Archive for July 2009
sys-auth/pam_ssh and net-misc/keychain
I’ve been using gentoo’s net-misc/keychain for a while now for password-less ssh. I followed gentoo doc’s recommendation and added to my ~/.zlogin the following lines:
keychain id_rsa id_rsa_nopass --quiet source ~/.keychain/$HOST-sh
The only beef I’m having with this setup is that after each reboot, I have to type in both my password (for login) and the keyphrase of my ssh identity file (b/c keychain), which is kind of repetitive, if you know what I mean ;)
So there’s a little “aha!” moment when I found pam_ssh in today’s updates on gentoo-portage. In fact, it’s as simple as adding ssh into the USE flags of sys-auth/pambase and emerge -1 pambase. No more repetitive password entries!
lafilefixer, kexec
have been troubled by the missing libogg.la for a while (sox never builds). google ‘libogg.la, gentoo’ points to a heated discussion in bugs.gentoo.org of whether or .la files should be included — apparently somebody intentionally removed it in the libogg build. No Comment! but I guess someone else stated my opinion quite clearly: a broken build a week is the best way to piss off end users. Anyway in that same thread there’s a fix: just `emerge lafilefixer` and do `lafilefixer –justfixit`
now onto a different topic. I’ve included kexec in the past several kernel builds, but never looked into it. It’s actually quite easy to use. just `emerge kexec-tools`, mod `/etc/conf.d/kexec`, and `rc-update add kexec boot`. Now the `reboot` command will just reload the kernel image specified in the conf file without rebooting the physical machine. (clearly, removing the kexec service shall return you to a normal `cold’ reboot)
create socks5 proxy using window-less openssh from cygwin
After half day’s work, my dad and I successfully revived a 7-year-old Toshiba Satellite 3000 S353 laptop, and he happily confiscated it as his travelling laptop. However, in considering that most online banks in China still require some IE activeX controls, he insisted that I replace the ArchLinux in it with WinXP, and since he has grown accustomed to the ssh tunnelling between his desktop and mine for him to browse all those news sites blocked by the GFW, he asked if I can do the same thing on the new windows.
So here’s the thing. We’ll need a cygwin environment, in particular its openssh, psmisc, run and any POSIX compliant shell (e.g., ash). Suppose the cygwin environment is installed in d:\cygwin, create ssh-proxy.bat batch script as follows:
REM ssh-proxy.bat
REM this will create a socks5 proxy at localhost:9999
REM @echo off
d:
cd cygwin\bin
REM give remote server two sec to close an already-open connection
killall ssh && sleep 2
REM use explicit invocation:
REM run /bin/ssh -Nf -D9999 user_name@your.ssh.server
REM or a `tunnel' profile in ~/.ssh/config:
run /bin/ssh -Nf tunnel
and if you opt to use the ssh profile `tunnel’, put the following in ~/.ssh/config (windows absolute path d:\cygwin\home\USER\.ssh\config):
# ~/.ssh/config
Host tunnel
HostName your.ssh.server
User user_name
Compression yes
DynamicForward 9999
# use pub-key auth for password-less connection. cf. SSH_CONFIG(5)
#IdentityFile ~/.ssh/some_private_id_file
Now for each internet session, just run ssh-proxy.bat once when you need the proxy. The run command used in the batch script prevents the ssh command from creating a console window. It’s almost transparent for web browsing if you combine it with foxyproxy and Firefox.
As an afterthought, I probably could have done it with putty and AHK, suppose AHK can hide the putty window, but that’d take me sometime to learn the AHK syntax.
