Re: [gentoo-user] Any way to automate login to host and su to root?

[Grant Taylor]

On 7/14/22 1:08 PM, Neil Bothwick wrote:

I was accepting your point, one I hadn't considered.


Ah.  Okay.  :-/  Here I was hoping to learn something new from you.  ;-) 
 Still a good discussion none the less.  :-)




--
Grant. . . .
unix || die

Re: [gentoo-user] USB random disconnections in VB Win10 VM

[Mark Knecht]

On Thu, Jul 14, 2022, 4:25 PM Wol  wrote:
>
> On 14/07/2022 18:42, Mark Knecht wrote:
> > If instead I'm in Linux with a Win10 VM running I can run the same
> > software in the VM, and it will always see the external DSP when first
> > started, but at random times, generally 5-20 seconds but never more than
> > 5 minutes, the software will tell me the USB connection has been
> > interrupted and I am forced in the software to reestablish a connection.
> > I am always able to reconnect but I am so far unable to keep it
connected.
>
> Is there a setting in VB to say "take over the USB port"? ISTR something
> of the sort, which would basically let Win10 take over the port and
> drive it, with linux out of the picture.
>
> Don't trust me on this, I don't play with USB and it's ages since I
> stumbled across this, but it's worth taking a look.
>
> Cheers,
> Wol


Good questions. I'm not sure with USB. As I understand it there
are options in Virtualbox to pass through complete pieces of hardware.
I've read that people do this with complete graphics cards. In theory
possibly it could be done with USB but my guess is it might be
difficult as most USB controllers are part of the chipset. Still, it's worth
some study.

As this DSP processor is identified as an audio device I wondered
today if possibly pulseaudio might be trying to grab it. I intend to
look into configuring PA not to touch it.

There's also (possibly) blacklisting certain USB device IDs. In the
VM I configured it to understand the device ID and hook to it.
Possibly I can tell the Linux USB stack to ignore this device so that
PA or some other part of the system just stays away.

But being that the DSP device is an guitar amplifier modeler
and my new Tele came back from my guitar tech at lunchtime
I spent the afternoon playing the guitar! Nonproductive but fun!

Thanks for the ideas,
Mark

Re: [gentoo-user] Boot has no space left.

[Dale]

Wol wrote:
> On 15/07/2022 00:01, Dale wrote:
>> Guillermo García wrote:
>>>
>>> Hello again guys, how are you? I hope you're fine.
>>>
>>> I remember someone told me a program to use to remove old kernels in
>>> order to get more space on /boot, i tried to search the original
>>> message that the guy sent me trough this list, but i cannot find it.
>>>
>>> Here's a screenshot of my /boot folder:
>>>
>>> I guess the kernel version i use is this one:
>>>
>>> Could someone tell me a method to remove the old kernels in order to
>>> get more space in /boot?
>>>
>>> Thank you, and regards,
>>>
>>> Guillermo.
>>>
>>
>>
>> I found it for you.  The package is app-admin/eclean-kernel.  I think
>> there is a wiki page on the Gentoo website for that.  I recall it
>> being pretty easy to use.
>>
> Bear in mind, if the OP is running 5.15.10, that's the second oldest
> kernel in the list. If he's got five newer kernels there, is
> eclean-kernel going to assume the live kernel is out-of-date and
> delete it? NOT a good idea.
>
> The OP needs to make sure that both 5.15.41 and 5.15.48 are in his
> boot menu, AND that they both work, before risking clearing out the
> rest ...
>
> Cheers,
> Wol
>
> .
>


I've never used the tool.  I clean mine manually.  That way I know what
is going on.  Right now, I can't get a new kernel to boot cleanly.  I'm
stuck with a older one but it works.  I've tried two different version
but still fails with something.  Maybe next time. 

Dale

:-)  :-) 

Re: [gentoo-user] Boot has no space left.

[tastytea]

On 2022-07-15 00:21+0100 Wol  wrote:

> On 15/07/2022 00:01, Dale wrote:
> > Guillermo García wrote:  
> >>
> >> Hello again guys, how are you? I hope you're fine.
> >>
> >> I remember someone told me a program to use to remove old kernels
> >> in order to get more space on /boot, i tried to search the
> >> original message that the guy sent me trough this list, but i
> >> cannot find it.
> >>
> >> Here's a screenshot of my /boot folder:
> >>
> >> I guess the kernel version i use is this one:
> >>
> >> Could someone tell me a method to remove the old kernels in order
> >> to get more space in /boot?
> >>
> >> Thank you, and regards,
> >>
> >> Guillermo.
> >>  
> > 
> > 
> > I found it for you.  The package is app-admin/eclean-kernel.  I
> > think there is a wiki page on the Gentoo website for that.  I
> > recall it being pretty easy to use.
> >   
> Bear in mind, if the OP is running 5.15.10, that's the second oldest 
> kernel in the list. If he's got five newer kernels there, is 
> eclean-kernel going to assume the live kernel is out-of-date and
> delete it? NOT a good idea.
> 
> The OP needs to make sure that both 5.15.41 and 5.15.48 are in his
> boot menu, AND that they both work, before risking clearing out the
> rest ...

The current kernel is never removed by eclean-kernel.

> The kernel choice algorithm is quite simple:
> 
> 1. If the kernel is currently used, don't remove it;
> 2. If the kernel is referenced by a bootloader, don't remove it
>(unless ``--destructive``);
> 3. If auxiliary files do not map to existing kernel, remove them;
> 4. If ``--all`` is used, remove the kernel;
> 5. If kernel is not within *N* newest kernels (where *N* is the
> argument to ``-n``), remove it.



Since the grub boot menu includes all kernels in /boot by default as
far as i know, it is probably necessary to run eclean-kernel with
--destructive and re-generate the boot menu afterwards.

Kind regards, tastytea

Re: [gentoo-user] USB random disconnections in VB Win10 VM

[Wol]

On 14/07/2022 18:42, Mark Knecht wrote:
If instead I'm in Linux with a Win10 VM running I can run the same 
software in the VM, and it will always see the external DSP when first 
started, but at random times, generally 5-20 seconds but never more than 
5 minutes, the software will tell me the USB connection has been 
interrupted and I am forced in the software to reestablish a connection. 
I am always able to reconnect but I am so far unable to keep it connected.


Is there a setting in VB to say "take over the USB port"? ISTR something 
of the sort, which would basically let Win10 take over the port and 
drive it, with linux out of the picture.


Don't trust me on this, I don't play with USB and it's ages since I 
stumbled across this, but it's worth taking a look.


Cheers,
Wol

Re: [gentoo-user] Boot has no space left.

[Wol]

On 15/07/2022 00:01, Dale wrote:

Guillermo García wrote:


Hello again guys, how are you? I hope you're fine.

I remember someone told me a program to use to remove old kernels in 
order to get more space on /boot, i tried to search the original 
message that the guy sent me trough this list, but i cannot find it.


Here's a screenshot of my /boot folder:

I guess the kernel version i use is this one:

Could someone tell me a method to remove the old kernels in order to 
get more space in /boot?


Thank you, and regards,

Guillermo.




I found it for you.  The package is app-admin/eclean-kernel.  I think 
there is a wiki page on the Gentoo website for that.  I recall it being 
pretty easy to use.


Bear in mind, if the OP is running 5.15.10, that's the second oldest 
kernel in the list. If he's got five newer kernels there, is 
eclean-kernel going to assume the live kernel is out-of-date and delete 
it? NOT a good idea.


The OP needs to make sure that both 5.15.41 and 5.15.48 are in his boot 
menu, AND that they both work, before risking clearing out the rest ...


Cheers,
Wol

Re: [gentoo-user] Boot has no space left.

[Wol]

On 14/07/2022 23:51, Guillermo García wrote:

Hello again guys, how are you? I hope you're fine.

I remember someone told me a program to use to remove old kernels in 
order to get more space on /boot, i tried to search the original message 
that the guy sent me trough this list, but i cannot find it.


Here's a screenshot of my /boot folder:

I guess the kernel version i use is this one:

Could someone tell me a method to remove the old kernels in order to get 
more space in /boot?


What kernels are in your grub.cfg / boot menu. If they're not in there, 
just delete them from /boot.


It's normal to have your latest kernel in the boot menu, and one backup 
kernel.


So, for every kernel NOT in your boot list, cd into /boot and, as root, 
do "rm -i *x.y.z*" where x.y.z is the kernel version you want to get rid 
of. It'll query what files it's going to delete, but so long as it looks 
sensible, say "y" and get rid of it.


It looks like you've got seven kernels there, so five sevenths space 
freed up is quite a lot ...


Cheers,
Wol

RE: [gentoo-user] MAC whitelisting and UDP traffic.

[Laurence Perkins]

>>
>> From: Adam Carter adamcart...@gmail.com
>> Sent: Tuesday, July 12, 2022 11:13 PM
>> To: Gentoo User 
>> gentoo-user@lists.gentoo.org
>> Subject: Re: [gentoo-user] MAC whitelisting and UDP traffic.
>>
>>
>> On Tue, Jul 12, 2022 at 7:35 AM Laurence Perkins 
>> lperk...@openeye.net wrote:
>> Ok, I asked a while ago about whitelisting MAC ranges for firewall rules, 
>> and just so you know, adding 16 million potential MAC addresses to the 
>> firewall…  Doesn’t work well…  No matter how you do it.  So I had to write a 
>> daemon to monitor which ones were local and add just those.  Whatever.
>>
>> That brings me to the next problem.  The routing and NAT work just fine if 
>> I’m letting everything through.  But if I’m dropping connections that don’t 
>> come from authorized devices then UDP only works in the outbound direction…  
>> TCP is fine.
>>
>> For reference, the rules consist of:
>>
>> iptables -t nat -I POSTROUTING -o  -j MASQUERADE
>> iptables -A FORWARD -i   -o  -m state --state 
>> RELATED,ESTABLISHED -j ACCEPT
>>
>> And then the daemon adds a:
>> iptables -A FORWARD -i  -o  -m mac --mac-source > ADDRESS> -j ACCEPT
>>
>> for each authorized device.
>>
>> TCP works perfectly.
>> UDP based protocols send out just fine, but any replies get blocked if the 
>> FORWARD chain’s default policy is  DROP.
>>
>> Now…  Everything I’m reading says that it’s supposed to be able to associate 
>> UDP replies based on port number, which indeed it must be doing in order for 
>> them to get translated correctly and directed to the correct device inside 
>> the NAT when the default policy is ACCEPT.
>>
>> So why is that rule to accept related packets not triggering for them?
>
> I also would have expected the UDP replies to be permitted via -state 
> RELATED,ESTABLISHED.
>
> Do they at least get into the state table;
> grep udp /proc/net/nf_conntrack
>

Well, they had been all getting in that list for the outbound packets, but then 
never noting that replies had come...

This morning when I went to pull a few lines for this reply, they're there and 
marked as ASSURED.

And yet, of the four devices attached to the inside for testing purposes, only 
one of them has established its OpenVPN connection.

So I'm going to set up some more detailed tests and some additional hardware 
arrangements and see if I can get more specific about what does and does not 
connect properly.

LMP

Re: [gentoo-user] Boot has no space left.

[Dale]

Guillermo García wrote:
>
> Hello again guys, how are you? I hope you're fine.
>
> I remember someone told me a program to use to remove old kernels in
> order to get more space on /boot, i tried to search the original
> message that the guy sent me trough this list, but i cannot find it.
>
> Here's a screenshot of my /boot folder:
>
> I guess the kernel version i use is this one:
>
> Could someone tell me a method to remove the old kernels in order to
> get more space in /boot?
>
> Thank you, and regards,
>
> Guillermo.
>


I found it for you.  The package is app-admin/eclean-kernel.  I think
there is a wiki page on the Gentoo website for that.  I recall it being
pretty easy to use. 

Hope that helps.

Dale

:-)  :-) 

[gentoo-user] Boot has no space left.

[Guillermo García]

Hello again guys, how are you? I hope you're fine.

I remember someone told me a program to use to remove old kernels in 
order to get more space on /boot, i tried to search the original message 
that the guy sent me trough this list, but i cannot find it.


Here's a screenshot of my /boot folder:

I guess the kernel version i use is this one:

Could someone tell me a method to remove the old kernels in order to get 
more space in /boot?


Thank you, and regards,

Guillermo.

Re: [gentoo-user] Any way to automate login to host and su to root?

[Steve Wilson]

Have you looked at dev-tcltk/expect?

There's possibly an example you could try at 
 
although you probably want to prompt for the password or retreive it 
programatically rather than putting it on the command line :o


Steve.

On 14/07/2022 07:35, J. Roeleveld wrote:

Hi All,

I am looking for a way to login to a host and automatically change to root
using a password provided by an external program.

The root passwords are stored in a vault and I can get passwords out using a
script after authenticating.

Currently, I need to do a lot of the steps manually:
ssh @
su -
(copy/paste password from vault)

I would like to change this to:
 

Does anyone have any hints on how to achieve this without adding a "NOPASSWD"
entry into /etc/sudoers ?

Thanks in advance,

Joost

Re: [gentoo-user] USB random disconnections in VB Win10 VM

[Mark Knecht]

On Thu, Jul 14, 2022 at 10:58 AM Michael  wrote:
>
> On Thursday, 14 July 2022 18:42:10 BST Mark Knecht wrote:
> > Does anyone have experience with what causes random USB disconnects in a
> > Virtualbox VM and possibly how to fix them?



>
> I don't recall having noticed a similar problem with different USB
devices on a
> Win10 VM here, but just in case have you checked USB power saving
settings?
>
> https://www.windowscentral.com/how-prevent-windows-10-turning-usb-devices

Michael,
   I had all basic power management completely disabled in the VM.

   I did not know about the USB Selective Suspend feature. After a reboot I
thought it might have helped but about 4 minutes after starting the app it
once again says connection interrupted.

Still looking,
Mark

Re: [gentoo-user] Any way to automate login to host and su to root?

[Neil Bothwick]

On Thu, 14 Jul 2022 11:01:29 -0600, Grant Taylor wrote:

> > Well, almost true.  
> 
> Please elaborate.

I was accepting your point, one I hadn't considered.


-- 
Neil Bothwick

.<-Stealth Tagline


pgpjnElIyW_vw.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] USB random disconnections in VB Win10 VM

[Michael]

On Thursday, 14 July 2022 18:42:10 BST Mark Knecht wrote:
> Does anyone have experience with what causes random USB disconnects in a
> Virtualbox VM and possibly how to fix them?
> 
> I have a new external DSP processor box that connects to Windows host
> software over USB. If I dual boot my Linux box into Win10 the control
> software works fine for as long as I want to use it. Communication is
> bi-directional and everything is great.
> 
> If instead I'm in Linux with a Win10 VM running I can run the same software
> in the VM, and it will always see the external DSP when first started, but
> at random times, generally 5-20 seconds but never more than 5 minutes, the
> software will tell me the USB connection has been interrupted and I am
> forced in the software to reestablish a connection. I am always able to
> reconnect but I am so far unable to keep it connected.
> 
> I've tried the VB USB 1.1, 2.0 and 3.0 virtual interfaces. Only 3.0 works
> at all.
> 
> I have tried multiple USB ports on the host machine. All work in native
> Windows. All work in Virtualbox but all disconnect.
> 
> I see absolutely no messages of any type about USB disconnection in dmesg.
> I don't know where else to look.
> 
> The Virtualbox logs aren't clear to me so I'm studying those at this time,
> as well as asking in the VIrtualbox forums and here.
> 
> Thanks in advance,
> Mark

I don't recall having noticed a similar problem with different USB devices on a 
Win10 VM here, but just in case have you checked USB power saving settings?

https://www.windowscentral.com/how-prevent-windows-10-turning-usb-devices



signature.asc
Description: This is a digitally signed message part.

[gentoo-user] USB random disconnections in VB Win10 VM

[Mark Knecht]

Does anyone have experience with what causes random USB disconnects in a
Virtualbox VM and possibly how to fix them?

I have a new external DSP processor box that connects to Windows host
software over USB. If I dual boot my Linux box into Win10 the control
software works fine for as long as I want to use it. Communication is
bi-directional and everything is great.

If instead I'm in Linux with a Win10 VM running I can run the same software
in the VM, and it will always see the external DSP when first started, but
at random times, generally 5-20 seconds but never more than 5 minutes, the
software will tell me the USB connection has been interrupted and I am
forced in the software to reestablish a connection. I am always able to
reconnect but I am so far unable to keep it connected.

I've tried the VB USB 1.1, 2.0 and 3.0 virtual interfaces. Only 3.0 works
at all.

I have tried multiple USB ports on the host machine. All work in native
Windows. All work in Virtualbox but all disconnect.

I see absolutely no messages of any type about USB disconnection in dmesg.
I don't know where else to look.

The Virtualbox logs aren't clear to me so I'm studying those at this time,
as well as asking in the VIrtualbox forums and here.

Thanks in advance,
Mark

Re: [gentoo-user] Any way to automate login to host and su to root?

[Grant Taylor]

On 7/14/22 9:56 AM, Neil Bothwick wrote:
That is true, but it is also true about the current setup as that 
also gives root access. I get the impression that Joost is looking 
for a more convenient approach that does not reduce security, which 
is true here...


I'm all for being /more/ secure, especially when doing so can be made to 
appear to be /simpler/ for the end user.


I think the quintessential example of this is authenticating to sudo 
with SSH keys via SSH agent forwarding.  It eliminates the password 
prompt or the NOPASSWD: option.  Either way, you have better security 
posture (always authenticated) and / or users have a better experience 
(no password prompt).



Well, almost true.


Please elaborate.

I consider it fairly difficult for non-root users to get a copy of the 
/etc/shadow file on most systems.  Conversely, SSH private key files 
tend to ... leak / be forgotten.




--
Grant. . . .
unix || die

Re: [gentoo-user] Any way to automate login to host and su to root?

[Neil Bothwick]

On Thu, 14 Jul 2022 09:37:45 -0600, Grant Taylor wrote:

> > Is this user only used as a gateway to root access, or can you set 
> > up such a user? If so you could use key-based authentication for 
> > that user, with a passphrase, and add command="/bin/su --login" 
> > to the authorized_keys line. That way you still need three pieces 
> > of information,  
> 
> Be mindful that despite the fact that this protects things on the 
> surface, it is / can be a way to boot strap changing this.
> 
> After all, nothing about this forced command prevents the user from 
> using the acquired root access to modify the ~/.ssh/authorized_keys
> file enforcing the command.

That is true, but it is also true about the current setup as that also
gives root access. I get the impression that Joost is looking for a more
convenient approach that does not reduce security, which is true here...

> > replacing the user's password with the user's key passphrase.  
> 
> This is another slippery slope.  SSH key pass phrases can be brute 
> forced in an offline fashion.  Conversely, system passwords are more of 
> an online attack.

Well, almost true.


-- 
Neil Bothwick

Barth's Distinction:
There are two types of people: those who divide people into two types, and
those who don't.


pgp0dpdmQYd4i.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Any way to automate login to host and su to root?

[Grant Taylor]

On 7/14/22 8:48 AM, Neil Bothwick wrote:
Is this user only used as a gateway to root access, or can you set 
up such a user? If so you could use key-based authentication for 
that user, with a passphrase, and add command="/bin/su --login" 
to the authorized_keys line. That way you still need three pieces 
of information,


Be mindful that despite the fact that this protects things on the 
surface, it is / can be a way to boot strap changing this.


After all, nothing about this forced command prevents the user from 
using the acquired root access to modify the ~/.ssh/authorized_keys file 
enforcing the command.


This is one of the pitfalls that I alluded to in my earlier reply about 
security vs automation.  Quite simply, this is NOT security as it's 
trivial to use the access (su -) to gain more access (edit the 
~/.ssh/authorized_keys file).



replacing the user's password with the user's key passphrase.


This is another slippery slope.  SSH key pass phrases can be brute 
forced in an offline fashion.  Conversely, system passwords are more of 
an online attack.  Assuming that standard system protections are in 
place for /etc/shadow*.  --  It's easier to get a copy of someone's 
private SSH key file, especially if they are somewhat lax about it's 
security believing that the passphrase will protect it.




--
Grant. . . .
unix || die

Re: [gentoo-user] Any way to automate login to host and su to root?

[Grant Taylor]

On 7/14/22 3:54 AM, J. Roeleveld wrote:
For security reasons, I do not want direct login to root under any 
circumstances. This is disabled on all systems and will stay this way.


+10 for security


Currently, to login as root, you need to know:
- admin user account name
- admin user account password
- root user account password


Please describe what an ideal scenario would be from a flow perspective, 
independent of the underlying technology.



I do not want to reduce this to a single ssh-key-passphrase.


Please elaborate as I suspect that the reasoning behind that statement 
is quite germane to this larger discussion.




--
Grant. . . .
unix || die

Re: [gentoo-user] Any way to automate login to host and su to root?

[Grant Taylor]

On 7/14/22 12:35 AM, J. Roeleveld wrote:

Hi All,


Hi,

I am looking for a way to login to a host and automatically change 
to root using a password provided by an external program.


Please clarify if you want to /require/ a password?

I can think of some options that would authenticate, thus avoiding 
sudo's NOPASSWD:, but not prompt for a password.  I want to know if 
those types of options are on the table or if they should be discarded.


The root passwords are stored in a vault and I can get passwords out 
using a script after authenticating.


Okay.


Currently, I need to do a lot of the steps manually:
ssh @
su -


You could alter that slightly to be:

   ssh @ su -

That would combine the steps into one.


(copy/paste password from vault)


Are you actually copying & pasting the password?  Or will you be using 
something to retrieve the password from the vault and automatically 
provide it to su?


I think that removing the human's need ~> ability to copy & paste would 
close some security exposures.


Aside:  This remove the human's ability to copy ~> know the password 
from the mix as a security measure can be a slippery slope and I 
consider it to be questionable at best.  --  Conversely, doing it on 
behalf of the human with a password that they know simply as automation 
is fine.



I would like to change this to:
 


I think that's doable.  I've done a lot of that.  I'll take it one step 
further and put " " in a for loop to do my bidding on 
a number of systems.


I think the "ssh @ su -" method might be a bit cleaner from 
a STDIN / TTY / FD perspective.


Does anyone have any hints on how to achieve this without adding a 
"NOPASSWD" entry into /etc/sudoers ?


Flag on the play:  You've now mixed privilege elevation mechanism.  You 
originally talked about "su" and now you're talking about "sudo".  They 
are distinctly different things.  Though admittedly they can be used in 
concert with each other.


If you are using SSH keys /and/ sudo, then I'd recommend that you 
investigate authenticating to sudo via (forwarded) SSH keys.  This means 
that your interactions with sudo are /always/ authenticated *and* done 
so without requiring an interactive prompt.



Thanks in advance,


There's more than a little bit here.  There are a number of ways that 
this could go.




--
Grant. . . .
unix || die

Re: [gentoo-user] Any way to automate login to host and su to root?

[Francisco Ares]

Em qui., 14 de jul. de 2022 11:48, Neil Bothwick 
escreveu:

> On Thu, 14 Jul 2022 11:54:46 +0200, J. Roeleveld wrote:
>
> > For security reasons, I do not want direct login to root under any
> > circumstances. This is disabled on all systems and will stay this way.
> >
> > Currently, to login as root, you need to know:
> > - admin user account name
> > - admin user account password
> > - root user account password
> >
> > I do not want to reduce this to a single ssh-key-passphrase.
>
> Is this user only used as a gateway to root access, or can you set up such
> a user? If so you could use key-based authentication for that user, with
> a passphrase, and add command="/bin/su --login" to the authorized_keys
> line. That way you still need three pieces of information, replacing the
> user's password with the user's key passphrase.
>
>
> --
> Neil Bothwick
>
> 30 minutes of begging is not considered foreplay.
>

Or you might consider creating a ssh key pair for the remote root and login
directly to root with no password, only using the ssh keys.

>

Re: [gentoo-user] Any way to automate login to host and su to root?

[Neil Bothwick]

On Thu, 14 Jul 2022 11:54:46 +0200, J. Roeleveld wrote:

> For security reasons, I do not want direct login to root under any 
> circumstances. This is disabled on all systems and will stay this way.
> 
> Currently, to login as root, you need to know:
> - admin user account name
> - admin user account password
> - root user account password
> 
> I do not want to reduce this to a single ssh-key-passphrase.

Is this user only used as a gateway to root access, or can you set up such
a user? If so you could use key-based authentication for that user, with
a passphrase, and add command="/bin/su --login" to the authorized_keys
line. That way you still need three pieces of information, replacing the
user's password with the user's key passphrase.


-- 
Neil Bothwick

30 minutes of begging is not considered foreplay.


pgpyJwzayljgd.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] No sound. Please, help!

[Peter Humphrey]

On Thursday, 14 July 2022 14:36:42 BST Neil Bothwick wrote:

> God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t,"
> and there was light.

Nice one!

-- 
Regards,
Peter.

Re: [gentoo-user] No sound. Please, help!

[Neil Bothwick]

On Thu, 14 Jul 2022 08:53:11 +0100, Michael wrote:

> On this laptop the onboard WiFi has to be switched on already at boot
> time, or I need to reboot after switching it on.  Restarting the wlan0
> service without a reboot fails to connect to the AP.
> 

I have a similar issue with a USB WiFi adaptor, particularly after a
suspend. I found that I can wake it u without rebooting with

rfkill block wlan; rfkill unblock wlan


-- 
Neil Bothwick

God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t,"
and there was light.


pgplOeyhZK8T7.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] No sound. Please, help!

[Jude DaShiell]

I'll go on a guess alsa got installed on the system.  If that is correct,
please try a command as root in terminal if necessary or on console:


amixer set Master 100% unmute && alsactl store && aplay
/usr/share/sounds/alsa/Front_Center.wav
It's possible that doesn't work because /var/lib/alsa/asound.state exists
or /var/lock/alsa.lock exists.
If those two files do not exist and pulseaudio and/or pipewire hasn't
gummed up the works that should work.

Re: [gentoo-user] Any way to automate login to host and su to root?

[J. Roeleveld]

On Thursday, 14 July 2022 10:04:21 CEST Mickaël Bucas wrote:
> Le jeu. 14 juil. 2022 à 08:35, J. Roeleveld  a écrit :
> > Hi All,
> > 
> > I am looking for a way to login to a host and automatically change to root
> > using a password provided by an external program.
> > 
> > The root passwords are stored in a vault and I can get passwords out using
> > a script after authenticating.
> > 
> > Currently, I need to do a lot of the steps manually:
> > ssh @
> > su -
> > (copy/paste password from vault)
> 
> Why not use directly ssh root@ ?
> With an SSH key protected by a passphrase that would be a single step
> to connect.
> You would have a passphrase to manage but you already are using a tool for
> that. If you accept the risks, you could also use an SSH key without a
> passphrase.
> 
> sshd on the host must be configured with
> PermitRootLogin=prohibit-password at minimum, which is the default
> value.

For security reasons, I do not want direct login to root under any 
circumstances. This is disabled on all systems and will stay this way.

Currently, to login as root, you need to know:
- admin user account name
- admin user account password
- root user account password

I do not want to reduce this to a single ssh-key-passphrase.

--
Joost

Re: [gentoo-user] Any way to automate login to host and su to root?

[Mickaël Bucas]

Le jeu. 14 juil. 2022 à 08:35, J. Roeleveld  a écrit :
>
> Hi All,
>
> I am looking for a way to login to a host and automatically change to root
> using a password provided by an external program.
>
> The root passwords are stored in a vault and I can get passwords out using a
> script after authenticating.
>
> Currently, I need to do a lot of the steps manually:
> ssh @
> su -
> (copy/paste password from vault)

Why not use directly ssh root@ ?
With an SSH key protected by a passphrase that would be a single step
to connect.
You would have a passphrase to manage but you already are using a tool for that.
If you accept the risks, you could also use an SSH key without a passphrase.

sshd on the host must be configured with
PermitRootLogin=prohibit-password at minimum, which is the default
value.

> I would like to change this to:
>  
>
> Does anyone have any hints on how to achieve this without adding a "NOPASSWD"
> entry into /etc/sudoers ?
>
> Thanks in advance,
>
> Joost

Best regards

Mickaël Bucas

Re: [gentoo-user] No sound. Please, help!

[Michael]

On Thursday, 14 July 2022 07:19:14 BST gevisz wrote:
> пт, 11 мар. 2022 г. в 20:15, gevisz :
> > пн, 19 окт. 2020 г. в 00:15, gevisz :
> > > вс, 18 окт. 2020 г. в 21:15, Dale :
> > > > gevisz wrote:
> > > > > вс, 18 окт. 2020 г. в 17:20, Dale :
> > > > >> gevisz wrote:
> > > > >>> No sound at least in Firefox. Tried it on youtube. Skype is
> > > > >>> currently
> > > > >>> uninstalled. So, I cannot check using it.
> > > > >> 
> > > > >> Just a thought.  Are you sure that everything is unmuted?  Years
> > > > >> ago,
> > > > >> all the sound control software, Kmix, alsa and others, default to
> > > > >> mute.
> > > > >> If just one of them is muted, no sound.  I seem to recall when I
> > > > >> did my
> > > > >> install on this rig that I had to unmute the sound in three places,
> > > > >> Kmix, alsa and one other that I can't recall the name of.  I think
> > > > >> I had
> > > > >> to turn up the volume on alsa as it was set to a really low level
> > > > >> once
> > > > >> it was unmuted.  Usually, I turn all of them to the max except the
> > > > >> one I
> > > > >> mainly use.  In my case, Kmix is the one I use to really control
> > > > >> things
> > > > >> since it sits on the panel thingy.  The others are set at the max.
> > > > >> 
> > > > >> It's a silly thing but thought it worth a mention just in case
> > > > >> there is
> > > > >> a muted setting somewhere.
> > > > > 
> > > > > Thank you for your input. Yes, it seems that something is muted but
> > > > > what?
> > > > > I have no KDE and no kmix installed. No pulseaudio.
> > > > 
> > > > Type in alsamixer in a console or whatever you use and hit tab twice. 
> > > > I
> > > > suspect you have that installed.  You should have a text version, like
> > > > a
> > > > console uses, and a gui version, that should work in any DM.  Pick
> > > > your
> > > > poison and see if anything there is muted or the volume is set really
> > > > low, like 1 out of 100 or something.  I think hitting the "m" key
> > > > toggles the mute.
> > > 
> > > I am sorry to confess that I forgot that I should use M to unmute
> > > a channel in alsamixer (as I did about 14 years ago) and thought
> > > that arrows up and down do all the work. :(
> > > 
> > > So, now the problem has been solved.
> > 
> > Last time I have ended the discussion on my
> > "no sound" problem acknowledging that I was
> > so stupid that "forgot that I should use M to
> > unmute a channel in alsamixer."
> > 
> > However, it turned out that it was not the case:
> > currently I have all channels in alsamixer unmuted
> > and have sound only in about 1 from 10 bootings of
> > my Gentoo system, while I do always have sound
> > on the same computer while I boot it with Ubuntu 20.04.
> > 
> > I have also compared the output of lsmod command
> > on both systems and found out that my Gentoo system
> > had all sound kernel modules that my Ubuntu system has
> > and even more. (In Gentoo, I still have quite an old 5.4.97
> > kernel, but I do not think that it is the cause of my
> > "no sound" problem.)
> > 
> > Of course, it is completely my responsibility that
> > I have built my Gentoo system in such a way that
> > I never know if I will have sound after its next boot.
> > However I am lost guessing what I did wrong.
> > (Comparing with Ubuntu 20.04, my Gentoo system
> > has no systemd and no pulseaudio, no consolekit,
> > and no policykit.)
> > 
> > I leave this just for history, as I am currently
> > in a war zone and so investigating this problem
> > further is not in my priority list. :(
> 
> I have accidentally found that the problem with
> absence of sound on my Gentoo box appears
> only when my USB Logitech webcam is connected
> to the computer during the boot time.
> 
> Moreover, if it happens and the sound is absent,
> the alsamixer shows that my USB Logitech webcam
> is considered by the system as a default sound device.
> 
> So, it tries to send sound there even though it does
> not have any speaker.

I'll blame some relatively recent change in the kernel or some interaction 
with udev.  I have previously posted a problem regarding a USB NIC, rather 
than a USB sound card as in your case.   Now I also noticed a problem with the 
initialisation of an onboard WiFi card on another laptop, which is driven by 
the internal MoBo USB controller along with bluetooth.

I don't know what causes the problem but I wager the order in which a device 
is plugged in/switched on by the user affects whether the kernel will detect it 
and initialise it, or not.

On this laptop the onboard WiFi has to be switched on already at boot time, or 
I need to reboot after switching it on.  Restarting the wlan0 service without 
a reboot fails to connect to the AP.

On the previous post of mine about another laptop with an external USB NIC 
adaptor (wired), the ethernet cable has to remain disconnected until SDDM 
starts, or SDDM will not launch.  Restarting the wired interface service 
allows SDDM to start.

My superficial conclusion 

Re: [gentoo-user] No sound. Please, help!

[gevisz]

пт, 11 мар. 2022 г. в 20:15, gevisz :
>
> пн, 19 окт. 2020 г. в 00:15, gevisz :
> >
> > вс, 18 окт. 2020 г. в 21:15, Dale :
> > >
> > > gevisz wrote:
> > > > вс, 18 окт. 2020 г. в 17:20, Dale :
> > > >> gevisz wrote:
> > > >>> No sound at least in Firefox. Tried it on youtube. Skype is currently
> > > >>> uninstalled. So, I cannot check using it.
> > > >> Just a thought.  Are you sure that everything is unmuted?  Years ago,
> > > >> all the sound control software, Kmix, alsa and others, default to mute.
> > > >> If just one of them is muted, no sound.  I seem to recall when I did my
> > > >> install on this rig that I had to unmute the sound in three places,
> > > >> Kmix, alsa and one other that I can't recall the name of.  I think I 
> > > >> had
> > > >> to turn up the volume on alsa as it was set to a really low level once
> > > >> it was unmuted.  Usually, I turn all of them to the max except the one 
> > > >> I
> > > >> mainly use.  In my case, Kmix is the one I use to really control things
> > > >> since it sits on the panel thingy.  The others are set at the max.
> > > >>
> > > >> It's a silly thing but thought it worth a mention just in case there is
> > > >> a muted setting somewhere.
> > > > Thank you for your input. Yes, it seems that something is muted but 
> > > > what?
> > > > I have no KDE and no kmix installed. No pulseaudio.
> > >
> > > Type in alsamixer in a console or whatever you use and hit tab twice.  I
> > > suspect you have that installed.  You should have a text version, like a
> > > console uses, and a gui version, that should work in any DM.  Pick your
> > > poison and see if anything there is muted or the volume is set really
> > > low, like 1 out of 100 or something.  I think hitting the "m" key
> > > toggles the mute.
> >
> > I am sorry to confess that I forgot that I should use M to unmute
> > a channel in alsamixer (as I did about 14 years ago) and thought
> > that arrows up and down do all the work. :(
> >
> > So, now the problem has been solved.
>
> Last time I have ended the discussion on my
> "no sound" problem acknowledging that I was
> so stupid that "forgot that I should use M to
> unmute a channel in alsamixer."
>
> However, it turned out that it was not the case:
> currently I have all channels in alsamixer unmuted
> and have sound only in about 1 from 10 bootings of
> my Gentoo system, while I do always have sound
> on the same computer while I boot it with Ubuntu 20.04.
>
> I have also compared the output of lsmod command
> on both systems and found out that my Gentoo system
> had all sound kernel modules that my Ubuntu system has
> and even more. (In Gentoo, I still have quite an old 5.4.97
> kernel, but I do not think that it is the cause of my
> "no sound" problem.)
>
> Of course, it is completely my responsibility that
> I have built my Gentoo system in such a way that
> I never know if I will have sound after its next boot.
> However I am lost guessing what I did wrong.
> (Comparing with Ubuntu 20.04, my Gentoo system
> has no systemd and no pulseaudio, no consolekit,
> and no policykit.)
>
> I leave this just for history, as I am currently
> in a war zone and so investigating this problem
> further is not in my priority list. :(

I have accidentally found that the problem with
absence of sound on my Gentoo box appears
only when my USB Logitech webcam is connected
to the computer during the boot time.

Moreover, if it happens and the sound is absent,
the alsamixer shows that my USB Logitech webcam
is considered by the system as a default sound device.

So, it tries to send sound there even though it does
not have any speaker.