sshd (or global) max-connections-per-user setting under FreeBSD ?

[Joe Schmoe]

I am running a stock FreeBSD 6.0-RELEASE system, with
the built-in ssh/sshd.

I am interested in limiting the number of ssh
connections any particular user can make to the system
... for instance, if limited to 3, they could login
interactively, commence an rsync over ssh, and
commence an scp file transfer, but could not initiate
a fourth ssh transaction of any sort.

I don't see an obvious way to do this, and further, I
am not particularly interested in running sshd out of
inetd, which _might_ help me accomplish this...

I am wondering the following:

- is there a general "max connections per user"
mechanism in FreeBSD that I could use ?  I only allow
ssh connections, so I don't need it to be sshd
specific - I would be happy with a global max conn
mechanism...

- (if there isn't a global maxconn) is there an
elegant way to limit max connection for sshd ?  I feel
like I could do this with pam.conf, based on the
documentation, but I don't see how, and further, there
is no pam.conf in a default install ... so perhaps I
add it to /etc/pam.d/sshd (or perhaps
/etc/pam.d/system for global ?)

I am sorry to ramble - all comments and suggestions
are greatly appreciated.

thanks.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

logitech mx700 mouse button disfunction under FreeBSD

[Joe Schmoe]

The logitech mx700 is a cordless 10-button mouse (3
buttons, two thumb buttons, scroll wheel up and down,
two paging buttons, and one "app" button).

While the mx500 mouse, that seems to be very closely
related to the mx700, has been reported to work
(scroll wheel and both thumb buttons function) under
FreeBSD, and while the mx700 is working in the same
fashion under linux, the mx700 _does not_ function
under FreeBSD.

Details:

Using this configuration in your X/Xorg configuration
file:

Section "InputDevice"
Identifier  "Mouse0"
Driver  "mouse"
Option  "Protocol" "auto"
Option  "Device" "/dev/sysmouse"
Option  "Buttons" "7"
Option  "ZAxisMapping" "6 7"
EndSection

along with these startup options for X/Xorg:

/usr/X11R6/bin/xmodmap -e "pointer = 1 2 3 6 7 4 5"
/usr/X11R6/bin/imwheel -b "67" &

and these settings in ~/.imwheelrc :

".*"
None, Up, Alt_L|Left,1
None, Down, Alt_L|Right,1

"(null)"
None, Up, Alt_L|Left,1
None, Down, Alt_L|Right,1

You will end up with the three standard buttons
functioning, and the scrollwheel functioning (as
buttons events 4 and 5).  Further, the page up and
down buttons will simply send double-4 and double-5
button events.

However, the other three buttons (thumbs and app
button) will _all send button event 5_.

I have tried every conceivable combination of
Zaxismapping, xmodmap settings, and with and without
imwheel ... no matter what, the three final buttons
(two thumbs and one app button) always produce the
same button event.  Even if you configure 9 or 10
buttons in your X config.  Those three buttons will
ALWAYS send the same button event.

So what is the reason for this ?  Why does the mx500
function and the mx700 does not ?

More importantly, what is a strategy for getting to
the bottom of this and fixing it ?  If you look at the
mailing list archives, there are many, many examples
of people going through this same hell and just giving
up.

Comments ?

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Using a logitech mx700 with scrollwheel _and_ thumb buttons

[Joe Schmoe]

Andre,

--- André-Philippe Paquet <[EMAIL PROTECTED]> wrote:

> My MX500 is working just fine. Here what I do:
> 
>- Install imwheel (/usr/ports/x11/imwheel) 
> 
> 
>- Add this to ~/.imwheelrc 
> 
> ".*"
> None, Up, Alt_L|Left,1
> None, Down, Alt_L|Right,1
> 
> "(null)"
> None, Up, Alt_L|Left,1
> None, Down, Alt_L|Right,1
>  
> 
>- In my x.org  file.. For the
> InputDevice section: 
> 
> Option "Buttons" "7"
> Option "ZAxisMapping" "6 7"
>  
>- Finaly, I run these two commands on Xwindows
> start: 
> 
> imwheel -b "67" &
> xmodmap -e "pointer = 1 2 3 6 7 4 5"


Nope.  I reproduced these same settings _exactly_, and
they produce the same results.

With your settings above, the scroll wheel works fine,
and the two thumb buttons each cause the web page to
scroll very slightly downward.  This is the same thing
they did with all the other different configurations I
tried.

Why is using mouse thumb buttons under FreeBSD _rocket
science_ ?  Why is this a _hard problem_ ?

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Using a logitech mx700 with scrollwheel _and_ thumb buttons

[Joe Schmoe]

Hello,

I have a logitech mx700 - it has a scrollwheel and two
thumb buttons (designed for forward and back in your
browser) as well as some other launch button on the
top that I guess is for launching an app.

I am using FBSD 5.4-RELEASE with xorg installed from
the ports tree.

I have tried many, many different combinations of
settings in /etc/rc.conf, xorg.conf and .xinitrc.  The
results are always the same:

- I can use the scrollwheel just fine
- first three mouse buttons work just fine
- the other three (two thumb buttons and the app
button) _always_ generate the same mousebutton event

So for instance, at first I had:

moused_flags="-z 4" in /etc/rc.conf

and I had:

Section "InputDevice"
Identifier  "Mouse0"
Driver  "mouse"
Option  "Protocol" "auto"
Option  "Device" "/dev/sysmouse"
Option  "Buttons" "7"
EndSection

in my xorg.conf

and I had:

/usr/X11R6/bin/xmodmap -e "pointer = 1 3 2 4 5 6 7"

in my .xinitrc

Checking button events in xev, under this config,
shows that upwheel is 4, downwheel is 5 (and yes, the
wheel worked) and all three other buttons (two thumbs
and app button) were all button 5.

so then I removed the -z line from /etc/rc.conf, and
added this to my xorg.conf:

Option "ZAxisMapping" "6 7"

Same behavior.  wheel works, the other three are all
event button 5.

So the only semi-success I had was when I changed my
ZAxisMapping line to:

Option  "ZAxisMapping" "4 5 6 7"

When I did this, wheelup is 4, wheeldown is 5, the
little pseudo buttons above and below the wheel now
create the following combo events of 6,4 and 5,5
respectively, and my two thumb buttons and app button
now all produce button 7.

-

So what can I do here ?  No matter how I rearrange my
settings, the two thumb buttons and the app button
always produce the same button event.  Whether it is 5
or 7, it is always the same.

Does anyone have a Logitech mx700 mouse, in FreeBSD
5.x, with xorg, running properly with the wheel and
the thumb buttons ?

thanks, jarsh



__ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

aggregating a bit of three different network connections into one ...

[Joe Schmoe]

Hello,

I have three totally distinct network connections at
my office.  We have an ISDN line, a T1, and a DSL
connection.  I do not need to worry about the
particulars of each connection, because I actually
have an ethernet drop for each of them - someone else
does the routing/csu-dsu/etc. - I just get a usable
ethernet drop that supports DHCP (a distinct DHCP
service on each port - they aren't related).

I _also_ have a FreeBSD server sitting in a datacenter
many miles away, with its own single, dedicated
network connection out to the real world.

What I would like to do is build a PC with three
network cards in it, connect each card to each of
those three network drops, and use 10% of the total
bandwidth of each connection - somehow turning that
into one single network connection that that PC would
use.

BUT I do not want some kind of round-robin scheme
wherein TCP session X uses the fraction of the ISDN,
and TCP session Y uses the fraction of the T1, etc. -
I want the end result to be one single connection that
behaves just like any other single connection.

What I want is to create a virtual tunnel from this PC
to the server in the datacenter - so all packets from
the PC go out, equally, on the three disparate
connections, and they all are pointed to the hosted
server.  The hosted server then pieces everything back
together and creates useful connections to the outside
internet, which it then passes back over the three-way
tunnel to the PC.


   /--- 10% of this connection ---\
PC- 10% of this connection  server -> Internet
  \ 10% of this connection ---/

Is this possible ?

Is netgraph one2many the correct mechanism to be
looking at ?

Basically I want a connection that, at the end,
presents itself to the system as one single connection
with one single IP, and gives effective bandwidth of
(percentage-ISDN) + (percentage-T1) +
(percentage-DSL).

Thanks.




__ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo 
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: passwordless ssh logins with shared _HOST_ keys - not working.

[Joe Schmoe]

--- Nicolas Rachinsky <[EMAIL PROTECTED]> wrote:

> Is your ssh setuid root? Is UsePrivilegedPort set?
> 
>  UsePrivilegedPort
>  Specifies whether to use a privileged
> port for outgoing connec-
>  tions.  The argument must be ``yes'' or
> ``no''.  The default is
>  ``no''.  If set to ``yes'' ssh must be
> setuid root.  Note that
>  this option must be set to ``yes'' if
> RhostsAuthentication and
>  RhostsRSAAuthentication authentications
> are needed with older
>  servers.
> 
> Nicolas
> 


No, neither.  And rightly so, since I am not using
either RhostsAuthentication or
RhostsRSAAuthentication.

The config I pasted is the _entire_ config file -
that's all there is.  I am using neither of those
options, so I shouldn't need suidroot or Privileged
port.

Is host based keys just broken in ssh on FreeBSD ?  I
wish someone would just confirm this so I can stop
wasting my time ... or deny it and tell me what I am
doing wrong - _all_ information regarding my setup is
in my original post ...

thanks.  



__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

passwordless ssh logins with shared _HOST_ keys - not working.

[Joe Schmoe]

(I have asked this several times on -questions and
gotten nothing ...)

I am trying to allow _all users_ on CLIENT to login to
SERVER without a password.

IMPORTANT:  I am not interested in user keys _at all_
- at no point in this process should I ever be dealing
with any keys in /home/user/.ssh - I am only
interested in doing this with HOST keys - where I copy
one key between SERVER and CLIENT, and _all_ users on
CLIENT can login to SERVER without a password.  Don't
even mention user keys.

My /etc/sshd/sshd_config is exactly the same on both
SERVER and CLIENT:

#VersionAddendum FreeBSD-20020629

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# Authentication:

IgnoreRhosts yes
#RhostsRSAAuthentication no
HostbasedAuthentication yes
IgnoreUserKnownHosts yes

ChallengeResponseAuthentication no


Further, SERVER has CLIENT in its /etc/hosts.equiv,
and CLIENT has SERVER in its /etc/hosts.equiv

Finally, I have run:

ssh-keyscan SERVER >> /etc/ssh/ssh_known_hosts

on the CLIENT, and run:

ssh-keyscan CLIENT >> /etc/ssh/ssh_known_hosts

on the SERVER.  So the keys are properly shared.

The permissions on /etc/ssh/known_hosts on each system
are:

2 -rw-r--r--  1 root  wheel

So that's it.  The options are set in sshd_config, the
keys have been exchanged, hosts.equiv are populated
and permissions are correct.

SO now I go to CLIENT and run:

ssh [EMAIL PROTECTED]

and I get a password prompt!!!

So what am I doing wrong ?  Again - NO user keys are
used and I am not interested in user keys _AT ALL_. 
DOn't even mention the /home/user/.ssh directory.  The
goal here is to share one public key between SERVER
and CLIENT and allow _all_ users on CLIENT to log into
SERVER without a password.

So what am I doing wrong ?

thanks.



__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

concurrent scp transfers (and a testing methodology ?)

[Joe Schmoe]

I have read several documents on the number of
concurrent  https sessions a FreeBSD system is capable
of.

However, I wonder how well this relates to how many
ssh sessions (scp file transfers, specifically) that a
FreeBSD server can handle.  Can anyone throw out some
basic numbers for this ?  Assuming a 1ghz p3 and 2gigs
of RAM, and assuming that everyone is transferring a
totally different file.  (so there is no amount of
cache hits - everything comes straight off the drives)

I would think the major bottleneck would be disk - you
would start chugging the disks far before you used up
all the CPU on a 1ghz p3 ... but what is the second
bottleneck ?  Is it cpu, or is it ram (or mbufs, etc.)

Would it be a reasonable test to just start up scp
sessions from the machine to itself and then divide
the number of sessions you can acceptably create by
the number 2 ?  Or is this somehow a flawed test ?

Any additional comments (kernel tunes, settings, war
stories) are greatly appreciated. (like, does SMP help
a lot here, or just a little ?)


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: A few technical items on UFS2 and snapshots...

[Joe Schmoe]

--- Oliver Fromme <[EMAIL PROTECTED]> wrote:

>  > 1. Is it dangerous to mount all 20 possible
> filesystem snapshots and
>  > _leave them mounted_ to use at any time ?
> 
> I don't think there is any danger, except that you
> will run
> out of disk space sooner or later.


Every snapshot I have taken so far takes up zero space
on the drive, or at least that is what `df` is telling
me ... when I do an `ls -asl` in the directory with
the snapshots, I can see each snapshot has a filesize
equal to the size of the partition that was
snapshotted, but again, `df` tells me they take up
zero extra space.  So where is the disconnect there ? 
How much space is the snapshot _really_ taking up, and
how do I determine that ?


>  > What about
>  > automatically mounting all 20 snapshots at boot
> time ?
> 
> Sorry, I fail to see what exactly you're trying to
> achieve.
> Why would you want to do that?


I dunno - just to have all the snapshots mounted so
that if I want to access one, I don't have to take the
time to mount it up.  I'm just lazy, I guess ... so
there would be no ill effects of doing this ?


>  > 2. Related to the first question, it seems like I
> am getting space
>  > out of nowher e ... that is, if I fill up a
> drive, then make a
>  > snapshot, then erase the drive and fill it again,
> 
> You cannot fill it up again, because the snapshot
> still
> takes up all the space.  When you fill the drive and
> make
> a snapshot, erasing the drive will not free any
> space.


Is this really true ?  Where did you read this ?  (so
I can go read it too...)  And this goes back to my
first question above - if the snapshot files all take
up the same amount of space as the filesystem itself,
but `df` does not show an increase in space when I
make a snapshot, how do I tell what is _really_ going
on ?



>  > 3. When I mount a snapshot, as described in the
> man page, but then
>  > later mount - uw the snapshot ( to make that a
> writeable mount) and,
>  > say, touch a file or create a file in the mounted
> snapshot ... what
>  > exactly am I doing ?
> 
> You're getting EPERM ("operation not permitted"),
> because
> snapshots are always read-only.


No, I'm not.  Re-read the question - I am saying that
after I mount the snapshot, I then remount it with
-uw, making it writeable (with `mount -uw`), and then
I can _successfully_ touch files inside that snapshot.
 SO what exactly am I doing then ?  Have I ruined the
snapshot ?  Can it still be used ?  What inodes and
space get used when I touch files inside a
write-mounted snapshot ?  Should the ability to mount
-uw a snapshot mount be removed (in the same way that
there is an exception in the unlink system call that
allows you to delete schg flagged snapshots) ??


>  > write file A
>  > write file B
>  > crash
>  > file A exists, but B does not
>  > write file B
>  > crash
>  > BOTH file A and B _no longer exist_


Anyone else have comments on the above sequence ?  Is
that possible to have happen, or did I just dream it ?

thanks.





__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

A few technical items on UFS2 and snapshots...

[Joe Schmoe]

(posted to -questions a few days back, but with no response)

Hi - a few questions about UFS2 and snapshots:

1. Is it dangerous to mount all 20 possible filesystem snapshots and _leave them 
mounted_ to use at any time ?  What about
automatically mounting all 20 snapshots at boot time ?

2. Related to the first question, it seems like I am getting space out of nowhere ... 
that is, if I fill up a drive, then
make a snapshot, then erase the drive and fill it again, then make another snapshot 
... and do this 20 times, AND THEN mount
all 20 snapshots, it seems like I now have 20x as much disk space as before (granted, 
most of it is read-only) ... it seems
like I am getting something for nothing.  What am I missing here ?  What tradeoffs do 
I begin to make as I mount up more and
more snapshots and get more and more browsable space ?

3. When I mount a snapshot, as described in the man page, but then later mount -uw the 
snapshot ( to make that a writeable
mount) and, say, touch a file or create a file in the mounted snapshot ... what 
exactly am I doing ?  Have I corrupted the
snapshot ?  Is it still usable as a snapshot ?  Where does this space end up being 
used at if I write a file in a
write-enabled, mounted snapshot ?

4. This is not related to snapshots, but is a UFS2 question ... I see that if I am 
doing filesystem activity, and before I
can sync the disks, my machine crashes ... the machine sort of goes back in time when 
it reboots - the files or directories I
had created no longer exist when it reboots.   This is expected, I suppose, and makes 
sense.  However, it seems like I have
also seen the following behavior:

write file A
write file B
crash
file A exists, but B does not
write file B
crash
BOTH file A and B _no longer exist_

Is this possible ?  Have I really seen that behavior, or am I remembering it wrong ?  
I swear that I have seen something like
this happen ... if this is possible, can someone explain how ?  It seems like it 
shouldn't be possible...

Thanks!


-
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

crashing FreeBSD 5.2.1-RELEASE with tar (!)

[Joe Schmoe]

FreeBSD 5.2.1-RELEASE is easily crashed with tar.

I have a Intel N440BX single CPU Pentium3, dual fxp0, onboard SCSI.  512M ram, and 
256M swap.  NO programs installed or running - just sshd.  I recompiled the kernel, 
but I _only removed_ raid controllers and ethernet cards that I didn't need (and 
usb/pccard/firewire/etc.).  Nothing was added to the kernel.  So, all in all a very 
vanilla, simple, barebones system.

tar up /usr into some other partition - /mnt for instance.  Then untar it there:

tar cvf /mnt/usr.tar /usr; cd /mnt ; tar xvf usr.tar

The untar operation will never complete.  The machine will always crash somewhere 
during the untar.

In all occassions the crash is such that the machine simply reboots itself and is back 
up on the network in a few minutes.

It is interesting to note that if I untar usr.tar in a directory in the / partition, 
the machine survives.  It is only when untarring in another partition that the machine 
crashes.  ALSO, the deeper you put the tar file in the non-root mount, the less of the 
tar file gets untarred before the crash.  So if you untar it in /mnt, it gets through 
a fair amount of the tar file before crashing, but if you untar it in 
/mnt/test/test/test/test/test/test, it will crash _noticably_ sooner.

What should I do next ?  I cannot stress enough that this is an extremely barebones 
system, with very very common hardware, and a kernel that has nothing added - just 
superfluous things removed from it ... and I am crashing it by simply untarring a tar 
ball (!)

thanks.



-
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

What kind of a crash is this ? (kernel ? userland ?)

[Joe Schmoe]

Hello,
 
I have become familiar with certain FreeBSD crashes - namely, I can tell the 
difference between the kernel crashing, and the userland crashing.
 
If the machine is down, but I can still ping it, then the userland has crashed - the 
kernel is still running, which is why it responds to pings.
 
But if it crashes and just reboots itself, then the kernel has crashed.  
Oversimplified I know, but I am leading up to:
 
What kind of a crash is it if:
 
I can ssh to the system, it gives me the BSD copyright and the uname message, but 
never ever gives me a prompt.  What is going on in this scenario ?  What kind of 
things have you seen that cause a crash like this ?
 
thanks.


-
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"