Installing the SSH Server Service on Knoppix
You can determine if a
Knoppix
Linux system is listening for
SSH connections on the
standard SSH
TCP
port of 22 by issuing the command
netstat -a | grep ssh
. If you
are returned to the shell prompt with no results displayed, then the
system isn't listening for SSH connections on port 22.
root@Microknoppix:/# netstat -a | grep ssh
root@Microknoppix:/#
You can also check to see if it is running by using the command
service --status-all
. If there is a plus sign next to
ssh
, it is running. If, instead, there is a minus sign, it is not
running.
root@Microknoppix:/# service --status-all
[ - ] acpid
[ - ] bootlogd
[ - ] bootlogs
[ ? ] bootmisc.sh
[ ? ] checkfs.sh
[ - ] checkroot.sh
[ ? ] console-screen.sh
[ ? ] console-setup
[ ? ] cpufrequtils
[ ? ] cron
[ ? ] cryptdisks
[ ? ] cryptdisks-early
[ + ] dbus
[ + ] ebtables
[ ? ] etc-setserial
[ - ] fsaua
[ ? ] fsrcdtest
[ - ] fsupdate
[ ? ] fsusbstorage
[ ? ] gpm
[ ? ] hdparm
[ - ] hostname.sh
[ ? ] hwclock.sh
[ ? ] hwclockfirst.sh
[ ? ] ifupdown
[ ? ] ifupdown-clean
[ ? ] kexec
[ ? ] kexec-load
[ ? ] keyboard-setup
[ ? ] keymap.sh
[ ? ] killprocs
[ ? ] klogd
[ ? ] knoppix-autoconfig
[ ? ] knoppix-halt
[ ? ] knoppix-reboot
[ ? ] knoppix-startx
[ ? ] loadcpufreq
[ ? ] lvm2
[ ? ] mdadm
[ ? ] mdadm-raid
[ ? ] module-init-tools
[ ? ] mountall-bootclean.sh
[ ? ] mountall.sh
[ ? ] mountdevsubfs.sh
[ ? ] mountkernfs.sh
[ ? ] mountnfs-bootclean.sh
[ ? ] mountnfs.sh
[ ? ] mountoverflowtmp
[ ? ] mtab.sh
[ + ] network-manager
[ ? ] networking
[ - ] nfs-common
[ - ] nfs-kernel-server
[ + ] open-iscsi
[ - ] portmap
[ ? ] pppstatus
[ ? ] procps
[ ? ] rc.local
[ - ] rmnologin
[ - ] rsync
[ ? ] screen-cleanup
[ ? ] sendsigs
[ ? ] setserial
[ - ] smartmontools
[ - ] ssh
[ - ] stop-bootlogd
[ - ] stop-bootlogd-single
[ ? ] sudo
[ ? ] sysklogd
[ ? ] udev
[ ? ] udev-mtab
[ ? ] umountfs
[ ? ] umountiscsi.sh
[ ? ] umountnfs.sh
[ ? ] umountroot
[ - ] urandom
On a Microknoppix system, such as may be present on a Rescue CD or
other live CD or
DVD, the SSH server software may not even be present on the CD or DVD. You
can use the apt-cache search
command followed by a
regular
expression, in this case ssh
, to determine if
the package is present on the system.
root@Microknoppix:/# apt-cache search ssh
libssl0.9.8 - SSL shared libraries
sshstart-knoppix - Starts SSH and sets a password for the knoppix user
openssh-client - secure shell (SSH) client, for secure access to remote machines
In the case above, I can see that only an SSH client is present. If I run the
sshstart-knoppix
command, I will be prompted to set a password for the
knoppix account on the system, but, since the SSH server package is not present,
the command won't actually start an sshd service.
If the SSH server service is not running and the SSH server package
is not installed, first you need to install
the SSH server software. To do so you may need to add an appropriate
package repository, such as http://us.debian.org/debian
to
the file /etc/apt/sources.list
. E.g., you will need to do
so when using the
F-Secure 3.16
Rescue CD.
If you attempt to install the openssh-server
package and
see the results below, then you need to add an appropriate repository
to /etc/apt/sources.list
so the system can find the package
and download it.
root@Microknoppix:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree...
Reading state information... Done
Package openssh-server is not available, but is referred to by another package.
This may mean that the package is missiong, has been obsoleted, or
is only available from another source
E: Package 'openssh-server' has no installation candiate
root@Microknoppix:/#
You can add the http://us.debian.org/debian
repository
to the end of the file by using the cat
command. Type
cat >> /etc/apt/sources.list
(make sure you use two
greater than signs so as to append to the file rather than overwrite it)
then type deb http://http.us.debian.org/debian stable main contrib
non-free
and then hit Enter. Then hit the Ctrl
and D keys simultaneously, i.e., Ctrl-D. Next issue the
command apt-get update
. When that command has completed,
issue the command apt-get install openssh-server
. When
informed of the amount of additional disk space that will be needed and
them prompted as to whether you wish to continue, type "Y". When
prompted "Install these packages without verification [y/N]?",
enter "y".
When the command completes you can then issue the command
netstat -a | grep ssh
to verify that the system
is listening on the SSH port, which is normally TCP port 22.
root@Microknoppix:/# netstat -a | grep ssh
tcp 0 0 *:ssh *:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
If you issued the command apt-cache search openssh-server
at this point, you would see the following:
root@Microknoppix:/# apt-cache search openssh-server
openssh-server - secure shell (SSH) server, for secure access from remote machines
Use the passwd
command to set the password for
the knoppix account, which you can use for remote logins.
root@Microknoppix:/tmp# passwd knoppix
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Hit Return to continue.
Once the SSH server service is running, you should be able to
connect to the system remotely with an SSH client on another system.
To determine what IP address you should use for the connection, you
can issue the command ifconfig
. You should see
an inet addr
line that will provide the system's
current IP address. It will typically be in the information
provided for the eth0
network interface. The
l0
interface is the
local loopback interface, which will have an IP address
of 127.0.0.1
. You can use that address to verify
that the SSH connectivity is working from the local system,
but not for a remote login.
root@Microknoppix:/# ifconfig
eth0 Link encap:Ethernet HWaddr 00:18:f3:a6:01:8a
inet addr:192.168.0.40 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::218:f3ff:fea6:18a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:334286 errors:0 dropped:0 overruns:0 frame:0
TX packets:262393 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:289663552 (276.2 MiB) TX bytes:183570787 (175.0 MiB)
Interrupt:23 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2331 (2.2 KiB) TX bytes:2331 (2.2 KiB)
To login remotely via SSH, use knoppix
for the login
account and provide the password you entered above for that account
when prompted for the password. Once you have logged in under the
knoppix account, you can obtain a Bash shell prompt
for the root account using the command sudo bash
.
knoppix@Microknoppix:~$ sudo bash
root@Microknoppix:/home/knoppix#
If you then need to stop, start, or restart the service, you can do
so using /etc/init.d/ssh
followed by the appropriate parameter.
root@Microknoppix:/# /etc/init.d/ssh
[info] Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restar
t|status}.
The configuration file for the SSHD service is
/etc/ssh/ssh_config
. You can change values by removing the
comment character, #, from the beginning of a line and chaning the
default value on the line, then stopping and restaring the service. Note:
stopping the sshd service won't disconnect an existing SSH connection, so
you can remotely restart the service with
/etc/init.d/ssh restart
without being disconnected.
[/os/unix/linux/knoppix]
permanent link
Obtaining an IP Address via DHCP
If a Knoppix system doesn't have an IP address assigned to an Ethernet
interface, you can obtain one by downing the interface with
ifdown eth0
and then brining it back up with
ifup
eth0
, which will cause the system to try to obtain an address via
DHCP.
[/os/unix/linux/knoppix]
permanent link
Mounting a Windows Hibernated Drive under Knoppix
After shutting down a Windows Vista laptop into
hibernation
mode, I wanted to copy the hibernation file,
hiberfil.sys
from the Windows Vista laptop's hard disk drive to an external USB drive to
analyze it on another system. I removed the drive from the laptop and put it
into a
Thermaltake Black Widow hard dirve eSATA + USB Docking Station, which
I attached the system I would use for the backup. I was unable to boot that
system from a
BartPE boot
disc, so I booted the system instead from a
Knoppix Linux Live CD. However, when
I connected the docking station with the laptop drive in it to the system,
I received the message below:
Error - Konqueror |
Windows is hibernated, won't mount.
Failed to mount '/dev/sdb1': Operation not permitted
The NTFS partition is hibernated. Please resume
WIndows and turned it
off properly, so mounting could be done safely.
OK
|
I only needed to mount the drive in read-only mode to copy
hiberfil.sys
from it, so I obtained a command prompt and opened
a Bash shell,
switched to the root account and mounted the device in read-only mode. I had
another external USB drive attached, which was to hold the backup, as
/dev/sda1
. The laptop drive had two partitions on it: the Windows
Vista partition, which was /dev/sdb1
and a recovery partition,
which was /dev/sdb2
.
knoppix@Knoppix:~$ sudo bash
root@Knoppix:~# mount -r /dev/sdb1 /media/sdb1
After copying hiberfil.sys
from the laptop drive to the other
external USB drive, I unmounted the laptop drive.
root@Knoppix:~# umount /dev/sdb2
root@Knoppix:~# umount /dev/sdb1
I checked the contents of the backup copy of hiberfil.sys
with the od
command. I saw that the first 4 bytes of the file
were "HIBR", which indicates the system containing the file was last shutdown
into hibernate mode rather than to a normal shutdown state.
To view just the first 8 bytes of the file with od, you can use
od -a -N 8
.
root@Knoppix:~# od -a -N 8 /mnt/hdd/hiberfil.sys
0000000 w a k e ht nul nul nul
0000010
References:
-
Hibernation
(computing)
Wikipedia, the free encyclopedia
-
Mounting a Hibernated Drive
Date: November 27, 2007
MoonPoint Support
[/os/unix/linux/knoppix]
permanent link
Obtaining an IP Address via DHCP with Pump on a Knoppix System
To obtain an IP address via the Dynamic Host Configuration Protocol (DHCP)
on a Knoppix Linux system, you can use
pump
. As root, you can
issue the commands below:
ifconfig eth0 up
pump -i eth0
The options available for pump
are shown below:
root@Knoppix:~# pump --help
Usage: pump [OPTION...]
-c, --config-file=STRING Configuration file to use instead of
/etc/pump.conf
-h, --hostname=hostname Hostname to request
-i, --interface=iface Interface to configure (normally eth0)
-k, --kill Kill daemon (and disable all interfaces)
-l, --lease=hours Lease time to request (in hours)
-L, --leasesecs=seconds Lease time to request (in seconds)
--lookup-hostname Force lookup of hostname
-r, --release Release interface
-R, --renew Force immediate lease renewal
-v, --verbose Log verbose debug info
-s, --status Display interface status
-d, --no-dns Don't update resolv.conf
--no-gateway Don't set a gateway for this interface
--no-setup Don't set up anything
--no-resolvconf Don't set up resolvconf
--no-bootp Ignore non-DHCP BOOTP responses
--script=STRING Script to use
--win-client-ident Set the client identifier to match Window's
Help options:
-?, --help Show this help message
[/os/unix/linux/knoppix]
permanent link
Proxychains and Knoppix
If you are using a Knoppix Linux system behind a
SOCKS proxy server,
you can use the
proxychains package to enable applications that don't natively understand
how to use a SOCKS proxy to work through the SOCKS proxy.
The proxychains program forces any tcp connection made by any given TCP client
to go through the specified proxy server (or proxy chain). It is a kind of
proxifier. It acts like sockscap / premeo / eborder driver (intercepts TCP
calls). Proxychains supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
Different proxy types can be mixed in the same chain.
Since Mozilla Firefox understands how to use SOCKS proxies, you can configure
it to go through the SOCKS proxy. You can configure it to use a SOCKS proxy
by clicking on Edit, then Preferences, and then the
Network tab. Click on Settings and then select
Manual proxy configuration. For a SOCKS proxy, put the address of
the SOCKS proxy server in the SOCKS Host field and the port that
is being used on that server in the Port field.
If I establish a SOCKS proxy server using the ssh
command,
e.g. ssh -D 8055 jdoe@192.168.1.1
, then I'm tunneling connections
to the SOCKS proxy through the encrypted SSH connection and I will use
127.0.0.1
in the SOCKS host field and 8055
in the Port field, rather than the default SOCKS proxy port of
1080
.
After downloading the proxychains package with Mozilla Firefox, aka iceweasel,
I used dpkg
to install it.
root@Knoppix:/home/knoppix# dpkg --install proxychains_2.1-5_i386.deb
Selecting previously deselected package proxychains.
(Reading database ... 0 files and directories currently installed.)
Unpacking proxychains (from proxychains_2.1-5_i386.deb) ...
dpkg: dependency problems prevent configuration of proxychains:
proxychains depends on libc6 (>= 2.3.2.ds1-21); however:
Package libc6 is not installed.
dpkg: error processing proxychains (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
proxychains
Proxychains looks for its configuration file in the following order:
- ./proxychains.conf
- $(HOME)/.proxychains/proxychains.conf
- /etc/proxychains.conf
I copied the sample file /etc/proxychains.conf.dpkg-new
to /etc/proxychains.conf
.
root@Knoppix:/home/knoppix# cp /etc/proxychains.conf.dpkg-new /etc/proxychains.conf
The following default information appears in that file:
# ProxyList format
# type host port [user pass]
# (values separated by 'tab' or 'blank')
#
#
# Examples:
#
# socks5 192.168.67.78 1080 lamer secret
# http 192.168.89.3 8080 justu hidden
# socks4 192.168.1.49 1080
# http 192.168.39.93 8080
#
#
# proxy types: http, socks4, socks5
# ( auth types supported: "basic"-http "user/pass"-socks )
#
http 10.0.0.5 3128
http 10.0.0.3 3128
http 10.0.0.5 3128
#socks5 192.168.1.4 1080
#socks4 10.5.81.143 1080
#http 192.168.203.18 8080
I commented out the http
lines with the 10.0.0.5
address by placing a "#" at the beginning of the line. I then removed
the "#" from the socks5
line and changed the address
from 192.168.1.4 to 127.0.0.1, since I was establishing a socks proxy
using the ssh command. I changed the port from the default SOCKS port of 1080
to the one I used when I established the SOCKS proxy with
ssh -D 8055 jdoe@192.68.1.1
, i.e. port 8055.
I then had the following lines in proxychains.conf
.
# http 10.0.0.5 3128
# http 10.0.0.3 3128
# http 10.0.0.5 3128
socks5 127.0.0.1 8055
#socks4 10.5.81.143 1080
#http 192.168.203.18 8080
I also commented out "random_chain" and "chain_len" and uncommented
"strict_chain".
I was then able to use proxychains
with gpg
to
import a public key for a package repository into the public keyring for the
root account.
root@Knoppix:/home/knoppix# proxychains gpg --keyserver wwwkeys.eu.pgp.net --rec
v-keys 9AA38DCD55BE302B
gpg: requesting key 55BE302B from hkp server wwwkeys.eu.pgp.net
ProxyChains-2.1 (http://proxychains.sf.net)
random chain (1):....127.0.0.1:5555....194.171.167.98:11371..OK
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 55BE302B: public key "Debian Archive Automatic Signing Key (5.0/lenny)
<ftpmaster@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
I was also able to use proxychains
for apt-get update
by using proxychains apt-get update
.
References:
-
ProxyChains - README (HowTo) TCP and DNS through proxy server, HTTP and
SOCKS
ProxyChains
[/os/unix/linux/knoppix]
permanent link
Linux LiveCD SATA Support
I booted a system which has a Serial ATA (SATA) drive in it from a
Knoppix 5.0.1
LiveCD, but could not
get the operating system to recognize the presence of the hard drive. So I
then booted from a
Slax LiveCD, but it
did not recognize the drive either.
The version of Slax I tried was the SLAX KillBill Edition 5.1.8.1. I then
booted the system with a
Sabayon
3.4e DVD. I was able to access the SATA drive then.
The problem is apparently due to the other distributions of Linux
not recognizing the Serial ATA chipset on the motherboard of the
system, at least for the versions that I was using. The system
has a PCChips
A31G V:1.0 motherboard According to Serial ATA (SATA)
chipsets ? Linux support status, "Some SATA chipsets have been
supported since practically forever, as their programming interfaces
are unchanged from PATA predecessors. Others are brand-new and require
new drivers from scratch.
Refererences:
-
LiveCD
Wikipedia - the free encyclopedia
-
Serial ATA (SATA) chipsets ? Linux support status
Revised: February 27, 2007
Linuxmafia
[/os/unix/linux/knoppix]
permanent link