Msx 2 Roms Metal Gear (u)

OpenBSD 4.0 e filesystem /home criptato

Post updated.

After endless searching with Google, many failed experiments and various incazzature, I managed to create a filesystem / home encrypted on OpenBSD 4.0 without the use of particular programs, but with only the tools in the system.

The steps work properly with a partition 3GiB. Some guides report that the device can not exceed snvd the size of 8GiB. From some tests I made I would say that they are wrong. I assume that this procedure will work with higher dimensions, but is not guaranteed. If you have a way to test different configurations, please let me know.

The partition is to be encrypted / home and corresponds to the BSD partition 'g'. Adapt to suit your needs.

Start by installing OpenBSD as usual. You create all the partitions as you need as /, / tmp, / var, / usr, and of course a separate / home.

 Example: 16 partitions: # size offset fstype [fsize bsize cpg] a: 262017 63 4.2BSD 2048 16384 260 # Cyl 0 *- 259 b: 524160 262080 swap # Cyl 260 to 779 c: 19541088 0 unused 0 0 # Cyl 0 to 19,385 d: 262080 786240 4.2BSD 2048 16384 260 # Cyl 780-1039 e: 262080 1048320 4.2BSD 2048 16384 260 # Cyl 1040 to 1299 f: 12582864 1310400 4.2BSD 2048 16384 328 # Cyl 1300 to 13782 g: 5641776 13893264 4.2BSD 2048 16384 328 # Cyl 13783 to 19379 

ends the installation and restart the system.

Now, when you are ready to start the `process` to encrypt the / home partition, it must first be removed; and then you have to work as `root` and `normal 'people can not be logged into the system.
addition, the file `/ etc / fstab 'should not contain more than the line that automatically mounts / dev/wd0g in / home.

 # umount / home # dd if = / dev / zero of = / dev/wd0g bs = 1k 

At this point the partition is associated to a device `g` `` snvd0.

 # vnconfig snvd0-k / dev/wd0g Encryption key: 

will be prompted to enter your password. MUST BE VERY CAREFUL as it can be entered only once A ! Do not miss the next association as only you can `scoprire` che la password era sbagliata...

A questo punto si deve configurare il dispositivo "virtuale" come se fosse un disco. Lo si deve `configurare` in modo che contenga due partizione: `a` e `c`. Entrambe devono avere la stessa dimensione della partizione `reale` `g`. `c` è di tipo `unused`, mentre `a` è di tipo 4.2BSD. Il risultato deve essere come nell'esempio:

 # disklabel -E svnd0
disklabel: Can't get bios geometry: Device not configured

Initial label editor (enter '?' for help at any prompt)
> p
16 partitions:
#             size        offset  fstype [fsize bsize  cpg]
  a:      5641776              0  4.2BSD  ...
  c:      5641776 0 unused ... 

Now, you can format the partition `a`:

 # newfs / dev/svnd0a 

and is mounted on / home: # mount-o

 softdep, nodev, nosuid / dev/svnd0a / home 

The system is now ready for use. Note that all that is written to / home, it is actually written to the partition using the `g` `cipher blowfish`.

If you were to reboot the system, it shall automatically be stripped of the partition. However, when it will return `active`, the / home partition is not mounted. `` To activate it do the following:

# K-

 vnconfig svnd0 / dev/wd0g Encryption key: 

and type the correct password.
Now you can reassemble and check that the password is correct: # mount-o

 softdep, nodev, nosuid / dev/svnd0a / home 

If the system were to make a mistake and say that the partition contains a fs FFS, it means that the password is incorrect.

If all goes well, you can enjoy the / home partition encrypted!

Celica Immobiliser Fault

Vpn tramite ssh

The post has been modified to include a number of improvements.

From the series "ssh resources are endless," I present a little known feature of ssh to create VPN.
The information contained herein is an OpenBSD server and client Ubuntu Linux, but adapting them can be extended to any configuration.

In OpenSSH, for some time, we've included support for VPN tunneling using the pseudo-network device tun (available on many platforms).

The first step is enabled in the OpenSSH server activation request of the tunnel by the client and ensure that the only command that the client can do is to activate the device tun server
To do this Just add the following options in the configuration file (/ etc / ssh / sshd_config):

 ... PermitTunnel point-to-point PermitRootLogin forced-commands-only ... 

and restart the server by using the hangup signal.
See the manual the meaning of these parameters and the various other possible configurations.

Then, to authenticate the client without using passwords, and force him to run only the command to activate the tunnel, you can use public key authentication provided by OpenSSH.
Edit the file / root / .ssh / authorized_keys to contain a line like:

 tunnel = "0" command = "sh / etc / netstart tun0" ssh-rsa ... utente@macchina.dominio 

where the second space is the user's public key that is to trigger the tunnel.

this is done, all that remains is to configure the local interface tun0 is an address assigning.
On OpenBSD this work is done by providing the file hostname.if, in which `if` is the name of the device.
In our case we need to create a file from the content hostname.tun0:

 inet 192.168.0.9 dest 192.168.0.10 255 255 255 252 NONE 

interface that assigns the address 192.168.0.9 and expects the other end there is 192.168.0.10.
(In my LAN I have used these addresses and subnetting are among the free ones).

remains now is to configure the client.
By assumption, the activation of the VPN tunnel on the client will be done by root. using sudo, however you can launch the vpn activation by non-privileged user.
First, you decide the number of the tun device to use. (In the example, the client is used tun0).

client is configured by placing the configuration file / root / .ssh / config so that it contains:

 Host vpn tunnel yes Hostname server.domain TunnelDevice 0: any User root 

Furthermore, we must prepare the script `` enable_tunnel which has the task of giving is an address to the tun0 interface and set the routing table to reach the private LAN.
Remember that the address to be assigned in this case it is 192.168.0.10, and the remote is 192.168.0.9

Create a script in / root / bin / enable_tunnel the content:

 # / bin / sh ifconfig tun0 192.168.0.10 netmask 255,255,255,252 pointopoint 192.168.0.9 route add-net xxxx netmask 192.168.0.9 gw 

YYYY where XXXX and YYYY specifies the network address and netmask of the network that is `behind` the OpenSSH server.

Now, to ensure that normal users can activate the VPN, you need to configure sudo so that it can run the command: $ ssh-f

 vpn true & & sh / root / bin / enable_tunnel 

I solved the problem by creating an alias in your bash called vpn.

From this moment you can access the private network as if they were connected into it and, symmetrically, it can be accessed from it!

To end the VPN just kill the ssh process. PS

the VPN works even if you are behind a proxy server http / https. In order for this to happen, we must also enable the SSH server on port 443.
Also, install a program such as `connect-proxy 'on the client, and modify the configuration as:

 Host ProtocolKeepAlives 30 ProxyCommand vpn-proxy-connect proxy-H ABCD: 3128 443 server.domain Tunnel yes TunnelDevice 0: any User root 

Where ABCD: 3128 is the proxy server address and 3128 is the proxy port (usually squid).
The VPN works the same as above! In practice, it asks the server proxy `` put in contact with the door 443 of the SSH server. The proxy allows him to think that because we are using SSL. Instead, we're going to use SSH.

Four Poster Canopy Bed Plans

Ubuntu Stickers!

This morning I got two stickers "Powered by Ubuntu Linux" that I had requested last week!

What about ... are truly beautiful and make their shape! I have

messo uno sul portatile, ed uno sul desktop. Ora sono proprio personalizzati.

Per chi è interessato, può leggere come fare ad ottenerli tramite questo link .

Per un utente Ubuntu convinto, credo che questi siano un "must".