Tag Archives: freebsd

Getting sshd to start as early as possible

In FreeBSD, sshd by default gets started quite late in the boot process, about the same time a console will show the login prompt. There’s quite a few services that can make trouble and hang before that. Annoyingly, you can’t fix a stuck system via ssh, since it’s not started yet. But as it turns out, sshd can be started quite a bit earlier than FreeBSD does by default.

The rcorder keywords in /etc/rc.d/sshd normally look like this:

# PROVIDE: sshd
# REQUIRE: LOGIN cleanvar
# KEYWORD: shutdown

Change the rcorder keywords like so:

# PROVIDE: sshd
# REQUIRE: NETWORKING cleanvar
# BEFORE: mountcritremote
# KEYWORD: shutdown

 

Now sshd will be started right after the network has been configured.

Note that starting sshd before certain parts of the system are ready might give you temporary or permanent errors. For example, starting sshd before the user home directories are mounted might cause problems with logins. However, if your machine has all critical filesystems on local disks, making these changes should not pose any problems, and will allow you to log in while the rc scripts are still running, giving you the opportunity to fix any misbehaving services.

Running bash as root’s shell only when it’s not broken

I like bash, mostly for its interactive features over FreeBSD’s standard Bourne-compatible shell, ash.

Setting bash as the default shell for the root user however has a big downside: if you ever break bash or any of the libraries it depends on, you can’t log in as root anymore to fix it. I’ve tried quite a few ways to work around this, and I think I’ve finally figured out a good solution: leave the root shell as /bin/sh, and add this snippet at the end of /root/.profile:

[ -z "$BASH" ] && /usr/local/bin/bash -c 'true' && exec /usr/local/bin/bash

This will start bash, but only if the shell sourcing .profile isn’t bash, and bash can actually successfully be executed.

In FreeBSD 9, ash has apparently grown command name completion. Together with the editing functions (already available in FreeBSD 7), this might allow me to switch to ash as the default shell.

 

FreeBSD, CUPS and iPad printing

For the longest time, I couldn’t get CUPS configured on my FreeBSD server successfully. Between CUPS access rules, foomatic drivers and avahi announcements, I had terrible trouble making heads or tails of the nondescript error messages I was getting.

Spurned on by the arrival of an iPad, I finally sat down and worked through configuring CUPS and avahi. So I don’t have to go through all the fiddling again, here’s a recipe of what I did.

Getting started with IPv6

Getting started with IPv6 on FreeBSD with Hurricane Electric’s free Tunnelbroker service is really straightforward. Since I’m behind a residential ADSL connection, my IPv4 address changes every 24 hours, so whenever that happens, the Tunnelbroker needs to learn my new address. We’ve put up a quick how-to on the wiki on how to do that.

FreeBSD ppp(8): work around invalid remote address

When connecting via a Huawai E169 UTMS USB stick through O2 Germany’s network, the data stick or the network suggests a PPP IPCP remote address of 0.0.0.0. FreeBSD refuses to ifconfig the tun interface with this endpoint address.

Fortunately, ppp(8) offers a configuration parameter to influence the IP addresses negotiated with the peer (ifaddr), and suggesting a different address will make the configuration work.

If you get this log output from ppp, you need to configure address selection:

IPCP: deflink: RecvConfigAck(4) state = Req-Sent
IPCP:  IPADDR[6] 10.68.235.57
IPCP:  PRIDNS[6] 193.189.244.197
IPCP:  SECDNS[6] 193.189.244.205
IPCP: deflink: State change Req-Sent --> Ack-Rcvd
IPCP: deflink: RecvConfigReq(47) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: SendConfigAck(47) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: State change Ack-Rcvd --> Opened
IPCP: deflink: LayerUp.
IPCP: myaddr 10.68.235.57 hisaddr = 0.0.0.0
Warning: iface add: ioctl(SIOCAIFADDR, 10.68.235.57 -> 0.0.0.0): Destination address required
Error: ipcp_InterfaceUp: unable to set ip address

Here’s my complete ppp.conf, with the ifaddr line included:

u3g:
	set device /dev/cuaU0.0
	set speed 115200
	set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0
	set authname internet
	set authkey  internet
	set log local phase ipcp
	set dial "ABORT BUSY TIMEOUT 2 \
		\"\" \
		AT OK-AT-OK \
		AT+CFUN=1 OK-AT-OK \
		AT+CMEE=2 OK-AT-OK \
		AT+CSQ OK \
		AT+CGDCONT=1,\\\"IP\\\",\\\"internet\\\" OK \
		AT+CGACT? OK-AT-OK \
		AT+CGATT? OK \
		AT+CGCLASS? OK \
		AT+COPS? OK \
		ATD*99***1# CONNECT"
	set crtscts on
	nat enable yes
	add default HISADDR
	disable dns

This applies to both 7-stable and 8-stable (with both the old and the new USB stacks). I’ve used u3g(4) on both occasions. The original ppp.conf for 3G modems is based off this one from Nick Hibma.

This is how it looks like when using ifaddr:

IPCP:  PRIDNS[6] 10.11.12.13
IPCP:  SECDNS[6] 10.11.12.14
IPCP:  PRINBNS[6] 10.11.12.13
IPCP: MS NBNS req 130 - NAK??
IPCP:  SECNBNS[6] 10.11.12.14
IPCP: MS NBNS req 132 - NAK??
IPCP: deflink: SendConfigReq(2) state = Req-Sent
IPCP:  IPADDR[6] 10.0.0.1
IPCP:  COMPPROTO[6] 16 VJ slots with slot compression
IPCP: deflink: RecvConfigReq(50) state = Req-Sent
IPCP:   [EMPTY]
IPCP: deflink: SendConfigNak(50) state = Req-Sent
IPCP:  IPADDR[6] 10.0.0.2
IPCP: deflink: RecvConfigRej(2) state = Req-Sent
IPCP:  COMPPROTO[6] 16 VJ slots with slot compression
IPCP: deflink: SendConfigReq(3) state = Req-Sent
IPCP:  IPADDR[6] 10.0.0.1
IPCP: deflink: RecvConfigNak(3) state = Req-Sent
IPCP:  IPADDR[6] 10.42.237.110
IPCP:  IPADDR[6] changing address: 10.0.0.1  --> 10.42.237.110
IPCP: deflink: SendConfigReq(4) state = Req-Sent
IPCP:  IPADDR[6] 10.42.237.110
IPCP: deflink: RecvConfigAck(4) state = Req-Sent
IPCP:  IPADDR[6] 10.42.237.110
IPCP: deflink: State change Req-Sent --> Ack-Rcvd
IPCP: deflink: RecvConfigReq(51) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: SendConfigAck(51) state = Ack-Rcvd
IPCP:   [EMPTY]
IPCP: deflink: State change Ack-Rcvd --> Opened
IPCP: deflink: LayerUp.
IPCP: myaddr 10.42.237.110 hisaddr = 10.0.0.2
PPP ON freebsd-current>

Fonts are finally coming to the web

I have to admit that I didn’t follow developments too closely for the last couple of years, but I was rather surprised today to find that Safari 4, Firefox 3.5 and Internet Explorer 6 to 8 support downloadable TrueType fonts in a compatible and useful manner.

Slashdot post, linked Slate article, nice overview page.

A couple of things that are buried in the pages linked above, but which helped me to get up to speed:

<style>
@font-face {
    font-family: "testing";
    src: url("output.ttf") format("truetype");
}
</style>
<!--[if IE]>
    <style>
    @font-face {
        font-family: "testing";
        src: url("output.eot");
    }
    </style>
<![endif]-->
<div style="font-family: testing">
Hello, Multiple Browser World!
</div>

Now I just need to quickly build a WordPress and a MediaWiki template, and we’re all set 🙂