Re: snapshot ssh: ChrootDirectory sftp Connection closed
On Wed, 17 Apr 2013, Darren Tucker wrote: > On Tue, Apr 16, 2013 at 12:25:54PM +0800, f5b wrote: > > the user share can not sftp to the server, > > but same config in Mar 1 snapshot, sftp is ok. > > it's caused by this change (feed it to patch -R to revert it), and it's > because the uid has already been set at this point. I haven't figured > out the right way to fix it, though. For now, I think we should revert > this. djm? ok -d
Re: OpenBSD Foundation benefit Auction / Absolute OpenBSD 2nd Ed.
On Tue, Apr 16, 2013 at 05:17:21PM -0400, Michael W. Lucas wrote: > Auction is over. $1,145 for the Foundation. > > http://blather.michaelwlucas.com/archives/1660 > > ==ml > > -- > Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e > coupon code "ILUVMICHAEL" gets you 30% off & helps me. > The Foundation is grateful! Ken
Re: OpenBSD Foundation benefit Auction / Absolute OpenBSD 2nd Ed.
Auction is over. $1,145 for the Foundation. http://blather.michaelwlucas.com/archives/1660 ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code "ILUVMICHAEL" gets you 30% off & helps me.
Re: D-Link Wireless card not recognized
Hi, On 04/11/13 13:59, Sebastian Reitenbach wrote: On Thursday, April 11, 2013 00:02 CEST, Riccardo Mottola wrote: I don't see it in ifconfig, dmesg says: vendor "Atheros", unknown product 0x0020 (class network subclass ethernet, rev 0x01) at cardbus0 dev 0 function 0 not configured take a look at man ath(4). There are some different AR52XX device types listed. If you are lucky, you have one of those chipsets, and only the card info needs to be added to match the driver. but how to know for sure? I put itinto my debian laptop, where it doesn't get recognized either: [ 1680.872130] pcmcia_socket pcmcia_socket1: pccard: CardBus card inserted into slot 1 [ 1680.872300] pci :06:00.0: [168c:0020] type 0 class 0x000200 [ 1680.872358] pci :06:00.0: reg 10: [mem 0x-0x0001] [ 1680.872568] pci :06:00.0: BAR 0: assigned [mem 0x1c00-0x1c01] and "pccardctl ident" doesn't say anything at all. Without support it is very difficult to know apparently. lspci tells me: 06:00.0 Ethernet controller: Atheros Communications Inc. AR5513 802.11abg Wireless NIC (rev 01) 06:00.0 Ethernet controller: Atheros Communications Inc. AR5513 802.11abg Wireless NIC (rev 01) Subsystem: D-Link System Inc DWL-G650M Super G MIMO Wireless Notebook Adapter Flags: medium devsel, IRQ 11 Memory at 1c00 (32-bit, non-prefetchable) [disabled] [size=128K] Capabilities: [44] Power Management version 2 Riccardo
Re: Ethernet card not working
> Hi,
>
> I inserted the card into a debian laptop which recongizes it. Here
> some output.
>
> dmesg:
> [ 149.244112] pcmcia_socket pcmcia_socket1: pccard: PCMCIA card
> inserted into slot 1
> [ 149.244234] pcmcia_socket pcmcia_socket1: cs: memory probe
> 0xa000-0xa0ff: excluding 0xa000-0xa00f
> [ 149.254856] pcmcia 1.0: pcmcia: registering new device pcmcia1.0 (IRQ: 4)
> [ 149.351576] pcnet_cs 1.0: eth0: NE2000 (DL10022 rev 30): io
> 0x320, irq 4, hw_addr 00:13:46:34:0d:62
>
> ifconfig:
> eth2 Link encap:Ethernet HWaddr 00:13:46:34:0d:62
> BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
> Interrupt:4 Base address:0x320
>
> pccardctl ident:
> Socket 1:
> product info: "D-Link
> ", "DFE-670TXD
> ", "PC Card
> ", ""
> manfid: 0x0149, 0x4530
> function: 6 (network)
>
> Is this enough? what can I provide more?
Does the following diff help?
Index: if_ne_pcmcia.c
===
RCS file: /cvs/src/sys/dev/pcmcia/if_ne_pcmcia.c,v
retrieving revision 1.95
diff -u -p -r1.95 if_ne_pcmcia.c
--- if_ne_pcmcia.c 3 Jul 2011 15:47:17 - 1.95
+++ if_ne_pcmcia.c 16 Apr 2013 20:26:47 -
@@ -296,19 +296,23 @@ const struct ne2000dev {
PCMCIA_CIS_IODATA_PCETTXR,
0, -1, { 0x00, 0xa0, 0xb0 } },
-{ PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
+{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
PCMCIA_CIS_DLINK_DFE670TXD,
0, -1, { 0x00, 0x05, 0x5d } },
-{ PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
+{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
PCMCIA_CIS_DLINK_DFE670TXD,
0, -1, { 0x00, 0x50, 0xba } },
- { PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
+ { PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
PCMCIA_CIS_DLINK_DFE670TXD,
0, -1, { 0x00, 0x0d, 0x88 } },
-{ PCMCIA_VENDOR_LINKSYS, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
+{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
+ PCMCIA_CIS_DLINK_DFE670TXD,
+ 0, -1, { 0x00, 0x13, 0x46 } },
+
+{ PCMCIA_VENDOR_NETGEAR, PCMCIA_PRODUCT_NETGEAR_FA410TXC,
PCMCIA_CIS_DLINK_DFE670TXD,
0, -1, { 0x00, 0x40, 0x05 } },
Re: Ethernet card not working
Hi, I inserted the card into a debian laptop which recongizes it. Here some output. dmesg: [ 149.244112] pcmcia_socket pcmcia_socket1: pccard: PCMCIA card inserted into slot 1 [ 149.244234] pcmcia_socket pcmcia_socket1: cs: memory probe 0xa000-0xa0ff: excluding 0xa000-0xa00f [ 149.254856] pcmcia 1.0: pcmcia: registering new device pcmcia1.0 (IRQ: 4) [ 149.351576] pcnet_cs 1.0: eth0: NE2000 (DL10022 rev 30): io 0x320, irq 4, hw_addr 00:13:46:34:0d:62 ifconfig: eth2 Link encap:Ethernet HWaddr 00:13:46:34:0d:62 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:4 Base address:0x320 pccardctl ident: Socket 1: product info: "D-Link ", "DFE-670TXD ", "PC Card ", "" manfid: 0x0149, 0x4530 function: 6 (network) Is this enough? what can I provide more? Riccardo
Re: snapshot ssh: ChrootDirectory sftp Connection closed
On 16 April 2013 18:24, Stefan Johnson wrote: > On Mon, Apr 15, 2013 at 11:25 PM, f5b wrote: > >> server >> kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 >> MDT 2013 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> >> /etc/ssh/sshd_config >> only add after last line >> >> Match Group share >> ForceCommand internal-sftp >> ChrootDirectory /home/chroot/ >> >> # sshd -t ##ok >> >> # mkdir /home/chroot/ >> >> # adduser share >> >> frome other machine, >> the user share can not sftp to the server, >> but same config in Mar 1 snapshot, sftp is ok. >> >> > 1) Add user. Make sure home directory is owned by root:wheel. My example > uses "anonftp" and the home directory is "/home/anonftp" > # grep anonftp /etc/passwd > anonftp:*:1004:10::/home/anonftp:/usr/bin/false > # ls -ld /home/anonftp > drwxr-xr-x 4 root wheel 512 Aug 22 2012 /home/anonftp > > 2) Make chroot home directory, and give it appropriate ownership and > permissions to your needs: > # ls -ld /home/anonftp/home > drwxr-xr-x 3 root users 512 Aug 22 2012 /home/anonftp/home > # ls -ld /home/anonftp/home/anonftp > drwxr-xr-x 2 anonftp users 512 Jan 16 13:13 /home/anonftp/home/anonftp > > 3) Ensure the Match block is set the way you want it. > Match User anonftp > X11Forwarding no > AllowTcpForwarding no > ForceCommand internal-sftp > ChrootDirectory /home/anonftp > > If you wanted to allow full on connections (not just sftp) you would also > need to set up tty devices and such in the chroot jail. Since this is just > sftp, the above should be sufficient. > > This is how I have it set up on my system, and it works fine. > > Hope this helps! Hello Stefan, so you surely were running current, right? Mine was working previously but update to the latest snapshot (that was about a week ago) broke it. Tried few things but no cigar. I'll try to report with more details if I find time. -- Sincerely, Ville Valkonen
Re: pf queueing and nat
John Tate writes: > I think I understand, can someone give me a look at a pf.conf with queueing > and nat rules. With an existing rule set in place, it's probably easier to do the queue assignment with a block of match rules. That way at least you don't affect the pass or block decision. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pf queueing and nat
I think I understand, can someone give me a look at a pf.conf with queueing
and nat rules.
It's hard to experiment because I'm logged in via ssh and would lose my
connection every time I make a change. Unfortunately the machine connected
to the firewall via null modem for a serial console has died :-(.
On Wed, Apr 17, 2013 at 4:05 AM, Christopher Zimmermann wrote:
> On Wed, 17 Apr 2013 03:32:52 +1000
> John Tate wrote:
>
> > I am adding queueing to my pf based nat for my home network. Since
> > there isn't a complete example involving nat and queuing I am not
> > entirely sure where to put things. I've read the manual and I think I
> > put things before the rdr-to rules. I also have a transparent ftp and
> > http proxy. I am not entirely sure if I put it before or after the
> > divert-to rules. I just need someone to show me where in the pf.conf
> > I've already done I should put things.
> >
> > I need to add the lines like these...
> > block out on $ext_if all
>
> Before everything else. Last match wins!
>
> > pass out on $ext_if inet proto tcp from ($ext_if) queue (std_out,
> > tcp_ack_out)
> > (And so on, including for incoming traffic on $int_if)
>
> I'm not sure whether queue rules are sticky, but later matching ones
> will overwrite earlier ones I'd guess, so put them as late as possible.
> I'd also put the nat rules as "match" rules at the very end, so you
> don't "forget" the real source address/port too early.
>
> Christopher
>
> >
> > My current pf.conf...
> > # grep -v '^#' /etc/pf.conf
> >
> > int_if="fxp0"
> > ext_if="pppoe0"
> >
> > murphy="10.0.0.2"
> > fekete="10.0.0.3"
> >
> > murphy_ports = "{ 8333 }"
> > fekete_ports = "{ 17001, 39191, 5938, }"
> >
> > tcp_services="{ 22 }"
> > icmp_types="echoreq"
> >
> > set skip on lo
> >
> > pass in quick on $int_if inet proto tcp to port http divert-to
> > 127.0.0.1 port 3128
> >
> > anchor "ftp-proxy/*"
> > pass in quick on $int_if inet proto tcp to port ftp divert-to
> > 127.0.0.1 port 8021
> >
> >
> > match out on egress inet from !(egress:network) to any nat-to
> > (egress:0)
> >
> > pass# to establish keep-state
> >
> >
> >
> >
> > block in on ! lo0 proto tcp to port 6000:6010
> >
> > block in log
> > pass out quick
> >
> > antispoof quick for { lo $int_if }
> >
> > pass in on egress inet proto tcp from any to (egress) \
> > port $tcp_services
> >
> > pass in on $ext_if proto tcp to port 21
> > pass in on $ext_if proto tcp to port > 49151
> >
> > pass in on egress inet proto tcp to (egress) port $murphy_ports rdr-to
> > $murphy
> > pass in on egress inet proto tcp to (egress) port $fekete_ports rdr-to
> > $fekete
> >
> > pass in inet proto icmp all icmp-type $icmp_types
> >
> > pass in on $int_if
> >
> >
> > --
> > www.johntate.org
> >
>
--
www.johntate.org
Re: pf queueing and nat
as far as i remember in the man page of pf there are places where u can
usually put the queueing rules so nat rules :)
> Date: Wed, 17 Apr 2013 03:32:52 +1000
> Subject: pf queueing and nat
> From: j...@johntate.org
> To: misc@openbsd.org
>
> I am adding queueing to my pf based nat for my home network. Since there
> isn't a complete example involving nat and queuing I am not entirely sure
> where to put things. I've read the manual and I think I put things before
> the rdr-to rules. I also have a transparent ftp and http proxy. I am not
> entirely sure if I put it before or after the divert-to rules. I just need
> someone to show me where in the pf.conf I've already done I should put
> things.
>
> I need to add the lines like these...
> block out on $ext_if all
> pass out on $ext_if inet proto tcp from ($ext_if) queue (std_out,
> tcp_ack_out)
> (And so on, including for incoming traffic on $int_if)
>
> My current pf.conf...
> # grep -v '^#' /etc/pf.conf
>
> int_if="fxp0"
> ext_if="pppoe0"
>
> murphy="10.0.0.2"
> fekete="10.0.0.3"
>
> murphy_ports = "{ 8333 }"
> fekete_ports = "{ 17001, 39191, 5938, }"
>
> tcp_services="{ 22 }"
> icmp_types="echoreq"
>
> set skip on lo
>
> pass in quick on $int_if inet proto tcp to port http divert-to 127.0.0.1
> port 3128
>
> anchor "ftp-proxy/*"
> pass in quick on $int_if inet proto tcp to port ftp divert-to 127.0.0.1
> port 8021
>
>
> match out on egress inet from !(egress:network) to any nat-to (egress:0)
>
> pass# to establish keep-state
>
>
>
>
> block in on ! lo0 proto tcp to port 6000:6010
>
> block in log
> pass out quick
>
> antispoof quick for { lo $int_if }
>
> pass in on egress inet proto tcp from any to (egress) \
> port $tcp_services
>
> pass in on $ext_if proto tcp to port 21
> pass in on $ext_if proto tcp to port > 49151
>
> pass in on egress inet proto tcp to (egress) port $murphy_ports rdr-to
> $murphy
> pass in on egress inet proto tcp to (egress) port $fekete_ports rdr-to
> $fekete
>
> pass in inet proto icmp all icmp-type $icmp_types
>
> pass in on $int_if
>
>
> --
> www.johntate.org
Re: pf queueing and nat
On Wed, 17 Apr 2013 03:32:52 +1000
John Tate wrote:
> I am adding queueing to my pf based nat for my home network. Since
> there isn't a complete example involving nat and queuing I am not
> entirely sure where to put things. I've read the manual and I think I
> put things before the rdr-to rules. I also have a transparent ftp and
> http proxy. I am not entirely sure if I put it before or after the
> divert-to rules. I just need someone to show me where in the pf.conf
> I've already done I should put things.
>
> I need to add the lines like these...
> block out on $ext_if all
Before everything else. Last match wins!
> pass out on $ext_if inet proto tcp from ($ext_if) queue (std_out,
> tcp_ack_out)
> (And so on, including for incoming traffic on $int_if)
I'm not sure whether queue rules are sticky, but later matching ones
will overwrite earlier ones I'd guess, so put them as late as possible.
I'd also put the nat rules as "match" rules at the very end, so you
don't "forget" the real source address/port too early.
Christopher
>
> My current pf.conf...
> # grep -v '^#' /etc/pf.conf
>
> int_if="fxp0"
> ext_if="pppoe0"
>
> murphy="10.0.0.2"
> fekete="10.0.0.3"
>
> murphy_ports = "{ 8333 }"
> fekete_ports = "{ 17001, 39191, 5938, }"
>
> tcp_services="{ 22 }"
> icmp_types="echoreq"
>
> set skip on lo
>
> pass in quick on $int_if inet proto tcp to port http divert-to
> 127.0.0.1 port 3128
>
> anchor "ftp-proxy/*"
> pass in quick on $int_if inet proto tcp to port ftp divert-to
> 127.0.0.1 port 8021
>
>
> match out on egress inet from !(egress:network) to any nat-to
> (egress:0)
>
> pass# to establish keep-state
>
>
>
>
> block in on ! lo0 proto tcp to port 6000:6010
>
> block in log
> pass out quick
>
> antispoof quick for { lo $int_if }
>
> pass in on egress inet proto tcp from any to (egress) \
> port $tcp_services
>
> pass in on $ext_if proto tcp to port 21
> pass in on $ext_if proto tcp to port > 49151
>
> pass in on egress inet proto tcp to (egress) port $murphy_ports rdr-to
> $murphy
> pass in on egress inet proto tcp to (egress) port $fekete_ports rdr-to
> $fekete
>
> pass in inet proto icmp all icmp-type $icmp_types
>
> pass in on $int_if
>
>
> --
> www.johntate.org
relayd on active-active CARP
Hello list,
I currently have active-active CARP of two nodes with relayd and relayd(pf)
stops forwarding packets if I do a "large file download".
Setup:
two OpenBSD 5.3 connected to a Cisco stack, with 'balancing ip-stealth' on
external and 'balancing arp' on internal.
Both external and internal are connected to the same stack, except that
external has its' own VLAN.
relayd handles redirects to internal web-farm and all works fine, until the
download of rather big file(600MB) is initiated from this farm.
Then PF just stops to rdr packets in both directions.
redirect www {
listen on $EXT1 port $def_ext_httpport
listen on $EXT2 port $def_ext_httpport
tag WWW
sticky-address
forward to port $int_httpport mode least-states check script
"/etc/check_web.sh"
forward to port $int_httpport mode least-states check
http "/" code 200
}
What I can see in tcpdump, then it happens, is that internal machines which
just worked normally and handled this download, tries to push packets out, but
I don't see anything come out towards the remote host. relayd however reports
that all hosts, including this one, are up.
Of cause my CARP setup has pfsync with 'defer on', so states should not be a
problem in this case.
However, then I bring down one of the nodes into BACKUP on ALL carp, this large
http-download works as expected, e.g.. it completes and does not stales. So as
long as ONE of two nodes handles all traffic - it's all OK.
Any ideas?
//mxb
pf queueing and nat
I am adding queueing to my pf based nat for my home network. Since there
isn't a complete example involving nat and queuing I am not entirely sure
where to put things. I've read the manual and I think I put things before
the rdr-to rules. I also have a transparent ftp and http proxy. I am not
entirely sure if I put it before or after the divert-to rules. I just need
someone to show me where in the pf.conf I've already done I should put
things.
I need to add the lines like these...
block out on $ext_if all
pass out on $ext_if inet proto tcp from ($ext_if) queue (std_out,
tcp_ack_out)
(And so on, including for incoming traffic on $int_if)
My current pf.conf...
# grep -v '^#' /etc/pf.conf
int_if="fxp0"
ext_if="pppoe0"
murphy="10.0.0.2"
fekete="10.0.0.3"
murphy_ports = "{ 8333 }"
fekete_ports = "{ 17001, 39191, 5938, }"
tcp_services="{ 22 }"
icmp_types="echoreq"
set skip on lo
pass in quick on $int_if inet proto tcp to port http divert-to 127.0.0.1
port 3128
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to port ftp divert-to 127.0.0.1
port 8021
match out on egress inet from !(egress:network) to any nat-to (egress:0)
pass# to establish keep-state
block in on ! lo0 proto tcp to port 6000:6010
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
pass in on $ext_if proto tcp to port 21
pass in on $ext_if proto tcp to port > 49151
pass in on egress inet proto tcp to (egress) port $murphy_ports rdr-to
$murphy
pass in on egress inet proto tcp to (egress) port $fekete_ports rdr-to
$fekete
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
--
www.johntate.org
Re: X (vesa) doesn't work with recent snapshot
On 04/16/13 10:07, Zoran Kolic wrote: inteldrm(4) after KMS changes hangs my computer early at boot, so I have it turned \ off always. I've upgraded to snapshot of Apr. 8, and noticed that run in somewhat I \ would call a semi-hangup mode. No, it doesn't freeze a system or something like, \ instead it shows nothing but black screen. I can switch to console, can even type my \ login/password blindly in xdm, then I can do ps on another vty, and see that it \ started a wm, but switching back to X again shows nothing but black screen. attached \ is Xorg.0.log I stopped upgrading to newer snapshots, due to this post. In my case, it is g550 with 2000 graphics. Similar to original poster. What is status on this right now? On modern intel chips it is known on freebsd not to go back to console after startx, since it gives black screen. It is pos- sible to type blind into the shell, but I avoid this. I su to root and isue shutdown from that. Best regards Zoran Can you install a new snapshot to a USB stick, boot the stick and test it from there? -- Scott McEachern https://www.blackstaff.ca
Re: snapshot ssh: ChrootDirectory sftp Connection closed
On Mon, Apr 15, 2013 at 11:25 PM, f5b wrote: > server > kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 > MDT 2013 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > /etc/ssh/sshd_config > only add after last line > > Match Group share > ForceCommand internal-sftp > ChrootDirectory /home/chroot/ > > # sshd -t ##ok > > # mkdir /home/chroot/ > > # adduser share > > frome other machine, > the user share can not sftp to the server, > but same config in Mar 1 snapshot, sftp is ok. > > 1) Add user. Make sure home directory is owned by root:wheel. My example uses "anonftp" and the home directory is "/home/anonftp" # grep anonftp /etc/passwd anonftp:*:1004:10::/home/anonftp:/usr/bin/false # ls -ld /home/anonftp drwxr-xr-x 4 root wheel 512 Aug 22 2012 /home/anonftp 2) Make chroot home directory, and give it appropriate ownership and permissions to your needs: # ls -ld /home/anonftp/home drwxr-xr-x 3 root users 512 Aug 22 2012 /home/anonftp/home # ls -ld /home/anonftp/home/anonftp drwxr-xr-x 2 anonftp users 512 Jan 16 13:13 /home/anonftp/home/anonftp 3) Ensure the Match block is set the way you want it. Match User anonftp X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /home/anonftp If you wanted to allow full on connections (not just sftp) you would also need to set up tty devices and such in the chroot jail. Since this is just sftp, the above should be sufficient. This is how I have it set up on my system, and it works fine. Hope this helps!
Re: X (vesa) doesn't work with recent snapshot
> inteldrm(4) after KMS changes hangs my computer early at boot, so I have it > turned \ > off always. I've upgraded to snapshot of Apr. 8, and noticed that run in > somewhat I \ > would call a semi-hangup mode. No, it doesn't freeze a system or something > like, \ > instead it shows nothing but black screen. I can switch to console, can even > type my \ > login/password blindly in xdm, then I can do ps on another vty, and see that > it \ > started a wm, but switching back to X again shows nothing but black screen. > attached \ > is Xorg.0.log I stopped upgrading to newer snapshots, due to this post. In my case, it is g550 with 2000 graphics. Similar to original poster. What is status on this right now? On modern intel chips it is known on freebsd not to go back to console after startx, since it gives black screen. It is pos- sible to type blind into the shell, but I avoid this. I su to root and isue shutdown from that. Best regards Zoran
Re: snapshot ssh: ChrootDirectory sftp Connection closed
I observed the same thing. Adding "UsePrivilegeSeparation no" to my sshd_config allowed connections. I haven't been able to troubleshoot this further. On Tue, Apr 16, 2013 at 6:07 AM, Ville Valkonen wrote: > On 16 April 2013 07:25, f5b wrote: >> server >> kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 MDT >> 2013 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> >> /etc/ssh/sshd_config >> only add after last line >> >> Match Group share >> ForceCommand internal-sftp >> ChrootDirectory /home/chroot/ >> >> # sshd -t ##ok >> >> # mkdir /home/chroot/ >> >> # adduser share >> >> frome other machine, >> the user share can not sftp to the server, >> but same config in Mar 1 snapshot, sftp is ok. >> > > Hi, > > same observations here. > > -- > Sincerely, > Ville Valkonen
Re: Important: following -current update!
On 04/16/13 06:13, Michał Markowski wrote: > $ cd /usr/src/sys/arch/`uname -m`/config > cd: no such file or directory: /usr/src/sys/arch/i386/config > $ cd /usr/src/sys/arch/`uname -m`/conf > $ > > > --- /cvs/www/faq/current.html Tue Apr 16 11:54:22 2013 > +++ /tmp/current.html Tue Apr 16 12:10:27 2013 > @@ -597,7 +597,7 @@ > > Update entire source tree using cvs > configure and build a new kernel: > - cd /usr/src/sys/arch/`uname -m`/config > + cd /usr/src/sys/arch/`uname -m`/conf > config GENERIC # or GENERIC.MP or whatever config you use > cd ../compile/GENERIC # or GENERIC.MP or ... > make clean > > > -- > MichaÅ‚ Markowski > yep, fixed, thanks! Nick.
Re: Important: following -current update!
$ cd /usr/src/sys/arch/`uname -m`/config cd: no such file or directory: /usr/src/sys/arch/i386/config $ cd /usr/src/sys/arch/`uname -m`/conf $ --- /cvs/www/faq/current.html Tue Apr 16 11:54:22 2013 +++ /tmp/current.html Tue Apr 16 12:10:27 2013 @@ -597,7 +597,7 @@ Update entire source tree using cvs configure and build a new kernel: - cd /usr/src/sys/arch/`uname -m`/config + cd /usr/src/sys/arch/`uname -m`/conf config GENERIC # or GENERIC.MP or whatever config you use cd ../compile/GENERIC # or GENERIC.MP or ... make clean -- Michał Markowski
Re: snapshot ssh: ChrootDirectory sftp Connection closed
On 16 April 2013 07:25, f5b wrote: > server > kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 MDT > 2013 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > /etc/ssh/sshd_config > only add after last line > > Match Group share > ForceCommand internal-sftp > ChrootDirectory /home/chroot/ > > # sshd -t ##ok > > # mkdir /home/chroot/ > > # adduser share > > frome other machine, > the user share can not sftp to the server, > but same config in Mar 1 snapshot, sftp is ok. > Hi, same observations here. -- Sincerely, Ville Valkonen
Re: Touchscreen support in OpenBSD
I, too, would appreciate this. I would elaborate more on this issue but I am under an NDA ( non-disclosure agreement ) at this time. On Sun, Apr 7, 2013 at 1:59 PM, Erling Westenvik wrote: > Someone gave me this old kiosk machine which works fine with Win2K, but > it would be much more fun to have OpenBSD running on it. If for nothing > else, then for shuffling icons around if I can get mpdBrowser to work.. > > The touch screen shows up in dmesg as > > ugen0 at uhub3 port 2 "MicroTouch Systems, Inc. MicroTouch USB > Touchscreen - EX II" rev 1.10/2.90 addr 2 > > and that is about how far I get. man mutouch(4) isn't very helpful and I > can't seem to find any relevant information on the net. > > Suggestions, anyone? > > Regards > Erling
Re: FAQ - Disk Imaging
I have worked with clonezilla cloning OpenBSD filesystems using its UFS support, but there are some problems concerning disklabel creation, what I did, if I remember correctly was creating a dd image from the first MB (or so of the disk) which when dumped will create the partition table and disklabel on the disk, then, with the label created you need to restore partitions on an specific order, though, first sda1, then sda2, sda3, sda4, sda5, sda6 (if you have more than 10 labels) I don't remember why... (but I remember that it has a bug where it would try to restore sda10, sda11, sda1, sda2, sda3, sda4...) I hope this is "useful"... On Tue, Apr 16, 2013 at 4:21 AM, Kevin Chadwick wrote: >> I'll try it and let you know. > > Well I did a very quick test into memory at first (whilst doing > something else at the same time) and it seemed to talk about ufs > filesystem usage and I was very surprised. I then tried some more > comprehensive tests and only found dd usage. > > I'll retry what I did initially and report if it is FFS-aware. > if you hear no more then take it that it only uses dd. > > -- > ___ > > 'Write programs that do one thing and do it well. Write programs to work > together. Write programs to handle text streams, because that is a > universal interface' > > (Doug McIlroy) > ___
Re: FAQ - Disk Imaging
> I'll try it and let you know. Well I did a very quick test into memory at first (whilst doing something else at the same time) and it seemed to talk about ufs filesystem usage and I was very surprised. I then tried some more comprehensive tests and only found dd usage. I'll retry what I did initially and report if it is FFS-aware. if you hear no more then take it that it only uses dd. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
