...making Linux just a little more fun!
Of course a number change doesn't really mean all that much more than that Linus Torvalds might be trying to push 2.6 out the door a little faster than what happened with 2.4. Also, for what it's worth, Joe Pranevich has just put out a draft version of the Wonderful World of Linux 2.6, posting this to the kernel list:
I've recently put together the first draft of a features document describing the changes in Linux 2.6. (I did similar documents for both Linux 2.2 and Linux 2.4.) It's based almost entirely on BitKeeper changelogs (with clarifying information pulled from the lists and the web), so there is a chance that I misunderstood something or that I missed something else entirely. Please give it a look over and if you see anything that needs a look-over, please let me know. As it stands now, I feel pretty good about how it turned out so I'm finally comfortable mailing what I have around. (There are still a couple areas that need expanding on, I think...)
As of right now, you can find the latest versions of the document available online.
Text version: http://www.kniggit.net/wwol26.txt
Tersely formatted HTML: http://www.kniggit.net/wwol26.html
Please let me know what you think.
Joe Pranevich jpranevich<at>kniggit.net
You need a new modutils variety entirely for 2.5x, and 2.6 kernels. Under Debian the package name to fetch is called module-init-tools
The upstream source can be gotten from
ftp://ftp.kernel.org/pub/linux/kernel/people/rusty/modules As LG goes to press the current available is 0.9.15-pre2.
The nice thing is, it doesn't conflict with modutils.
The current version of 2.6 (test 9) fixes some nasty memory leaks in the VFS layer for filesystem management. If you've been experimenting along in the 2.5.x/2.6 series, an upgrade is highly recommended.
In issue 92 Mike Martin asked: Has anyone any ideas on converting PDF's to decent text. Several of the Gang answered with useful programs. -- Heather
A loyal reader, Walt R, has sent in:
The tool pdftotext works, but
all formatting disappears.
Yes, an unfortunate side-effect. You might have to edit it by hand, to re-instate formatting...
In issue 92, Daniel Carneiro do Nascimento's question was pubbed in the Mailbag's "Help Wanted" section. -- Heather
BiDi in Wine is still being actively worked on, and is nowhere near complete. You should resend your e-mail to email@example.com to get to the people who /really/ know Wine.
Tru IPcop. It is firewall router. EVERY connection from inside is working and You are stealth to outsiders. Not closed... stealth! http://www.ipcop.org
Try. It is the best I ever used. I have had proxy two months before... now never again
My solution may or may not be OK for you. I have a little P75 laptop that acts as a NAT for my local area network. It runs OpenBSD with user PPP. I am unsure whether user PPP is available for Linux. Maybe you can use pppd and ipchains (or whatever its called now).
User PPP is configured in "auto" mode such that a request makes it dial out if its not connected. So if my wife requests an html page, PPP dials out, connects, and she gets her page. She uses Windows and is NATed thru the P75.
No users are on the P75. I have had two windows boxes, one FreeBSD box, and the P75 (ntpd) all sharing the same internet connection concurrently.
Could you please help me out to know the format of binaries in Linux. thanks in advance.
[Thomas] From last month's "Greetings from Heather Stern":
The same goes for you students out there with a take home light quiz. We can spot those a handful of kilometers away, give or take a mile. Maybe you should cc: your professor when you ask us the question, and he can give us the passing marks in your class. The point is to learn a few research skills - so for such questions, search google. Search our KnowedgeBase - it's part of what it's here for. Search TLDP.org and freshmeat if the problem is really about Linux.
To give you a hint, there's two types: ELF and a.out
- There's a nice discussion in the FreeBSD handbook
as a starting point. Came up in google easily enough.
I was looking at Dashboard (http://www.nat.org/dashboard), and noticed a link to a Microsoft Research project, MyLifeBits (http://research.microsoft.com/barc/mediapresence/MyLifeBits.aspx). I had a look around the site, and noticed that a lot of the projects have open source equivalents - some of them older than MS's version - and figured I'd make a list. (Before Dashboard there was the Remembrance Agent for Emacs, which I think outdates MyLifeBits).
* IntelliShrink (http://research.microsoft.com/~simonco/intellishrink.aspx) Shrinks e-mail to SMS abrv8tns. Free version: email2sms (http://adamspiers.org/computing/email2sms)
* World-Wide Media eXchange: (http://wwmx.org) Tools for stamping image files with their location, as well as tools for converting location information from GPS handsets to GPX. GPSBabel <http://gpsbabel.sourceforge.net/> can write GPX files, you can use exiftags <http://johnst.org/sw/exiftags/> to write this to an image.
* AutoDJ (http://research.microsoft.com/~jplatt/abstracts/autoDJ.html) Automatically generates music playlists. Cymbaline (http://silmarill.org/cymbaline.htm) does this.
* Media Computing (http://research.microsoft.com/mc) which has several subprojects, including Audio Content Analysis, which Maaate (http://www.cmis.csiro.au/maaate) does; Face Detection, Tracking and Recognition, which OpenCV (http://www.intel.com/research/mrl/research/opencv) does; Digital Album, which facilitates the annotation of photos, and searching based on these annotation - Gnome Storage (http://www.gnome.org/~seth/storage) can do this, among other things; Video Content Analysis, Representation and Access - VideoQuery (http://videoquery.sourceforge.net) can do this.
* Mobile IPv6 (http://research.microsoft.com/mobileipv6) Mobile IPv6 support is available for Linux - MIPL (http://www.mipl.mediapoli.com)
* Advanced Compiler Technology (http://research.microsoft.com/act) Optimising C# compilation. Mono (http://www.go-mono.net) follows Microsoft's research in this area, and generally implements it.
* Natural Language Processing (http://research.microsoft.com/nlp) There are several projects available for NLP, for example OpenNLP (http://opennlp.sourceforge.net)
* Camera Calibration (http://research.microsoft.com/~zhang/Calib) OpenCV does this too.
* Audio fingerprinting (http://research.microsoft.com/~cburges) Free Tantrum: (http://sourceforge.net/projects/freetantrum)
* Pastry (http://research.microsoft.com/~antr/Pastry) A peer to peer system - it's open source, and written in Java, so it should run on Linux.
* IceCube (http://research.microsoft.com/camdis/icecube.htm) IceCube allows for disconnected use by mobile clients... just like CODA (http://www.coda.cs.cmu.edu) does.
* .NET Generics (http://research.microsoft.com/projects/clrgen) Mono is working on this too.
* SML.NET (http://www.cl.cam.ac.uk/Research/TSG/SMLNET) SML.NET is Open Source
* The Social Computing Group (http://research.microsoft.com/scg) has a few projects which have open source equivalents --
** Sapphire: is pretty similar to Gnome Storage
** Conversation clusters: is similar to the vfolders in Ximian's Evolution
** Smart Previews: looks almost exactly like the previews in KDE 3.1
** Shared browsing: You can do this in Mozilla with DerTandemBrowser (http://dertandembrowser.mozdev.org)
The above command is supposed to tunnel all request on port 1234 to secure port 22 and allow a SFTP.
So.. on localhost I should be able to do: "ftp localhost 1234" and connect via ssh to remotehost ftp remote files. The problem is, it doesnt work. Is such a thing possible?
well -- I've no idea of sftp as such. according to the manpage this feature is SSH2 only. Are you sure your connection is protocoll level 2? Check with "-v".
To put localhost in there confused me for a moment, but it seems to be fine. You might want to out a real hostname to make it less confusing. Assuming your ssh is to the ftp-target "remotehost" would do fine.
I get the error: khh > ssh -L 1234:localhost:22 dachbox -s sftp usage: sftp [-vC1] [-b batchfile] [-o option] [-s subsystem|path] [-B buffer_size]
If I force level 2:
ssh -2 -L 1234:localhost:22 khhlap -s sftp
it just sits there. ftp localhost 1234 gets me a ftp interface which is unconnected. I don't have an ftpd running so I can't test further.
It would be a lot easier to answer anything if you would have sent the error message or what exactly does not work.
I'm not familiar with the ssh2 "-s" option. I've never used it. But I've successfully tunneled (using -L) http, smtp, ssl-imap and news ports through a firewall -- so basically it should work as long as ftp is in passive mode.
Reading through the answer to this question I noticed that the hyperlink for http://ltsp.org was incorrect, included a >, as well as the link for SIAG office suite was completely wrong. He said http://www.siag.org when it should have been http://siag.nu. You guys are doing a great job, but... I think somebody should take the time to make sure the links are correct at least to avoid sending people off on snipe hunts.
[Thomas] OK, that "he" to which Dave refers was actually me. However, as this goes to press, I cannot help but feel malace towards the tone of this e-mail. As Ben rightly goes on to say, don't complain or expect anything to be resolved unless you yourself can do something about it. This is a volenteer effort afterall.
OK, I admit that I did guess the URL for siag office, but I'm sure that you, the gentle reader, know how to use google.com/linux? I certainly hope so...
[Ben] Cool idea - thanks for voluntering! We'd love to have a proofreader. I have to warn you, though, that the quantity of mail, submissions, etc. that we get can be fairly overwhelming, so I hope you're offering a significant chunk of your time.
HINT: we're all volunteers here. Complaining about someone not taking the time - when that is the specific resource we contribute (especially since a number of us are consultants and normally get paid for that very resource) - is ungracious at the very least.
Helpful suggestions are always welcome. Complaints that aren't coupled with an offer to help, well, our /dev/null stays hungry no matter how many pretzels we feed it...
[Thomas] I almost got my hand bitten off the other day when I tried to feed it all the MIME-encoded e-mails we get. It seems that /dev/null hates them even more than we do I'd watch your fingers in the future, Ben. That /dev/null device doesn't take any passengers....
I was reading comp.unix.programmer and came across a comment about setting the LD_DEBUG environmental varible to 'help' and running a dynamic executable. Okay, let's try it:
~$ export LD_DEBUG=help ~$ ls Valid options for the LD_DEBUG environment variable are: libs display library search paths reloc display relocation processing files display progress for input file symbols display symbol table processing bindings display information about symbol binding versions display version dependencies all all previous options combined statistics display relocation statistics help display this help message and exit To direct the debugging output into a file instead of standard output a filename can be specified using the LD_DEBUG_OUTPUT environment variable.
See attached ls_output.txt
Fun thing to play with. And who knows, I might actually have a use for it someday.
Thanks, Jason - that's a really fine tidbit. It now reposes comfortably in my toolbox in the little niche by "strace" and keeps it from rolling around and rattling. I've spent the past week teaching people how to use the "grep" drill, the "awk" chopsaw, and the "sed" jackhammer, and can appreciate the finesse of a precision instrument all the more for that reason...
Could someone let me know what files I need to pull from my current system (where I get my email) to a new system? I would like to backup all the data and restore it to a new system and get the email over there; yet, have all my email folders/emails restored to the new system.?
Thanks in Advance
[Raj Shekhar] If you are using evolution , then in your home directory you will find a folder called evolution which will have all the mails + contacts + other settings. If you want to just find your emails, you will find them in
A piece of advice, if you back up your mail to a CD and then restore it, you will have the files which are read-only. I would suggest that you tar and gunzip your evolution folder before burning it to the CD , that way your file-permissions will be preserved.
[Thomas] Actually, that is inaccurate -- one can preserve permissions on CD quite easily, if they're copied with "cp -p". Also, why put them on CD at all? You could easily move them to another partition, which would preserve file permissions as well.
More obviously you can simply create an archive (tar, cpio, dump, pax) which will preserve the ownership and permissions. That's what Unix archives do, archive data with meta-data.
Then burn the .tar (or whatever) file into your CDR. Basically you'll create an ISO containing just one or a few archive files.
here is a confusing problem. I like to insert the alsa module in my woody. but the alsa-driver source has been located at */usr/src/modules/alsa-driver* & the kernel source at */usr/src/kernel-source-2.4.18*
make xconfig doesn't show the alsa option. do I need to move the alsa-driver at a particular directory (?) under the kernel-source to get the alsa option during make xconfig ??
I am interested in Linux and open source in general.I am new to linux, I read more about it but till now havn`t tried it. I downloaded small distributions like ' small linux ' but didn`t work. Having only dial up connection to the Internet it is difficult to download those big distros over analog phone, so what I ask is can you send a free CD of a distro of linux to get my feet wet or point me out to some sources where to find this.
HTH Neil Youngman
For those in the US, Cheap Bytes seems to carry it also. And a few more distros, too, in case a particular one strikes your fancy. -- Heather
just finished installing Sendmail, but now if i run make all in /etc/mail after running /usr/bin/newaliases, i am getting the following error:
make: No rule to make target 'domaintable.db', needed
by 'all' . Stop
Rather than DL'ing the pkg in parts via ftp, I think it would be much more striaght forward to DL the pkg as a tar or rpm and install from that.
I recently installed RH 9 and i have a LAN running on ISA server, tried to connect it but could't.
somebody told me configure samba so i did and now i could also see the computers on my network and even the PING to the server is OK
when i try to browse the network it gives me:
"HTTP 607 proxy Authentication required,
The ISA server requires authorization to fullfill
the request. Access to web proxy service denied (12209)"
it will be very helpful if anyone can plz suggest me a way out of this problem Excuse me being a Newbie
Weather i have to configure the ISA (a bit dificult to access for me) or is there any other way plz lemme know in either cases
Having read the previous answers to this question I would like to recommend a software program taht I recieved with my Sony Recorder, ' B's Recorder Gold5 ' http://www.bhacorp.com . I found this program to be very easy, I just loaded the program, cancelled the wizard. Next I found the ISO file and dragged into the bottom layer, then from the file menu I selected record and that was it a perfict disk.
Having read mail to this address since before it was a list I would like to recommend that software recommendations to MS Windows and Mac OS (non-portable to other forms of UNIX) products be sent just to the querent and other interested parties.
This is linux-questions-only; the LINUX Gazette "Answer Gang." Naturally, we'd like to encourage a "Linux-answers-mostly" policy.
A quick search of http://www.freshmeat.net on "ISO CD burn":
... gives me a list of about 25 ISO CDR programs --- I'm sure there are more than that it's a popular programming and scripting exercise.
Almost all of them are simply GUI, command line or curses (text dialog) driven front ends to Joerg Schilling's cdrecord and mkisofs Some also support cdrdao, mkybrid, or related command line tools.
As for DVD-R/RW and DVD+R/RW drives, the support for them seems to be a bit sketchy. I think they're getting closer but I still haven't gotten my Ikebana DVD+R/RW drive working yet (except as a CD-R/RW). (I haven't tried it recently either).
See also the "Best of ISO Burning Under Windows" in our KnowledgeBase. -- Heather
Sorry if this is not a "pure" linux item, but I take the chance.
Am trying to convert (import) Eudora (version 3.0.5) .mbx files to the KDE Kmail. For this I have used the Eudora2Unix.py script. That seems to work. It reports eg. 529 messages found for a given "folder".
The problem: When having moved the converted .mbx to the appropriate Kmail folder, I only see the first mail. I can guess that it depends on
the fact that Kmail keeps each mail in a separate file, while my Eudora stacks them in a single file referred to as folder (thus not a real folder in normal terminology). It should not be too hard to split the messages into separate files, but then comes the file naming convention in Kmail. What I have seen, it looks like a fancy (many digits) running number.
So, have I missed something with Kmail (option to set) or are there any s/w available to fix eg. messages -> separate-files.
Hoping for some hints.
Have you tried kmailcvt?
Thanks for your answer. I have found out the problem. KMail have two folder modes, maildir and mbox. I happened to move the Eudora mbox folder into a KMail maildir folder.
Just use a repeat_type of raw, so that XFree86 sees exactly the same thing as it would see if there was no GPM. BTW, I use a mouse type of autops2, and GPM can recognize the middle button.
Hey, thanks, Hubert. That did the trick. Sometimes I wish tips like
this were a bit more clearly documented, but I digress...
i downloaded the driver (most lucent winmodems that aren't AMR work, )
On the page you can load a binary driver, which means you dont have to recompile (check the versions tho)
now, i need help working with this beast. i'm using redhat 8.0. it says i have to recompile the kernel (i think) and since i am a complete newbie at working this stuff (the more i go into linux, the more i learn) could you give me some cut and dry instructions on how to install this driver as either a module or as a full part of the kernel. I have the kernel sources from kernel.org's website (i don't know if the headers come with it though, so i need help with this too). i'm an ultra newbie at linux, but in windows i am an advanced user.
Quick and dirty RH recompile
First dont use kernel.org sources - RH patch to high heaven. get kernel source rpm from ftp.redhat.com/pub/redhat/linux/updates/8.0/en/os/i386/ rpm -ivh <package> to install cp /usr/src/linux-2.4/configs/<your chosen arch config> /usr/src/linux-2.4/.config cd /usr/src/linux-2.4 make menuconfig then make any changes save then make dep&&make clean&&make bzImage&&make modules&&make modules_install then when this is all done cp boot/arch/i386/bzImage /boot/vmlinuz<your name for kernel here> cp System.map /boot/System.map<same version as above> rm -rf /boot System.map ln -s /boot/System.map etc //boot/System.map mkinitrd /boot/initrd-<version of kernel>.img version number then edit /boot/grub.conf to add these details as in the current entries.
Although RH normally add so many modules you may not need to recompile.
If this does not work you may not have the dev packages you need. you need at least
gcc make bison glibc-kernheaders glibc-devel ld cpp-devel libgcc-devel
(this is from memory so you could need a few more - rpm should tell you)
thank you for the support.
Tab completion for Python. Cool stuff, now all I can think about is how to implement this in Ruby.
I've been using the standard rlcompleter for years. What does rlcompleter2 add to the the standard module?
Ahhh, I see; it's sort of like Ian MacDonald's bash-completion package. It adds context sensitive completions and adds support for displaying the docstrings (.doc__ attributes for any function, module, or class) and apparently it displays the function signatures (argument list) as well.
I'll have to play with it.
/me downloads, plays, configures
Now my PYTHONSTARTUP for python2.2 and python2.3 are set to ~/.pythonrc.rlcompleter2
The startup for interactive sessions is a little slower. there is a noticeable hesitation during rlcompleter2 .setup() but it's not bad enough to worry about.
- /me is a IRCism --- traditional IRC clients have a /me command that highlights one's statement as an "action" --- a description rather than an utterence
I getting this error : Connection failed to 192.168.0.1,25 Connection refused if i try to sent mail straight from the server using pine
192.168.*.* are unroutable on the Internet (as per RFC191 . It may be that the server to which you are connecting is refusing you due to some internal (anti-spam and/or anti-relaying) configuration rules.
If i try to from windows workstations, the client are failing to get a response from the server
I checked sendmail status and it is running
I also restarted sendmail and i can only use pine twice and the third time it will throw the same error
if i run ps -aux | grep sendmail , there is this process [ sendmail < defunc and at one time there was
sendmail rejected connections running , which i do not understand
I see you've tried to provide additional information but a careful perusal reveals that you don't give enough RELEVANT information to actually answer your question.
Try to formulate a better question after you read the following LDP (Linux Documentation Project) HOWTOs and Guide chapters:
... note: I've tried to arrange these roughly in the best order for you to read them. Basically the first one should explain the concepts and terminology a little better, then next one might just help you solve the problem, and the others may help if you're still fighting with it beyond that. In other words, I don't expect you to read all of those, just read enough to solve the problem (or at least to be able to better explain it).
I'm in need of your help. I'm trying to flash some programs into
Simputer and tried using pfc. The configuration for serial communication is 115200/9600 baud and I get the following response on pfc's debug window.
Debug Messages are Displayed Here..
At first it wasn't clear how this is Linux-y...
> Using port /dev/ttyS0
> Please wait... Initializing....
> This will take about a minute..
> [This is a PicoPeta Simputer...you are assimilated]
> Simputer booted
> Sending [init 2]
At this time the progress bar stops and the application hangs forever. Similarly, when I tried using minicom(9600 8N1),I get response from simputer till the 'Simputer login' prompt and when I entered the login name, the getty process in Simputer doesn't respond with authetication validation or anyother message it is suppose to send. I saw the
Is it expecting a PPP connection? or does it have the wrong parity and databits setting?
rc.sysinit file which spawned a getty with 9600 baud... As in someother place where I was looking for the solution mentioned that we got to set the serial port for 115200 baud, I tried to change in the file even after providing write permission but couldn't write on to the file. So,
You almost certainly have to be root to write into /etc/inittab, and I cannot imagine any good reason that a regular user account should have writable access to it.
rc.stsinit itself might not be the right place to put this.
I killed the old getty process and spawned one with the new baud rate. Set the ispeed and ospeed to same... But,it doesn't work. One thing clean about the scenario is that from simputer the messages reach the PC which the other way it is not. It would be of great help if I can get it working. Thanks in Advance.
The most popular program to run on Linux boxes to answer on their serial port, is called 'mgetty'. It has a man page which is amazingly enough, usually kind of useful, and the typical /etc/inittab has an example line about how to activate it, commented out. getty is good, but mgetty has some special features for dealing with serial lines.
115200 is a common max speed for old style serial ports. 9600 is the bits frequency if using common voice (300 baud or so) with a fairly popular old line discipline to get bits on different parts of the carrier wave. Compression tricks are most of what gives faster modems their claimed speed.
Hope that helps.
hi every one, i have two systems one is windows2000 advanced server and another is linux7.3 iam unable to access it through telnet as superuser.
Access which one of those two?
Maybe you are trying to login as "root" directly at the telnet login. This is not allowed. You can login as an user and then change to root by using the "su" command.
Dear Mr. Dennis,
Actually, the days when TAG was a one-man-band have long since diminished. You have actually reached a whole "gang" of us who try and answer questions based on what querents write in.
I know very little about Linux. I've ran it a few years ago on a 386. However at the time there weren't too many applications for it. I want a
reliable CAD station but, I have only Windows programs. Does Linux run Windows applications reliably?
Umm, I think reliably is the operative word. If it is stability you're after then I would recommend running that application in its native environment -- windows. However to answer your question, WINE is what you're after:
That does a pretty good job at running Windows apps. There is also the option of using VMWare if the computer you're connecting to is remote.
If you look through our back issues and also check the KB out:
I remember there being a thread on CAD software for Linux.
True. In fact we have so many CAD and CASE programs that Freshmeat has to seperate sections for various types. And then there's modelling.. I understand that you can get very nice, if imprecise, 3D effects with these apps. -- Heather
Apologies, folks - I had published several large LJWNN Tech Tips in issue 93, but I must have been in too much of a hurry. A few of them were damaged there, thanks to a formatting mistake on my part. Sorry! Here are the repaired Tips, please enjoy them.
We will probably not republish Linux Journal Weekly News Notes tips in future issues of Linux Gazette. -- Heather
If your main home network is a wireless network, you don't want to wake up in the morning and find some joker has printed many pages of stuff to your networked printer. Put the printer on a wired, private network segment, and print to it with ssh.
To do this, install this script as lpr on your wirelessly connected laptop:
See attached lpr-ssh.bash.txt
(Thanks to the GAR project: http://www.lnx-bbc.org/README.html for the tip.)
If you have a lengthy command-line task, such as building complicated software, and need to catch an error that whizzes by in the middle, use script. It will run a shell and log all input and output to a file called "typescript" that you can then search or submit with a bug report.
The vacation program lets you send an automatic message when you'll be away from your e-mail. You can see who received your message with
vacation -l | cut -d ' ' -f 1 - > people_who_got_vacation_message
When you boot Linux, the kernel turns off Num Lock by default. This isn't a problem if, for you, the numeric keypad is the no-man's-land between the cursor keys and the mouse. But if you're an accountant, or setting up a system for an accountant, you probably don't want to turn it on every single time.
Here's the easy way, if you're using KDE. Go to K --> Preferences --> Peripherals --> Keyboard and select the Advanced tab. Select the radio button of your choice under NumLock on KDE startup and click OK.
If you only run KDE and want Num Lock on when you start a KDE session, you're done. Otherwise, read on.
To set Num Lock on in a virtual console, use:
If you choose to put this in a .bashrc file to set Num Lock when you log in, make it:
setleds +num &> /dev/null
...to suppress the error message you'll get if you try it in an xterm or over an SSH connection.
Finally, here's the way to hit this problem with a big hammer--make the numeric keypad always work as a numeric keypad in X, no matter what Num Lock says. This will make them never work as cursor keys, but you're fine with that because you have cursor keys, right? Create a file called .Xmodmap in your home directory, and insert these lines:
(from a Usenet post by Yvan Loranger: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=3BFD087F.2000300%40iquebec.com&rnum=3+)
See attached numpad.Xmodmap.txt
The last line takes the now-useless Num Lock key and makes it an extra Escape key. If your favorite accounting software uses one of the F keys frequently, you might prefer that.
The number to the left of the equals sign is an X "keycode", the key on the keyboard you pressed, and the number or name to the right is an X "keysym", the character or function X thinks it is. You don't have to look these up in some X manual. To find out the keycode and keysym for any key, run xev in an xterm, move the mouse to the small white xev window and watch the keycodes and keysyms scroll by in the xterm.
If you'd like to do SSH port forwarding with a passphrase, but require a passphrase to run commands, make a separate key for port forwarding only.
dmarti: example user name
bilbo: your desktop system
frodo: host running sshd
linuxjournal.com: some web site
Port forwarding also is called tunneling, so I'll call the key "tunnel". cd to your .ssh directory and create the key:
dmarti@bilbo:~/.ssh$ ssh-keygen -t dsa -f tunnel Generating public/private dsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in tunnel. Your public key has been saved in tunnel.pub. The key fingerprint is: 77:b4:02:d9:32:c2:cc:18:58:c3:23:0a:13:46:a7:fa dmarti@capsicum
Now edit tunnel.pub and add the following options to the beginning of the line:
That means this key is no longer any good for anything but port forwarding, because the only command it will run is /bin/false, and it won't forward X or agent commands.
sshd understands the options only when reading the key from authorized_keys, but if you put the options into the original .pub file, they'll stay with the key wherever it goes.
Now copy tunnel.pub to the end of your .ssh/authorized_keys at all the hosts to which you want to tunnel, and try it:
dmarti@bilbo:~$ ssh -i ~/.ssh/tunnel frodo Connection to zork.net closed.
No errors, nothing runs; that's what you want. If you get errors, you may have mangled the authorized_keys file on the server end; if you get a shell you need to check and fix the options.
Another possibility is that if you're running with ssh-agent and have the SSH_AUTH_SOCK environment variable set, you could be using a key provided by ssh-agent instead of the one on the command line. Put env -u in front of the command line to be sure not to use the agent.
Tunnel time! Let's use the long-suffering linuxjournal.com web server as a guinea pig and make a tunnel:
dmarti@bilbo:~$ ssh -i ~/.ssh/tunnel -N -L 8000:linuxjournal.com:80 frodo
To review that command line:
- -i ~/.ssh/tunnel to use our tunnel-only ssh key
- -N to not run a command (this is necessary, otherwise SSH will run only /bin/false and exit)
- -L 8000:linuxjournal.com:80 to forward local port 8000 to port 80 on linuxjournal.com.
- And finally, the hostname to which we're making the connection--it doesn't have to be the same as the host to which we're tunneling.