root@Microknoppix:/# netstat -a | grep ssh
root@Microknoppix:/#

You can also check to see if it is running by using the command service --status-all. If there is a plus sign next to ssh, it is running. If, instead, there is a minus sign, it is not running.

root@Microknoppix:/# service --status-all
 [ - ]  acpid
 [ - ]  bootlogd
 [ - ]  bootlogs
 [ ? ]  bootmisc.sh
 [ ? ]  checkfs.sh
 [ - ]  checkroot.sh
 [ ? ]  console-screen.sh
 [ ? ]  console-setup
 [ ? ]  cpufrequtils
 [ ? ]  cron
 [ ? ]  cryptdisks
 [ ? ]  cryptdisks-early
 [ + ]  dbus
 [ + ]  ebtables
 [ ? ]  etc-setserial
 [ - ]  fsaua
 [ ? ]  fsrcdtest
 [ - ]  fsupdate
 [ ? ]  fsusbstorage
 [ ? ]  gpm
 [ ? ]  hdparm
 [ - ]  hostname.sh
 [ ? ]  hwclock.sh
 [ ? ]  hwclockfirst.sh
 [ ? ]  ifupdown
 [ ? ]  ifupdown-clean
 [ ? ]  kexec
 [ ? ]  kexec-load
 [ ? ]  keyboard-setup
 [ ? ]  keymap.sh
 [ ? ]  killprocs
 [ ? ]  klogd
 [ ? ]  knoppix-autoconfig
 [ ? ]  knoppix-halt
 [ ? ]  knoppix-reboot
 [ ? ]  knoppix-startx
 [ ? ]  loadcpufreq
 [ ? ]  lvm2
 [ ? ]  mdadm
 [ ? ]  mdadm-raid
 [ ? ]  module-init-tools
 [ ? ]  mountall-bootclean.sh
 [ ? ]  mountall.sh
 [ ? ]  mountdevsubfs.sh
 [ ? ]  mountkernfs.sh
 [ ? ]  mountnfs-bootclean.sh
 [ ? ]  mountnfs.sh
 [ ? ]  mountoverflowtmp
 [ ? ]  mtab.sh
 [ + ]  network-manager
 [ ? ]  networking
 [ - ]  nfs-common
 [ - ]  nfs-kernel-server
 [ + ]  open-iscsi
 [ - ]  portmap
 [ ? ]  pppstatus
 [ ? ]  procps
 [ ? ]  rc.local
 [ - ]  rmnologin
 [ - ]  rsync
 [ ? ]  screen-cleanup
 [ ? ]  sendsigs
 [ ? ]  setserial
 [ - ]  smartmontools
 [ - ]  ssh
 [ - ]  stop-bootlogd
 [ - ]  stop-bootlogd-single
 [ ? ]  sudo
 [ ? ]  sysklogd
 [ ? ]  udev
 [ ? ]  udev-mtab
 [ ? ]  umountfs
 [ ? ]  umountiscsi.sh
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  urandom

On a Microknoppix system, such as may be present on a Rescue CD or other live CD or DVD, the SSH server software may not even be present on the CD or DVD. You can use the apt-cache search command followed by a regular expression, in this case ssh, to determine if the package is present on the system.

root@Microknoppix:/# apt-cache search ssh
libssl0.9.8 - SSL shared libraries
sshstart-knoppix - Starts SSH and sets a password for the knoppix user
openssh-client - secure shell (SSH) client, for secure access to remote machines

In the case above, I can see that only an SSH client is present. If I run the sshstart-knoppix command, I will be prompted to set a password for the knoppix account on the system, but, since the SSH server package is not present, the command won't actually start an sshd service.

If the SSH server service is not running and the SSH server package is not installed, first you need to install the SSH server software. To do so you may need to add an appropriate package repository, such as http://us.debian.org/debian to the file /etc/apt/sources.list. E.g., you will need to do so when using the F-Secure 3.16 Rescue CD.

If you attempt to install the openssh-server package and see the results below, then you need to add an appropriate repository to /etc/apt/sources.list so the system can find the package and download it.

root@Microknoppix:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree...
Reading state information... Done
Package openssh-server is not available, but is referred to by another package.
This may mean that the package is missiong, has been obsoleted, or
is only available from another source

E: Package 'openssh-server' has no installation candiate
root@Microknoppix:/#

You can add the http://us.debian.org/debian repository to the end of the file by using the cat command. Type cat >> /etc/apt/sources.list (make sure you use two greater than signs so as to append to the file rather than overwrite it) then type deb http://http.us.debian.org/debian stable main contrib non-free and then hit Enter. Then hit the Ctrl and D keys simultaneously, i.e., Ctrl-D. Next issue the command apt-get update. When that command has completed, issue the command apt-get install openssh-server. When informed of the amount of additional disk space that will be needed and them prompted as to whether you wish to continue, type "Y". When prompted "Install these packages without verification [y/N]?", enter "y".

When the command completes you can then issue the command netstat -a | grep ssh to verify that the system is listening on the SSH port, which is normally TCP port 22.

root@Microknoppix:/# netstat -a | grep ssh
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN

If you issued the command apt-cache search openssh-server at this point, you would see the following:

root@Microknoppix:/# apt-cache search openssh-server
openssh-server - secure shell (SSH) server, for secure access from remote machines

Use the passwd command to set the password for the knoppix account, which you can use for remote logins.

root@Microknoppix:/tmp# passwd knoppix
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Hit Return to continue.

Once the SSH server service is running, you should be able to connect to the system remotely with an SSH client on another system. To determine what IP address you should use for the connection, you can issue the command ifconfig. You should see an inet addr line that will provide the system's current IP address. It will typically be in the information provided for the eth0 network interface. The l0 interface is the local loopback interface, which will have an IP address of 127.0.0.1. You can use that address to verify that the SSH connectivity is working from the local system, but not for a remote login.

root@Microknoppix:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:18:f3:a6:01:8a  
          inet addr:192.168.0.40  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::218:f3ff:fea6:18a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:334286 errors:0 dropped:0 overruns:0 frame:0
          TX packets:262393 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:289663552 (276.2 MiB)  TX bytes:183570787 (175.0 MiB)
          Interrupt:23 Base address:0xc000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2331 (2.2 KiB)  TX bytes:2331 (2.2 KiB)

To login remotely via SSH, use knoppix for the login account and provide the password you entered above for that account when prompted for the password. Once you have logged in under the knoppix account, you can obtain a Bash shell prompt for the root account using the command sudo bash.

knoppix@Microknoppix:~$ sudo bash
root@Microknoppix:/home/knoppix#

If you then need to stop, start, or restart the service, you can do so using /etc/init.d/ssh followed by the appropriate parameter.

root@Microknoppix:/# /etc/init.d/ssh
[info] Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restar
t|status}.

The configuration file for the SSHD service is /etc/ssh/ssh_config. You can change values by removing the comment character, #, from the beginning of a line and chaning the default value on the line, then stopping and restaring the service. Note: stopping the sshd service won't disconnect an existing SSH connection, so you can remotely restart the service with /etc/init.d/ssh restart without being disconnected.

[/os/unix/linux/knoppix] permanent link

[/os/unix/linux/knoppix] permanent link

I only needed to mount the drive in read-only mode to copy hiberfil.sys from it, so I obtained a command prompt and opened a Bash shell, switched to the root account and mounted the device in read-only mode. I had another external USB drive attached, which was to hold the backup, as /dev/sda1. The laptop drive had two partitions on it: the Windows Vista partition, which was /dev/sdb1 and a recovery partition, which was /dev/sdb2.

knoppix@Knoppix:~$ sudo bash
root@Knoppix:~# mount -r /dev/sdb1 /media/sdb1

After copying hiberfil.sys from the laptop drive to the other external USB drive, I unmounted the laptop drive.

root@Knoppix:~# umount /dev/sdb2
root@Knoppix:~# umount /dev/sdb1

I checked the contents of the backup copy of hiberfil.sys with the od command. I saw that the first 4 bytes of the file were "HIBR", which indicates the system containing the file was last shutdown into hibernate mode rather than to a normal shutdown state. To view just the first 8 bytes of the file with od, you can use od -a -N 8.

root@Knoppix:~# od -a -N 8 /mnt/hdd/hiberfil.sys
0000000   w   a   k   e ht nul nul nul
0000010

References:

1. Hibernation (computing)
   Wikipedia, the free encyclopedia
2. Mounting a Hibernated Drive
   Date: November 27, 2007
   MoonPoint Support

[/os/unix/linux/knoppix] permanent link

ifconfig eth0 up
pump -i eth0

The options available for pump are shown below:

root@Knoppix:~# pump --help
Usage: pump [OPTION...]
  -c, --config-file=STRING     Configuration file to use instead of
                               /etc/pump.conf
  -h, --hostname=hostname      Hostname to request
  -i, --interface=iface        Interface to configure (normally eth0)
  -k, --kill                   Kill daemon (and disable all interfaces)
  -l, --lease=hours            Lease time to request (in hours)
  -L, --leasesecs=seconds      Lease time to request (in seconds)
  --lookup-hostname            Force lookup of hostname
  -r, --release                Release interface
  -R, --renew                  Force immediate lease renewal
  -v, --verbose                Log verbose debug info
  -s, --status                 Display interface status
  -d, --no-dns                 Don't update resolv.conf
  --no-gateway                 Don't set a gateway for this interface
  --no-setup                   Don't set up anything
  --no-resolvconf              Don't set up resolvconf
  --no-bootp                   Ignore non-DHCP BOOTP responses
  --script=STRING              Script to use
  --win-client-ident           Set the client identifier to match Window's

Help options:
  -?, --help                   Show this help message

[/os/unix/linux/knoppix] permanent link

Since Mozilla Firefox understands how to use SOCKS proxies, you can configure it to go through the SOCKS proxy. You can configure it to use a SOCKS proxy by clicking on Edit, then Preferences, and then the Network tab. Click on Settings and then select Manual proxy configuration. For a SOCKS proxy, put the address of the SOCKS proxy server in the SOCKS Host field and the port that is being used on that server in the Port field.

If I establish a SOCKS proxy server using the ssh command, e.g. ssh -D 8055 jdoe@192.168.1.1, then I'm tunneling connections to the SOCKS proxy through the encrypted SSH connection and I will use 127.0.0.1 in the SOCKS host field and 8055 in the Port field, rather than the default SOCKS proxy port of 1080.

After downloading the proxychains package with Mozilla Firefox, aka iceweasel, I used dpkg to install it.

root@Knoppix:/home/knoppix# dpkg --install proxychains_2.1-5_i386.deb 
Selecting previously deselected package proxychains.
(Reading database ... 0 files and directories currently installed.)
Unpacking proxychains (from proxychains_2.1-5_i386.deb) ...
dpkg: dependency problems prevent configuration of proxychains:
 proxychains depends on libc6 (>= 2.3.2.ds1-21); however:
  Package libc6 is not installed.
dpkg: error processing proxychains (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 proxychains

Proxychains looks for its configuration file in the following order:

1. ./proxychains.conf
2. $(HOME)/.proxychains/proxychains.conf
3. /etc/proxychains.conf

I copied the sample file /etc/proxychains.conf.dpkg-new to /etc/proxychains.conf.

root@Knoppix:/home/knoppix# cp /etc/proxychains.conf.dpkg-new /etc/proxychains.conf

The following default information appears in that file:

# ProxyList format
#       type  host  port [user pass]
#       (values separated by 'tab' or 'blank')
#
#
#        Examples:
#
#               socks5  192.168.67.78   1080    lamer  secret
#               http    192.168.89.3    8080    justu   hidden
#               socks4  192.168.1.49    1080
#               http    192.168.39.93   8080    
#               
#
#       proxy types: http, socks4, socks5
#        ( auth types supported: "basic"-http  "user/pass"-socks )
#
http    10.0.0.5 3128
http    10.0.0.3 3128
http    10.0.0.5 3128
#socks5 192.168.1.4 1080
#socks4 10.5.81.143 1080
#http   192.168.203.18 8080

I commented out the http lines with the 10.0.0.5 address by placing a "#" at the beginning of the line. I then removed the "#" from the socks5 line and changed the address from 192.168.1.4 to 127.0.0.1, since I was establishing a socks proxy using the ssh command. I changed the port from the default SOCKS port of 1080 to the one I used when I established the SOCKS proxy with ssh -D 8055 jdoe@192.68.1.1, i.e. port 8055. I then had the following lines in proxychains.conf.

# http  10.0.0.5 3128
# http  10.0.0.3 3128
# http  10.0.0.5 3128
socks5 127.0.0.1 8055
#socks4 10.5.81.143 1080
#http   192.168.203.18 8080

I also commented out "random_chain" and "chain_len" and uncommented "strict_chain".

I was then able to use proxychains with gpg to import a public key for a package repository into the public keyring for the root account.

root@Knoppix:/home/knoppix# proxychains gpg --keyserver wwwkeys.eu.pgp.net --rec
v-keys 9AA38DCD55BE302B
gpg: requesting key 55BE302B from hkp server wwwkeys.eu.pgp.net
ProxyChains-2.1 (http://proxychains.sf.net)
random chain (1):....127.0.0.1:5555....194.171.167.98:11371..OK
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 55BE302B: public key "Debian Archive Automatic Signing Key (5.0/lenny) 
<ftpmaster@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

I was also able to use proxychains for apt-get update by using proxychains apt-get update.

References:

1. ProxyChains - README (HowTo) TCP and DNS through proxy server, HTTP and SOCKS
   ProxyChains

[/os/unix/linux/knoppix] permanent link

root@Knoppix:~# cat /etc/debian_version
lenny/sid

[/os/unix/linux/knoppix] permanent link

The problem is apparently due to the other distributions of Linux not recognizing the Serial ATA chipset on the motherboard of the system, at least for the versions that I was using. The system has a PCChips A31G V:1.0 motherboard According to Serial ATA (SATA) chipsets ? Linux support status, "Some SATA chipsets have been supported since practically forever, as their programming interfaces are unchanged from PATA predecessors. Others are brand-new and require new drivers from scratch.

Refererences:

1. LiveCD
   Wikipedia - the free encyclopedia
   
2. Serial ATA (SATA) chipsets ? Linux support status
   Revised: February 27, 2007
   Linuxmafia

[/os/unix/linux/knoppix] permanent link