How is this possible ? I can remote login to my linux server via ssh port using Putty. But when I logged into the server - I checked the SSHD daemon was not running. The server is setup to accept ssh access only on port 7072, i checked netstat and the port is up too.
I am confused. please clear my doubts

I have started sshd and avahi-daemon services. My machine's hostname is archie. But ssh'ing fails when using hostname. ssh [email protected] ssh: Could not resolve hostname archie.local: Name or service not known
avahi-daemon.service status: https://0x0.st/o015.txt
Can you help me?

I have a new Pop OS install, and somethings stopped working with my user permissions.
I decided to try to SSH in from my laptop for the first time "learnding".After I did that, there are now issues that appear to be that my OS now thinks I'm the SSH session user when I log in and not the original user that was created at install. I think this is the case because when I created the SSH session I used my same user name and password to log in remotely. But the weird thing about that theory is that my settings are consistent with what I set up BEFORE I the ssh session, so maybe there is not second user account with the same name and password? Here is some info:SYMPTOMS:-after log in, have to enter password multiple times for things like "refresh repositories" and "create colors" and more.-cannot unlock the GUI user account to make changes or add accounts. Thank you all for any insight/ advice you can toss my way!
THINGS I CHECKED:
When I use the "who" command it just shows...

[email protected]:~$ who
corey :1 2022-12-04 09:16 (:1)
[email protected]:~$

When I use "cat /etc/passwd" I see these realavent entries

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/ussbin:/ussbin/nologin
bin:x:2:2:bin:/bin:/ussbin/nologin
...
.....
corey:x:1000:1000:Corey:/home/corey:/bin/bash
sshd:x:126:65534::/run/sshd:/ussbin/nologin
[email protected]:~$

I want to change the port my ssh daemon accepts, but macOS still accepts the default port.
Maybe it's not necessary to change it, as macOS is considered a secure OS but still want to change it now.
So how?
I tried to restart com.openssh.ssh, /system/library/launchdaemons/ssh.plist and also to change the port in /etc/services.
And of course I also changed the ports in ~/etc/ssh/sshd_config and ~/etc/ssh/ssh_config.
I will revert all my changes and stick to the default port for now :D

I'm running an Ubuntu 20.04 container in Proxmox and for whatever reason, the SSH service fails to load when the container is started. It also fails to load after startup if I run a container using Ubuntu 22.04. This Proxmox install is on a brand new desktop PC that I bought today.
If I run the command sshd -t, it says:
Missing privilege separation directory: /run/sshd
I tried running the command mkdir -p /run/sshd. It appears to create the directory and then if I run sshd -t, it doesn't give any errors. However, if I reboot the container the SSH service doesn't load and also if I run the command ls -al /run/sshd/ it says that the directory doesn't exist. Also, after reboot, if I run the command sshd -t it still says:
Missing privilege separation directory: /run/sshd
I tried running the following command:
systemctl enable ssh.service
...and it says:
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.Executing: /lib/systemd/systemd-sysv-install enable ssh
So I think it enabled the service successfully? However, when I reboot the container and then run the command systemctl status sshd it shows that SSH isn't running:
* ssh.service - OpenBSD Secure Shell serverLoaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)Active: inactive (dead)Docs: man:sshd(8)man:sshd_config(5)
Any ideas?
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
UPDATE# 1: I tried the steps that djzrbz suggested here:
https://www.reddit.com/Proxmox/comments/xhq034/comment/ip0bmet/?utm_source=share&utm_medium=web2x&context=3
...and it still says that the SSH service is inactive (dead):
sudo systemctl status sshd
* ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
Note that when I ran the sudo systemctl edit [email protected] command saw that everything in this file was commented out, like this:

### Editing /etc/systemd/system/[email protected]/override.conf ### Anything between here and the comment below will become the new contents of the file ### Lines below this comment will be discarded ### /lib/systemd/system/[email protected] # [Unit] # Description=OpenBSD Secure Shell server per-connection daemon # Documentation=man:sshd(8) man:sshd_config(5) # After=auditd.service # # [Service] # EnvironmentFile=-/etc/default/ssh # ExecStart=-/ussbin/sshd -i $SSHD_OPTS # StandardInput=socket # RuntimeDirectory=sshd # RuntimeDirectoryPreserve=yes # RuntimeDirectoryMode=0755 

...so then I inserted these two lines between the "Anything between here and the comment below..." and the "Lines below this comment will be discarded" comments:

[Service] RuntimeDirectoryPreserve=yes 

I then saved the changes and then rebooted the container. After the container rebooted I waited awhile and then checked to see if the SSH service was running but it still was listed as inactive (dead).
Does anyone have any other ideas?
UPDATE# 2: Here are the two commands that I've ran which ended up fixing this issue:

apt-get purge openssh-server apt install openssh-server 

​

I noticed sshd start with an error

Cannot assign requested address. 

This is because i assigned the static ip (otherwise is 0.0.0.0) in the ssh configuration, and probably the service start before NetworkManager can get the static ip; if i restart sshd for the daemon load successfully.
So, can i retard, or postpone, the start of ssh?

The Problem

If you ever connected the Steam Deck to a 4k TV, you have probably noticed that the experience is not great. In earlier versions of SteamOS, the Steam Deck tried to render games at 4k resolution, which made games unbearably slow. In newer versions of SteamOS, games are now playable, but there are still many issues:

1. As of SteamOS 3.2, even though the display resolution is 4k, games will still render at 800p and are then upscaled to 4k. While FSR does a respectable job, games would still look much better if rendered at 1080p, a resolution that the Steam Deck hardware is perfectly able to handle, especially if battery life is not an issue.
2. This may not be an issue if you have high-quality USB-C dock/cables, but on my setup, at least, the Steam Deck hardware does not seem able to output 4k @ 60 Hz. The refresh rate is limited to 30 Hz, which also restricts games to 30 FPS. It would be nice if the Deck were able to output 60 Hz (or higher).
3. Because of the weird 16:10 aspect ratio of the Steam Deck, you will get some letterboxing (black bars around the image) on your TV. It would be nice if the Deck could output 16:9 images.

The Root Cause

In gaming mode, SteamOS uses gamescope, which acts as a layer between the game and your actual display. When gamescope is active, games render their frames on a virtual display, then gamescope copies these frames to the real display, upscaling them as needed. Gamescope has two main settings: the resolution of the virtual display, and the resolution of the actual display. On SteamOS 3.2, the resolution of the actual display is always set to native (that is, 1200x800 in handheld mode, and 3840x2160 when docked to a 4k TV), while the resolution of the virtual display is set to 1200x800. These settings are hardcoded in the file /usbin/gamescope-session.

A Quick and Ugly Fix

In the steps below, we are going to fix this problem by making two changes to gamescope settings. First, we will remove the hardcoded 1280x800 resolution for the virtual display, so that games can use any resolution (up to the resolution of the actual display). Second, we will always set the resolution of the actual display to 1920x1080. When the Steam Deck is connected to an external display, this resolution is probably supported, so gamescope will use it. In handheld mode, this resolution is not supported, so gamescope will revert to the native display resolution of 1200x800.
Warning: The steps below are advanced; they require disabling the read-only filesystem and may cause your Steam Deck to fail to boot. If you are not familiar with Linux, please do not attempt them; just wait for Valve to fix the problem.
1. [Optional] Before changing any files, enable the SSH daemon on the Steam Deck, so that, if the graphical interface fails to load, you can still connect to the system and revert the changes. You can do it by running on the terminal, in desktop mode, sudo systemctl start sshd and sudo systemctl enable sshd. You may also need to set a password for the user deck by running passwd. Test the connection before you proceed.
2. Disable the read-only filesystem by running: sudo steamos-readonly disable.
3. Edit the file /usbin/gamescope-session. Replace lines 159-170 with the code below. The important change here is removing the argument -w 1280 -h 800 and adding -W 1920 -H 1080:

gamescope \ --generate-drm-mode fixed \ --xwayland-count 2 \ -W 1920 -H 1080 \ --default-touch-mode 4 \ --hide-cursor-delay 3000 \ --max-scale 2 \ --fade-out-duration 200 \ -e -R "$socket" -T "$stats" \ -O '*',eDP-1 \ --cursor-hotspot 5,3 --cursor /usshare/steamos/steamos-cursor.png \ & 

4. Reboot the system.
Note: Even with the fix above, gamescope still has issues changing resolutions on-the-fly. To use the Steam Deck on a 4k TV, I recommend turning the system completely off, connecting the external display, then turning the system on. If you have scaling issues after boot, disconnect and reconnect the external display (with the system still on). To use the Steam Deck in handheld mode, turn the system off, disconnect from the external display, then turn the system on.

I recently got HA OS installed and running on but as I attempted to get HACS installed I ran into issues getting SSH & Web Terminal working. The addon appears to install correctly and I believe I did the configuration as instructions say. However, when I try to start the addon nothing happens. Any help would be appreciated!
​
Here's the configuration for the addon:
allow_agent_forwarding: false
allow_remote_port_forwarding: false
allow_tcp_forwarding: false
authorized_keys: []
compatibility_mode: false
password: "homeassistant"
sftp: false
username: hassio
​
When I check the logs this is all it says:
​
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
-----------------------------------------------------------
Add-on: SSH & Web Terminal
SSH & Web Terminal access to your Home Assistant instance
-----------------------------------------------------------
Add-on version: 12.0.2
You are running the latest version of this add-on.
System: Home Assistant OS 9.0 (amd64 / generic-x86-64)
Home Assistant Core: 2022.9.5
Home Assistant Supervisor: 2022.09.1
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
cont-init: info: running /etc/cont-init.d/docker.sh
cont-init: info: /etc/cont-init.d/docker.sh exited 0
cont-init: info: running /etc/cont-init.d/mosquitto.sh
cont-init: info: /etc/cont-init.d/mosquitto.sh exited 0
cont-init: info: running /etc/cont-init.d/mysql.sh
cont-init: info: /etc/cont-init.d/mysql.sh exited 0
cont-init: info: running /etc/cont-init.d/ssh.sh
[21:00:35] WARNING:
[21:00:35] WARNING: Logging in with a SSH password is security wise, a bad idea!
[21:00:35] WARNING: Please, consider using a public/private key pair.
[21:00:35] WARNING: What is this? https://kb.iu.edu/d/aews
[21:00:35] WARNING:
[21:00:35] NOTICE: RSA host key missing, generating one...
Generating public/private rsa key pair.
Your identification has been saved in /data/ssh_host_rsa_key
Your public key has been saved in /data/ssh_host_rsa_key.pub
The key fingerprint is:
SHA256:xzIDUB799YIqJsoDFENB382xbrpTPUUPbCHTOrkF37U [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|o+. ..oo oo.. |
| o. .oo.+.o*. . |
| o. .o+ .Bo+.. .|
| . .. =o+.o.E |
|. oS.B . |
|. . =..O |
| o . +.. . |
| + .. |
| . .. |
+----[SHA256]-----+
[21:00:36] NOTICE: ED25519 host key missing, generating one...
Generating public/private ed25519 key pair.
Your identification has been saved in /data/ssh_host_ed25519_key
Your public key has been saved in /data/ssh_host_ed25519_key.pub
The key fingerprint is:
SHA256:Fm0DjRud/FgLiXxqTs35uw0igLC98q/WYMB0rmdsmxs [email protected]
The key's randomart image is:
+--[ED25519 256]--+
| ..* o |
| . . =oO . |
| o.o .B+* . |
| o+.. =o=.o |
| .+o .+S . |
| . B. o. . |
| .=E= . . .. |
| o+.. . ..o |
| .++. ... |
+----[SHA256]-----+
cont-init: info: /etc/cont-init.d/ssh.sh exited 0
cont-init: info: running /etc/cont-init.d/user.sh
[21:00:38] NOTICE: Session sharing has been disabled!
cont-init: info: /etc/cont-init.d/user.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun sshd (no readiness notification)
services-up: info: copying legacy longrun ttyd (no readiness notification)
s6-rc: info: service legacy-services successfully started
[21:00:39] INFO: Starting the ttyd daemon...
[21:00:39] INFO: Starting the SSH daemon...
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
​
And any subsequent attempts to get the addon to start logs this in supervisor:
​
22-09-21 20:47:28 INFO (MainThread) [supervisor.addons] Add-on 'a0d7b954_ssh' successfully installed
22-09-21 21:00:31 INFO (SyncWorker_0) [supervisor.docker.addon] Starting Docker add-on ghcr.io/hassio-addons/ssh/amd64 with version 12.0.2
22-09-21 21:05:53 WARNING (MainThread) [supervisor.addons.addon] a0d7b954_ssh is already running!

looking for some help trying to rebuild a azure hosted centos ip link
its not autodiscovering the new nic and my efforts to rebuild it manually are failing
i need to be able to ssh into this and recover some backup files. sftp'ing them off is an option as well
but obviously cant do either without network connectivity.
​
eth0 is up, here's the config, everything looks right to me. but i cant start the sshd service
NAME="eth0"
DEVICE="eth0"
HWADDR="00:22:48:26:8B:AB"
UUID="5a5206ea-d86b-43da-b41f-36b6ce509263"
TYPE="Ethernet"
ONBOOT="yes"
NETBOOT="yes"
IPV6INIT="no"
BOOTPROTO="none"
PEERDNS="yes"
PEERROUTES="yes"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV4_DNS_PRIORITY="100"
ZONE=public
IPADDR=10.4.0.6
PREFIX=24
GATEWAY=10.4.0.1
DNS1=168.63.129.16
DNS2=8.8.8.8
DNS3=8.8.4.4
[[email protected] 2021.3.0.83 ~]#
​
​
Redirecting to /bin/systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/uslib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
[[email protected] 2021.3.0.83 ~]# service sshd start
Redirecting to /bin/systemctl start sshd.service
Authorization not available. Check if polkit service is running or see debug message for more information.
​
tried this but stll not working, cant restart polkit either “Authorization not available. Check if polkit service is running or see debug message for more information” – CentOS/RHEL 7 ssh service error – The Geek Diary

For the life of me I cannot figure out how to do access my wsl mounted hard drives from another device on the network, such as e.g. an an android phone or android tv.
Not sure if it's relevant but I use WSL2 with OpenSUSE on Windows 11. I have bunch of external hard drives with ext4 and btrfs formats (some of which are LUKS encrypted), and I use wsl mount to access the files on them.
I can ssh into this wsl from any other device on my home network and copy files. However, what I have not been successful with has been creating an sftp server from within the wsl. For whatever reason I always get wrong password error. Setting up sshd is slightly different than Ubuntu. So I start ssh daemon by simply sudo /ussbin/sshd. Again, this works as I can ssh into my wsl.
The other option I have tried was to use the share feature of Windows, but since wsl directories are only accessible as network paths, I can't set them as shared folders. Even if I map the location as drive, the drive is not shareable. I appreciate if anyone could help me with this. My search has pbviously not been successful.

I just copied the conf file at /etc/ssh/sshd_config.d/*.conf
Then if i restart sshd i have this error

sshd.service: Start request repeated too quickly. sshd.service: Failed with result 'exit-code'. systemd[1]: Failed to start OpenSSH Daemon. 

What is the correct method to add my conf file? Prevoiusly i was using a port.conf and was working.

Hello Before restart server i have generated a new key, but i forgot to save. Now i cant login to my files and batch without that key. Any reason?
​

System BootOrder not found. Initializing defaults. Creating boot entry "Boot0005" with label "Oracle Linux" for file "\EFI\redhat\shimaa64.efi" EFI stub: Booting Linux Kernel... EFI stub: EFI_RNG_PROTOCOL unavailable, no randomness supplied EFI stub: Using DTB from configuration table EFI stub: Exiting boot services and installing virtual address map... Welcome to Oracle Linux Server 8.6 dracut-049-202.git20220511.0.1.el8_6 (Initramfs)! [ OK ] Reached target Slices. [ OK ] Reached target Swap. [ OK ] Reached target Timers. [ OK ] Listening on udev Control Socket. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Listening on Journal Socket. Starting Create list of required st???ce nodes for the current kernel... Starting Load Kernel Modules... Starting Setup Virtual Console... [ OK ] Listening on Open-iSCSI iscsiuio Socket. [ OK ] Started Dispatch Password Requests to Console Directory Watch. [ OK ] Reached target Paths. [ OK ] Reached target Local Encrypted Volumes. Starting iSCSI UserSpace I/O driver... Starting Journal Service... [ OK ] Listening on Open-iSCSI iscsid Socket. [ OK ] Listening on udev Kernel Socket. [ OK ] Reached target Sockets. [ OK ] Started Create list of required sta???vice nodes for the current kernel. Starting Create Static Device Nodes in /dev... [ OK ] Started Setup Virtual Console. Starting dracut ask for additional cmdline parameters... [ OK ] Started iSCSI UserSpace I/O driver. [ OK ] Started Load Kernel Modules. Starting Apply Kernel Variables... [ OK ] Started Create Static Device Nodes in /dev. [ OK ] Started Apply Kernel Variables. [ OK ] Started dracut ask for additional cmdline parameters. Starting dracut cmdline hook... [ OK ] Started Journal Service. [ OK ] Started dracut cmdline hook. Starting dracut pre-udev hook... [ OK ] Started dracut pre-udev hook. Starting udev Kernel Device Manager... [ OK ] Started udev Kernel Device Manager. Starting dracut pre-trigger hook... [ OK ] Started dracut pre-trigger hook. Starting udev Coldplug all Devices... Mounting Kernel Configuration File System... [ OK ] Mounted Kernel Configuration File System. [ OK ] Started udev Coldplug all Devices. Starting udev Wait for Complete Device Initialization... [ OK ] Started udev Wait for Complete Device Initialization. Starting Device-Mapper Multipath Device Controller... [ OK ] Started Device-Mapper Multipath Device Controller. Starting Open-iSCSI... [ OK ] Reached target Local File Systems (Pre). [ OK ] Reached target Local File Systems. Starting Create Volatile Files and Directories... [ OK ] Started Create Volatile Files and Directories. [ OK ] Reached target System Initialization. [ OK ] Reached target Basic System. [ OK ] Started Open-iSCSI. Starting dracut initqueue hook... [ 2.155593] dracut-initqueue[643]: RTNETLINK answers: File exists [ OK ] Found device /dev/mappeocivolume-root. [ OK ] Reached target Initrd Root Device. [ 4.658137] dracut-initqueue[816]: RTNETLINK answers: File exists Stopping Open-iSCSI... [ OK ] Stopped Open-iSCSI. Stopping iSCSI UserSpace I/O driver... [ OK ] Stopped iSCSI UserSpace I/O driver. Starting iSCSI UserSpace I/O driver... [ OK ] Started iSCSI UserSpace I/O driver. Starting Open-iSCSI... [ OK ] Started Open-iSCSI. [ OK ] Started dracut initqueue hook. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. Starting dracut pre-mount hook... [ OK ] Started dracut pre-mount hook. Starting File System Check on /dev/mappeocivolume-root... [ OK ] Started File System Check on /dev/mappeocivolume-root. Mounting /sysroot... [ OK ] Mounted /sysroot. [ OK ] Reached target Initrd Root File System. Starting Reload Configuration from the Real Root... Stopping Device-Mapper Multipath Device Controller... [ OK ] Started Reload Configuration from the Real Root. [ OK ] Reached target Initrd File Systems. [ OK ] Reached target Initrd Default Target. Starting dracut mount hook... [ OK ] Stopped Device-Mapper Multipath Device Controller. [ OK ] Started dracut mount hook. Starting dracut pre-pivot and cleanup hook... [ 11.208062] dracut-pre-pivot[1014]: Sep 05 07:54:51 | /etc/multipath.conf does not exist, blacklisting all devices. [ 11.208994] dracut-pre-pivot[1014]: Sep 05 07:54:51 | You can run "/sbin/mpathconf --enable" to create [ 11.209921] dracut-pre-pivot[1014]: Sep 05 07:54:51 | /etc/multipath.conf. See man mpathconf(8) for more details [ OK ] Started dracut pre-pivot and cleanup hook. Starting Cleaning Up and Shutting Down Daemons... [ OK ] Stopped dracut pre-pivot and cleanup hook. [ OK ] Stopped dracut mount hook. [ OK ] Stopped target Initrd Default Target. [ OK ] Stopped target Initrd Root Device. [ OK ] Stopped target Basic System. [ OK ] Stopped target Slices. [ OK ] Stopped target System Initialization. [ OK ] Stopped Create Volatile Files and Directories. [ OK ] Stopped target Local File Systems. [ OK ] Stopped target Local File Systems (Pre). [ OK ] Stopped target Swap. [ OK ] Stopped udev Wait for Complete Device Initialization. [ OK ] Stopped dracut pre-mount hook. [ OK ] Stopped target Remote File Systems. [ OK ] Stopped target Remote File Systems (Pre). [ OK ] Stopped Apply Kernel Variables. [ OK ] Stopped Load Kernel Modules. [ OK ] Stopped target Paths. [ OK ] Stopped target Timers. [ OK ] Stopped target Sockets. [ OK ] Stopped target Local Encrypted Volumes. [ OK ] Stopped Dispatch Password Requests to Console Directory Watch. [ OK ] Stopped dracut initqueue hook. Stopping Open-iSCSI... [ OK ] Stopped udev Coldplug all Devices. [ OK ] Stopped dracut pre-trigger hook. Stopping udev Kernel Device Manager... [ OK ] Stopped Open-iSCSI. Stopping iSCSI UserSpace I/O driver... [ OK ] Closed Open-iSCSI iscsid Socket. [ OK ] Stopped iSCSI UserSpace I/O driver. [ OK ] Stopped udev Kernel Device Manager. [ OK ] Started Cleaning Up and Shutting Down Daemons. [ OK ] Stopped Create Static Device Nodes in /dev. [ OK ] Stopped Create list of required sta???vice nodes for the current kernel. [ OK ] Stopped dracut pre-udev hook. [ OK ] Stopped dracut cmdline hook. [ OK ] Stopped dracut ask for additional cmdline parameters. [ OK ] Closed udev Kernel Socket. [ OK ] Closed udev Control Socket. Starting Cleanup udevd DB... [ OK ] Closed Open-iSCSI iscsiuio Socket. [ OK ] Started Cleanup udevd DB. [ OK ] Reached target Switch Root. Starting Switch Root... Welcome to Oracle Linux Server 8.6! [ OK ] Stopped Switch Root. [ OK ] Stopped Journal Service. Starting Journal Service... [ OK ] Listening on initctl Compatibility Named Pipe. [ OK ] Created slice system-systemd\x2dfsck.slice. [ OK ] Started Dispatch Password Requests to Console Directory Watch. [ OK ] Listening on udev Control Socket. [ OK ] Created slice User and Session Slice. Mounting Huge Pages File System... [ OK ] Listening on Process Core Dump Socket. [ OK ] Reached target Swap. [ OK ] Listening on LVM2 poll daemon socket. Starting Load Kernel Modules... [ OK ] Stopped target Switch Root. [ OK ] Stopped target Initrd Root File System. [ OK ] Stopped target Initrd File Systems. [ OK ] Listening on RPCbind Server Activation Socket. [ OK ] Created slice system-sshd\x2dkeygen.slice. [ OK ] Created slice system-getty.slice. Starting Read and set NIS domainname from /etc/sysconfig/network... [ OK ] Reached target rpc_pipefs.target. [ OK ] Reached target RPC Port Mapper. [ OK ] Set up automount Arbitrary Executab???rmats File System Automount Point. Mounting POSIX Message Queue File System... [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Reached target Paths. [ OK ] Reached target Slices. [ OK ] Listening on udev Kernel Socket. Starting udev Coldplug all Devices... [ OK ] Listening on Device-mapper event daemon FIFOs. Starting Monitoring of LVM2 mirrors???ng dmeventd or progress polling... Mounting Kernel Debug File System... [ OK ] Reached target Local Encrypted Volumes. [ OK ] Stopped File System Check on Root Device. Starting Remount Root and Kernel File Systems... Starting Create list of required st???ce nodes for the current kernel... [ OK ] Created slice system-serial\x2dgetty.slice. [ OK ] Started Journal Service. [ OK ] Mounted Huge Pages File System. [ OK ] Started Load Kernel Modules. [ OK ] Started Read and set NIS domainname from /etc/sysconfig/network. [ OK ] Mounted POSIX Message Queue File System. [ OK ] Mounted Kernel Debug File System. [ OK ] Started Remount Root and Kernel File Systems. [ OK ] Started Create list of required sta???vice nodes for the current kernel. Starting Load/Save Random Seed... Starting Rebuild Hardware Database... Starting Create System Users... Starting Apply Kernel Variables... Starting Flush Journal to Persistent Storage... [ OK ] Started Monitoring of LVM2 mirrors,???sing dmeventd or progress polling. [ OK ] Started Load/Save Random Seed. [ OK ] Started Create System Users. Starting Create Static Device Nodes in /dev... [ OK ] Started udev Coldplug all Devices. [ OK ] Started Flush Journal to Persistent Storage. Starting udev Wait for Complete Device Initialization... [ OK ] Started Apply Kernel Variables. [ OK ] Started Create Static Device Nodes in /dev. [ OK ] Started Rebuild Hardware Database. Starting udev Kernel Device Manager... [ OK ] Started udev Kernel Device Manager. [ OK ] Created slice system-lvm2\x2dpvscan.slice. Starting LVM event activation on device 8:3... [ OK ] Started LVM event activation on device 8:3. [ OK ] Started udev Wait for Complete Device Initialization. [ OK ] Reached target Local File Systems (Pre). Mounting /vaoled... Mounting /boot... Starting File System Check on /dev/disk/by-uuid/B331-7C58... [ OK ] Started File System Check on /dev/disk/by-uuid/B331-7C58. [ OK ] Mounted /vaoled. [ OK ] Mounted /boot. Mounting /boot/efi... [ OK ] Mounted /boot/efi. [ OK ] Reached target Local File Systems. Starting Restore /run/initramfs on shutdown... Starting Import network configuration from initramfs... Starting Rebuild Dynamic Linker Cache... Starting Commit a transient machine-id on disk... Starting Apply Ksplice updates... Starting Rebuild Journal Catalog... [ OK ] Started Restore /run/initramfs on shutdown. [ OK ] Started Commit a transient machine-id on disk. [ OK ] Started Rebuild Journal Catalog. [ OK ] Started Import network configuration from initramfs. Starting Create Volatile Files and Directories... [ OK ] Started Create Volatile Files and Directories. Starting RPC Bind... Starting Security Auditing Service... [ OK ] Started RPC Bind. [ OK ] Started Security Auditing Service. Starting Update UTMP about System Boot/Shutdown... [ OK ] Started Update UTMP about System Boot/Shutdown. [ OK ] Started Rebuild Dynamic Linker Cache. Starting Update is Completed... [ OK ] Started Update is Completed. [ OK ] Reached target System Initialization. [ OK ] Started Generate summary of yesterday's process accounting. [ OK ] Started Run system activity accounting tool every 10 minutes. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Started Updates mlocate database every day. [ OK ] Listening on Open-iSCSI iscsiuio Socket. [ OK ] Listening on D-Bus System Message Bus Socket. Starting Initial cloud-init job (pre-networking)... [ OK ] Listening on SSSD Kerberos Cache Manager responder socket. [ OK ] Started daily update of the root trust anchor for DNSSEC. [ OK ] Started dnf makecache --timer. [ OK ] Reached target Timers. [ OK ] Listening on Open-iSCSI iscsid Socket. [ OK ] Reached target Sockets. [ OK ] Reached target Basic System. Starting Resets System Activity Logs... Starting System Security Services Daemon... [ OK ] Started Set boot volume startup to onboot. Starting Self Monitoring and Reporting Technology (SMART) Daemon... [ OK ] Started libstoragemgmt plug-in server daemon. Starting VDO volume services... Starting Generate random NFS client ID... Starting NTP client/server... [ OK ] Started D-Bus System Message Bus. [ OK ] Started irqbalance daemon. Starting Authorization Manager... [ OK ] Started Resets System Activity Logs. [ OK ] Started Self Monitoring and Reporting Technology (SMART) Daemon. [ OK ] Started Generate random NFS client ID. [ OK ] Started NTP client/server. [ OK ] Started VDO volume services. [ OK ] Started Authorization Manager. Starting firewalld - dynamic firewall daemon... [ OK ] Started firewalld - dynamic firewall daemon. [ OK ] Started System Security Services Daemon. [ OK ] Reached target User and Group Name Lookups. Starting Login Service... [ OK ] Started Login Service. [ OK ] Started Apply Ksplice updates. Starting Hostname Service... [ OK ] Started Hostname Service. [ 14.981453] cloud-init[1586]: Cloud-init v. 21.1-15.0.1.el8_6.3 running 'init-local' at Mon, 05 Sep 2022 07:54:55 +0000. Up 14.80 seconds. [ OK ] Started Initial cloud-init job (pre-networking). [ OK ] Reached target Network (Pre). Starting Network Manager... [ OK ] Started Network Manager. [ OK ] Reached target Network. Starting GSSAPI Proxy Daemon... Starting Dynamic System Tuning Daemon... Starting Network Manager Wait Online... [ OK ] Started GSSAPI Proxy Daemon. [ OK ] Reached target NFS client services. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. Starting Network Manager Script Dispatcher Service... [ OK ] Started Network Manager Script Dispatcher Service. [ OK ] Started Dynamic System Tuning Daemon. [ OK ] Started Network Manager Wait Online. Starting Initial cloud-init job (metadata service crawler)... [ 15.874344] cloud-init[2081]: Cloud-init v. 21.1-15.0.1.el8_6.3 running 'init' at Mon, 05 Sep 2022 07:54:56 +0000. Up 15.75 seconds. [ 15.875949] cloud-init[2081]: ci-info: ++++++++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++++++++ [ 15.876898] cloud-init[2081]: ci-info: +--------+------+-------------------------+---------------+--------+-------------------+ [ 15.877987] cloud-init[2081]: ci-info: | Device | Up | Address | Mask | Scope | Hw-Address | [ 15.879074] cloud-init[2081]: ci-info: +--------+------+-------------------------+---------------+--------+-------------------+ [ 15.880166] cloud-init[2081]: ci-info: | enp0s3 | True | 10.0.0.84 | 255.255.255.0 | global | 02:00:17:06:ad:76 | [ 15.881236] cloud-init[2081]: ci-info: | enp0s3 | True | fe80::17ff:fe06:ad76/64 | . | link | 02:00:17:06:ad:76 | [ 15.882145] cloud-init[2081]: ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | host | . | [ 15.883051] cloud-init[2081]: ci-info: | lo | True | ::1/128 | . | host | . | [ 15.883979] cloud-init[2081]: ci-info: +--------+------+-------------------------+---------------+--------+-------------------+ [ 15.885127] cloud-init[2081]: ci-info: +++++++++++++++++++++++++++Route IPv4 info++++++++++++++++++++++++++++ [ 15.886035] cloud-init[2081]: ci-info: +-------+-------------+----------+---------------+-----------+-------+ [ 15.887133] cloud-init[2081]: ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags | [ 15.887971] cloud-init[2081]: ci-info: +-------+-------------+----------+---------------+-----------+-------+ [ 15.888956] cloud-init[2081]: ci-info: | 0 | 0.0.0.0 | 10.0.0.1 | 0.0.0.0 | enp0s3 | UG | [ 15.889860] cloud-init[2081]: ci-info: | 1 | 0.0.0.0 | 10.0.0.1 | 0.0.0.0 | enp0s3 | UG | [ 15.890753] cloud-init[2081]: ci-info: | 2 | 10.0.0.0 | 0.0.0.0 | 255.255.255.0 | enp0s3 | U | [ 15.891738] cloud-init[2081]: ci-info: | 3 | 10.0.0.0 | 0.0.0.0 | 255.255.255.0 | enp0s3 | U | [ 15.892739] cloud-init[2081]: ci-info: | 4 | 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | enp0s3 | U | [ 15.893707] cloud-init[2081]: ci-info: | 5 | 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | enp0s3 | U | [ 15.894505] cloud-init[2081]: ci-info: +-------+-------------+----------+---------------+-----------+-------+ [ 15.895315] cloud-init[2081]: ci-info: +++++++++++++++++++Route IPv6 info+++++++++++++++++++ [ 15.896038] cloud-init[2081]: ci-info: +-------+-------------+---------+-----------+-------+ [ 15.896763] cloud-init[2081]: ci-info: | Route | Destination | Gateway | Interface | Flags | [ 15.897470] cloud-init[2081]: ci-info: +-------+-------------+---------+-----------+-------+ [ 15.898371] cloud-init[2081]: ci-info: | 1 | fe80::/64 | :: | enp0s3 | U | [ 15.899237] cloud-init[2081]: ci-info: | 3 | multicast | :: | enp0s3 | U | [ 15.900147] cloud-init[2081]: ci-info: +-------+-------------+---------+-----------+-------+ [ 16.468324] cloud-init[2081]: Generating public/private rsa key pair. [ 16.469092] cloud-init[2081]: Your identification has been saved in /etc/ssh/ssh_host_rsa_key. [ 16.469805] cloud-init[2081]: Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. [ 16.470521] cloud-init[2081]: The key fingerprint is: [ 16.470983] cloud-init[2081]: SHA256:w3LYVG/+zB8KNxunJxs//aJqkz5as7XZGA6TFAOQROg [email protected] [ 16.471703] cloud-init[2081]: The key's randomart image is: [ 16.472228] cloud-init[2081]: +---[RSA 3072]----+ [ 16.472659] cloud-init[2081]: | ++o. . | [ 16.473094] cloud-init[2081]: | . . o . | [ 16.473521] cloud-init[2081]: | . . o o | [ 16.473953] cloud-init[2081]: | E = = | [ 16.474397] cloud-init[2081]: | o S . . | [ 16.474829] cloud-init[2081]: | o o . + | [ 16.475253] cloud-init[2081]: | *oo=+o.| [ 16.475683] cloud-init[2081]: | [email protected]+o| [ 16.476151] cloud-init[2081]: | .+++**=o=| [ 16.476586] cloud-init[2081]: +----[SHA256]-----+ [ 16.477022] cloud-init[2081]: Generating public/private ecdsa key pair. [ 16.477604] cloud-init[2081]: Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key. [ 16.478322] cloud-init[2081]: Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub. [ 16.479045] cloud-init[2081]: The key fingerprint is: [ 16.479526] cloud-init[2081]: SHA256:mDdsTbTjhxVd8ydfN6IofLpps7eJduIdQjgfsMgJvm0 [email protected] [ 16.480291] cloud-init[2081]: The key's randomart image is: [ 16.480790] cloud-init[2081]: +---[ECDSA 256]---+ [ 16.481226] cloud-init[2081]: | . .. o.| [ 16.481658] cloud-init[2081]: | . . .. o| [ 16.482087] cloud-init[2081]: | . . + ....=| [ 16.482510] cloud-init[2081]: |. o o =+ +.+. .o=| [ 16.482939] cloud-init[2081]: | . + +o=So+.. .| [ 16.483377] cloud-init[2081]: | o +o=. . | [ 16.483859] cloud-init[2081]: | . E + . | [ 16.484330] cloud-init[2081]: | . =*oo | [ 16.484778] cloud-init[2081]: | +**+. | [ 16.485209] cloud-init[2081]: +----[SHA256]-----+ [ 16.485638] cloud-init[2081]: Generating public/private ed25519 key pair. [ 16.486229] cloud-init[2081]: Your identification has been saved in /etc/ssh/ssh_host_ed25519_key. [ 16.486969] cloud-init[2081]: Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub. [ 16.487732] cloud-init[2081]: The key fingerprint is: [ 16.488229] cloud-init[2081]: SHA256:5LeV+iJu+C1wrr4vdgeGloMMKmBSK3YRFHuJEcVMhxo [email protected] [ 16.488946] cloud-init[2081]: The key's randomart image is: [ 16.489448] cloud-init[2081]: +--[ED25519 256]--+ [ 16.489869] cloud-init[2081]: | .*Oo.. | [ 16.490295] cloud-init[2081]: | .E++o | [ 16.490736] cloud-init[2081]: | . ++o . | [ 16.491182] cloud-init[2081]: |+ooo. o . | [ 16.491648] cloud-init[2081]: |=o.o . oS . o | [ 16.492103] cloud-init[2081]: |o o * +. + | [ 16.492538] cloud-init[2081]: |. . B .o | [ 16.492983] cloud-init[2081]: | + *.o. | [ 16.493421] cloud-init[2081]: | o+X++... | [ 16.493858] cloud-init[2081]: +----[SHA256]-----+ [ OK ] Started Initial cloud-init job (metadata service crawler). [ OK ] Reached target Cloud-config availability. [ OK ] Reached target Network is Online. Starting Update kernel loglevel for OCI instances... [ OK ] Started Oracle Cloud Infrastructure agent updater. Starting Prefetch new Ksplice updates... Starting Oracle Cloud Infrastructure Yum Region Setting Service... Starting System Logging Service... Starting Notify NFS peers of a restart... [ OK ] Started Oracle Cloud Infrastructure???ent for management and monitoring. [ OK ] Started OSWatcher:set of scripts us???y collect OS and network metrics.. Starting Open-iSCSI... [ OK ] Reached target sshd-keygen.target. Starting OpenSSH server daemon... [ OK ] Started Update kernel loglevel for OCI instances. [ OK ] Started Notify NFS peers of a restart. [ OK ] Started System Logging Service. [ OK ] Started OpenSSH server daemon. [ OK ] Started Open-iSCSI. Starting Logout off all iSCSI sessions on shutdown... Starting Login and scanning of iSCSI devices... [ OK ] Started Logout off all iSCSI sessions on shutdown. [ OK ] Started Login and scanning of iSCSI devices. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. Starting Crash recovery kernel arming... Starting Permit User Sessions... [ OK ] Started Permit User Sessions. [ OK ] Started Getty on tty1. [ OK ] Started Job spooling tools. [ OK ] Started Command Scheduler. [ OK ] Started Serial Getty on ttyAMA0. [ OK ] Reached target Login Prompts. [ OK ] Started Oracle Cloud Infrastructure Yum Region Setting Service. Starting Apply the settings specified in cloud-config... [ OK ] Created slice User Slice of UID 0. Starting User runtime directory /run/use0... [ OK ] Started User runtime directory /run/use0. Starting User Manager for UID 0... [ OK ] Started User Manager for UID 0. [ OK ] Started Session c1 of user root. [ 17.284179] Adding 8370048k swap on /.swapfile. Priority:-2 extents:2 across:9332352k FS Stopping OpenSSH server daemon... [ OK ] Stopped OpenSSH server daemon. [ OK ] Stopped target sshd-keygen.target. Stopping sshd-keygen.target. [ OK ] Reached target sshd-keygen.target. Starting OpenSSH server daemon... [ OK ] Started OpenSSH server daemon. [ 17.501235] cloud-init[2588]: Cloud-init v. 21.1-15.0.1.el8_6.3 running 'modules:config' at Mon, 05 Sep 2022 07:54:57 +0000. Up 17.13 seconds. [ OK ] Started Apply the settings specified in cloud-config. Starting Execute cloud usefinal scripts... ci-info: ++++++++++++++++++++++++++++++++++++++Authorized keys from /home/opc/.ssh/authorized_keys for user opc++++++++++++++++++++++++++++++++++++++ ci-info: +---------+-------------------------------------------------------------------------------------------------+---------+--------------------+ ci-info: | Keytype | Fingerprint (sha256) | Options | Comment | ci-info: +---------+-------------------------------------------------------------------------------------------------+---------+--------------------+ ci-info: | ssh-rsa | 46:fd:c2:df:67:74:38:9b:24:7f:a5:97:bd:db:67:3d:14:30:a3:21:96:c0:7d:85:33:b3:a7:42:cc:66:f4:b1 | - | ssh-key-2022-09-05 | ci-info: +---------+-------------------------------------------------------------------------------------------------+---------+--------------------+ <14>Sep 5 07:54:58 ec2: <14>Sep 5 07:54:58 ec2: ############################################################# <14>Sep 5 07:54:58 ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- <14>Sep 5 07:54:58 ec2: 256 SHA256:mDdsTbTjhxVd8ydfN6IofLpps7eJduIdQjgfsMgJvm0 [email protected] (ECDSA) <14>Sep 5 07:54:58 ec2: 256 SHA256:5LeV+iJu+C1wrr4vdgeGloMMKmBSK3YRFHuJEcVMhxo [email protected] (ED25519) <14>Sep 5 07:54:58 ec2: 3072 SHA256:w3LYVG/+zB8KNxunJxs//aJqkz5as7XZGA6TFAOQROg [email protected] (RSA) <14>Sep 5 07:54:58 ec2: -----END SSH HOST KEY FINGERPRINTS----- <14>Sep 5 07:54:58 ec2: ############################################################# -----BEGIN SSH HOST KEY KEYS----- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL7TkRNLKYmvilLdFNIVdtly1t1bre0+QgNcrxyTM931x43FvX+0ecMHoQ8ZuaNf+oI6jHli+ZBfbIBn7nCPt50= [email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPqL9YQ6c86Yyrf7KHKzyYHNl1137Q3f0QKT9ivn1bv [email protected] ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIT6A6dOdEUjN3B0uzr6RuUzydyCqupJWMgL12EuKD+TY1xPnxqc2QHJKl8J+mNBU3CoO0OzQciROJah9rVGPvA3uUDLIMgrDac/BunNq9DwG5pYkBIEqJV/8fqLyIRecqHVSJpDJR3TCdemHx7Z1GXadylnouyjhYtJlzkzLw+X+Dy5rYOHvEwiL8nGIW0f0KwPrxlwJY2zmuRiiL3V/0QK0J5PXfUtaCyTNp9FjAolhzqPpwbmKnGRTQp+dAYK8e9b01sZs68bTKhjpyXH6UZDOdndu8IWK9iWJku0MTckCMtCJD4Ftk/G+rqI5o7QaH1S8+qJahTcOkfHavC7iNLeBTl9xkjIEe5WY5a5LfCgxE2l05bKh6vbY1TsZss2xwnm0KxnsATEorTAWehykTRKkSV7ea8azmyJnxDAytiU4sre+9cGQpBYFFMyGsNdkzTqCqfkWD1heYqJ/n9RTYjGIBh37UTZA8EKFMeXYvuCw70gyMGbl/vQyWAMAEUTE= [email protected] -----END SSH HOST KEY KEYS----- [ 17.953627] cloud-init[3228]: Cloud-init v. 21.1-15.0.1.el8_6.3 running 'modules:final' at Mon, 05 Sep 2022 07:54:58 +0000. Up 17.80 seconds. [ 17.956294] cloud-init[3228]: Cloud-init v. 21.1-15.0.1.el8_6.3 finished at Mon, 05 Sep 2022 07:54:58 +0000. Datasource DataSourceOracle. Up 17.94 seconds [ OK ] Started Execute cloud usefinal scripts. [ OK ] Started Prefetch new Ksplice updates. [ OK ] Reached target Multi-User System. [ OK ] Reached target Cloud-init target. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Created slice User Slice of UID 987. Starting User runtime directory /run/use987... [ OK ] Started User runtime directory /run/use987. Starting User Manager for UID 987... [ OK ] Started User Manager for UID 987. [ OK ] Started Session c2 of user ocarun. Oracle Linux Server 8.6 Kernel 5.4.17-2136.310.7.1.el8uek.aarch64 on an aarch64 Activate the web console with: systemctl enable --now cockpit.socket ostatni login: [ 1315.046846] Adding 999872k swap on /swapfile. Priority:-3 extents:1 across:999872k FS [114861.737559] printk: systemd: 42 output lines suppressed due to ratelimiting [114861.751944] systemd[1]: systemd 239 (239-58.0.1.el8_6.4) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy) [114861.761095] systemd[1]: Detected virtualization kvm. [114861.762983] systemd[1]: Detected architecture arm64. [114895.073149] SELinux: Permission watch in class filesystem not defined in policy. [114895.075008] SELinux: Permission watch in class file not defined in policy. 

Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10184]: ioctl(SIOCGIFINDEX): No such device Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10184]: atheros driver initialization failed. Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10184]: ath20: interface state UNINITIALIZED->DISABLED Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10184]: ath20: AP-DISABLED Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10184]: ath20: CTRL-EVENT-TERMINATING Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10184]: hostapd_free_hapd_data: Interface ath20 wasn't started Fri Feb 18 00:46:02 2022 daemon.notice procd: Process '/ussbin/hostapd -P /varun/hostapd/ath20.pid /etc/hostapd/ath20.cfg' exited with status 256 - scheduling for restart (PID: 10184, UID: 0, uptime: 0, signal: 0, pending: 0, crashes: 5454, event: no, reported: no). Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10185]: ioctl(SIOCGIFINDEX): No such device Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10185]: atheros driver initialization failed. Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10185]: ath22: interface state UNINITIALIZED->DISABLED Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10185]: ath22: AP-DISABLED Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10185]: ath22: CTRL-EVENT-TERMINATING Fri Feb 18 00:46:02 2022 daemon.info /ussbin/hostapd[10185]: hostapd_free_hapd_data: Interface ath22 wasn't started Fri Feb 18 00:46:02 2022 daemon.notice procd: Process '/ussbin/hostapd -P /varun/hostapd/ath22.pid /etc/hostapd/ath22.cfg' exited with status 256 - scheduling for restart (PID: 10185, UID: 0, uptime: 0, signal: 0, pending: 0, crashes: 5432, event: no, reported: no). 

I inserted a second RE in an MX104 since I want to do upgrade without too much traffic interruption. The RE is brand new from the box, a bit old though, having Junos: 13.3R1.8 on it. It's also one of these export versions not having SSH. So when I do commit synchronize it complains about SSH daemon.
MX104# commit check re0: configuration check succeeds re1: [edit system services ssh] 'ssh' warning: daemon binary /ussbin/sshd not found [edit system services netconf ssh] 'ssh' warning: daemon binary /ussbin/sshd not found configuration check succeeds
Obviously I need to upgrade to a domestic version on it first to even be able to do commit synchronize. But I can't figure out how to login to the new RE (to be able to copy the junos file on to it). What would be the password? I thought there shouldn't be any? The RE is as mentioned coming straight from the box. So there's no configurstion on it.
MX104> request routing-engine login re1 €Password: Login incorrect login:

Hi everyone
i'm having a porblem conncting to my home server on a local network and i keep getting this error

ssh: connect to host 192.168.178.54 port 22: Connection refused

i will add some info and hoping it might me helpful
● sshd.service - OpenSSH Daemon Loaded: loaded (/uslib/systemd/system/sshd.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2022-05-29 13:34:49 CEST; 15min ago Main PID: 1912 (sshd) Tasks: 1 (limit: 19013) Memory: 1.6M CPU: 3ms CGroup: /system.slice/sshd.service └─1912 "sshd: /usbin/sshd -D [listener] 0 of 10-100 startups"
The result when using nmap:
nmap -p 22 192.168.178.54 Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-29 13:58 CEST Nmap scan report for 192.168.178.54 Host is up (0.00059s latency).
PORT STATE SERVICE 22/tcp closed ssh
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
in case you wounder about ufw:
○ ufw.service - CLI Netfilter Manager Loaded: loaded (/uslib/systemd/system/ufw.service; disabled; vendor preset: disabled) Active: inactive (dead) and my /etc/ssh/sshd_config is:
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information.
# This sshd was compiled with PATH=/uslocal/sbin:/uslocal/bin:/usbin
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value.
Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying #RekeyLimit default none
# Logging #SyslogFacility AUTH #LogLevel INFO
# Authentication:
#LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no
# Change to no to disable s/key passwords KbdInteractiveAuthentication no
# Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no
# GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. UsePAM yes
#AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no # pam does that #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none
# no default banner path #Banner none
# override default of no subsystems Subsystem sftp /uslib/ssh/sftp-server
# Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server
What can i do?

If you don't want to install anything on Steam Deck there's an easy way to transfer files between Windows and Steam Deck using SCP protocol.
I'd recommend this guide for people who are already familiar with the Linux environment, as usual I don't take any responsibility for any problem that should occur on your Deck, you're doing this at your own risk.
Unless you have a keyboard connected you will have to use the Steam Deck on-screen keyboard to run some of these commands, you can enable it by pressing Steam + X.
On Steam Deck switch to Desktop mode and open a command line (Konsole).
If you haven't done it already, setup a password for the Linux account running the following command.

passwd 

Run the following command, this starts the SSH daemon which is required in order to connect using SCP.

sudo systemctl start sshd 

Run the following command, this enables the SSH daemon to run automatically whenever you turn on your Steam Deck.

sudo systemctl enable sshd 

That's it!
Now on Windows download WinSCP, I recommend the portable version, launch WinSCP and connect to your Steam Deck using SCP protocol, the IP address (you can find this in the Steam Deck settings), the username (in my case it's deck) and the password you previously set. The first time WinSCP will ask if you want to trust the fingerprint, click Yes and you're good to go.
Many folders/files on Steam Deck (including the ones you're probably interested in) are hidden by default. To view these folders/files go to WinSCP Options, Preferences, Panels and check "Show hidden files".

# docker system df -v | grep jellyfin-app d8188f0c943e ubuntudev "/usshare/host/doc…" 0 2.49GB 12 days ago Up 9 days jellyfin-app2 ed9e704894a2 centosdev "/usshare/host/doc…" 0 1.68GB 12 days ago Up 9 days jellyfin-app 

FROM centos RUN yum -y update; yum clean all RUN yum install cracklib-dicts -y RUN yum -y install openssh-server passwd java-1.8.0-openjdk-devel; yum clean all # Set JAVA_HOME variable RUN echo export JAVA_HOME=`echo -ne '\n' | echo \`update-alternatives --config java\` | cut -d "(" -f2 | cut -d ")" -f1 | sed 's/.........$//'` >> /etc/bashrc RUN mkdir /varun/sshd RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' RUN ssh-keygen -A ENTRYPOINT ["/usshare/host/docker-entrypoint.sh"] 

#!/bin/sh # Change password for root user to login using SSH # Password must be min 8 characters long! SSH_USERPASS=test1111 echo -e "$SSH_USERPASS\n$SSH_USERPASS" | (passwd --stdin root) /ussbin/sshd -D 

cd /share/jellyfin-app docker build -t centosdev . docker run --name jellyfin-app -v /share/jellyfin-app:/usshare/host:rw -p 2200:22 -d centosdev 

FROM ubuntu RUN apt-get update; apt-get -y upgrade; apt-get clean RUN apt-get -qq install -y openssh-server passwd openjdk-8-jdk; apt-get clean # Set JAVA_HOME variable RUN echo export JAVA_HOME=`echo -ne '\n' | echo \`update-alternatives --config java\` | cut -d "(" -f2 | cut -d ")" -f1 | sed 's/.........$//'` >> /etc/bashrc RUN mkdir /varun/sshd RUN ["/bin/bash", "-c", "ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' << Copy and paste below contents into a new file called docker-entrypoint.sh:
 
#!/bin/bash #yum install cracklib-dicts -y # Change password for root user to login using SSH # Password must be min 8 characters long! SSH_USERPASS=test1111 echo -e "$SSH_USERPASS\n$SSH_USERPASS" | passwd "root" /ussbin/sshd -D 
 ENTRYPOINT points to /usshare/host/docker-entrypoint.sh, and directory /usshare/host will be mapped to /share/jellyfin-app volume on the host machine. Alternatively you may ADD the file inside container - then you will not need the /usshare/host volume each time when you run the container.
 
cd /share/jellyfin-app docker build -t ubuntudev . docker run --name jellyfin-app -v /share/jellyfin-app:/usshare/host:rw -p 2200:22 -d ubuntudev 
 You may want to change following properties:
 
 
 
/share/jellyfin-app
 
to the direcotry where you created docker-entrypoint.sh
 
 
 
 
2200
 
to the port that is available on your host machine, that you will use to connect to the container (for example with Putty)
 
 
 
Step 3-A: Using CentOS: Download and Build JellyFin web application
 Commands below will do following:
 
 
create directory /jellyfin;
 
install Nodejs v14 (node) and also npm, git, yarn;
 
download and build jellyfin-web and jellyfin-tizen projects.
 
 Login to container using Putty by connecting to localhost and port 2200 with user root and password test1111, or simply run the following command:
 
docker exec -it jellyfin-app bash 
 ​
 
mkdir /jellyfin cd /jellyfin # Install Node.js version 14 on Ubuntu - by default Ubuntu packages comes with old versions of Nodejs (version ~10) curl https://raw.githubusercontent.com/creationix/nvm/masteinstall.sh | bash . /root/.nvm/nvm.sh install 14.4.0 # Configure packager to install Nodejs v14 and install it curl -sL https://rpm.nodesource.com/setup_14.x | bash - yum install -y nodejs npm --version #Output: 6.14.15 is tested to be suitable node --version #Output: v14.18.2 yum install git -y npm install yarn -g git clone https://github.com/jellyfin/jellyfin-web.git git clone https://github.com/jellyfin/jellyfin-tizen.git cd jellyfin-web #Next command takes long time, and does not update screen during opration, do not interrupt npx [email protected] --update-db #Following takes very long time: npm ci --no-audit --loglevel verbose cd ../jellyfin-tizen JELLYFIN_WEB_DIR=../jellyfin-web/dist yarn install 
 
Step 3-B: Using Ubuntu: Download and Build JellyFin web application
 Commands below will do following:
 
 
create directory /jellyfin;
 
install Nodejs v14 (node) and also npm, git, yarn;
 
download and build jellyfin-web and jellyfin-tizen projects.
 
 Login to container using Putty by connecting to localhost and port 2200 with user root and password test1111, or simply run the following command:
 
docker exec -it jellyfin-app bash 
 ​
 
mkdir /jellyfin cd /jellyfin # Install Node.js version 14 on Ubuntu - by default Ubuntu packages comes with old versions of Nodejs (version ~10) curl https://raw.githubusercontent.com/creationix/nvm/masteinstall.sh | bash . /root/.nvm/nvm.sh install 14.4.0 # Configure packager to install Nodejs v14 and install it curl -sL https://deb.nodesource.com/setup_14.x | bash - apt-get install -y nodejs npm --version #Output: 8.3.0 is tested to be suitable node --version #Output: v14.18.2 apt-get install git -y npm install yarn -g git clone https://github.com/jellyfin/jellyfin-web.git git clone https://github.com/jellyfin/jellyfin-tizen.git cd jellyfin-web #Following 4 commands may be required (do not remember exactly if required): npm install date-fns npm install --save-dev webpack npm install -g webpack npm install -g webpack-cli #Next command takes long time, and does not update screen during opration, do not interrupt npx [email protected] --update-db #Following takes very long time: npm ci --no-audit --loglevel verbose cd ../jellyfin-tizen JELLYFIN_WEB_DIR=../jellyfin-web/dist yarn install 
 
Step 4-A: Using CentOS: Setup Tizen Studio CLI
 Commands below will do following:
 
 
create directory /tizen;
 
create new user jellyfin;The reason to create new user is because Tizen Stuido installer does not allow to be installed using root. You can use any other user than root, but then you will have to use the same user in all the next steps.
 
download Tizen Studio CLI version 4.5.1 for Ubuntu - do not consider that there is a mistake - it will install just fine on CentOS;
 
add Tizen Studio path to $PATH variable, so you can use tizen command from any directory;
 
remove downloaded files: jellyfin-web, jellyfin-tizen, .git directories and Tizen Studio installer.
 
 Note: you may choose other Tizen Studio CLI version from here: https://download.tizen.org/sdk/Installer
 
#"which" tool will be needed during installation of Tizen Studio (used by installer) yum install which wget zip -y mkdir /tizen cd /tizen wget https://download.tizen.org/sdk/Installetizen-studio_4.5.1/web-cli_Tizen_Studio_4.5.1_ubuntu-64.bin chmod a+x web-cli_Tizen_Studio_*.bin adduser jellyfin #enter password: jellyfin passwd jellyfin su jellyfin bash web-cli_Tizen_Studio_*.bin * Tizen Studio is required to agree with software license. * Do you want to read a license agreement policy? (Y/n) : n * You select => n * Do you agree with software license agreement? (Y/n) : y * * Destination directory : /home/jellyfin/tizen-studio * Default destination directory is (/home/jellyfin/tizen-studio) * Do you want to install to default directory? (Y/n) : y * ... * [100%] => * Installation has been completed! * Thank you for using Installer #add path to tizen binary in $PATH (do it only while logged in with jellyfin user) at the end of .bashrc file: vi ~/.bashrc export PATH=$PATH:/home/jellyfin/tizen-studio/tools/ide/bin # exit from jellyfin user shell and execute next commands with the previous user exit chown -R jellyfin:jellyfin /jellyfin/jellyfin-tizen # remove temporary files to save free space rm -fr /home/jellyfin/.package-managerun/tizensdk_*/ rm -f /jellyfin/jellyfin-web.tar.gz rm -f /tizen/web-cli_Tizen_Studio_*.bin rm -fr /jellyfin/jellyfin-web/.git rm -fr /jellyfin/jellyfin-tizen/.git 
 
Step 4-B: Using Ubuntu: Setup Tizen Studio CLI
 Commands below will do following:
 
 
create directory /tizen;
 
create new user jellyfin;The reason to create new user is because Tizen Stuido installer does not allow to be installed using root. You can use any other user than root, but then you will have to use the same user in all the next steps.
 
download Tizen Studio CLI version 4.5.1 for Ubuntu;
 
add Tizen Studio path to $PATH variable, so you can use tizen command from any directory;
 
remove downloaded files: jellyfin-web, jellyfin-tizen, .git directories and Tizen Studio installer.
 
 Note: you may choose other Tizen Studio CLI version from here: https://download.tizen.org/sdk/Installer
 
#"which" tool will be needed during installation of Tizen Studio (used by installer) apt-get install which zip -y mkdir /tizen cd /tizen chmod a+x web-cli_Tizen_Studio_*.bin adduser jellyfin #enter password: jellyfin passwd jellyfin su jellyfin bash web-cli_Tizen_Studio_*.bin * Tizen Studio is required to agree with software license. * Do you want to read a license agreement policy? (Y/n) : n * You select => n * Do you agree with software license agreement? (Y/n) : y * * Destination directory : /home/jellyfin/tizen-studio * Default destination directory is (/home/jellyfin/tizen-studio) * Do you want to install to default directory? (Y/n) : y * ... * [100%] => * Installation has been completed! * Thank you for using Installer #add path to tizen binary in $PATH (do it only while logged in with jellyfin user) at the end of .bashrc file: vi ~/.bashrc export PATH=$PATH:/home/jellyfin/tizen-studio/tools/ide/bin # exit from jellyfin user shell and execute next commands with the previous user exit chown -R jellyfin:jellyfin /jellyfin/jellyfin-tizen # remove temporary files to save free space rm -fr /home/jellyfin/.package-managerun/tizensdk_*/ rm -f /jellyfin/jellyfin-web.tar.gz rm -f /tizen/web-cli_Tizen_Studio_*.bin rm -fr /jellyfin/jellyfin-web/.git rm -fr /jellyfin/jellyfin-tizen/.git 
 
Step 5: Configure Tizen Studio
 Create new Tizen certificate
 You can leave it as is, because you may even not see this information on the TV once the app is deployed there, or you may want to replace following in the command below:
 
 
 
YourCountry
 
Country code, for example: LV, LT, EE, UK, RU
 
 
 
 
YourCity
 
City, for example: Riga
 
 
 
YourCompany
 
Any name, for example, MyCompany
 
 
 
Your Name
 
Your name, for example "Will Smith"
 
 
 
[[email protected]](mailto:[email protected])
 
Email address, can leave the same
 
 
 
1234
 
This is password that needs to be remembered in order to further use this generated certificate
 
 
 Execute all below commands with jellyfin user:
 
su jellyfin 
 ​
 
tizen certificate -a TizenCert -p 1234 -c YourCountry -ct YourCity -o YourCompany -n "Your Name" -e [email protected] -f tizencert 
 Certificate is created in /home/jellyfin/tizen-studio-data/keystore/authotizencert.p12
 You can read more about Tizen certificates here: https://developer.tizen.org/development/tizen-studio/web-tools/cli#Issue_tizen_cert
 Create Tizen signing profile
 See available profiles that are already created - it will give empty list if you just installed Tizen Studio:
 
tizen security-profiles list 
 Create new profile, you may want to replace YourName with something like WillSmith:
 
tizen security-profiles add -n YourName -a /home/jellyfin/tizen-studio-data/keystore/authotizencert.p12 -p 1234 
 The command output will show you where is located Tizen Distribution certificate, by default it will be located here: /home/jellyfin/tizen-studio/tools/certificate-generatocertificates/distributotizen-distributor-signer.p12 and the default password in order to use the Distribution certificate is: tizenpkcs12passfordsigner
 Update the passwords for Tizen signing profile
 
 
Change password for tizencert.p12 to 1234
 
Change password for tizen-distributor-signer.p12 to tizenpkcs12passfordsigner
 
 ​
 
vi /home/jellyfin/tizen-studio-data/profile/profiles.xml 
 Original file content will look like this:
 
        
 Your modified content will look like this:
 
        
 
Step 6: Build Tizen (Samsung) TV application
 Execute all below commands with jellyfin user:
 
su jellyfin 
 Command will prompt to input author password. Type 1234, and confirm with Y when asked.
 
cd /jellyfin/jellyfin-tizen tizen build-web -e ".*" -e gulpfile.js -e README.md -e "node_modules/*" -e "package*.json" -e "yarn.lock" # input password: 1234 tizen package -t wgt -o . -s YourName -- .buildResult 
 If facing problems, then verify the log file for error:
 
tail -50 /home/jellyfin/tizen-studio-data/cli/logs/cli.log 
 For example, following error may occur:
 
Error occured during build! java.io.FileNotFoundException: /jellyfin/jellyfin-tizen/.buildResult/config.xml (No such file or directory) [ERROR] AbstractCLI.java(93) - java.io.FileNotFoundException: /jellyfin/jellyfin-tizen/.buildResult/config.xml (No such file or directory) org.tizen.ncli.exceptions.UnexpectedException: java.io.FileNotFoundException: /jellyfin/jellyfin-tizen/.buildResult/config.xml (No such file or directory) at org.tizen.ncli.subcommands.build.buildweb.BuildWebCLICommand.call(BuildWebCLICommand.java:102) at org.tizen.ncli.subcommands.build.buildweb.BuildWebCLICommand.call(BuildWebCLICommand.java:52) at org.tizen.ncli.subcommands.AbstractSubCommand.runCommand(AbstractSubCommand.java:76) at org.tizen.ncli.ide.shell.BuildWebCLI.execute(BuildWebCLI.java:86) at org.tizen.ncli.ide.shell.AbstractCLI.execute(AbstractCLI.java:91) at org.tizen.ncli.ide.shell.Main.run(Main.java:189) at org.tizen.ncli.ide.shell.Main.main(Main.java:122) 
 In case of above error, try to create directory in /jellyfin/jellyfin-tizen/:
 
[email protected]:/jellyfin/jellyfin-tizen$ mkdir .buildResult mkdir: cannot create directory '.buildResult': Permission denied 
 As observed, reason for the error is that parent directory is not belonging to the jellyfin user:
 
[email protected]:/jellyfin/jellyfin-tizen$ cd .. [email protected]:/jellyfin$ ls -l total 8 drwxr-xr-x 5 root root 4096 Dec 26 22:38 jellyfin-tizen drwxr-xr-x 12 root root 4096 Dec 26 22:13 jellyfin-web 
 
Step 7: Deploy application to TV
 More details on deploying applications to TV can be found here: https://mitchbarry.com/tizen-tv-apps-docke
 Enable Developer Mode on the TV (more details here if needed):
 
 
Launch Smart Hub
 
Open Applications
 
Type 1-2-3-4-5 on the remote => a window will pop-upYou will not see the numbers that you type, so you may need to try a couple of times
 
Switch Developer Mode to ON, and enter the IP address of the computer where you are running tizen command!Note that it needs to be host IP address and not the address of Docker container.
 
Restart TV (if Developer Mode was already ON - then changing IP does not require a restart)
 
 Dialog to enable Developer Mode and input IP address may look different on you TV, here some examples:
 https://preview.redd.it/her9rwhtnqa81.png?width=391&format=png&auto=webp&s=853c1ec5d46e8cd377b4478ce0f34c72a67393a2
 ​
 https://preview.redd.it/7g3mmtd6oqa81.png?width=396&format=png&auto=webp&s=4910b8de61ea77a1de41ee0928a35378150b773d
 Execute all below commands with jellyfin user, verify with command whoami if not sure:
 
su jellyfin 
 ​
 
/home/jellyfin/tizen-studio/tools/sdb devices * Server is not running. Start it now on port 26099 * * Server has started successfully * List of devices attached # 192.168.1.123 is IP for Samsung TV, check it in Menu > Network on the TV /home/jellyfin/tizen-studio/tools/sdb connect 192.168.1.123 connecting to 192.168.1.123:26101 ... connected to 192.168.1.123:26101 /home/jellyfin/tizen-studio/tools/sdb devices List of devices attached 192.168.1.123:26101 device UJ6300 # UJ6300 is the name of Samsung TV as listed by sdb devices command above cd /jellyfin/jellyfin-tizen tizen install -n Jellyfin.wgt -t UJ6300 
 A sample output of successful installation:
 
Transferring the package... Transferred the package: /jellyfin/jellyfin-tizen/Jellyfin.wgt -> /opt/usapps/tmp Installing the package... -------------------- Platform log view -------------------- install AprZAARz4r.Jellyfin packet_path /opt/usapps/tmp/Jellyfin.wgt install app, app_id[AprZAARz4r.Jellyfin], packet_path[/opt/usapps/tmp/Jellyfin.wgt], install_path[] app_id[AprZAARz4r.Jellyfin] installing[3] app_id[AprZAARz4r.Jellyfin] installing[23] app_id[AprZAARz4r.Jellyfin] installing[26] app_id[AprZAARz4r.Jellyfin] installing[34] app_id[AprZAARz4r.Jellyfin] installing[38] app_id[AprZAARz4r.Jellyfin] installing[42] app_id[AprZAARz4r.Jellyfin] installing[46] app_id[AprZAARz4r.Jellyfin] installing[53] app_id[AprZAARz4r.Jellyfin] installing[61] app_id[AprZAARz4r.Jellyfin] installing[65] app_id[AprZAARz4r.Jellyfin] installing[80] app_id[AprZAARz4r.Jellyfin] installing[84] app_id[AprZAARz4r.Jellyfin] installing[88] app_id[AprZAARz4r.Jellyfin] installing[92] app_id[AprZAARz4r.Jellyfin] installing[96] app_id[AprZAARz4r.Jellyfin] installing[100] app_id[AprZAARz4r.Jellyfin] install completed spend time for wascmd is [15719]ms cmd_ret:0 Installed the package: Id(AprZAARz4r.Jellyfin) Tizen application is successfully installed. Total time: 00:00:26.388 
 The deployed application should be now available under Applications in Smart Hub. Note that it may have a gray sample application icon, instead of the usual Jellyfin icon so you may not notice it immediately.
 Note that AprZAARz4r.Jellyfin is the application ID, you can use it to start the application from command line:
 
/home/jellyfin/tizen-studio/tools/sdb -s 192.168.1.123:26101 shell 0 was_execute AprZAARz4r.Jellyfin 
 or this command (but it didn't worked for me):
 
/home/jellyfin/tizen-studio/tools/sdb shell 0 execute AprZAARz4r.Jellyfin 
 Sample output:
 
launch app AprZAARz4r.Jellyfin launch app, app_id[AprZAARz4r.Jellyfin], payload[] app_id[AprZAARz4r.Jellyfin] launch start app_id[AprZAARz4r.Jellyfin] launch completed spend time for wascmd is [3078]ms 
 If you didn't captured the application ID, you can locate it using this command:
 
/home/jellyfin/tizen-studio/tools/sdb shell 0 applist 
 

I have installed a fresh copy of MicroOS on a server but can't seem to be able to SSH into it with root.
The server is accessible on the network, and the SSH daemon is running on the default port (22) on it as well.
When I SSH from other machines on the network it keeps asking for root password over and over again, despite having entered it correctly everytime.
On the MicroOS server, the systemctl status sshd command output states an error: PAM: Authentication Failure for root from 192.168.0.200 every time the other machine enters the correct password but somehow can't get connected.
What am I missing here?
Edit: Semantics.

Securing linux: - I’ve seperated categories by “_“ - I’d recommend using sudo -s at the beginning to avoid having to constantly enter your password
Note: For arch based distros I mention pamac as opposed to pacman, as it’s easier to use, and all arch based distros for e.g Garuda, Manjaro, etc have pamac. Since some of these packages are AURs, you need to go to pamac’s gui app, settings, and enable the AUR repo. Else replace “pamac install” with “pacman -S”
__________________________________________________________________________________________
UsbGuard: Protect yourself from physical usb attacks and executing malware/backdoors, this can work by making usb’s read only, unless you explicitly whitelist it.
sudo ln -s /dev/null /etc/systemd/system/usbguard.service #in order for unmask to work
Ubuntu based: sudo apt install usbguard
Arch based: sudo pamac install usbguard
__________________________________________________________________________________________
Configuring USBGuard
After installation run:

1. usbguard generate-policy #steps 1-2 whitelists already connected devices, e.g your current mouse/keyboard/storage
2. usbguard generate-policy > /etc/usbguard/rules.conf
3. systemctl unmask usbguard.service systemctl
4. start usbguard.service
5. systemctl enable usbguard.service

To allow a usb device permanently simply run:
usbguard list-devices
usbguard allow-device EnterTheIdHere -p
_____________________________________________________________________________________________
SSH: Essentially, remote access to your devices terminal.
If this is enabled and you don’t use it, it’s best to disable it.
ubuntu based: sudo systemctl disable ssh.service
Arch based (manjaro, Garuda, etc): sudo systemctl disable sshd
_____________________________________________________________________________________________
If you do use it:
Changing the ssh port:
There‘s a few ways to secure ssh, the most obvious being to change the port. A lot argue that this is pointless, but it’ll at least deter less advanced attackers.
The default port is 22 for everyone.
sudo nano /etc/ssh/sshd_config
Change “Port 22” to any unused port. If ur unsure which port hasnt been used, try 99.
_____________________________________________________________________________________________
Fai2ban - deters brute force attacks
Ubuntu/debian based: sudo apt install fail2ban
Arch based: sudo pamac install fail2ban-client
Configuring fail2ban:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
“Ban time” = how long attackers are banned, “find time” = if an attacker enter a password incorrectly, how long do you have to wait before the incorrect password counter resets, “maxretry“ = the max amount of incorrect passwords before the ban, “ignore ip” = you may want to whitelist your own ip. Make sure to change fail2ban’s port to the one you chose in the previous step. “port = yourporthere“
_____________________________________________________________________________________________
Ssh keys (advanced) * see the “ssh key” section below
_____________________________________________________________________________________________
Network firewall: Only allow internet access to applications which need it.
This can mitigate spyware/trojans, which are rare on linux anyways, and stopping apps from collecting unnecessary info.
Opensnitch does a decent job at this, has a gui which prompts you once when an app wants to use the internet.
Ubuntu based: (updated the guide, as i just realised it has a .deb file, which is a lot easier to install)

1. download this from its github page
2. Double click the .deb file, and when your package manager is launched, press install

Arch based: Someone made an aur, which saves you so much time:

1. pamac install opensnitch-git
2. sudo systemctl start opensnitchd

_____________________________________________________________________________________________
Malware/rootkit scanner: I wouldn’t really say this is necessary, but if you think you have malware then you can run a scan:
Ubuntu based: sudo apt-get install clamav clamav-daemon chkrootkit
Arch based: sudo pamac install clamav and then sudo pamac install chkrootkit
_____________________________________________________________________________________________
File permissions: You may want to get familiar with chmod, and chown, to change file permissions. For e.g, if you store important files somewhere you may want to make it require root access in order to read/write: in which case you‘d run:
sudo chown root:root /path/to/application
sudo chmod 700 /path/to/application
_____________________________________________________________________________________________
Sandboxing
I’d suggest learning firejail, or bubblewrap (more advanced), to sandbox and isolate apps.
However, if that sounds too complicated, then downloading apps as flatpaks is a great way to have some security, whilst not a silver bullet, its extremely easy to use and permissions can be managed through it’s gui app: flatseal, or just cli.
_____________________________________________________________________________________________
File deletion: - Secure delete
Contrary to popular belief, deleting a file doesn’t actually delete it, it’s instead waiting to be overwritten by a new file, this means that it can easily be recovered. Whilst full disk encryption solves this (from theft), it doesn’t prevent malware from recovering confidential files, e.g you backed up your bitwarden database.
Ubuntu based: sudo apt-get install secure-delete
Arch based: sudo pamac install secure-delete
Usage:

• file deletion: sudo srm /path/to/file
• wipe free space, (delete normally deleted files), sudo sfill /
• wipe swap, sswap /path/to/partition Be careful, with this command, make sure to enter the right swap partition, e.g /dev/sda5 if ur swap is on sda5. You can find your partition by doing cat /proc/swaps

_____________________________________________________________________________________________
Other, more general tips below:
_____________________________________________________________________________________________
DNS: not really linux related, but I’d recommend doing this.
By default, ur using plain text dns, it’s vulnerable to mitm attacks, your isp can log all traffic, etc. By doing this, you’d also have the ability to block ads/trackers/malware/and malicious ip’s reported for ssh attacks
You’ll be selfhosting adguard home (only takes 1 command), and can even use this on other devices, but if you don’t want to leave your computer on 24/7, then you can use it solely on your own device.
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/mastescripts/install.sh | sh -s -- -v
That’s it, then go to http://localhost:3000, to access its web gui. (It might not be port 3000, as I did this ages ago, but it says in the terminal, change the ports to anything else within the web gui if planning on selfhosting the apps below)
It’s best to setup https for its web interface, but feel free to skip this step:
openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out adguard1234g.crt -keyout adguard1234g.key
Go to settings > encryption settings > enable https, force https, and quite simply copy and paste adguard1234g.crt into the certificate field, and adguard1234g.key into the key field. That’s it. You can access it through https not http now. https://localhost
_____________________________________________________________________________________________
How to use adguard home (the above section)? Do hostname -I to find your local ip (it’s the first number), change your dns to it on your device(s). I’ll mention the manual way below as it’ll work on all desktop environments, but you’ll likely have a easier gui.
Arch based: sudo nano /etc/resolv.conf replace “nameserver anipaddresshere“ with “nameserver yourlocalip“.
Ubuntu based: do the above but also do sudo nano /etc/systemd/resolved.conf and change dns and fallback to your local ip.
_____________________________________________________________________________________________
Adguard Home recommended settings
Configuring adguard home should be common sense since it has an easy to use gui. But here’s my recommendations:
Settings > dns > in the first box enter any dns provider. I’d recommend using quad9 as its recent move to switzerland, and change in privacy policy, makes it the best dns provider in terms of privacy imo. Its also one of the fastest.
Quad9’s Dnscrypt: 2.dnscrypt-cert.quad9.net
Quad9’s dns over tls: tls://dns.quad9.net
Filters > Blocklist
I’d recommend using oisd.nl’s blocklist for ad/trackemalware/crypto/etc blocking without false positives, or if you’re brave use energised unified/ultimate but be willing to whitelist a lot of stuff.
^{Why not pihole? I personally would recommend adguard home over pihole as it just supports more features out of the box, and has a cleaner ui imo}
_____________________________________________________________________________________________
Secure cloud storage:
Use cryptomator to auto encrypt files when uploading files to cloud. Use veracrypt for a more secure, but manual option, or just GnuPg which is included by default in most distros, however gnupg doesn’t support folder encryption.
Or selfhost nextcloud on a device which is on 24/7 for your own cloud storage. It’s incredibly easy to setup (with https), and requires 2 commands.
sudo snap install nextcloud
sudo nextcloud.enable-https self-signed
https://localhost
_____________________________________________________________________________________________
Password manager:
Use bitwarden for a free hosted option, keepassxc for an offline/local option, or vaultwarden for selfhosted bitwarden.
___________________________________________________________________________________________
*ssh keys are a great way to secure ssh logins, as it‘ll be unique to you and can even be combined with a passphrase. Bare in mind, this causes issues with a lot of ssh clients, filezilla (sftp file transfer)’s ssh key implementation isnt compatible with openssl, most mobile clients lack this feature.
ssh-keygen
ssh-copy-id [email protected]_host - change to ssh key for login.
If ssh-copy-id doesnt work, you’ll need to manually copy the key to your authorised keys.
Now, the server has your public key, and you ssh via your private key.
_____________________________________________________________________________________________
Lastly, use lynis for system audit, and overview of security risks
cd
git clone https://github.com/CISOfy/lynis
cd lynis
lynis audit system
_____________________________________________________________________________________________
Physical attacks:
_____________________________________________________________________________________________
Further securing against physical attacks, when making this post, my intention was leaning closer towards software but included usbguard as it’s probably the most likely physical attack you’ll face, due to how fast and easily it can be performed. However, see the below sections if you want to secure against physical attacks:
_____________________________________________________________________________________________
Encryption:
Its worth noting that, despite having a password, an attacker with physical access to your device can access all files. Encryption solves this problems, and there’s 2 types:
_____________________________________________________________________________________________
Full disk encryption:
Securing and encrypting all files. More convenient than encrypted volumes as you’ll only need to enter your password once, on boot.
Luks: can only be enabled when you’re installing ur os.
Veracrypt’s full disk encryption: can be used after installation. More secure than Luks as it’s had countless security audits, and encrypts the keyfiles in memory preventing malware from accessing it (unlike Luks)
_____________________________________________________________________________________________
Encrypted Volumes:
Encrypt only confidential files within volumes
Use Veracrypt
___________________________________________________________________________________________
u/13Zero’s advice:
Bios password:

so no one can go around your bootloader password by booting off of an external drive

When booting, press all of the f keys (f1 - f12) and esc, until you get the bios, somewhere in the bios, there’ll be a security section, and underneath that will be “password” option.
Unfortunately, I can’t provide an exact guide for this of these as it’s specific to your device.
_____________________________________________________________________________________________
u/13Zero’s advice:
Boot loader password: - (Advanced)

so no one can change kernel parameters and, say, boot directly into a root terminal

Ubuntu, Arch
_____________________________________________________________________________________________
if anyone else has any other advice that I’ve missed, share it in the comments and I’ll edit this post with ur username
Edits: u/Mister001X

As a general advice it is always a bad idea to run curl installing software from random/untrusted sources.

u/kpcyrd

pamac install arch-audit-gtk

A great tool, notifying you on missing security updates, and vulnerable packages. With support for tor to anonymise requests. Although, bare in mind this tool is already in lynis, so get this only if you want a tray application + notifs

Last edit: 12th June - Misc. 

howdy all, as the title suggests, im looking for a fast way to do the following.

Create a new folder, called overlay in my case, and copy all folders/files above inside. It's time to build our own firmware.

So i need to copy all the following files from different locations, all to a new folder called overlay. I started to do it manually, and the first issue i ran into is i dont have the third line /etc/config/ Is there a faster way to do this via terminal etc. The following is the files.

/bin/bash /bin/busybox /etc/config/autossh /etc/hotplug.d/block/20-sd /etc/hotplug.d/iface/20-autossh /etc/hotplug.d/iface/30-usb /etc/hotplug.d/usb/30-fix_wifi /etc/hotplug.d/usb/30-sd /etc/init.d/atd /etc/init.d/autossh /etc/init.d/cc-client /etc/init.d/dnsmasq /etc/init.d/php7-fpm /etc/init.d/pineapd /etc/init.d/pineapple /etc/init.d/resetssids /etc/nginx/nginx.conf /etc/opkg /etc/php7-fpm.d/www.conf /etc/pineape /etc/pineapple /etc/rc.button/BTN_1 /etc/rc.button/reset /etc/rc.d/S90resetssids /etc/rc.d/S98pineapple /etc/rc.d/S99cc-client /etc/rc.d/S99pineapd /etc/ssh/sshd_config /etc/ssl/openssl.cnf /etc/uci-defaults/90-firewall.sh /etc/uci-defaults/91-fstab.sh /etc/uci-defaults/92-system.sh /etc/uci-defaults/93-pineap.sh /etc/uci-defaults/94-reporting.sh /etc/uci-defaults/95-network.sh /etc/uci-defaults/96-landingpage.sh /etc/uci-defaults/97-pineapple.sh /etc/banner /etc/inittab /etc/opkg.conf /etc/php.ini /etc/php7-fpm.conf /etc/rc.local /etc/shadow /lib/preinit/30_failsafe_wait /lib/preinit/40_run_failsafe_hook /lib/upgrade/keep.d/busybox /lib/wifi/mac80211.sh /pineapple /sbin/fdisk /sbin/led /usbin/pineapple /usbin/aircrack-ng /usbin/pineap /usbin/uuencode /uslib/libaircrack-ce-wpa-1.5.2.so /uslib/libaircrack-ce-wpa.la /uslib/libaircrack-ce-wpa.so /uslib/libaircrack-osdep-1.5.2.so /uslib/libaircrack-osdep.la /uslib/libaircrack-osdep.so /uslib/libprotobuf-lite.so /uslib/libprotobuf-lite.so.15 /uslib/libprotobuf-lite.so.15.0.1 /uslib/libwifi.so /ussbin/aireplay-ng /ussbin/airmon-ng /ussbin/airodump-ng /ussbin/airodump-ng-oui-update /ussbin/C2CONNECT /ussbin/C2DISCONNECT /ussbin/C2EXFIL /ussbin/cc-client /ussbin/http_sniffer /ussbin/log_daemon /ussbin/pineapd /ussbin/resetssids /www 

taken from the following link. Link
Any help would be greatful.
Regards.