Re: Backspace and Delete keys under PuTTY
Am Dienstag den, 10. Dezember 2002, um 20:46, schrieb Jonathan Chen: On Tue, Dec 10, 2002 at 01:17:17PM +0200, Adrian Penisoara wrote: [...] But I have Bash as the default shell. And yes, it works changing the Terminal / Keyboard / Backspace key from Contrl-? (127) to Control-H, but the users are pissed off by the fact that Linux doesn't need this -- does it mean FreeBSD has broken termcap entries or that Linux is just stepping on the traditional standards ? It's Linux that's stepping on standards. Their default config is to have erase=DEL. All other UNIX boxen I've used have erase=BACKASPCE. I suspect the PUTTY writers have been heavily influenced by Linux. Hi Adrian, it is not only for FreeBSD and Solaris but for Reliant Unix and HP-UX too. As Jonathan said - Linux doesn't behave like the others. I hope that helps with your boss. Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: count the number of ports
Zhihui Zhang wrote: Is there a way to count the number of ports in a FreeBSD release? I guess this boils down to how to parse the file /usr/ports/INDEX easily. Thanks. wc -l /usr/ports/INDEX To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: how to use an etoken? (ignore first post)
Bsd Neophyte wrote: i accidently hit the enter key which sent that message forward. i appologize for that. i wanted to know if it was possible to purchase one of those usb memory devices and use it as an etoken by copying the public key onto it... there is one thing though... i don't want passwordless access. i want the etoken to allow for a system to access my FreeBSD box, but still have the user enter their password to login. another thing, i want this only for ssh access. i want to allow for the FreeBSD box to still function as my PDC and possibly a webserver at another date. has anyone done this? can anyone recommend how to do it or point me to some reading material? Hi, if you mean the eToken from www.eladdin.com - no, there is no device drivers for them yet build. I mailed to them and asked them if they had plans to port the software to FreeBSD/*NIX or let some help them with it. They answered, that they are already on their way to port the framework and an SDK to Linux. After this is done we can perhaps make a FreeBSD version out of it. Then what you propose will be possible. Until then - wait and bug them once in a while that you want FreeBSD support. Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: how to use an etoken? (ignore first post)
Marc Perisa wrote: Bsd Neophyte wrote: i accidently hit the enter key which sent that message forward. i appologize for that. i wanted to know if it was possible to purchase one of those usb memory devices and use it as an etoken by copying the public key onto it... there is one thing though... i don't want passwordless access. i want the etoken to allow for a system to access my FreeBSD box, but still have the user enter their password to login. another thing, i want this only for ssh access. i want to allow for the FreeBSD box to still function as my PDC and possibly a webserver at another date. has anyone done this? can anyone recommend how to do it or point me to some reading material? Hi, if you mean the eToken from www.eladdin.com - no, there is no device drivers for them yet build. I mailed to them and asked them if they had plans to port the software to FreeBSD/*NIX or let some help them with it. They answered, that they are already on their way to port the framework and an SDK to Linux. After this is done we can perhaps make a FreeBSD version out of it. Then what you propose will be possible. Until then - wait and bug them once in a while that you want FreeBSD support. Marc Update: The new HASP package is out since 18.11.2002. (Press release: http://www.eladdin.com/news/2002/hasp/hasp-cd12.asp ) I will take a look at it during the X-mas holidays. Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: jailed virtual https, anyone?
[redirecting to questions because it isn't a discussion about security. It is a config problem.] Hi Alex, Alex Povolotsky wrote: On Fri, 22 Nov 2002 07:07:41 -0500 Allan Jude [EMAIL PROTECTED] wrote: AJ What seems to be the problem with the virtual hosts? AJ You're quite right, but I have EVERYTHING works ok for now, EXCEPT AJ virtual hosts with https. Google shows nothing relevant on jail https AJ virtual. Oh, quite simple. https cannot be configured with name-based virtual hosts, by design. jepp. jail cannot be configured for more than one IP address, by design. (don't ask me to wait until jail-ng will be ready) jepp. Jail sits on internal IP, on lo0. fxp0 holds real IP addresses to be accessed from outside. I'm forwarding incoming connection to jail, currently with ipnat. I need to pass information about real (outside) IP to mod_ssl. That is my problem. ? (I understand what you do - but not why ...) plain http works perfectly (name-based virthosts). jepp. Ok. Why don't you put every single jail with it's outside IP up and let it run there (binded to fxp0). What do you want to reach with that setup ? More security? Next possibility is to setup a https-http gateway on the external IP (binded to fxp0) and forward the un-encrypted requests over to the apache (name-based or whatever). https is designed that way that nobody should be in the middle. So this whole setup you described will not work. Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: 2questions
Enrique Morfin wrote: Hi! 1) how can i update from 4.5 to 4.7 preserving all my configurations? By following the documentation. It is written at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html - especially chapter 21.4 Using make world. mergemaster(8) is the key. It should preserve every change in the configuration of standard FreeBSD files you had done (if used correctly). All others are not touched. Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /usr/ports/finance? WAS [make index fails with repeated Warning:Duplicate INDEX entry: Stop in /usr/ports/finance msgs]
Hi Stacey, Stacey Roberts wrote: Sorry if this second post irks some, but in looking at the warnings / errors indicated in my earlier post I noted that there is a complaint about /usr/ports/finance. (snip) Again, I'm somewhat puzzled by this. I'm not using any ports on this machine that uses / requires anything to do with financial pkgs nor have I installed any related ports.., What's this doing here, if its not actually listed at FreeBSD.org? It is. http://www.freebsd.org/cgi/cvsweb.cgi/ports/finance/Makefile Like I said earlier (and confirmed from relevant timestamps), my ports tree was re-cvsup'ed within only an hour ago. Could someone that knows (or know's someone that does) fill me in on this / point me to where I might find out for myself, please? That tree/files were added Mon Nov 18 9:42:26 2002 UTC by knu to the cvs repository(as you can see on that page.) Perhaps the web pages which give you an overview about what ports exists were not updated yet. But it is in the code repository. So it is offical and some one thought that it may be useful. If you don't want that part of the ports tree feel free to exclude it in your ports-cvsup file. Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD gateway
Derrick Ryalls wrote: Hello! I have installed FreeBSD 4.7 recently, and it seems it does not want to work as a gateway. I have two network cards in my FreeBSD computer, fxp0 for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am confused what the difference between gateways and routers is (I was thinking they link to the same thing). I can ping my FreeBSD box from winxp, I can ping internet from remote session to FreeBSD, but I cannot ping internet from my winxp. My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway 192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: gateway_enable=YES kern_securelevel_enable=NO nfs_reserved_port_only=YES ifconfig_sis0=DHCP ifconfig_fxp0=inet 192.168.0.18 netmask 255.255.255.0 #router_enable=YES # from handbook gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=sis0 natd_flags= #/ handbook Are your ip's reversed? I think the gateway should have the .1 address and the xp box should use the .18 Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP box to 192.168.0.1 . All is ok with that. It is only uncommon to do. Normally you would give the defaultgateway for a network x.y.z.1 or x.y.z.254 . But it is not forbidden to set it to any IP in that subnet. Are you using the default kernel? If so, you will need to add a couple lines are recompile. options IPFIREWALL #firewall options IPDIVERT#divert sockets as for the difference between a router and a gateway, a gateway is a machine to deal with going from one network (lan) to another network (wan), I think. From your point of view (as needed for this problem) routers and gateways are the same. In this case the FreeBSD box is acting as a router for your internal net to the Internet. A simple router would do the same. But for more complex routing you have to either setup gated (or similar software) or add all rules (if they are static) by hand. A gateway is the simplest form of a router. The last two lines from dmesg: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled ip_fw_ctl: invalid command That hints to a problem with the /etc/rc.firewall script (which is called when you add to /etc/rc.conf firewall_enable=YES). Please provide us with the output of ipfw list. (You have to do that as root of course). I think your firewall ruleset is not tuned for a gateway situation. Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SSH x11 forwarding of netscape
[ -redirected to -questions where it belongs] Michael C. Cambria wrote: Hi, I've just starting using SSH for X11 forwarding from one FreeBSD 4.6-Stable machine to another. One is home, the other in the office. I've been successfull doing this with most programs I've tried. The man page suggests ssh -f host xterm, but in my case I need to also supply '-X' (as in ssh -X -f host xterm), but other than the '-X', most programs I've tried work. The goal is to be able to run mail etc. from home or (several) office, keeping all the folders etc. in one place, on the home machine. From the office, when I try netscape, things don't work. The command issued from my work system is ssh -X -f home netscape. Not only does netscape not start, Mozilla does! Worse yet, Mozilla starts not on the remote machine, but on the local one. Running netstat on both machines confirms this observation, as does looking at local files from mozilla. What happened if you type ssh -X yourmachine, login and then type netscape ? Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Mandrake OK, RedHat OK, Win OK, .... FreeBSD NOK ... Any driver?Please help!!!
George Costell wrote: Hi, Bought FreeBSD 4.5 CD's and trying to install the OS for an application. Impossible to load correctly the system 1°) Obstinently does not recognize any of my 3 Ethernet card on the firts one (RTL8139, DEC, RT 8039 and NE). rl(4) should be the driver for RTL8139 and work. A RT8039 is not mentioned in the release hardware notes. Which network card from DEC? Which type of NE? Are thos ISA or PCI cards? Go, read what is supported: http://www.freebsd.org/releases/4.5R/hardware-i386.html How do you knoe, that your network cards are not detected? 2°) Nothing to do with a second PC. Intel i810 graphic card and X Windows only VGA and no driver for i810. If I remember correctly FreeBSD 4.5 shipped with XFree 3.x - there was no support in XFree 3.x or the i810. Both E-Machine PC's! What type is that? Yet already used FreeBSD and Linux. I can load Mandrake not any problem, RedHat 7 OK, Win2000 OK !!? /me could not help to start ranting. FreeBSD loaded succesful. XFree is not FreeBSD else the network drivers. so FreeBSD _is_ loaded correct. Please provide us with more informations like a dmesg-output Thanks Marc PS: This is a mailinglist and answer are given by volunteers. FreeBSD is not a company like RedHat or Mandrake. So please ask in a way you would ask a friend for help. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: What is vnlru really?
Hi Peter, Peter Leftwich wrote: Good evening, I ran `ps auxww | more` and noticed some processes in parentheses. One that did not have a manpage (I suspect some other process kicked it off?) was vnlru and all I could find out about it are the following: http://www.google.com/search?hl=enie=ISO-8859-1q=vnlru+freebsdbtnG=Google+Search http://docs.freebsd.org/mail/archive/2002/freebsd-stable/20020120.freebsd-stable.html http://docs.freebsd.org/cgi/getmsg.cgi?fetch=489990+0+archive/2002/freebsd-stable/20020120.freebsd-stable http://docs.freebsd.org/cgi/getmsg.cgi?fetch=491439+0+archive/2002/freebsd-stable/20020120.freebsd-stable This explanation seemed the most authoritative ... ... should be this: http://groups.google.com/groups?q=vnlru+matt+freebsdhl=enlr=ie=UTF-8selm=fa.l50hqsv.1sh0n2k%40ifi.uio.nornum=4 http://docs.freebsd.org/cgi/getmsg.cgi?fetch=603119+0+archive/2002/freebsd-hackers/20020310.freebsd-hackers http://www.unixguide.net/freebsd/faq/10.31.shtml That's a good short description. But the above tells more. But one post said something about ipfw (which I do not yet run). I've been trying to get the program gaim to direct connect and want to make sure my IP is not masked in a firewall or proxy sort of way. What else is there to check, using `ps auxww`? Thanks as always and ever after, PS - Is `arp -a` the most reliable way to get one's current IP address? If you want to know your own IP address(es) you should use ifconfig. Thanks, Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: what's up with /var/empty?
Hi Chip, Chip Wiegand wrote: I just finished installing 4.7 and want to move /var to /usr/var and symlink it, but there is an empty subdirectory called empty (/var/empty). It is not going away when I try to delete the /var directory after moving it to /usr/var. It has permissions like this: dr-xr-xr-x root wheel Seems like I had to do something about a sticky bit, but don't recall and can't find anything in the list archives about this. Can someone remind me? And this time I'll write it down in my notebook. it is not about sticky bits. /var/empty is used since OpenSSH 3.4 to chroot the child process. man sshd will tell you more. So, stop sshd (all of them I think) and then it should work Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: DHCP Relay over IPSec ESP/Tunnel (Sorry about the duplicate posts,problems with digital ID)
(taking this to questions because it is not a discussion on security topics) Erik Paulsen Skålerud wrote: Hello. Is it possible to use DHCP relay over an IPSec ESP/tunnel? What are the requirements to accomplish this, and is there any special configuration I have to use? I've been trying to get this to work for two days now, and I'm really really ready to give up. This is my last resort, so, please, if you do have any comments, please let me know. Hi Erik, DHCP relay should be possible over any IPSec tunnel (if not the other end of the tunnel has to get its IP from this DHCP server). It is like having one DHCP server and lots of clients in other subnets. Take a look into the handbook under: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dhcp.html and look out for dhcrelay(8). If your routing over the tunnel works, dhcrelay should work too. Hope that helps Marc PS: I assume, that the tunnel is transparent to the network on both sides. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: How to create another account with root privileges ?
Peter Leftwich wrote: On Thu, 10 Oct 2002, Bob Johnson wrote: On Wednesday 09 October 2002 09:02 pm, Pranav A. Desai appears to have written: Hi! I have been asked to create admin accounts for a machine such that all of them can access that machine as root but with different username and password. In many environments, this is reasonable. Sometimes you have more than one person who is must have full administrative rights, unless you plan to have your one administrator be on 24/7 call. It is good policy to prohibit anyone, even administrators, from sharing accounts, so you give each admin their own account. Of course, if they only need limited admin rights, then sudo is probably a better solution. Talk to your customer and find out what they are really trying to accomplish. man su Nope. man sudo - as Bob Johnson said. Or man super. Or or or. Today there is a bunch of alternatives. Take a look into /usr/ports/security for wrappers. (A colleague has written his own some years ago when there were no alternative). The toor account is an example of exactly what you want, although by default it is disabled (by an invalid password field). To create a similar account, use vipw to edit the password file. Copy the root entry, but give each person their own name and the shell of their choice (the shell must be in /etc/shells). What -is- that toor (root backwards) account for anyways?? Do a little google search. Or it is mentioned in the handbook (iirc). Is there a command similar to vipw that uses a simpler editor, like pico? IIRC no. Get used to vi. You will have to use it sometimes in the future. If you do any commercial *nix there normally isn't anything else (ok beside from ed :)) installed by default. And if you are a consultant and go to a customer and asking for pico ... Leave everything else the same as for root. If you copy the password field from the root account, then the new admin account will have the same password, which should be changed by the user of the account. Also, never change the shell for root. It needs to be as it is for some things to work right. That's why the toor account exists: so you can set up an admin account with your choice of shell. I always log in 100% of the time to my box as root and my shell is tcsh Eum. DON'T. Use su/super/sudo mostly ANY time you have to do work as root. sudo provides you with a log of what you have done. That might come in handy if you typed rm -rf */*1*/??g*/*html ... it will get expanded in the log - and then you know what to restore :) Also if more than user is administrating you even know when who had done what (ok, you can change the log - but that will get obvious). And the biggest plus is: NOONE has to know the root password. You can let a manager set it, write it down to a paper, put that into an envelop, seal the envelop and put that envelop into a safe. Some companies (like banks, assurances) have a policy to do so. Does it matter that (I think) I changed the shell for root? Yes, it does. If you boot single-user and/or your /usr partition is corrupted (you have to do a fsck) you can not use that shell, because it is on that partition. For other OSes (like HP-UX) there is the problem that other shells than /bin/sh are *not* statically linked - so without /usr you can do nothing - but you must. (I don't know if that applies to FreeBSD too - if not take it as a general warning.) The big disadvantage of this is that if you have three admin accounts, an attacker has three times greater chance of cracking the root password if they get their hands on your password file. Stress to the admins that it is critical that they use strong passwords on the admin accounts. A good way to create a strong password is to come up with a sentence of 8 or more words known only to yourself (i.e. NOT a well known phrase), and take the first letter of each word to form an acronym. Throw in some strange capitalization and a few special characters for best effect. For example, the phrase might be my mother dances with bears (in the moonlight), which gives me a password of mMdwb(itm). If the phrase used is widely known, this method becomes as easy to crack as single words of the same length, but if you use unique phrases the resulting passwords are very good. Good point about crackers and their having three times the power! First they have to tell what user accounts exists. Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Copying directories contents
Peter Leftwich wrote: I have often run into a similar situation. There doesn't seem to be a command line or GUI file explorer you can use to stitch together source directories and subdirectories into the target directory. For example, if you have differing files but in the same exact folder tree structure, is there a command to weave (mv) the files in? This would be a scheme that favors only files and that runs a test of basically saying is the directory there already? yes, then mv this file into it, no, then create it and move this file into it... but on a wider scale. # NOT TESTED! # little script, should work in ksh (and zsh bash) SOURCE=/your/source/dir TARGET=/your/target/dir for i in `cd ${SOURCE}; find . -type d`; do if [[ -d $TARGET/$i ]] ; then mv $SOURCE/$i/* $TARGET/$i/ ; else mv $SOURCE/$i $TARGET/ ; fi ; done Before the mv you can actually test the files (or subdirs) for size, mtime, atime, But be careful as stated in the mv(1) man page: As the rename(2) call does not work across file systems, mv uses cp(1) and rm(1) to accomplish the move. The effect is equivalent to: rm -f destination_path \ cp -pRP source_file destination \ rm -rf source_file Perhaps you should read some tutorials about shell programming - it can come in really handy. Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: An old sparc 50mhz 64bit workstation - can it run *bsd?
Administrator wrote: I do believe there is a port of NetBSD for sparc cpu's, but does anyone know if it will run on open or freebsd? With preference for freebsd obviously, though I believe it's the one least likely to take to the sparc processor. I can get a hold of 4-5 of them hopefully from my university, and I'd love to mess around with them. Hi, if you have too many of them there is a bunch of people who would take them :) A list of the people who needs them to support the UltraSPARC (the 64bit SPARC-processors) better with FreeBSD can be found here: http://www.FreeBSD.org/donations/wantlist.html And if you have more than you can handle, mail me ;) Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: gnokii
[EMAIL PROTECTED] wrote: Hi FreeBSD Support, I would like to setup an internet connection on my FreeBSD 4.6.2 system at home. I don't have POT telephone line neither I have cable connection so I would like to install gnokii 0.4.3 from BSD port collection in order I can connect to the internet through my mobile phone. Gnokii depends on several other distfiles which I have to download,write on a cd and take the CD home. How can I exactly know what other distfiles I have to download other than gnokii.tar.gz? When I write the command make I got messages that distfiles needed other than indicated in port dependences on www.freebsd.org/ports/comms . For example bison-XXX.tar.gz. gnokii-0.4.3,1 ftp://ftp.freebsd.org/pub/FreeBSD/branches/-current/ports/comms/gnokii Hi Peter, it if you have a FreeBSD installed at home, you can do the following: cd /usr/ports/comms/gnokii make fetch-recursive-list /your/downloadlist Take that file to the computer from which you want to download. If it is not a FreeBSD (or *nix) system you have to extract the URLs (be careful, there can be more than one per port) and download them by hand. Otherwise (if fetch is installed and the proxy settings are the same) you can execute that file as a script. Put the ports then into /usr/ports/distfiles (or a subdirectory (it depends on the port, take a look into the Makefile for each port). After that you should be able to build gnokii Hope that helped. Marc PS: Isn't Internet via mobiles ... eum ... expensive? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: VIA EPIA ITX MoBo
Exactly what type of chip is the onboard AGP video? This would make an excellent, quiet, low-cost replacememnt for my Mom's PC. Good thing she doesn't log out of KDE, it takes about 10 minutes to restart hehe ... JB Hi John, please take a look at: http://www.viavpsd.com/product/epia_mini_itx_spec.jsp?motherboardId=21 There it is described in all glory. But be careful - I ordered an EPIA-800 (because they said it was without fan) but only if you got a Eden board then you have it up to 800 MHz without fan. The C3 boards need all a fan (as stated in the handbook). The only fan left is in the ITX powersupplies (and perhaps you can smooth them :)). Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message