshfs ro,noauto,user 0 0


I've never had any of this below in my fstab, haven't needed it for the
other 4 machines.



fstab(1) is the canonical location for mount information.  By putting it 
there, standard tools will know where to find it.




I created a mount point and I set the owner and group to match my
unprivileged account.  The directory is empty:

2021-02-08 22:39:38 dpchrist@tinkywinky ~
$ ls -la /po
total 8
drwxr-xr-x  2 dpchrist dpchrist 4096 Jan 21 13:32 .
drwxr-xr-x 27 root root 4096 Jan 21 13:32 ..


Matches mine. Difference is that I put all those mountpoints in the /sshnet 
subdir
gene@coyote:~$ ls -la /sshnet/
total 36
drwxr-xr-x  9 gene gene 4096 Feb  9 07:37 .
drwxr-xr-x 28 root root 4096 Dec 12 03:44 ..
drwxr-xr-x  1 root root 4096 Feb  4 15:59 GO704
drwxr-xr-x  2 root root 4096 Feb  8 10:10 Hardinge1
drwxr-xr-x  1 root root 4096 Feb  3 14:16 lathe
drwxr-xr-x  2 root root 4096 Apr 25  2019 redpitaya
drwxr-xr-x  1 root root 4096 Feb  1 04:46 rpi4
drwxr-xr-x  1 root root 4096 Feb  4 15:43 sixty40
drwxr-xr-x  2 root root 4096 May  2  2019 vna



Assuming that command was run when /sshnet/Hardingel was not mounted 
(see below), the owner and group of Hardingel is root:root, not gene:gene.



On 2021-02-09 07:05, David Wright wrote:
> Change the ownership of Hardinge1.

Yes, that is the correct solution.


We were all confused by a feature of mount(1) -- mounting a remote 
filesystem changes the owner and group of the mount point on the local 
machine while the remote filesystem is mounted:


2021-02-09 12:13:43 dpchrist@tinkywinky ~
$ mount | grep '/po'

2021-02-09 12:23:26 dpchrist@tinkywinky ~
$ ls -ld /po
drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po

2021-02-09 12:23:29 dpchrist@tinkywinky ~
$ mount /po

2021-02-09 12:24:14 dpchrist@tinkywinky ~
$ mount | grep '/po'
po:/ on /po type fuse.sshfs 
(ro,nosuid,nodev,noexec,relatime,user_id=13250,group_id=13250,user=dpchrist)


2021-02-09 12:24:17 dpchrist@tinkywinky ~
$ ls -ld /po
drwxr-xr-x 1 root root 4096 Aug 30 18:09 /po


The owner and group are restored when the filesystem is unmounted:

2021-02-09 12:24:21 dpchrist@tinkywinky ~
$ fusermount -u /po

2021-02-09 12:25:45 dpchrist@tinkywinky ~
$ ls -ld /po
drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po


Finally, you might want to make the 'mount-machines' script idempotent:

https://en.wikipedia.org/wiki/Idempotent


E.g. add a conditio

Re: Allow only selected USB

[l0f4r0]

Hi,

9 févr. 2021, 19:44 de mailingl...@darac.org.uk:

> Certainly. > https://www.kernel.org/doc/html/latest/usb/authorization.html
>
+ https://usbguard.github.io based on it.

Best regards,
l0f4r0

Re: Allow only selected USB

[Darac Marjal]

On 09/02/2021 18:38, Bhasker C V wrote:
> Hi all,
>
> I know it is very useful that linux auto-detects a USB device when
> plugged in. However I am trying to build a server which employs deny
> first rule. That is, I don't want linux kernel to detect any USB
> device even if plugged in except those listed with a Vendor/device ID
> in a file (perhaps stored somewhere securely in the server).
>
> Is this possible ? I tried to skim though internet but could not find
> any useful information except some pages reporting how to disable USB
> storage.
>
> Please could someone help me with some pointers ?
Certainly. https://www.kernel.org/doc/html/latest/usb/authorization.html



OpenPGP_signature
Description: OpenPGP digital signature

Allow only selected USB

[Bhasker C V]

Hi all,

I know it is very useful that linux auto-detects a USB device when 
plugged in. However I am trying to build a server which employs deny 
first rule. That is, I don't want linux kernel to detect any USB device 
even if plugged in except those listed with a Vendor/device ID in a file 
(perhaps stored somewhere securely in the server).


Is this possible ? I tried to skim though internet but could not find 
any useful information except some pages reporting how to disable USB 
storage.


Please could someone help me with some pointers ?

--
Bhasker C V
Secure Mails: http://keys.gnupg.net/pks/lookup?op=get&search=0x4D05FEEC54E47413
Registered Linux User: #306349

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 10:52:02 Anssi Saari wrote:

> Gene Heskett  writes:
> > fusermount: user has no write access to mountpoint /sshnet/Hardinge1
> > which is
> > ls -la /sshnet/ (on this machine)
> > total 84
> > drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> > drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> > drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> > drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1
> > drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe
> > drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> > drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> > drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> > drwxr-xr-x  2 root root  4096 May  2  2019 vna
>
> With a little testing mounting with sshfs needs write access to the
> mount point so it's not possible to mount to your /sshnet/Hardinge1
> since you don't have write permission, only root does. So you need to
> add write permissions to your mount point /sshnet/Hardinge1.
>
> Now, if you're saying you can mount to sixty40, lathe, GO704, rpi4
> without write permissions then I'm baffled. You seem to indicate the
> listing shows that those directories are currently mounted in which
> case the mount point permissions are not shown?

See my reply to David. All those mounts are to the root of the 
filesystems on the other machines, and that then accounted for the fact 
I was seeing root:root for the already mounted systems.  A point that if 
I ever knew it, I've since forgotten since the other entries are now 
many years old.  Relatively short term memory isn't so good at 86 yo.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Incorrect password Debian 10.8 after installation

[Anssi Saari]

 writes:

> I don't know how far "some" reaches, but try -Q then 
> (mnemonics: Q like "quote").
>
> Not Emacs-y, but worth a try would be -I

Neither worked, although I only tried in grub-emu. But it should work
the same as Grub.

Need Help

[griffineng]

Please see attached.


message1
Description: Binary data

Re: sshfs has fubared mount

[Anssi Saari]

Gene Heskett  writes:

> fusermount: user has no write access to mountpoint /sshnet/Hardinge1
> which is
> ls -la /sshnet/ (on this machine)
> total 84
> drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1
> drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe
> drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> drwxr-xr-x  2 root root  4096 May  2  2019 vna

With a little testing mounting with sshfs needs write access to the
mount point so it's not possible to mount to your /sshnet/Hardinge1
since you don't have write permission, only root does. So you need to
add write permissions to your mount point /sshnet/Hardinge1.

Now, if you're saying you can mount to sixty40, lathe, GO704, rpi4
without write permissions then I'm baffled. You seem to indicate the
listing shows that those directories are currently mounted in which case
the mount point permissions are not shown?

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 10:05:34 David Wright wrote:

> On Tue 09 Feb 2021 at 00:01:03 (-0500), Gene Heskett wrote:
> > I have sshfs setup so I can move files around between this box and 4
> > others, 3 of which are now running buster.  Works only for the user,
> > me.
> >
> > Same install medium, a usb key, has installed buster to a 5th
> > machine, which is identical to two of the other 4.
> >
> > But the mount permissions are inverted, only root can mount this 5th
> > machine.  ssh -Y aliasname works normally, and I am logged into this
> > 5th machine fron a konsole as me, user 1000.
> >
> > Only I can execute these 4 lines of a script in my bin directory
> > #!/bin/bash
> > sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> > sshfs gene@lathe:/  /sshnet/lathe
> > sshfs gene@GO704:/  /sshnet/GO704
> > sshfs pi@rpi4:/ /sshnet/rpi4
> >
> > but only root can execute this last line
> >
> > sshfs gene@Hardinge1:/  /sshnet/Hardinge1
> >
> > generating this error when I run this script as me.
> > gene@coyote:~$ bin/mount-machines
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> >
> > The above mounts have already been done, and the onwership and perms
> > of /sshnet/Hardinge1 are identical to the other 4 above
> >
> > fusermount: user has no write access to mountpoint /sshnet/Hardinge1
>
> That's correct, isn't it?
>
> > which is
> > ls -la /sshnet/ (on this machine)
> > total 84
> > drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> > drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> > drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> > drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1
>
> ↑
>
> Root has write permission on that mount point, but not gene.
>
> > drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe
>
> 
>
> You say this mount point has already been mounted on, so that won't
> be the ownership of the mount point, but of what's mounted on it.
>
> > drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> > drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> > drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> > drwxr-xr-x  2 root root  4096 May  2  2019 vna
> >
> > How do I fix this? I do not want a root perms holder to have access.
> > Anything I need to do to any of thse machines that needs root, can
> > be done with sudo from a normal login as the first user.
>
> Change the ownership of Hardinge1.
>
> Cheers,
> David.

And that was indeed the magic twanger, David, many thanks.

I was not aware that the perms ls -la was showing me were the perms of 
the mountED path.  Subtle diff, and apparently not documented 
sufficiently enough to get my attention.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Incorrect password Debian 10.8 after installation

[David Wright]

On Mon 08 Feb 2021 at 18:26:22 (-0800), David Christensen wrote:
> On 2021-02-08 15:15, David Wright wrote:
> > On Mon 08 Feb 2021 at 13:02:21 (-0800), David Christensen wrote:
> > > On 2021-02-08 00:40, Marco Möller wrote:
> > > 
> > > > You could bypass any password request during boot to the console
> > > > and then fix it by setting the desired password newly. The boot
> > > > parameter for bypassing all password request an right away
> > > > becoming logged in as user root is:
> > > >       init=/sbin/sulogin --force
> > > 
> > > That is interesting.  But, how does the reader *use* that information[?] 
> > > ...
> 
> > > Booting a Stretch system, I see a menu:
> > > 
> > >  GNU GRUB  version 2.02~beta3-5+deb9u2
> > > 
> > >  *Debian GNU/Linux
> > >   Advanced options for Debian GNU/Linux
> 
> > > If I press 'e', it (GRUB?) appears to bring up an editor window that
> > > contains a bunch of content that looks relevant.  The last few lines
> > > are:
> > > 
> > >  
> > >  echo'Loading Linux 4.9.0-9-amd64 ...'
> > >  linux   /vmlinuz-4.9.0-9-amd64 root=UUID=... ro noresume
> > >  echo'Loading initial ramdisk ...'
> > >  initrd  /initrd.img-4.9.0-9-amd64
> > 
> > … and that's the menu version of the commands outlined in 5.3.2.
> 
> > Yes, [add the suggested parameters]to the linux line: it's a kernel 
> > parameter.
> 
> > > Where is this documented?
> > 
> > I always go to
> > 
> > https://www.kernel.org/doc/html/v4.15/admin-guide/kernel-parameters.html
> > 
> > (where v4.15 could be different).
> > 
> >  init=   [KNL]
> >Format: 
> >Run specified binary instead of /sbin/init as init process.
> > 
> > where KNL confirms it's a Kernel parameter. The introduction shows:
> > 
> >  BUGS=   Relates to possible processor bugs on the said processor.
> >  KNL Is a kernel start-up parameter.
> >  BOOTIs a boot loader parameter.
> 
> Thank you for the information.  :-)
> But, it still does not answer the question -- how does the reader
> *use* the suggested "boot parameter"?
> 
> My WAG (untested):
> 
> 1.  Power up the computer.
> 2.  The GRUB menu should be displayed:
> 
> *Debian GNU/Linux
>  Advanced options for Debian GNU/Linux
> 
> 3.  Press the down arrow key to highlight "Advanced options for Debian
> GNU/Linux".  Press  to select it.

If you're heading for sulogin, I'm not sure it matters which line you
pick, as it means s(ingle)u(se)rlogin.

> 4.  A second GRUB menu should be displayed (the OP should have a newer
> kernel):

Yes, you warned us you're using stretch.

> *Debian GNU/Linux, with Linux 4.9.0-9-amd64
>  Debian GNU/Linux, with Linux 4.9.0-9-amd64 (recovery mode)
> 
> 5.  Press the down arrow key to select the "... (recovery mode)" boot
> entry.  Press 'e' to edit it.
> 
> 6.  The GRUB editor should start and display the contents of the
> selected boot entry.  Look for the line that begins with 'linux'.  Use
> the cursor keys to move the insertion point to the end of that line
> and add the following kernel boot parameters:
> 
> init=/sbin/sulogin --force
> 
> 7.  "Press Ctrl+x or F10 to boot".
> 
> Is the above correct?

Yes. AIUI --force deals with the case where there is no root
password/the root account is locked. But my understanding might be
faulty as I always set a root password in decades-old tradition.
As a result, I'm always prompted for a password. To reset *that*,
I'd either boot up my other system on the disk, or boot from a
stick/CD.

> Questions:
> 
> 1.  How do I make a copy of a boot entry?  (So that I can edit the
> copy and keep the original.)
> 
> 2.  How do I insert a tab character with the GRUB editor?  (Pressing
>  causes the editor to attempt command completion.)

I think Greg's guess was good. You don't need tabs or any other cosmetics.

> 3.  Will changes made to a boot entry with the GRUB editor persist for
> subsequent boots?

No. Just write down what you change, so that you can fold it in to your
Grub configuration later if it worked.

Cheers,
David.

Re: sshfs has fubared mount

[David Wright]

On Tue 09 Feb 2021 at 00:01:03 (-0500), Gene Heskett wrote:
> I have sshfs setup so I can move files around between this box and 4 
> others, 3 of which are now running buster.  Works only for the user, me.
> 
> Same install medium, a usb key, has installed buster to a 5th machine, 
> which is identical to two of the other 4.
> 
> But the mount permissions are inverted, only root can mount this 5th 
> machine.  ssh -Y aliasname works normally, and I am logged into this 5th 
> machine fron a konsole as me, user 1000.
> 
> Only I can execute these 4 lines of a script in my bin directory
> #!/bin/bash
> sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> sshfs gene@lathe:/  /sshnet/lathe
> sshfs gene@GO704:/  /sshnet/GO704
> sshfs pi@rpi4:/   /sshnet/rpi4
> 
> but only root can execute this last line
> 
> sshfs gene@Hardinge1://sshnet/Hardinge1
> 
> generating this error when I run this script as me.
> gene@coyote:~$ bin/mount-machines
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> 
> The above mounts have already been done, and the onwership and perms 
> of /sshnet/Hardinge1 are identical to the other 4 above
> 
> fusermount: user has no write access to mountpoint /sshnet/Hardinge1

That's correct, isn't it?

> which is
> ls -la /sshnet/ (on this machine)
> total 84
> drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1

↑

Root has write permission on that mount point, but not gene.

> drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe



You say this mount point has already been mounted on, so that won't
be the ownership of the mount point, but of what's mounted on it.

> drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> drwxr-xr-x  2 root root  4096 May  2  2019 vna
> 
> How do I fix this? I do not want a root perms holder to have access.
> Anything I need to do to any of thse machines that needs root, can be 
> done with sudo from a normal login as the first user.

Change the ownership of Hardinge1.

Cheers,
David.

Re: sshfs has fubared mount

[tomas]

On Tue, Feb 09, 2021 at 08:37:12AM -0500, Gene Heskett wrote:

[...]

> > Sorry. I can't relate this mail's subject, your longer description
> > and the error messages you show.

[...]

> Those 4 messages aren't reallly germain to this [...]
> [...] So those are smoke in this instance.

I see.

> The final line of that bash script:
> sshfs gene@Hardinge1:/  /sshnet/Hardinge1
> generates this response:
> fusermount: user has no write access to mountpoint /sshnet/Hardinge1
> 
> yet its ownership and attributes are identical to all the others that 
> Just Work.

Hm. Tied up in video call ATM. Perhaps later.

Cheers
 - t


signature.asc
Description: Digital signature

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 04:11:10 to...@tuxteam.de wrote:

> On Tue, Feb 09, 2021 at 12:01:03AM -0500, Gene Heskett wrote:
> > Greetings all;
> >
> > I have sshfs setup so I can move files around between this box and 4
> > others, 3 of which are now running buster.  Works only for the user,
> > me.
> >
> > Same install medium, a usb key, has installed buster to a 5th
> > machine, which is identical to two of the other 4.
> >
> > But the mount permissions are inverted, only root can mount this 5th
> > machine.  ssh -Y aliasname works normally, and I am logged into this
> > 5th machine fron a konsole as me, user 1000.
> >
> > Only I can execute these 4 lines of a script in my bin directory
> > #!/bin/bash
> > sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> > sshfs gene@lathe:/  /sshnet/lathe
> > sshfs gene@GO704:/  /sshnet/GO704
> > sshfs pi@rpi4:/ /sshnet/rpi4
> >
> > but only root can execute this last line
> >
> > sshfs gene@Hardinge1:/  /sshnet/Hardinge1
> >
> > generating this error when I run this script as me.
> > gene@coyote:~$ bin/mount-machines
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
>
> [rest deleted]
>
> Sorry. I can't relate this mail's subject, your longer description
> and the error messages you show.
>
> Mount is complaining that the directory where you mount the file
> systems "to" (aka "mountpoint") has stuff in it and refusing to
> do its job (unless you force it, with an extra option).
>
> My hunch is that either something is already mounted there, or
> that something got copied to those directories (while they were
> not mounted to) by accident.
>
> I'm counting exactly four like error messages, corresponding to
> the four mount commands in your script above. Whatever conclusions
> that leads us to.
>
Those 4 messages aren't reallly germain to this, they are mounts refusal 
to redo a mount already done by many invocations of the 
~/bin/mount-machines as I attempt to solve this. I only showed those for 
completeness. So those are smoke in this instance.

The final line of that bash script:
sshfs gene@Hardinge1:/  /sshnet/Hardinge1
generates this response:
fusermount: user has no write access to mountpoint /sshnet/Hardinge1

yet its ownership and attributes are identical to all the others that 
Just Work.

Thanks Tomas

 > Cheers
>  - t


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 02:29:02 David Christensen wrote:

> On 2021-02-08 21:01, Gene Heskett wrote:
> > Greetings all;
> >
> > I have sshfs setup so I can move files around between this box and 4
> > others, 3 of which are now running buster.  Works only for the user,
> > me.
>
> My Debian machines are Stretch, but I would expect that the basics of
> sshfs(1) have not changed on Buster (?).

So would I since the same install media was used to install the 3 wintel
boxes, the 4th is an rpi4b running raspbian buster. And it Just Works too.
>
> My username 'dpchrist', UID, groupname 'dpchrist', and GID are the
> same on all of my machines.

ditto
>
> I have previously installed my public SSH key from the local computer
> 'tinkywinky' to the remote computer 'po' with ssh-copy-id(1):

Don't recall doing this, plz describe>
>
> sshd_config(5) is the same on both computers:
>
> 2021-02-08 23:20:06 dpchrist@tinkywinky ~
> $ grep -v '#' /etc/ssh/sshd_config | grep .
> ChallengeResponseAuthentication no
> UsePAM yes
> X11Forwarding yes
> PrintMotd no
> AcceptEnv LANG LC_*
> Subsystem sftp/usr/lib/openssh/sftp-server
>
> 2021-02-08 23:19:53 dpchrist@po ~
> $ grep -v '#' /etc/ssh/sshd_config | grep .
> ChallengeResponseAuthentication no
> UsePAM yes
> X11Forwarding yes
> PrintMotd no
> AcceptEnv LANG LC_*
> Subsystem sftp/usr/lib/openssh/sftp-server
>
>
> If you modify sshd_config(5) on either machine, be sure to restart
> sshd(8).
>
>
> ssh_config(5) is the same on both computers:
>
> 2021-02-08 23:20:59 dpchrist@tinkywinky ~
> $ grep -v '#' /etc/ssh/ssh_config | grep .
> Host *
> ForwardAgent yes
>  SendEnv LANG LC_*
>  HashKnownHosts yes
>  GSSAPIAuthentication yes
>
> 2021-02-08 23:19:57 dpchrist@po ~
> $ grep -v '#' /etc/ssh/ssh_config | grep .
> Host *
> ForwardAgent yes
>  SendEnv LANG LC_*
>  HashKnownHosts yes
>  GSSAPIAuthentication yes
>
>
> I created an fstab(5) entry on the local machine for mounting the
> remote root directory with my unprivileged account.  Note the options:

I've never had any of this below in my fstab, haven't needed it for the
other 4 machines.

> 2021-02-08 22:37:51 dpchrist@tinkywinky ~
> $ grep 'po:/' /etc/fstab | perl -pe 's/\t+/ /g'
> po:/ /po fuse.sshfs ro,noauto,user 0 0
>
>
> I created a mount point and I set the owner and group to match my
> unprivileged account.  The directory is empty:
>
> 2021-02-08 22:39:38 dpchrist@tinkywinky ~
> $ ls -la /po
> total 8
> drwxr-xr-x  2 dpchrist dpchrist 4096 Jan 21 13:32 .
> drwxr-xr-x 27 root root 4096 Jan 21 13:32 ..

Matches mine. Difference is that I put all those mountpoints in the /sshnet 
subdir
gene@coyote:~$ ls -la /sshnet/
total 36
drwxr-xr-x  9 gene gene 4096 Feb  9 07:37 .
drwxr-xr-x 28 root root 4096 Dec 12 03:44 ..
drwxr-xr-x  1 root root 4096 Feb  4 15:59 GO704
drwxr-xr-x  2 root root 4096 Feb  8 10:10 Hardinge1
drwxr-xr-x  1 root root 4096 Feb  3 14:16 lathe
drwxr-xr-x  2 root root 4096 Apr 25  2019 redpitaya
drwxr-xr-x  1 root root 4096 Feb  1 04:46 rpi4
drwxr-xr-x  1 root root 4096 Feb  4 15:43 sixty40
drwxr-xr-x  2 root root 4096 May  2  2019 vna

The 2 extra mountpoints are for a vector network analyser when it was 
setup for testing, I am a retired broadcast engineer whose been known
to tune an AM stations tower now and then. Doing that right usually involves a
dead chicken and other bits of black art. :) But using a vna instead 
of a 75 yo General Radio rf bridge, makes it 100x faster.  The vna 
draws a smith chart in seconds.

> I use mount(8) to mount the remote filesystem:
>
> 2021-02-08 22:42:15 dpchrist@tinkywinky ~
> $ mount /po

Where I'm using sshfs, not mount.

> 2021-02-08 22:42:32 dpchrist@tinkywinky ~
> $ mount | grep '/po'
> po:/ on /po type fuse.sshfs
> (ro,nosuid,nodev,noexec,relatime,user_id=redacted,group_id=redacted,us
>er=dpchrist)
>
> 2021-02-08 23:15:47 dpchrist@tinkywinky ~
> $ ls -ld /po/home/dpchrist
> drwxr-xr-x 1 dpchrist dpchrist 4096 Feb  8 15:02 /po/home/dpchrist
>
>
> RTFM sshfs(1) is wrong regarding unmounting:
>
> 2021-02-08 23:15:38 dpchrist@tinkywinky ~
> $ man sshfs | grep -B 4 umount
> mounting
> sshfs [user@]host:[dir] mountpoint [options]
>
> unmounting
> umount mountpoint
>
> 2021-02-08 22:50:21 dpchrist@tinkywinky ~
> $ umount /po
> umount: /po: Permission denied
>
>
> Old-school fusermount(1) works:
>
> 2021-02-08 22:51:57 dpchrist@tinkywinky ~
> $ fusermount -u /po
>
And mount by itself, lists this at the end of a long list
on ths machine:

fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
g...@sixty40.coyote.den:/ on /sshnet/sixty40 type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
pi@rpi4:/ on /sshnet/rpi4 type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
gene@lathe:/ on /sshnet/lathe type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
gene@GO704:/ on /sshnet/GO704 type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group

Rebuilding Debian Live gnome image fails

[Matthijs]

Hi all,

I'm trying to build a custom Debian live USB image. To do so, I start 
trying to rebuild an original non-modified live image - specifically 
from 
"https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid";, 
the debian-live-10.8.0-amd64-gnome.iso image.


Following the Debian Live manual on using a predefined 
configuration(https://live-team.pages.debian.net/live-manual/html/live-manual/managing-a-configuration.en.html#333):

$ mkdir live-images && cd live-images
$ lb config --config 
https://salsa.debian.org/live-team/live-images.git::debian

$ cd images/standard
$ sudo lb build

...this works and I get an ISO image in that directory.

But, instead doing this:
$ mkdir live-images && cd live-images
$ lb config --config 
https://salsa.debian.org/live-team/live-images.git::debian

$ cd images/gnome-desktop
$ sudo lb build
(note the change in the 'cd' command)
...this does NOT work. The build command starts doing a lot of work, 
fetching & installing stuff, but then simply stops at this point 
(copy/paste of ~17 lines of build.log):


v
The following NEW packages will be installed:
  dctrl-tools
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 104 kB of archives.
After this operation, 413 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian stretch/main amd64 dctrl-tools amd64 
2.24-2+b1 [104 kB]

Fetched 104 kB in 0s (1481 kB/s)
Selecting previously unselected package dctrl-tools.
(Reading database ... 9125 files and directories currently installed.)
Preparing to unpack .../dctrl-tools_2.24-2+b1_amd64.deb ...
Unpacking dctrl-tools (2.24-2+b1) ...
Setting up dctrl-tools (2.24-2+b1) ...
P: Begin unmounting filesystems...
P: Saving caches...
Reading package lists...
Building dependency tree...
Reading state information...
^^^

No further output, it just quits. Same for cinnamon-desktop, kde-desktop 
and lxde-desktop. Comparing build.log from gnome-desktop with standard 
doesn't give me a clue to why it stops.


In case it is relevant: I'm building on a Debian Buster 10.8 AMD64 
machine, without any desktop (headless machine with ssh access only).


Anyone here with a suggestion how to make "lb build" work for a 
gnome-desktop Debian config?


Thanks!
Matthijs

Re: Looking for where to file a bug

[Greg Wooledge]

On Tue, Feb 09, 2021 at 08:31:05AM +0100, Sven Hartge wrote:
> Joshua Brickel  wrote:
> > The following packages have unmet dependencies:
> >  gsettings-desktop-schemas : Breaks: mutter (< 3.31.4) but 3.30.2-9~deb10u1
> > is to be installed
> > E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused
> > by held packages.

Try installing mutter directly and see what happens.  Or try installing
gsettings-desktop-schemas directly.  Or both together in one apt command.

Also make sure you didn't pin or hold anything.

> But you seem to have Buster in your sources.list (as seen by the version
> 3.30.2-9~deb10u1). Remove those lines and try again.

Keeping the buster lines should be safe, and shouldn't cause any errors
as long as there's also a newer version of the relevant package in the
bullseye lines.

Re: Incorrect password Debian 10.8 after installation

[Greg Wooledge]

On Mon, Feb 08, 2021 at 06:26:22PM -0800, David Christensen wrote:
> *Debian GNU/Linux, with Linux 4.9.0-9-amd64
>  Debian GNU/Linux, with Linux 4.9.0-9-amd64 (recovery mode)
> 
> 5.  Press the down arrow key to select the "... (recovery mode)" boot entry.
> Press 'e' to edit it.
[...]

> 1.  How do I make a copy of a boot entry?  (So that I can edit the copy and
> keep the original.)

The changes you make to the GRUB boot entry are one time only.  They're
not saved anywhere; they're only passed to the current instance of the
kernel.

> 2.  How do I insert a tab character with the GRUB editor?  (Pressing 
> causes the editor to attempt command completion.)

Why would you want to?

My best guess is that you think you want to because you think you're
making a permanent change that you'll have to look at again in the
future and you want it to be pretty.  This is not the case.  All you're
doing is adding some new words to a list of parameter words.

> 3.  Will changes made to a boot entry with the GRUB editor persist for
> subsequent boots?

No.

Re: Any hams here? Is there a program that lets me use a mouse as a CW paddle?

[Richard Owlett]

On 02/09/2021 03:37 AM, Ottavio Caruso wrote:

Hi,

I'm looking for a program (if there is no Debian binary, I'm willing to 
compile from sources) that:


1) emulates a iambic paddle using the left/right buttons of the mouse to 
send dits and dahs for training purposes;


2) (optional) could also be used to pilot a transceiver.

Thanks.



Sorry, I can't answer the question.
You might try https://lists.debian.org/debian-hams/ .
HTH

RE: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP withreserved IPs on wlan0?

[Michael Grant]

I have used openwrt, but not recent version of it.  I have been using Ubiquiti 
EdgeRouters running the stock EdgeOS.  Very solid routers.  I even have one 
sitting up in a tree in a Tupperware container in the snowy mountains!

I recently discovered that EdgeOS is based on Debian and you can install Debian 
packages on them.

Michael Grant

Re: sshfs has fubared mount

[tomas]

On Tue, Feb 09, 2021 at 12:01:03AM -0500, Gene Heskett wrote:
> Greetings all;
> 
> I have sshfs setup so I can move files around between this box and 4 
> others, 3 of which are now running buster.  Works only for the user, me.
> 
> Same install medium, a usb key, has installed buster to a 5th machine, 
> which is identical to two of the other 4.
> 
> But the mount permissions are inverted, only root can mount this 5th 
> machine.  ssh -Y aliasname works normally, and I am logged into this 5th 
> machine fron a konsole as me, user 1000.
> 
> Only I can execute these 4 lines of a script in my bin directory
> #!/bin/bash
> sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> sshfs gene@lathe:/  /sshnet/lathe
> sshfs gene@GO704:/  /sshnet/GO704
> sshfs pi@rpi4:/   /sshnet/rpi4
> 
> but only root can execute this last line
> 
> sshfs gene@Hardinge1://sshnet/Hardinge1
> 
> generating this error when I run this script as me.
> gene@coyote:~$ bin/mount-machines
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option

[rest deleted]

Sorry. I can't relate this mail's subject, your longer description
and the error messages you show.

Mount is complaining that the directory where you mount the file
systems "to" (aka "mountpoint") has stuff in it and refusing to
do its job (unless you force it, with an extra option).

My hunch is that either something is already mounted there, or
that something got copied to those directories (while they were
not mounted to) by accident.

I'm counting exactly four like error messages, corresponding to
the four mount commands in your script above. Whatever conclusions
that leads us to.

Cheers
 - t


signature.asc
Description: Digital signature

Re: Incorrect password Debian 10.8 after installation

[tomas]

On Mon, Feb 08, 2021 at 11:32:11PM -0800, David Christensen wrote:
> On 2021-02-08 23:22, Anssi Saari wrote:
> >David Christensen  writes:
> >
> >>Questions:
> >>
> >>1.  How do I make a copy of a boot entry?  (So that I can edit the
> >>copy and keep the original.)
> >
> >In Grub, you don't really need to since changes are not saved. For
> >permanent changes then in Linux edit the various files in /etc/grub.d
> >and regenerate /boot/grub/grub.cfg via running update-grub.
> 
> Okay.
> 
> 
> >>2.  How do I insert a tab character with the GRUB editor?  (Pressing
> >> causes the editor to attempt command completion.)
> >
> >I guess you don't? There doesn't seem to be much about the editor's
> >capabilities in the Grub manual.
> 
> Agreed.  The editor has a note that it supports some Emacs stuff.
> Perhaps an Emacs user would know?

I don't know how far "some" reaches, but try -Q then 
(mnemonics: Q like "quote").

Not Emacs-y, but worth a try would be -I

Failing that, we'll have to use the source :)

Cheers
 - t


signature.asc
Description: Digital signature