https://wiki.archlinux.org/api.php?action=feedcontributions&user=Chrk&feedformat=atomArchWiki - User contributions [en]2024-03-28T13:20:07ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Steam&diff=285895Steam2013-12-02T14:04:57Z<p>Chrk: /* Troubleshooting */</p>
<hr />
<div>[[Category:Gaming]]<br />
[[Category:Wine]]<br />
[[ja:Steam]]<br />
[[zh-CN:Steam]]<br />
{{Related articles start}}<br />
{{Related|Wine}}<br />
{{Related|Steam/Game-specific troubleshooting}}<br />
{{Related articles end}}<br />
From [[Wikipedia:Steam (software)|Wikipedia]]:<br />
: ''Steam is a digital distribution, digital rights management, multiplayer and communications platform developed by Valve Corporation. It is used to distribute games and related media online, from small independent developers to larger software houses.''<br />
<br />
[http://store.steampowered.com/about/ Steam] is best known as the platform needed to play Source Engine games (e.g. Half-Life 2, Counter-Strike). Today it offers many games from many other developers.<br />
<br />
== Native Steam on Linux ==<br />
<br />
{{Note|<br />
* Arch Linux is '''not''' [https://support.steampowered.com/kb_article.php?ref&#61;1504-QHXN-8366 officially supported].<br />
* Because the Steam client is a 32-bit application, you will need to enable the [[multilib]] repository if you have a 64-bit system. It may also make sense to install {{Grp|multilib-devel}} to provide some important multilib libraries. You also most likely need to install the 32-bit version of your graphics driver to run Steam.<br />
}}<br />
<br />
Steam can be installed with the package {{Pkg|steam}}, available in the [[official repositories]]. If you have a 64-bit system, enable the [[multilib]] repository first.<br />
<br />
Steam is not supported on this distribution. As such some fixes are needed on the users part to get things functioning properly:<br />
<br />
*Steam makes heavy usage of the Arial font. A decent Arial font to use is {{Pkg|ttf-liberation}} or one of the official Microsoft fonts packages containing Arial: {{AUR|ttf-microsoft-arial}}, {{AUR|ttf-ms-win8}},{{AUR|ttf-office-2007-fonts}}, {{AUR|ttf-win7-fonts}} or {{AUR|ttf-ms-fonts}}. See [[MS Fonts]] for more details. Asian languages require {{Pkg|wqy-zenhei}} to display properly.<br />
<br />
*Most games require {{Pkg|libtxc_dxtn}} and {{Pkg|lib32-libtxc_dxtn}} when using mesa drivers, so it is recommended to install these packages.<br />
<br />
*Several games have dependencies which may be missing from your system. If a game fails to launch (often without error messages) then make sure all of the libraries listed in [[Steam/Game-specific troubleshooting]] are installed. <br />
<br />
=== Troubleshooting ===<br />
<br />
{{Note|<br />
* In addition to being documented here, any bug/fix/error should be, if not already, reported on Valve's bug tracker on their [https://github.com/ValveSoftware/steam-for-linux GitHub page].<br />
* Connection problems may occur when using DD-WRT with peer-to-peer traffic filtering.<br />
}}<br />
<br />
==== GUI problems with KDE ====<br />
<br />
: Valve GitHub [https://github.com/ValveSoftware/steam-for-linux/issues/594 issue 594]<br />
<br />
If you are using KDE and you have problems with the GUI (such as lag or random crashes), in KDE system settings, go to ''Workspace Appearance and Behaviour > Desktop Effects > Advanced''. Change "Compositing type" from "XRender" to "OpenGL".<br />
<br />
==== The close button only minimizes the window ====<br />
<br />
: Valve GitHub [https://github.com/ValveSoftware/steam-for-linux/issues/1025 issue 1025]<br />
<br />
To close the Steam window (and remove it from the taskbar) when you press '''x''', but keep Steam running in the tray, set the environment variable {{ic|STEAM_FRAME_FORCE_CLOSE}} to {{ic|1}}. You can do this by launching Steam using the following command.<br />
$ STEAM_FRAME_FORCE_CLOSE=1 steam<br />
<br />
==== Flash not working on 64-bit systems ====<br />
<br />
: Steam Support [https://support.steampowered.com/kb_article.php?ref=1493-GHZB-7612 article]<br />
<br />
First ensure {{Pkg|lib32-flashplugin}} is installed. It should be working at this point, if not create a local Steam Flash plugin folder:<br />
$ mkdir ~/.steam/bin32/plugins/<br />
and set a symbolic link to the global lib32 flash plugin file in your upper new folder<br />
$ ln -s /usr/lib32/mozilla/plugins/libflashplayer.so ~/.steam/bin32/plugins/<br />
<br />
==== Text is corrupt or missing ====<br />
<br />
The Steam Support [https://support.steampowered.com/kb_article.php?ref=1974-YFKL-4947 instructions] for Windows seem to work on Linux also: Simply download [https://support.steampowered.com/downloads/1974-YFKL-4947/SteamFonts.zip SteamFonts.zip] and install them (copying to {{ic|~/.fonts/}} works at least).<br />
<br />
==== Error on some games: black textures/S3TC support is missing ====<br />
<br />
Install the following dependencies:<br />
* {{Pkg|libtxc_dxtn}}<br />
* {{Pkg|lib32-libtxc_dxtn}}<br />
<br />
==== SetLocale('en_US.UTF-8') fails at game startup ====<br />
<br />
Uncomment {{ic|en_US.UTF-8 UTF-8}} in {{ic|/etc/locale.gen}} and then run {{ic|locale-gen}} as root.<br />
<br />
==== Could not find required OpenGL entry point 'glGetError' ====<br />
<br />
Make sure you are running the "libgl" for your video card driver. Im my case I had to replace {{Pkg|lib32-mesa-libgl}} with {{Pkg|lib32-nvidia-libgl}}. This only works with proprietary Nvidia drivers.<br />
$ sudo pacman -Rdds lib32-mesa-libgl && sudo pacman -Syu lib32-nvidia-libgl<br />
<br />
==== The game crashes immediately after start ====<br />
<br />
If your game crashes immediately after start, try to disable "Steam Community In-Game": Open the game properties and unset "Enable Steam Community In-Game" (under General).<br />
<br />
=== Launching games with custom commands, such as Bumblebee/Primus ===<br />
<br />
Steam has fortunately added support for launching games using your own custom command. To do so, navigate to the Library page, right click on the selected game, click Properties, and Set Launch Options. Steam replaces the tag {{ic|%command%}} with the command it actually wishes to run. For example, to launch Team Fortress 2 with primusrun and at resolution 1920x1080, you would enter:<br />
<br />
primusrun %command% -w 1920 -h 1080<br />
<br />
If you are running the [[Linux-ck]] kernel, you may have some success in reducing overall latencies and improving performance by launching the game in SCHED_ISO (low latency, avoid choking CPU) via {{Pkg|schedtool}}<br />
<br />
# schedtool -I -e %command% ''other arguments''<br />
<br />
==== Killing standalone compositors when launching games ====<br />
<br />
Further to this, utilising the {{ic|%command%}} switch, you can kill standalone compositors (such as Xcompmgr or [[Compton]]) - which can cause lag and tearing in some games on some systems - and relaunch them after the game ends by adding the following to your game's launch options.<br />
<br />
killall compton && %command%; nohup compton &<br />
<br />
Replace {{ic|compton}} in the above command with whatever your compositor is. You can also add -options to {{ic|%command%}} or {{ic|compton}}, of course.<br />
<br />
Steam will latch on to any processes launched after {{ic|%command%}} and your Steam status will show as in game. So in this example, we run the compositor through {{ic|nohup}} so it is not attached to Steam (it will keep running if you close Steam) and follow it with an ampersand so that the line of commands ends, clearing your Steam status.<br />
<br />
=== Using native runtime ===<br />
<br />
Steam, by default, ships with a copy of every library it uses, packaged within itself, so that games can launch without issue. This can be a resource hog, and the slightly out-of-date libraries they package may be missing important features (Notably, the OpenAL version they ship lacks HRTF and surround71 support). To use your own system libraries, you can run Steam with:<br />
<br />
STEAM_RUNTIME=0 steam<br />
<br />
However, if you're missing any libraries Steam makes use of, this will fail to launch properly. An easy way to find the missing libraries is to run the following commands:<br />
<br />
cd ~/.local/share/Steam/ubuntu12_32<br />
LD_LIBRARY_PATH=".:${LD_LIBRARY_PATH}" ldd $(file *|sed '/ELF/!d;s/:.*//g')|grep 'not found'|sort|uniq<br />
<br />
Note that the libraries will have to be 32-bit, which means you may have to download some from the AUR if on x86_64, such as NetworkManager.<br />
<br />
Once you've done this, run steam again with STEAM_RUNTIME=0 steam and verify it's not loading anything outside of the handful of steam support libraries:<br />
<br />
cat /proc/$(pidof steam)/maps|sed '/\.local/!d;s/.* //g'|sort|uniq<br />
<br />
=== Skins for Steam ===<br />
<br />
The Steam interface can be fully customized by copying its various interface files in its skins directory and modifying them.<br />
<br />
==== Steam skin manager ====<br />
<br />
The process of applying a skin to Steam can be greatly simplified using {{AUR|steam-skin-manager}} from the AUR. The package also comes with a hacked version of the Steam launcher which allows the window manager to draw its borders on the Steam window.<br />
<br />
As a result, skins for Steam will come in two flavors, one with and one without window buttons. The skin manager will prompt you whether you use the hacked version or not, and will automatically apply the theme corresponding to your GTK+ theme if it is found. You can of course still apply another skin if you want.<br />
<br />
The package ships with two themes for the default Ubuntu themes, Ambiance and Radiance. A Faience theme is under development and already has its own package on the AUR {{AUR|steam-skin-faience-git}}.<br />
<br />
== Steam on Wine ==<br />
<br />
Install Wine as described in [[Wine]].<br />
<br />
Install the required Microsoft fonts: {{AUR|ttf-microsoft-tahoma}} and {{AUR|ttf-ms-fonts}} from the [[AUR]]. You can also install these fonts through [[Wine#Winetricks|Winetricks]]: {{ic|winetricks corefonts}}.<br />
{{Note|If you have access to Windows discs, you may want to install {{AUR|ttf-ms-win8}} or {{AUR|ttf-win7-fonts}} instead.}}<br />
<br />
=== Installation ===<br />
<br />
Download and run the Steam installer from [http://store.steampowered.com/about/ steampowered.com]. It is a {{ic|.msi}} file so you have to start it with {{ic|msiexec}}: <br />
$ msiexec /i SteamInstall.msi<br />
<br />
=== Starting Steam ===<br />
<br />
On x86:<br />
$ wine ~/.wine/drive_c/Program\ Files/Steam/Steam.exe<br />
<br />
On x86_64:<br />
$ wine ~/.wine/drive_c/Program\ Files\ \(x86\)/Steam/Steam.exe<br />
<br />
{{Note|<br />
*If text is not rendered (properly), append {{ic|-no-dwrite}} to this command. See [[#No text rendered problem]] for more information.<br />
*If you are using an Nvidia card through [[Bumblebee]], you should prefix this command with {{ic|optirun}}.<br />
}}<br />
<br />
You should consider making an alias to easily start Steam (and put it in your shell's rc file), example:<br />
alias steam-wine='wine ~/.wine/drive_c/Program\ Files\ \(x86\)/Steam/Steam.exe >/dev/null 2>&1 &'<br />
<br />
=== Tips ===<br />
<br />
==== Performance ====<br />
<br />
Consider disabling wine debugging output by adding this to your shell rc file:<br />
export WINEDEBUG=-all<br />
or, just add it to your {{ic|steam-wine}} alias to only disable it for Steam:<br />
alias steam-wine='WINEDEBUG=-all wine ~/.wine/drive_c/Program\ Files\ \(x86\)/Steam/Steam.exe >/dev/null 2>&1 &'<br />
Additionally, Source games rely on a paged pool memory size specification for audio, and WINE by default does not have this set. To set it:<br />
$ wine reg add "HKLM\\System\\CurrentControlSet\\Control\\Session Manager\\Memory Management\\" /v PagedPoolSize /t REG_DWORD /d 402653184 /f<br />
<br />
==== Source engine launch options ====<br />
<br />
Go to ''Properties > Set Launch Options'', e.g.:<br />
-console -dxlevel 90 -width 1280 -height 1024<br />
* {{ic|console}}<br />
: Activate the console in the application to change detailed applications settings.<br />
* {{ic|dxlevel}}<br />
: Set the application's DirectX level, e.g. 90 for DirectX Version 9.0. It is recommended to use the video card's DirectX version to prevent crashes. See the official Valve Software wiki https://developer.valvesoftware.com/wiki/DirectX_Versions for details.<br />
* {{ic|width}} and {{ic|height}}<br />
: Set the screen resolution. In some cases the graphic settings are not saved in the application and the applications always starts in the default resolution.<br />
Please refer to https://developer.valvesoftware.com/wiki/Command_Line_Options for a complete list of launch options.<br />
<br />
==== Using a pre-existing Steam installation ====<br />
<br />
If you have a shared drive with Windows, or already have a Steam installation somewhere else, you can simply symlink the Steam directory to {{ic|~/.wine/drive_c/Program Files/Steam/}} . However, be sure to do '''all''' the previous steps in this wiki. Confirm Steam launches and logs into your account, ''then'' do this:<br />
<br />
$ cd ~/.wine/drive_c/Program\ Files/ <br />
$ mv Steam/ Steam.backup/ (or you can just delete the directory)<br />
$ ln -s /mnt/windows_partition/Program\ Files/Steam/<br />
<br />
{{Note|<br />
* If you have trouble starting Steam after symlinking the entire Steam folder, try linking only the {{ic|steamapps}} subdirectory in your existing wine steam folder instead.<br />
* If you still have trouble starting games, use {{ic|# mount --bind /path/to/SteamApps ~/.local/share/Steam/SteamApps -ouser&#61;your-user-name }}, this is the only thing that worked for me with {{ic|TF2}}.<br />
}}<br />
<br />
==== Steam links in Firefox, Chrome, etc ====<br />
<br />
To make {{ic|steam://}} urls in your browser connect with Steam in Wine, there are several things you can do. One involves making steam url-handler keys in gconf, another involves making protocol files for KDE, others involve tinkering with desktop files or the Local State file for Chromium. These seem to only work in Firefox or under certain desktop configurations. One way to do it that works more globally is using mimeo, a tool made by Xyne (an Arch TU) which follows. For another working and less invasive (but Firefox-only) way, see the first post [http://ubuntuforums.org/showthread.php?t=433548 here] .<br />
<br />
* Make {{ic|/usr/bin/steam}} with your favorite editor and paste:<br />
<br />
{{bc|<br />
#!/bin/sh<br />
#<br />
# Steam wrapper script<br />
#<br />
exec wine "c:\\program files\\steam\\steam.exe" "$@"<br />
}}<br />
<br />
* Make it executable:<br />
<br />
# chmod +x /usr/bin/steam<br />
<br />
* Install {{AUR|mimeo}} and {{AUR|xdg-utils-mimeo}} from AUR. You will need to replace the existing {{Pkg|xdg-utils}} if installed. In XFCE, you will also need {{Pkg|xorg-utils}}.<br />
<br />
* Create {{ic|~/.config/mimeo.conf}} with your favorite editor and paste:<br />
<br />
{{bc|<br />
/usr/bin/steam %u<br />
^steam://<br />
}}<br />
<br />
* Lastly, open {{ic|/usr/bin/xdg-open}} in your favorite editor. Go to the {{ic|detectDE()}} section and change it to look as follows:<br />
<br />
{{bc|<nowiki><br />
detectDE()<br />
{<br />
#if [ x"$KDE_FULL_SESSION" = x"true" ]; then DE=kde;<br />
#elif [ x"$GNOME_DESKTOP_SESSION_ID" != x"" ]; then DE=gnome;<br />
#elif $(dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager > /dev/null 2>&1) ; then DE=gnome;<br />
#elif xprop -root _DT_SAVE_MODE 2> /dev/null | grep ' = \"xfce4\"$' >/dev/null 2>&1; then DE=xfce;<br />
#elif [ x"$DESKTOP_SESSION" == x"LXDE" ]; then DE=lxde;<br />
#else DE=""<br />
#fi<br />
DE=""<br />
}<br />
</nowiki>}}<br />
<br />
* Restart the browser and you should be good to go. In Chromium, you cannot enter a {{ic|steam://}} link in the url box like you can with Firefox. The forum link above has a {{ic|steam://open/friends}} link to try if needed.<br />
<br />
{{Note|<br />
* If you have any problems with file associations after doing this, simply revert to regular xdg-utils and undo your changes to {{ic|/usr/bin/xdg-open}}.<br />
* Those on other distributions that stumble upon this page, see the link above for firefox specific instructions. No easy way to get it working on Chromium on other distros exists.<br />
}}<br />
<br />
==== No text rendered problem ====<br />
<br />
If there is no text/font rendered when starting steam you should try to start steam with the parameter {{ic|-no-dwrite}}. Read more in [https://bbs.archlinux.org/viewtopic.php?id=146223 the forum thread about it.]<br />
{{bc|wine ~/.wine/drive_c/Program\ Files\ \(x86\)/Steam/Steam.exe -no-dwrite}}<br />
<br />
{{Note|It is important to note that although this method does currently work, It is not persistent if Steam relaunches automatically (i.e. update), or if you follow a URL link. <br />
*This can be achieved by going through '''''winecfg > Libraries''''' and setting the '''"dwrite"''' override to ''"disable"''<br />
'''Or'''<br />
*{{ic|$ wine reg add 'HKCU\Software\Valve\Steam' /v DWriteEnable /t REG_DWORD /d 00000000}}<br />
}}<br />
<br />
== See also ==<br />
<br />
* https://wiki.gentoo.org/wiki/Steam<br />
* [http://appdb.winehq.org/objectManager.php?sClass=version&iId=19444 Wine Application Database]</div>Chrkhttps://wiki.archlinux.org/index.php?title=DVB-S&diff=248582DVB-S2013-02-26T20:27:54Z<p>Chrk: updated some dead links and added reference to the package mercurial</p>
<hr />
<div>[[Category:Audio/Video]]<br />
[[de:DVB-S]]<br />
{{Article summary start}}<br />
{{Article summary text|Covers the setup and use of DVB-S (sat TV) cards on Arch Linux.}}<br />
{{Article summary heading|Important}}<br />
{{Article summary text|This was only tested with the Pinnacle PCTV Sat, and may not work or will not help you with different cards.}}<br />
{{Article summary heading|Related articles}}<br />
{{Article summary wiki|MythTV Walkthrough}}<br />
{{Article summary end}}<br />
<br />
==Load required Modules==<br />
You have to lookup the chipset of your specific card; tools like '''lshwd''' may help you.<br />
<br />
===Pinnacle PCTV Sat===<br />
This card uses bt878 and cx24110 as chipset.<br />
<br />
Load them (under root) with:<br />
# modprobe dvb-bt8xx<br />
# modprobe cx24110<br />
If you want Arch to boot them on startup, add both modules to {{Ic|MODULES}} in {{ic|/etc/rc.conf}}.<br />
<br />
===Additional modules: S2-liplianin===<br />
However, there is not a working kernel module for all (especially newer) devices.<br />
<br />
Igor M. Liplianin manages some additional modules at his [https://pikacode.com/liplianin/s2-liplianin/ mercurial repository]. <br />
<br />
====Setup====<br />
First of all, you have to download and prepare the source code.<br />
<br />
$ hg clone https://pikacode.com/liplianin/s2-liplianin<br />
<br />
If you don't have installed mercurial, you will get an error message: {{ic|hg: command not found}}<br />
<br />
You can either download the package {{Pkg|mercurial}} and try the obove command again or download the source code from [https://pikacode.com/liplianin/s2-liplianin/ here] and extract it manually.<br />
<br />
After obtaining the code, change the working directory to the extracted folder:<br />
<br />
$ cd s2-liplianin<br />
<br />
Unfortunately not all modules of liplianin are compatible with recent kernels and cause some trouble if you want to compile them hence you have to exclude these modules from the build process (if you do not need them). You can choose which modules you want to build by executing:<br />
<br />
$ make config<br />
<br />
which will create a config file: {{ic|v4l/.config}}. <br />
{{Note|If you want to edit the config file with another interface, take a look at the 'Module selection rules' section within the file {{ic|Install}}.}}<br />
<br />
After that, you have to build the chosen modules:<br />
<br />
$ make<br />
<br />
{{Note|It is very likely, that some modules will not compile. Try to exclude them (one step earlier) and run 'make' again.}}<br />
<br />
If all configured modules were compiled successfully, you can install the modules at the kernel's default modules directory by executing:<br />
<br />
# make install<br />
<br />
After that, reboot your machine.<br />
<br />
==Setup Permissions==<br />
To use your DVB-S card as user add him to the {{Ic|video}} group:<br />
# gpasswd -a [username] video<br />
<br />
==Scanning channels==<br />
{{Note | You can skip this part if you use Kaffeine.}}<br />
<br />
Most applications like szap or xine are needing a channel list created by '''scan''', which is part of '''dvb-utils'''.<br />
You will find the dvb-utils package under the name {{Pkg|linuxtv-dvb-apps}} in the Community-Repo.<br />
<br />
Install it with:<br />
# pacman -S linuxtv-dvb-apps<br />
<br />
===Using scan===<br />
'''scan''' needs an channel to initialize scanning. In {{Ic|/usr/share/dvb/dvb-s/}} are some files which contain these channels; you will need that one that fits the satellite you are watching from.<br />
<br />
The following command will scan all channels and save them to {{ic|channels.conf}}:<br />
$ scan -x0 -t1 -s1 /usr/share/dvb/dvb-s/[your satellite] | tee channels.conf<br />
{{Note | The channel file does not have to be called {{ic|channels.conf}} but it is more convenient as you will see later.}}<br />
{{Note | Depending on your satellite dish setup you may have to try other arguments.}}<br />
<br />
===Using w_scan===<br />
[https://aur.archlinux.org/packages.php?ID=12028 w_scan] allows for automatic scanning of channels without configuration. Install it then issue:<br />
<br />
# w_scan -c [your country] > ~/someChannels.conf<br />
<br />
Alternatively you can also scan using the satellite position like 19.5E for Astra 1. Scans like that can be done as follows:<br />
<br />
# w_scan -fs -s S19E5 > ~/someChannels.conf<br />
<br />
You can also add the -X flag to generate tzap/czap/xine output instead of vdr output.<br />
<br />
# w_scan -X -c AU > ~/AustraliaChannels.conf<br />
<br />
====DiSEqC switch scanning (AKA multiple satellite LNB)====<br />
If you have a LNB with a DiSEqC switch in it you can manually select that using the -D option like so:<br />
<br />
# w_scan -fs -s S23E5 -D 1c > ~/someChannels.conf<br />
<br />
The above line should work but not all found channels where actually saved. The line below worked perfectly for me:<br />
<br />
# w_scan -fs -s S23E5 -a 0 -D 1c -o 7 -e 2 > ~/someChannels.conf<br />
<br />
{{Warning|I did found out that when using a LNB with a DiSEqC switch it is way more convenient to use -X ouptut which you can use in for example mplayer. Just append "-X" before the ">" that you see above.}}<br />
<br />
==Switching channels==<br />
{{Note | szap only works with satellite TV.}}<br />
<br />
By using '''zap''', which comes with '''dvb-utils''', you can switch channels, so you do not have to rely on the abilities of your player.<br />
<br />
'''szap''' needs the channel file we created earlier; it will try {{ic|~/.szap/channels.conf}} by default. You can move the {{ic|channels.conf}} there or you can use the {{Ic|"-c"}} command-line option.<br />
<br />
Switching channels works like this:<br />
$ szap -r [channel]<br />
{{Note | szap needs to keep running.}}<br />
<br />
You can list all available channels with:<br />
$ szap -q<br />
<br />
Now you can watch the stream for example with xine:<br />
$ xine -g stdin://mpeg2 < /dev/dvb/adapter0/dvr0<br />
or with mplayer:<br />
$ mplayer /dev/dvb/adapter0/dvr0<br />
or with mplayer, but using DVB directly:<br />
$ mplayer "dvb://RTL Television"<br />
You can find all the channel names by running szap -q (assuming the channel list is also in ~/.szap/channels.conf).<br />
<br />
==Software==<br />
<br />
===Kaffeine===<br />
Kaffeine is a really nice player; it supports EPG, time-shifting, and recording. Additionally Kaffeine has built-in channel-searching.<br />
<br />
Install it with:<br />
# pacman -S kaffeine<br />
<br />
*[https://archlinux.org/packages/search/?q=kaffeine More Information]<br />
*[http://kaffeine.sourceforge.net/ Project page]<br />
<br />
====Importing channel list====<br />
* Linosaw.de provides [http://www.linowsat.de/settings/vdr.html channels.conf] files for [[VDR]]<br />
* [http://free.pages.at/cleditor/vdr2kaffeine.htm conv2conf] converts these files into kaffeine channel list format<br />
<br />
===Me-tv===<br />
Me-tv is a simple but powerfull dvb-viewer, supporting EPG, recording and channel-searching with a light-weight gui.<br />
<br />
*It is in the official repository: <br />
# pacman -S me-tv<br />
*SVN version in the AUR: https://aur.archlinux.org/packages.php?ID=27065<br />
<br />
===Klear===<br />
Klear is also a really nice player, but more than 4 years old (last release 2006). It supports EPG, time-shifting, and recording, videotext. Channel-searching is still missing. Install it from AUR:<br />
*[https://aur.archlinux.org/packages.php?do_Details=1&ID=2415&O=0&L=0&C=0&K=klear&SB=&SO=&PP=25&do_MyPackages=0&do_Orphans=0&SeB=nd AUR package]<br />
*[http://klear.org Project page]<br />
<br />
===Xine===<br />
Copy your channel file to {{ic|~/.xine/channels.conf}}.<br />
<br />
Watch a specific channel with following command:<br />
$ xine dvb://[channel]<br />
<br />
or use the playlist editor in Xine<br />
<br />
==Additional Resources==<br />
<br />
===TV Cards in general===<br />
*[http://wiki.ubuntuusers.de/TV-Karten Ubuntuusers.de-Wiki] (german)<br />
<br />
===Pinnacle Cards===<br />
*[http://pinnaclefanboard.com/ PinnacleFanBoard] (german, but you can ask in english as well)</div>Chrkhttps://wiki.archlinux.org/index.php?title=PulseAudio&diff=193059PulseAudio2012-04-06T19:55:22Z<p>Chrk: /* Troubleshooting */ Added alternative method to change the input device</p>
<hr />
<div>[[Category:Audio/Video (English)]]<br />
{{i18n|PulseAudio}}<br />
[[fr:PulseAudio]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|'''PulseAudio''' is a general purpose sound server. For a list of features, see [[Wikipedia:PulseAudio#Features]].}}<br />
{{Article summary heading|Related Articles}}<br />
{{Article summary wiki|PulseAudio/Examples}}<br />
{{Article summary end}}<br />
<br />
==Installation==<br />
*Required PKG: {{Pkg|pulseaudio}}<br />
*Optional GUIs: {{Pkg|paprefs}} and {{Pkg|pavucontrol}}<br />
*Optional volume control via mapped keyboard keys: {{AUR|pulseaudio_ctl}}<br />
*Optional console mixer: {{AUR|pamixer-git}}<br />
<br />
==Running==<br />
{{Note|Pulseaudio requires dbus to function. This is very likely already added in the daemons array, if not consider adding it.}}<br />
{{Note|Most X11 environments start pulseaudio automatically with the X11 session.}}<br />
<br />
In the unlikely event that pulseaudio isn't automatically called upon entering X, it can can be started with:<br />
$ pulseaudio --start<br />
<br />
{{Note|if you get the message {{ic|pulseaudio: error while loading shared libraries: libltdl.so.7: cannot open shared object file: No such file or directory}} you need to install {{pkg|libltdl}} }}<br />
<br />
<br />
PulseAudio can be stopped with:<br />
$ pulseaudio --kill<br />
<br />
==Equalizer==<br />
<br />
Newer pulseaudio versions have an intergrated 10-band equalizer system. In order to use the equalizer do the following:<br />
<br />
====Load equalizer sink module====<br />
<br />
$ pactl load-module module-equalizer-sink<br />
<br />
====Install and run the gui frontend====<br />
<br />
# pacman -S --needed python2-pyqt<br />
<br />
$ qpaeq<br />
<br />
====Load equalizer module on every boot====<br />
<br />
Edit the file {{ic|/etc/pulse/default.pa}} with your favorite editor and append the following lines:<br />
<br />
### Load the intergrated pulseaudio equalizer module<br />
load-module module-equalizer-sink<br />
<br />
==Backend Configuration==<br />
===ALSA===<br />
*Recommended PKG: {{Pkg|pulseaudio-alsa}}<br />
*Optional PKGs: {{Pkg|lib32-libpulse}} and {{Pkg|lib32-alsa-plugins}}<br />
<br />
{{Note|Optional PKGs are needed only if running x86_64 and wanting to have sound for 32 bit programs (like Wine).}}<br />
<br />
For the applications that do not support PulseAudio and support ALSA it is '''recommended''' to install the PulseAudio plugin for ALSA. This package also contains the necessary {{ic|/etc/asound.conf}} for configuring ALSA to use PulseAudio.<br />
<br />
To prevent applications from using ALSA's OSS emulation and bypassing Pulseaudio (thereby preventing other applications from playing sound), make sure the module {{ic|snd_pcm_oss}} is not in the {{ic|MODULES}} array in {{ic|/etc/[[rc.conf]]}}. If it's currently loaded, disable it by executing:<br />
# rmmod snd_pcm_oss<br />
<br />
===OSS===<br />
There are multiple ways of making OSS-only programs play to PulseAudio:<br />
<br />
====osspd====<br />
Recommended PKG: {{Pkg|ossp}}<br />
<br />
Start osspd with:<br />
rc.d start osspd<br />
<br />
Afterwards, add it to DAEMONS in rc.conf.<br />
<br />
====padsp wrapper====<br />
Programs using OSS can work with PulseAudio by starting it with padsp:<br />
<br />
$ padsp OSSprogram<br />
A few examples:<br />
$ padsp aumix<br />
$ padsp sox foo.wav -t ossdsp /dev/dsp<br />
<br />
One can also rename the program OSSprogram-bin and replace it with a script like this: <br />
{{hc|/usr/bin/OSSProgram|<nowiki><br />
#!/bin/sh<br />
if test -x /usr/bin/padsp; then<br />
exec /usr/bin/padsp /usr/bin/OSSprogram-bin "$@"<br />
else<br />
exec /usr/bin/OSSprogram "$@"<br />
fi<br />
</nowiki>}}<br />
<br />
===GStreamer===<br />
To make [[GStreamer]] use PulseAudio, execute {{ic|gstreamer-properties}} (part of ''gnome-media'' package) and select ''PulseAudio Sound Server'' in both Audio Input and Output. Alternatively, this can be done by setting the gconf variables {{ic|/system/gstreamer/0.10/default/audiosink}} to ''pulsesink'' and {{ic|/system/gstreamer/0.10/default/audiosrc}} to ''pulsesrc'':<br />
$ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosink pulsesink<br />
$ gconftool-2 -t string --set /system/gstreamer/0.10/default/audiosrc pulsesrc<br />
<br />
Some applications (like Rhythmbox) ignore the ''audiosink'' property, but rely instead on ''musicaudiosink'', which can't be configured using {{ic|gstreamer-properties}} but needs to be manually set using {{ic|gconf-editor}} or the {{ic|gconftool-2}}:<br />
$ gconftool-2 -t string --set /system/gstreamer/0.10/default/musicaudiosink pulsesink<br />
<br />
===OpenAL===<br />
OpenAL Soft should use PulseAudio by default, but can be explicitly configured to do so: {{hc|/etc/openal/alsoft.conf|2=drivers=pulse,alsa}}<br />
<br />
===libao===<br />
Edit the libao configuration file:<br />
{{hc|/etc/libao.conf|2=default_driver=pulse}}<br />
<br />
===ESD===<br />
PulseAudio is a drop-in replacement for the enlightened sound daemon (ESD). While PulseAudio is running, ESD clients should be able to output to it without configuration.<br />
<br />
==Desktop Environments==<br />
===General X11===<br />
{{Note|As mentioned previously, PulseAudio is very likely launched automatically via either {{ic|/etc/X11/xinit/xinitrc.d/pulseaudio}} or the files in {{ic|/etc/xdg/autostart/}} if users have some DE installed.}}<br />
<br />
Check to see of PulseAudio is running:<br />
<br />
$ ps aux | grep pulse<br />
facade 1794 0.0 0.0 360464 6532 ? S<l 15:33 0:00 /usr/bin/pulseaudio --start<br />
facade 1827 0.0 0.0 68888 2608 ? S 15:33 0:00 /usr/lib/pulse/gconf-helper<br />
<br />
If Pulseaudio isn't running and users are using X, the following will start PulseAudio with the needed the X11 plugins:<br />
$ start-pulseaudio-x11<br />
<br />
===GNOME===<br />
As of GNOME 3, GNOME fully integrates with PulseAudio and no extra configuration is needed.<br />
<br />
===KDE 3===<br />
PulseAudio is ''not'' a drop-in replacement for aRts. Users of KDE 3 cannot use PulseAudio. However note, recent versions of puleaudio may have eliminated the prohibition:<br />
<br />
See: http://www.pulseaudio.org/wiki/PerfectSetup KDE 3 uses the artsd sound server by default. However, artsd itself can be configured to use an Esound backend. Edit kcmartsrc (either in /etc/kde or /usr/share/config for global configuration or .kde/share/config to configure only one user) like this:<br />
<br />
[Arts]<br />
Arguments=\s-F 10 -S 4096 -a esd -n -s 1 -m artsmessage -c drkonqi -l 3 -f<br />
NetworkTransparent=true<br />
SuspendTime=1<br />
<br />
===KDE 4 and Qt4===<br />
PulseAudio, it will be used by KDE4/Qt4 applications. For more information see the [http://www.pulseaudio.org/wiki/KDE KDE pages in the PulseAudio wiki].<br />
<br />
Additionally, a minimal KDE alternative to pavucontrol, the {{AUR|kdeplasma-addons-applets-veromix}} is available in the AUR.<br />
<br />
===XFCE4===<br />
Applications running under XFCE4 can take advantage of Pulseaudio. To manage Pulseaudio settings can use {{Pkg|pavucontrol}}.<br />
<br />
==Applications==<br />
===Audacious===<br />
[[Audacious]] natively supports PulseAudio. In order to use it, set Audacious Preferences -> Audio -> Current output plugin to 'PulseAudio Output Plugin'.<br />
<br />
===Flashplugin (x86_64 only)===<br />
Users of [[Browser Plugins#Adobe Flash Player|Adobe Flash Player]] browser plugin from the [[Multilib_Project|multilib repository]] need to install {{Pkg|lib32-alsa-plugins}} and {{Pkg|lib32-libcanberra-pulse}}.<br />
<br />
===Java/OpenJDK 6===<br />
Create a wrapper for the java executable using padsp as seen on the [[Java#Java_sound_with_Pulseaudio|Java sound with Pulseaudio]] page.<br />
<br />
===Music Player Daemon (MPD)===<br />
[http://mpd.wikia.com/wiki/PulseAudio configure] [[MPD]] to use PulseAudio.<br />
<br />
===MPlayer===<br />
[[MPlayer]] natively supports PulseAudio output with the "{{ic|-ao pulse}}" option. It can also be configured to default to PulseAudio output, in {{ic|~/.mplayer/config}} for per-user, or {{ic|/etc/mplayer/mplayer.conf}} for system-wide:<br />
{{hc|/etc/mplayer/mplayer.conf|2=ao=pulse}}<br />
<br />
===Skype (x86_64 only)===<br />
Install {{Pkg|lib32-libpulse}}, otherwise the following error will occur when trying to initiate a call: "Problem with Audio Playback".<br />
<br />
==Troubleshooting==<br />
===No sound after install===<br />
====Bad configuration files====<br />
If after starting pulseaudio, the system outputs no sound, it may be necessary to delete the contents of {{ic|~/.pulse}}. Pulseaudio will automatically create new configuration files on its next start.<br />
<br />
====Flash Content====<br />
No sound from flash content may be fixed by installing {{AUR|libflashsupport-pulse}} from the AUR. {{Pkg|lib32-libpulse}} is another PKG users can consider if on a 64-bit Arch and using [multilib]'s flashplugin:<br />
<br />
# pacman -S lib32-libcanberra-pulse lib32-alsa-plugins<br />
<br />
====No cards====<br />
If PulseAudio starts, run {{ic|pacmd list}}. If no cards are reported, make sure that the ALSA devices are not in use:<br />
$ fuser -v /dev/snd/*<br />
$ fuser -v /dev/dsp<br />
<br />
Make sure any applications using the pcm or dsp files are shut down before restarting PulseAudio.<br />
<br />
====The only device shown is "dummy output"====<br />
This may be caused by different reasons, one of them being the .asoundrc file in $HOME is taking precedence over the systemwide /etc/asound.conf.<br />
<br />
The user file is modified also by the tool '''asoundconf''' or by its graphical variant '''asoundconf-gtk''' (the latter is named "Default sound card" in the menu) as soon as it runs. Prevent the effects of .asoundrc altogether by commenting the last line like this:<br />
<br />
#</home/<yourusername>/.asoundrc.asoundconf><br />
<br />
====KDE4====<br />
It may be that another output device set as preferred in phonon. Make sure that every setting reflects the preferred output device at the top, and check the playback streams tab in kmix to make sure that applications are using the device for output.<br />
<br />
====Muted audio device====<br />
If one experiences no audio output via any means while using ALSA, attempt to unmute the sound card. To do this, launch alsamixer and make sure each column has a green 00 under it (this can be toggled by pressing 'm')<br />
$ alsamixer -c 0<br />
<br />
===Bluetooth headset replay problems===<br />
Some user [https://bbs.archlinux.org/viewtopic.php?id=117420 report] huge delays or even no sound when the bluetooth connection does not send any data. This is due to an idle-suspend-module that puts the related sinks/sources automatically into suspend. As this can cause problems with headset, the responsible module can be deactivated. <br />
<br />
1. cp /etc/pulse/default.pa ~/.pulse/default.pa<br />
2. comment out the "load-module module-suspend-on-idle" line in ~/.pulse/default.pa<br />
3. pulseaudio -k && pulseaudio --start<br />
<br />
[http://robert.orzanna.de/2011/08/10/prevent-idle-suspend-with-a-bluetooth-headset-and-a2dp/ More information]<br />
<br />
===Pulse overwrites ALSA settings===<br />
Pulseaudio usually overwrites the ALSA settings- for example set with alsamixer- at start up, even when the alsa daemon is loaded. Since there seems to be no other way to restrict this behaviour, a workaround is to restore the alsa settings again after pulseaudio had started. Add the following command to {{ic|.xinitrc}} {{ic|.bash_login}} or any other autostart file and adjust the sleep, depending how long pulse needs to start.<br />
<br />
(sleep 30 && alsactl -f /var/lib/alsa/asound.state restore) &<br />
<br />
===Daemon startup failed===<br />
Try resetting PulseAudio. To do that:<br />
$ pulseaudio --kill<br />
$ killall pulseaudio<br />
$ killall -9 pulseaudio<br />
$ rm -rf ~/.pulse*<br />
$ rm -rf /tmp/pulse*<br />
<br />
Afterwards, start PulseAudio again.<br />
<br />
===padevchooser===<br />
If one cannot launch the PulseAudio Device Chooser, first (re)start the Avahi daemon as follows:<br />
$ rc.d restart avahi-daemon<br />
<br />
===Glitches, skips or crackling===<br />
The PulseAudio sound server uses a timer-based audio scheduling instead of the traditional interrupt-driven approach. Timer-based scheduling may expose issues in some ALSA drivers. To turn timer-based scheduling off, replace the line:<br />
load-module module-udev-detect <br />
in {{ic|/etc/pulse/default.pa}} by:<br />
load-module module-udev-detect tsched=0<br />
Then restart the PulseAudio server.<br />
<br />
===Choppy sound===<br />
Choppy sound in pulsaudio can result from wrong settings for the sample rate in {{Ic|/etc/pulse/daemon.conf}}. Try changing the line <br />
; default-sample-rate = 44100<br />
to <br />
default-sample-rate = 48000<br />
and restart the PulseAudio server.<br />
<br />
If one experiences choppy sound in applications using openAL, change the sample rate in /etc/openal/alsoft.conf:<br />
frequency = 48000<br />
<br />
===Volume adjustment doesn't work properly===<br />
Check:<br />
{{ic|/usr/share/pulseaudio/alsa-mixer/paths/analog-output.conf.common}}<br />
<br />
If the volume does not appear to increment/decrement properly using {{ic|alsamixer}} or {{ic|amixer}}, it may be due to pulseaudio having a larger number of increments (65537 to be exact). Try using larger values when changing volume (e.g. {{ic|amixer set Master 655+}}).<br />
<br />
===Volume gets louder every time a new application is started===<br />
Per default, it seems as if changing the volume in an application sets the global system volume to that level instead of only affecting the respective application. Applications setting their volume on startup will therefore cause the system volume to "jump".<br />
<br />
Fix this by uncommenting <br />
flat-volumes = no<br />
in<br />
/etc/pulse/daemon.conf<br />
and then restarting PulseAudio by executing<br />
pulseaudio -k<br />
<br />
When Pulse comes back after a few seconds, applications will not alter the global system volume anymore but have their own volume level again.<br />
<br />
{{Note|A previously installed and removed pulseaudio-equalizer may leave behind remnants of the setup in {{Ic|$HOME/.pulse/default.pa}} which can also cause maximized volume trouble. Comment that out as needed.}}<br />
<br />
===No mic on ThinkPad T400/T500===<br />
Run<br />
alsamixer -c 0<br />
Maximize the volume of/unmute the "Internal Mic".<br />
<br />
===No mic input on Acer Aspire One===<br />
Install pavucontrol, unlink the microphone channels and turn down the left one to 0.<br />
Reference: http://getsatisfaction.com/jolicloud/topics/deaf_internal_mic_on_acer_aspire_one#reply_2108048<br />
<br />
===Sound output is only mono on M-Audio Audiophile 2496 sound card===<br />
Add the following to /etc/pulseaudio/default.pa:<br />
load-module module-alsa-sink sink_name=delta_out device=hw:M2496 format=s24le channels=10 channel_map=left,right,aux0,aux1,aux2,aux3,aux4,aux5,aux6,aux7<br />
load-module module-alsa-source source_name=delta_in device=hw:M2496 format=s24le channels=12 channel_map=left,right,aux0,aux1,aux2,aux3,aux4,aux5,aux6,aux7,aux8,aux9<br />
set-default-sink delta_out<br />
set-default-source delta_in<br />
<br />
===Static Noise in Microphone Recording===<br />
If we are getting static noise in skype, gnome-sound-recorder, arecord, etc.'s recordings then the sound card samplerate is incorrect. That's why there is static noise in linux microphone recordings. To fix this We need to set sample-rate in /etc/pulse/daemon.conf for the sound hardware.<br />
<br />
====1. Determine soundcards in the system====<br />
This requires alsa-utils and related packages to be installed:<br />
$ arecord --list-devices<br />
<br />
output:<br />
**** List of CAPTURE Hardware Devices ****<br />
card 0: Intel [HDA Intel], device 0: ALC888 Analog [ALC888 Analog]<br />
Subdevices: 1/1<br />
Subdevice #0: subdevice #0<br />
card 0: Intel [HDA Intel], device 2: ALC888 Analog [ALC888 Analog]<br />
Subdevices: 1/1<br />
Subdevice #0: subdevice #0<br />
<br />
soundcard is hw:0,0<br />
<br />
====2. Determine sampling-rate of the sound card====<br />
arecord -f dat -r 60000 -D hw:0,0 -d 5 test.wav<br />
<br />
output:<br />
"Recording WAVE 'test.wav' : Signed 16 bit Little Endian, Rate 60000 Hz, Stereo<br />
Warning: rate is not accurate (requested = 60000Hz, '''got = 96000Hz''')<br />
please, try the plug plugin<br />
<br />
observe, the '''got = 96000Hz''', this is the max sample-rate of our card.<br />
<br />
====3. Setting the soundcard's sampling rate into pulse audio configuration====<br />
the default sample-rate in pulseaudio is<br />
grep "sample-rate" /etc/pulse/daemon.conf<br />
<br />
output:<br />
; default-sample-rate = 44100<br />
<br />
It is 44100 and is disabled. Let us set our sound card's settings into pulseaudio configuation file<br />
su -c "sed 's/; default-sample-rate = 44100/default-sample-rate = 96000/g' -i /etc/pulse/daemon.conf"<br />
<br />
Let's verify the changes to deamon.conf<br />
grep "sample-rate" /etc/pulse/daemon.conf <br />
output:<br />
default-sample-rate = 96000<br />
and it's done.<br />
<br />
====4. Restart pulseaudio to apply the new settings====<br />
pulseaudio --kill<br />
pulseaudio --start<br />
<br />
====5. Finally check by recording and playing it back====<br />
Let's record some voice using mic for say 10 seconds. Make sure the mic is not muted and all<br />
arecord -f cd -d 10 test-mic.wav<br />
<br />
After 10 seconds, let's play the recording...<br />
aplay test-mic.wav<br />
<br />
Now hopefully, there's no static noise in microphone recording anymore.<br />
<br />
=== My Bluetooth device is paired but doesn't play any sound ===<br />
[[Bluetooth#My_device_is_paired_but_no_sound_is_played_from_it|See the article in Bluetooth section]]<br />
<br />
<br />
=== Subwoofer stops working after end of every song ===<br />
Known issue: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/494099<br />
<br />
To fix this, must edit: {{ic|/etc/pulse/daemon.conf}} and enable {{ic|enable-lfe-remixing}} :<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
enable-lfe-remixing = yes<br />
</nowiki>}}<br />
<br />
<br />
=== Pulseaudio uses wrong microphone ===<br />
If Pulseaudio uses the wrong microphone, and changing the Input Device with Pavucontrol didn't help, take a look at alsamixer. It seems that Pavucontrol does not always set the input source correctly.<br><br />
Run:<br />
<br />
$ alsamixer<br />
<br />
press F6 and choose your sound card, e.g. HDA Intel. Now press F5 to display all items. Try to find the item: {{ic|Input Source}}. With the up/down arrow keys you are able to change the input source. <br><br />
Now try if the correct microphone is used for recording.<br />
<br />
==External links==<br />
*[http://www.pulseaudio.org/wiki/PerfectSetup http://www.pulseaudio.org/wiki/PerfectSetup] - A good guide to make your configuration perfect<br />
*[http://www.alsa-project.org/main/index.php/Asoundrc http://www.alsa-project.org/main/index.php/Asoundrc] - Alsa wiki on .asoundrc<br />
*[http://www.pulseaudio.org/ http://www.pulseaudio.org/] - PulseAudio official site<br />
*[http://www.pulseaudio.org/wiki/FAQ http://www.pulseaudio.org/wiki/FAQ] - PulseAudio FAQ</div>Chrkhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=193040OpenSSH2012-04-06T16:07:31Z<p>Chrk: sorry, saw that an article is also available, SSH_Keys - Undo revision 193039 by Chrk (talk)</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
[[Category:Secure Shell (English)]]<br />
{{i18n|Secure Shell}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
'''Secure Shell''' ('''SSH''') is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
== OpenSSH ==<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
=== Installing OpenSSH ===<br />
# pacman -S openssh<br />
<br />
=== Configuring SSH ===<br />
====Client====<br />
The SSH client configuration file can be found and edited in {{ic|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{hc|/etc/ssh/ssh_config|<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
====Daemon====<br />
The SSH daemon configuration file can be found and edited in {{ic|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{hc|/etc/ssh/sshd_config|2=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you do not trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{ic|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts. To help select a port review the [[Wikipedia:List of TCP and UDP port numbers|list of TCP and UDP port numbers]].<br />
<br />
{{Tip|Disabling password logins entirely will greatly increase security, see [[Using SSH Keys]] for more information.}}<br />
<br />
=== Managing SSHD Daemon ===<br />
Just add sshd to the "DAEMONS" array of your {{ic|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
===Connecting to the server===<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
== Tips and Tricks ==<br />
=== Encrypted Socks Tunnel ===<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you do not have to remember your IP-address.<br />
<br />
==== Step 1: Start the Connection ====<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Ic|"user"}} is your username at the SSH server running at the {{Ic|"host"}}. It will ask for your password, and then you're connected! The {{Ic|"N"}} flag disables the interactive prompt, and the {{Ic|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{ic|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Ic|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Ic|"sshtunnel"}} command :)<br />
<br />
==== Step 2: Configure your Browser (or other programs) ====<br />
The above step is completely useless if you do not configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as environment variables or as command line options. I recommend to add one of the following functions to your {{ic|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
=== X11 Forwarding ===<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{ic|ssh'''d'''_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{ic|ssh'''d'''_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{ic|ssh'''d'''_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{ic|ssh'''d'''_config}} on the '''server'''.<br />
Also:<br />
* Enable the '''ForwardX11''' option in {{ic|ssh_config}} on the '''client'''.<br />
<br />
Enable the '''ForwardX11Trusted''' can help when gui drawing badly.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
$ ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
$ ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
$ xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
=== Forwarding Other Ports ===<br />
In addition to SSH's built-in support for X11, it can also be used to securely tunnel any TCP connection, by use of local forwarding or remote forwarding.<br />
<br />
Local forwarding opens a port on the local machine, connections to which will be forwarded to the remote host and from there on to a given destination. Very often, the forwarding destination will be the same as the remote host, thus providing a secure shell and, e.g. a secure VNC connection, to the same machine. Local forwarding is accomplished by means of the {{Ic|-L}} switch and it's accompanying forwarding specification in the form of {{Ic|<tunnel port>:<destination address>:<destination port>}}.<br />
<br />
Thus:<br />
<br />
$ ssh -L 1000:mail.google.com:25 192.168.0.100<br />
<br />
will use SSH to login to and open a shell on 192.168.0.100, and will also create a tunnel from the local machine's TCP port 1000 to mail.google.com on port 25. Once established, connections to localhost:1000 will connect to the Gmail SMTP port. To Google, it will appear that any such connection (though not necessarily the data conveyed over the connection) originated from 192.168.0.100, and such data will be secure as between the local machine and 192.168.0.100, but not between 192.168.0.100, unless other measures are taken.<br />
<br />
Similarly:<br />
<br />
$ ssh -L 2000:192.168.0.100:6001 192.168.0.100<br />
<br />
will allow connections to localhost:2000 which will be transparently sent to the remote host on port 6001. The preceding example is useful for VNC connections using the vncserver utility--part of the tightvnc package--which, though very useful, is explicit about its lack of security.<br />
<br />
Remote forwarding allows the remote host to connect to an arbitrary host via the SSH tunnel and the local machine, providing a functional reversal of local forwarding, and is useful for situations where, e.g., the remote host has limited connectivity due to firewalling. It is enabled with the {{Ic|-R}} switch and a forwarding specification in the form of {{Ic|<tunnel port>:<destination address>:<destination port>}}.<br />
<br />
Thus:<br />
<br />
$ ssh -R 3000:irc.freenode.net:6667 192.168.0.200<br />
<br />
will bring up a shell on 192.168.0.200, and connections from 192.168.0.200 to itself on port 3000 (remotely speaking, localhost:3000) will be sent over the tunnel to the local machine and then on to irc.freenode.net on port 6667, thus, in this example, allowing the use of IRC programs on the remote host to be used, even if port 6667 would normally be blocked to it.<br />
<br />
Both local and remote forwarding can be used to provide a secure "gateway," allowing other computers to take advantage of an SSH tunnel, without actually running SSH or the SSH daemon by providing a bind-address for the start of the tunnel as part of the forwarding specification, e.g. {{Ic|<tunnel address>:<tunnel port>:<destination address>:<destination port>}}. The {{Ic|<tunnel address>}} can be any address on the machine at the start of the tunnel, {{Ic|localhost}}, {{Ic|*}} (or blank), which, respectively, allow connections via the given address, via the loopback interface, or via any interface. By default, forwarding is limited to connections from the machine at the "beginning" of the tunnel, i.e. the {{Ic|<tunnel address>}} is set to {{Ic|localhost}}. Local forwarding requires no additional configuration, however remote forwarding is limited by the remote server's SSH daemon configuration. See the {{Ic|GatewayPorts}} option in {{Ic|sshd_config(5)}} for more information.<br />
<br />
=== Speed up SSH ===<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Ic|"c"}} flag, like this:<br />
$ ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Ic|"C"}} flag. A permanent solution is to add this line under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Ic|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{ic|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
==== Troubleshooting ====<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
$ ssh -X user@server-address<br />
server $ echo $DISPLAY<br />
localhost:10.0<br />
server $ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{ic|/etc/hosts}}.<br />
<br />
=== Mounting a Remote Filesystem with SSHFS ===<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{ic|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{ic|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Ic|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
=== Keep Alive ===<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{ic|~/.ssh/config}} or to {{ic|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{ic|/etc/ssh/sshd_config}} on the server.<br />
<br />
=== Save connection data in ssh config ===<br />
Whenever you want to connect to a ssh server, you usually have to type at least its address and the username. To save that typing work for servers you regularly connect to, you can use the personal {{ic|$HOME/.ssh/config}} or the global {{ic|/etc/ssh/ssh_config}} files as shown in the following example:<br />
<br />
{{hc|$HOME/.ssh/config|<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
=== Change bash prompt when logged over ssh ===<br />
It can sometimes be useful to be able to make the difference between your local and your remote prompt, in particular when they are both configured in the same way. To do that, just insert this in your bashrc:<br />
<br />
{{hc|$HOME/.bashrc|2=<br />
if [ -n "$SSH_CLIENT" ]; then<br />
PS1='\[\e[0;33m\]\u@\h:\wSSH$\[\e[m\] '<br />
else<br />
PS1='\[\e[0;32m\]\u\[\e[m\] \[\e[1;34m\]\w\[\e[m\] \[\e[1;32m\]\$\[\ e[m\] '<br />
fi<br />
}}<br />
<br />
See [[Color Bash Prompt]] for more information about the PS1 variable customization.<br />
<br />
=== Automatically logout all ssh users when the sshd server is shutdown ===<br />
To automatically log out all remote ssh users when the sshd server system shuts down, for reboot or halt, add this line to /etc/rc.local.shutdown on the sshd server:<br />
<br />
who | cut -d " " -f1 | uniq | xargs pkill -KILL -u<br />
<br />
This prevents ssh client terminals from hanging during a lengthy timeout, which eventually ends with:<br />
<br />
Write failed: Broken pipe<br />
<br />
== Troubleshooting ==<br />
=== Connection Refused or Timeout Problem ===<br />
==== Is SSH running and listening? ====<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check {{ic|/var/log/messages}} for errors etc.<br />
<br />
==== Are there firewall rules blocking the connection? ====<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
# rc.d stop iptables<br />
<br />
or:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F INPUT<br />
# iptables -F OUTPUT<br />
<br />
==== Is the traffic even getting to your computer? ====<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
# tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you do not see any output when you attempt to connect, then something outside of your computer is blocking the traffic (e. g., hardware firewall, NAT router etc.).<br />
<br />
==== Read from socket failed: Connection reset by peer ====<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
With openssh 5.9, the above fix doesn't work. Instead, put the following lines in ~/.ssh/config<br />
<br />
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc <br />
MACs hmac-md5,hmac-sha1,hmac-ripemd160<br />
<br />
See also the [http://www.gossamer-threads.com/lists/openssh/dev/51339 discussion] on the openssh bug forum.<br />
<br />
=== "[your shell]: No such file or directory" / ssh_exchange_identification Problem ===<br />
<br />
One possible cause for this is the need of certain SSH clients to find an absolute path (one returned by {{Ic|whereis -b [your shell]}}, for instance) in {{Ic|$SHELL}}, even if the shell's binary is located in one of the {{Ic|$PATH}} entries. Another reason can be that the user is no member of the ''network'' group.<br />
<br />
== See Also ==<br />
*[[SSH Keys]]<br />
*[[Pam abl]]<br />
*[[fail2ban]]<br />
*[[sshguard]]<br />
*[[Sshfs]]<br />
<br />
== Links & References ==<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]<br />
*[http://www.ibm.com/developerworks/library/l-keyc/index.html OpenSSH key management, Part 1] and [http://www.ibm.com/developerworks/library/l-keyc2 Part 2] on IBM developerWorks</div>Chrkhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=193039OpenSSH2012-04-06T16:04:14Z<p>Chrk: added public key authentication</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
[[Category:Secure Shell (English)]]<br />
{{i18n|Secure Shell}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
'''Secure Shell''' ('''SSH''') is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
== OpenSSH ==<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
=== Installing OpenSSH ===<br />
# pacman -S openssh<br />
<br />
=== Configuring SSH ===<br />
====Client====<br />
The SSH client configuration file can be found and edited in {{ic|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{hc|/etc/ssh/ssh_config|<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
====Daemon====<br />
The SSH daemon configuration file can be found and edited in {{ic|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{hc|/etc/ssh/sshd_config|2=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you do not trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{ic|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts. To help select a port review the [[Wikipedia:List of TCP and UDP port numbers|list of TCP and UDP port numbers]].<br />
<br />
{{Tip|Disabling password logins entirely will greatly increase security, see [[Using SSH Keys]] for more information.}}<br />
<br />
=== Managing SSHD Daemon ===<br />
Just add sshd to the "DAEMONS" array of your {{ic|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
===Connecting to the server===<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
== Tips and Tricks ==<br />
=== Encrypted Socks Tunnel ===<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you do not have to remember your IP-address.<br />
<br />
==== Step 1: Start the Connection ====<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Ic|"user"}} is your username at the SSH server running at the {{Ic|"host"}}. It will ask for your password, and then you're connected! The {{Ic|"N"}} flag disables the interactive prompt, and the {{Ic|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{ic|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Ic|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Ic|"sshtunnel"}} command :)<br />
<br />
==== Step 2: Configure your Browser (or other programs) ====<br />
The above step is completely useless if you do not configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as environment variables or as command line options. I recommend to add one of the following functions to your {{ic|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
=== X11 Forwarding ===<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{ic|ssh'''d'''_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{ic|ssh'''d'''_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{ic|ssh'''d'''_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{ic|ssh'''d'''_config}} on the '''server'''.<br />
Also:<br />
* Enable the '''ForwardX11''' option in {{ic|ssh_config}} on the '''client'''.<br />
<br />
Enable the '''ForwardX11Trusted''' can help when gui drawing badly.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
$ ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
$ ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
$ xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
=== Forwarding Other Ports ===<br />
In addition to SSH's built-in support for X11, it can also be used to securely tunnel any TCP connection, by use of local forwarding or remote forwarding.<br />
<br />
Local forwarding opens a port on the local machine, connections to which will be forwarded to the remote host and from there on to a given destination. Very often, the forwarding destination will be the same as the remote host, thus providing a secure shell and, e.g. a secure VNC connection, to the same machine. Local forwarding is accomplished by means of the {{Ic|-L}} switch and it's accompanying forwarding specification in the form of {{Ic|<tunnel port>:<destination address>:<destination port>}}.<br />
<br />
Thus:<br />
<br />
$ ssh -L 1000:mail.google.com:25 192.168.0.100<br />
<br />
will use SSH to login to and open a shell on 192.168.0.100, and will also create a tunnel from the local machine's TCP port 1000 to mail.google.com on port 25. Once established, connections to localhost:1000 will connect to the Gmail SMTP port. To Google, it will appear that any such connection (though not necessarily the data conveyed over the connection) originated from 192.168.0.100, and such data will be secure as between the local machine and 192.168.0.100, but not between 192.168.0.100, unless other measures are taken.<br />
<br />
Similarly:<br />
<br />
$ ssh -L 2000:192.168.0.100:6001 192.168.0.100<br />
<br />
will allow connections to localhost:2000 which will be transparently sent to the remote host on port 6001. The preceding example is useful for VNC connections using the vncserver utility--part of the tightvnc package--which, though very useful, is explicit about its lack of security.<br />
<br />
Remote forwarding allows the remote host to connect to an arbitrary host via the SSH tunnel and the local machine, providing a functional reversal of local forwarding, and is useful for situations where, e.g., the remote host has limited connectivity due to firewalling. It is enabled with the {{Ic|-R}} switch and a forwarding specification in the form of {{Ic|<tunnel port>:<destination address>:<destination port>}}.<br />
<br />
Thus:<br />
<br />
$ ssh -R 3000:irc.freenode.net:6667 192.168.0.200<br />
<br />
will bring up a shell on 192.168.0.200, and connections from 192.168.0.200 to itself on port 3000 (remotely speaking, localhost:3000) will be sent over the tunnel to the local machine and then on to irc.freenode.net on port 6667, thus, in this example, allowing the use of IRC programs on the remote host to be used, even if port 6667 would normally be blocked to it.<br />
<br />
Both local and remote forwarding can be used to provide a secure "gateway," allowing other computers to take advantage of an SSH tunnel, without actually running SSH or the SSH daemon by providing a bind-address for the start of the tunnel as part of the forwarding specification, e.g. {{Ic|<tunnel address>:<tunnel port>:<destination address>:<destination port>}}. The {{Ic|<tunnel address>}} can be any address on the machine at the start of the tunnel, {{Ic|localhost}}, {{Ic|*}} (or blank), which, respectively, allow connections via the given address, via the loopback interface, or via any interface. By default, forwarding is limited to connections from the machine at the "beginning" of the tunnel, i.e. the {{Ic|<tunnel address>}} is set to {{Ic|localhost}}. Local forwarding requires no additional configuration, however remote forwarding is limited by the remote server's SSH daemon configuration. See the {{Ic|GatewayPorts}} option in {{Ic|sshd_config(5)}} for more information.<br />
<br />
=== Speed up SSH ===<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Ic|"c"}} flag, like this:<br />
$ ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Ic|"C"}} flag. A permanent solution is to add this line under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Ic|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{ic|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{ic|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
==== Troubleshooting ====<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
$ ssh -X user@server-address<br />
server $ echo $DISPLAY<br />
localhost:10.0<br />
server $ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{ic|/etc/hosts}}.<br />
<br />
<br />
=== Public-key authentication ===<br />
You can use the advantages of the asymmetric cryptography to authenticate at the server.<br />
<br />
The user creates a key pair that consists of a private and a public key. There is only one corresponding public key for each private key. The public key will be stored on the server and the private key will be stored on the machine of the user.<br />
<br><br />
If the user wants to connect to the server, his machine will create a message which is encrypted with the user's private key. This message can only be decrypted with the public key that belongs to the specific private key. <br />
The server tries to decrypt this message with one of the public keys that are stored on the host machine. Since there is only one corresponding public key for this private key, the identity of the user is verified, if the server is able to decrypt the message with a public key that is assigned to the specific username.<br />
'''It is important that the private key is kept secret and only accessible by authorized people.'''<br />
<br />
'''Advantages''':<br />
* no password is transmitted over the network<br />
* you can use the same key pair at different servers<br />
<br />
'''Disadvantages''':<br />
* if someone else possesses your private key, he/she can masquerade as the owner of the key and will be able to log into the machines under your username(s).<br />
<br />
==== Create the key pair ====<br />
To create a new rsa(default) key pair, execute: <br />
$ ssh-keygen -t rsa<br />
<br />
The default directory for the key pair is {{ic|~/.ssh/}}. <br><br />
You will be asked to enter a passphrase. The generated private key will be encrypted with this passphrase. <br />
It is '''strongly recommended''' to enter a password here to protect your private key. <br><br />
If you don't want to type in your passphrase every time you open a new ssh connection, you can give the private key to the ssh agent (see next chapter).<br />
<br />
===== SSH-agent =====<br />
The SSH agent is a convenient service that handles the ssh public key authentication on the client side for you. You can pass all your keys stored in {{ic|~/.ssh/}} to it by executing:<br />
<br />
$ ssh-add<br />
<br />
You will be prompted for the passphras(es) of your private key(s).<br />
<br />
Make sure the {{ic|ssh-agent}} is running.<br />
<br />
<br />
==== Copy the public key to the server ====<br />
<br />
===== ssh-copy-id =====<br />
The most convenient way to copy the public key to the server is {{ic|ssh-copy-id}}. However, the server has to accept password authentication first before you can use this method and {{ic|AuthorizedKeysFile}} has to be set to {{ic|.ssh/authorized_keys}} (default) in {{ic|sshd_config}}. <br><br />
The following command will transmit the public key {{ic|~/.ssh/id_rsa.pub}} to {{ic|remote_server}} and assign it to the user {{ic|username}}. The public key will be stored in the home directory of {{ic|username}}: {{ic|~/.ssh/authorized_keys}}<br />
<br />
$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_server<br />
<br />
===== by hand =====<br />
There is also the possibility to copy the keys by hand. <br><br />
If you don't want to store the public keys in the user's home directory, you can edit the sshd configuration file of the server, {{ic|/etc/ssh/sshd_config}}. You can change the option {{ic|AuthorizedKeysFile}} to the destination where you want to store the public keys. <br />
<br />
{{Note| You can use %u as placeholder for the username of the user that wants to authenticate.}}<br />
<br />
Now you have to copy the content of your {{ic|id_rsa.pub}} file into the {{ic|AuthorizedKeysFile}}. If you want to add additional keys to the same file, feel free to add them. Each key is '''one''' line.<br />
<br />
==== Activate the authentication ====<br />
Make sure {{ic|PubkeyAuthentication}} and {{ic|RSAAuthentication}} are '''not''' set to {{ic|no}} in {{ic|/etc/ssh/sshd_config}}.<br />
<br />
Now, you should be able to use public key authentication.<br />
<br />
If you want to disable the regular password authentication, you can set {{ic|PasswordAuthentication}} to {{ic|no}} but first make sure, that the public key authentication is working. <br />
<br />
=== Mounting a Remote Filesystem with SSHFS ===<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{ic|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{ic|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Ic|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
=== Keep Alive ===<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{ic|~/.ssh/config}} or to {{ic|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{ic|/etc/ssh/sshd_config}} on the server.<br />
<br />
=== Save connection data in ssh config ===<br />
Whenever you want to connect to a ssh server, you usually have to type at least its address and the username. To save that typing work for servers you regularly connect to, you can use the personal {{ic|$HOME/.ssh/config}} or the global {{ic|/etc/ssh/ssh_config}} files as shown in the following example:<br />
<br />
{{hc|$HOME/.ssh/config|<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
=== Change bash prompt when logged over ssh ===<br />
It can sometimes be useful to be able to make the difference between your local and your remote prompt, in particular when they are both configured in the same way. To do that, just insert this in your bashrc:<br />
<br />
{{hc|$HOME/.bashrc|2=<br />
if [ -n "$SSH_CLIENT" ]; then<br />
PS1='\[\e[0;33m\]\u@\h:\wSSH$\[\e[m\] '<br />
else<br />
PS1='\[\e[0;32m\]\u\[\e[m\] \[\e[1;34m\]\w\[\e[m\] \[\e[1;32m\]\$\[\ e[m\] '<br />
fi<br />
}}<br />
<br />
See [[Color Bash Prompt]] for more information about the PS1 variable customization.<br />
<br />
=== Automatically logout all ssh users when the sshd server is shutdown ===<br />
To automatically log out all remote ssh users when the sshd server system shuts down, for reboot or halt, add this line to /etc/rc.local.shutdown on the sshd server:<br />
<br />
who | cut -d " " -f1 | uniq | xargs pkill -KILL -u<br />
<br />
This prevents ssh client terminals from hanging during a lengthy timeout, which eventually ends with:<br />
<br />
Write failed: Broken pipe<br />
<br />
== Troubleshooting ==<br />
=== Connection Refused or Timeout Problem ===<br />
==== Is SSH running and listening? ====<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check {{ic|/var/log/messages}} for errors etc.<br />
<br />
==== Are there firewall rules blocking the connection? ====<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
# rc.d stop iptables<br />
<br />
or:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F INPUT<br />
# iptables -F OUTPUT<br />
<br />
==== Is the traffic even getting to your computer? ====<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
# tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you do not see any output when you attempt to connect, then something outside of your computer is blocking the traffic (e. g., hardware firewall, NAT router etc.).<br />
<br />
==== Read from socket failed: Connection reset by peer ====<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
With openssh 5.9, the above fix doesn't work. Instead, put the following lines in ~/.ssh/config<br />
<br />
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc <br />
MACs hmac-md5,hmac-sha1,hmac-ripemd160<br />
<br />
See also the [http://www.gossamer-threads.com/lists/openssh/dev/51339 discussion] on the openssh bug forum.<br />
<br />
=== "[your shell]: No such file or directory" / ssh_exchange_identification Problem ===<br />
<br />
One possible cause for this is the need of certain SSH clients to find an absolute path (one returned by {{Ic|whereis -b [your shell]}}, for instance) in {{Ic|$SHELL}}, even if the shell's binary is located in one of the {{Ic|$PATH}} entries. Another reason can be that the user is no member of the ''network'' group.<br />
<br />
== See Also ==<br />
*[[SSH Keys]]<br />
*[[Pam abl]]<br />
*[[fail2ban]]<br />
*[[sshguard]]<br />
*[[Sshfs]]<br />
<br />
== Links & References ==<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]<br />
*[http://www.ibm.com/developerworks/library/l-keyc/index.html OpenSSH key management, Part 1] and [http://www.ibm.com/developerworks/library/l-keyc2 Part 2] on IBM developerWorks</div>Chrkhttps://wiki.archlinux.org/index.php?title=Xrandr&diff=192974Xrandr2012-04-05T22:26:44Z<p>Chrk: /* Graphical frontends */</p>
<hr />
<div>[[Category:X Server (English)]]<br />
{{i18n|Xrandr}}<br />
<br />
{{Note|credit to and retrieved from the [https://wiki.ubuntu.com/X/Config/Resolution Ubuntu wiki]}}<br />
<br />
== Dynamically testing different resolutions ==<br />
<br />
{{Ic|xrandr}} shows you the names of different outputs available on your system (LVDS, VGA-0, etc.) and resolutions available on each:<br />
<br />
Screen 0: minimum 320 x 200, current 1400 x 1050, maximum 1400 x 1400<br />
VGA disconnected (normal left inverted right x axis y axis)<br />
LVDS connected 1400x1050+0+0 (normal left inverted right x axis y axis) 286mm x 214mm<br />
1400x1050 60.0*+ 50.0 <br />
[...]<br />
<br />
You can direct xrandr to set a different resolution like this:<br />
<br />
xrandr --output LVDS --mode 1024x768<br />
<br />
The refresh rate may also be changed, either at the same time or independently:<br />
<br />
xrandr --output LVDS --mode 1024x768 --rate 75<br />
<br />
Note that changes you make using {{Ic|xrandr}} only last through the current session. xrandr has a lot more capabilities - see {{Ic|man xrandr}} for details.<br />
<br />
== Adding undetected resolutions ==<br />
<br />
Due to buggy hardware or drivers, your monitor's correct resolutions may not always be detected by xrandr. For example, the EDID data block queried from the monitor may be incorrect. However, we can add the desired resolutions to xrandr.<br />
<br />
First we run {{ic|gtf}} or {{ic|cvt}} to get the '''Modeline''' for the resolution we want:<br />
<br />
$ cvt 1280 1024<br />
<br />
# 1280x1024 59.89 Hz (CVT 1.31M4) hsync: 63.67 kHz; pclk: 109.00 MHz<br />
Modeline "1280x1024_60.00" 109.00 1280 1368 1496 1712 1024 1027 1034 1063 -hsync +vsync<br />
<br />
Then we create a new xrandr mode. Note that the Modeline keyword needs to be ommited.<br />
<br />
xrandr --newmode "1280x1024_60.00" 109.00 1280 1368 1496 1712 1024 1027 1034 1063 -hsync +vsync<br />
<br />
After creating it we need an extra step to add this new mode to our current output (VGA1). We use just the name of the mode, since the parameters have been set previously.<br />
<br />
xrandr --addmode VGA1 "1280x1024_60.00"<br />
<br />
Now we change the resolution of the screen to the one we just added:<br />
<br />
xrandr --output VGA1 --mode "1280x1024_60.00"<br />
<br />
Note that these settings only take effect during this session.<br />
<br />
== Making xrandr changes persistent ==<br />
<br />
There are several ways to make xrandr customizations permanent from session to session:<br />
* {{ic|xorg.conf}} ( Preferred)<br />
* {{ic|.xprofile}}<br />
* kdm/gdm<br />
<br />
=== Setting resolution changes in xorg.conf (Preferred) ===<br />
<br />
While {{Ic|xorg.conf}} is largely empty these days, it can still be used for setting up resolutions. For example:<br />
<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "Monitor"<br />
Identifier "External DVI"<br />
Modeline "1280x1024_60.00" 108.88 1280 1360 1496 1712 1024 1025 1028 1060 -HSync +Vsync<br />
Option "PreferredMode" "1280x1024_60.00"<br />
EndSection<br />
Section "Device"<br />
Identifier "ATI Technologies, Inc. M22 [Radeon Mobility M300]"<br />
Driver "ati"<br />
Option "Monitor-DVI-0" "External DVI"<br />
EndSection<br />
Section "Screen"<br />
Identifier "Primary Screen"<br />
Device "ATI Technologies, Inc. M22 [Radeon Mobility M300]"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024" "1024x768" "640x480"<br />
EndSubSection<br />
EndSection<br />
<br />
Section "ServerLayout"<br />
Identifier "Default Layout"<br />
Screen "Primary Screen"<br />
EndSection<br />
}}<br />
<br />
See {{Ic|man xorg.conf}} for full details on how to craft an {{ic|xorg.conf}} file.<br />
<br />
=== Setting xrandr commands in xprofile ===<br />
<br />
See [[Execute commands after X start]].<br />
<br />
This method has the disadvantage of occurring fairly late in the startup process thus it will not alter the resolution of the [[Display Manager]] if you use one.<br />
<br />
=== Setting xrandr commands in kdm/gdm startup scripts ===<br />
<br />
Both KDM and GDM have startup scripts that are executed when X is initiated. For GDM, these are in {{ic|/etc/gdm/}} , while for KDM this is done at {{ic|/usr/share/config/kdm/Xsetup}}.<br />
<br />
This process requires root access and mucking around in system config files, but will take effect earlier in the startup process than using xprofile.<br />
<br />
== Graphical frontends ==<br />
There are some graphical frontends available for {{ic|xrandr}}:<br />
<br />
=== ARandR ===<br />
ARandR provides a simple and convenient visual front end.<br />
<br />
The package can be found in the community repository: {{Pkg|arandr}}<br />
<br />
=== LXrandR ===<br />
The default monitor configuration tool for the [[LXDE]] desktop environment. <br />
<br />
This package is part of the community repository: {{Pkg|lxrandr}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Resolution lower than expected ===<br />
<br />
==== Try this first ====<br />
<br />
If you video card is recognized but the resolution is lower than you expect, you may try this.<br />
<br />
Background: ATI X1550 based video card and two LCD monitors DELL 2408(up to 1920x1200) and Samsung 206BW(up to 1680x1050). Upon first login after installation, the resolution default to 1152x864. xrandr does not list any resolution higher than 1152x864. You may want to try editing /etc/X11/xorg.conf, add a section about virtual screen, logout, login and see if this helps. If not then read on.<br />
<br />
Change xorg.conf<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "Screen"<br />
...<br />
SubSection "Display"<br />
Virtual 3600 1200<br />
EndSubSection<br />
EndSection<br />
}}<br />
<br />
About the numbers: DELL on the left and Samsung on the right. So the virtual width is of sum of both LCD width 3600=1920+1680; Height then is figured as the max of them, which is max(1200,1050)=1200. If you put one LCD above the other, use this calculation instead: (max(width1, width2), height1+height2).<br />
<br />
==== Use cvt/xrandr tool to add the highest mode the LCD can do ====<br />
<br />
The actual order was different, as I tried to add new mode to one LCD at a time. Below is the combined/all-in-one quote<br />
$ cvt 1920 1200 60<br />
# 1920x1200 59.88 Hz (CVT 2.30MA) hsync: 74.56 kHz; pclk: 193.25 MHz<br />
Modeline "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203 1209 1245 -hsync +vsync<br />
$ cvt 1680 1050 60<br />
# 1680x1050 59.95 Hz (CVT 1.76MA) hsync: 65.29 kHz; pclk: 146.25 MHz<br />
Modeline "1680x1050_60.00" 146.25 1680 1784 1960 2240 1050 1053 1059 1089 -hsync +vsync<br />
$ xrandr --newmode "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203 1209 1245 -hsync +vsync<br />
$ xrandr --newmode "1680x1050_60.00" 146.25 1680 1784 1960 2240 1050 1053 1059 1089 -hsync +vsync<br />
$ xrandr --addmode DVI-1 "1920x1200_60.00"<br />
$ xrandr --addmode DVI-0 "1680x1050_60.00"<br />
<br />
== Obtaining modelines from Windows program PowerStrip ==<br />
<br />
[http://www.x.org/wiki/FAQVideoModes#ObtainingmodelinesfromWindowsprogramPowerStrip Obtaining modelines from Windows program PowerStrip].<br />
<br />
== Scripts ==<br />
<br />
{{hc|~/bin/xdisplay|2=<nowiki><br />
#!/bin/bash<br />
#<br />
# This script toggles the extended monitor outputs if something is connected<br />
#<br />
<br />
# your notebook monitor<br />
DEFAULT_OUTPUT='LVDS1'<br />
<br />
# outputs to toggle if connected<br />
OUTPUTS='VGA1 HDMI1'<br />
<br />
# get info from xrandr<br />
XRANDR=`xrandr`<br />
<br />
EXECUTE=""<br />
<br />
for CURRENT in $OUTPUTS<br />
do<br />
if [[ $XRANDR == *$CURRENT\ connected* ]] # is connected<br />
then<br />
if [[ $XRANDR == *$CURRENT\ connected\ \(* ]] # is disabled<br />
then<br />
EXECUTE+="--output $CURRENT --auto --above $DEFAULT_OUTPUT "<br />
else<br />
EXECUTE+="--output $CURRENT --off "<br />
fi<br />
else # make sure disconnected outputs are off <br />
EXECUTE+="--output $CURRENT --off "<br />
fi<br />
done<br />
<br />
xrandr --output $DEFAULT_OUTPUT --auto $EXECUTE<br />
</nowiki>}}<br />
<br />
== Using xrandr with VNC ==<br />
If you are using a VNC server that supports xrandr you can change the vnc resolution on the fly by using "xrandr -s <width>x<height>". tigervnc is an example of a client that supports xrandr<br />
<br />
Example:<br />
<br />
xrandr -s 1920x1200<br />
<br />
After you VNC in, if you open a console and type "xrandr" you will get a list of currently configured modes. Each of these modes can be activated with the xrandr -s option; however, if the mode you want does not exist in the list, you can add it by doing the following:<br />
<br />
Example: Say I want to add 1024x600 (a common netbook resolution)<br />
<br />
First run CVT to get the correct modeline for the resolution you want to add<br />
<br />
$ cvt 1024 600<br />
<br />
You will get something like the following output<br />
<br />
# 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz<br />
Modeline "1024x600_60.00" 49.00 1024 1072 1168 1312 600 603 613 624 -hsync +vsync<br />
<br />
Use that modeline output to run the commands below<br />
<br />
xrandr --newmode "1024x600" 49.00 1024 1072 1168 1312 600 603 613 624 -hsync +vsync<br />
xrandr --addmode default "1024x600"<br />
<br />
Doing the above will give you the ability to change to 1024x600 by typing xrandr -s 1024x600, but it will only last for the current x session. To insure that you can use the newly added resolution each time you start vncserver, add the following to ~/.vnc/xstartup<br />
<br />
xrandr --newmode "1024x600" 49.00 1024 1072 1168 1312 600 603 613 624 -hsync +vsync<br />
xrandr --addmode default "1024x600"</div>Chrkhttps://wiki.archlinux.org/index.php?title=Xrandr&diff=192973Xrandr2012-04-05T22:19:08Z<p>Chrk: </p>
<hr />
<div>[[Category:X Server (English)]]<br />
{{i18n|Xrandr}}<br />
<br />
{{Note|credit to and retrieved from the [https://wiki.ubuntu.com/X/Config/Resolution Ubuntu wiki]}}<br />
<br />
== Dynamically testing different resolutions ==<br />
<br />
{{Ic|xrandr}} shows you the names of different outputs available on your system (LVDS, VGA-0, etc.) and resolutions available on each:<br />
<br />
Screen 0: minimum 320 x 200, current 1400 x 1050, maximum 1400 x 1400<br />
VGA disconnected (normal left inverted right x axis y axis)<br />
LVDS connected 1400x1050+0+0 (normal left inverted right x axis y axis) 286mm x 214mm<br />
1400x1050 60.0*+ 50.0 <br />
[...]<br />
<br />
You can direct xrandr to set a different resolution like this:<br />
<br />
xrandr --output LVDS --mode 1024x768<br />
<br />
The refresh rate may also be changed, either at the same time or independently:<br />
<br />
xrandr --output LVDS --mode 1024x768 --rate 75<br />
<br />
Note that changes you make using {{Ic|xrandr}} only last through the current session. xrandr has a lot more capabilities - see {{Ic|man xrandr}} for details.<br />
<br />
== Adding undetected resolutions ==<br />
<br />
Due to buggy hardware or drivers, your monitor's correct resolutions may not always be detected by xrandr. For example, the EDID data block queried from the monitor may be incorrect. However, we can add the desired resolutions to xrandr.<br />
<br />
First we run {{ic|gtf}} or {{ic|cvt}} to get the '''Modeline''' for the resolution we want:<br />
<br />
$ cvt 1280 1024<br />
<br />
# 1280x1024 59.89 Hz (CVT 1.31M4) hsync: 63.67 kHz; pclk: 109.00 MHz<br />
Modeline "1280x1024_60.00" 109.00 1280 1368 1496 1712 1024 1027 1034 1063 -hsync +vsync<br />
<br />
Then we create a new xrandr mode. Note that the Modeline keyword needs to be ommited.<br />
<br />
xrandr --newmode "1280x1024_60.00" 109.00 1280 1368 1496 1712 1024 1027 1034 1063 -hsync +vsync<br />
<br />
After creating it we need an extra step to add this new mode to our current output (VGA1). We use just the name of the mode, since the parameters have been set previously.<br />
<br />
xrandr --addmode VGA1 "1280x1024_60.00"<br />
<br />
Now we change the resolution of the screen to the one we just added:<br />
<br />
xrandr --output VGA1 --mode "1280x1024_60.00"<br />
<br />
Note that these settings only take effect during this session.<br />
<br />
== Making xrandr changes persistent ==<br />
<br />
There are several ways to make xrandr customizations permanent from session to session:<br />
* {{ic|xorg.conf}} ( Preferred)<br />
* {{ic|.xprofile}}<br />
* kdm/gdm<br />
<br />
=== Setting resolution changes in xorg.conf (Preferred) ===<br />
<br />
While {{Ic|xorg.conf}} is largely empty these days, it can still be used for setting up resolutions. For example:<br />
<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "Monitor"<br />
Identifier "External DVI"<br />
Modeline "1280x1024_60.00" 108.88 1280 1360 1496 1712 1024 1025 1028 1060 -HSync +Vsync<br />
Option "PreferredMode" "1280x1024_60.00"<br />
EndSection<br />
Section "Device"<br />
Identifier "ATI Technologies, Inc. M22 [Radeon Mobility M300]"<br />
Driver "ati"<br />
Option "Monitor-DVI-0" "External DVI"<br />
EndSection<br />
Section "Screen"<br />
Identifier "Primary Screen"<br />
Device "ATI Technologies, Inc. M22 [Radeon Mobility M300]"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024" "1024x768" "640x480"<br />
EndSubSection<br />
EndSection<br />
<br />
Section "ServerLayout"<br />
Identifier "Default Layout"<br />
Screen "Primary Screen"<br />
EndSection<br />
}}<br />
<br />
See {{Ic|man xorg.conf}} for full details on how to craft an {{ic|xorg.conf}} file.<br />
<br />
=== Setting xrandr commands in xprofile ===<br />
<br />
See [[Execute commands after X start]].<br />
<br />
This method has the disadvantage of occurring fairly late in the startup process thus it will not alter the resolution of the [[Display Manager]] if you use one.<br />
<br />
=== Setting xrandr commands in kdm/gdm startup scripts ===<br />
<br />
Both KDM and GDM have startup scripts that are executed when X is initiated. For GDM, these are in {{ic|/etc/gdm/}} , while for KDM this is done at {{ic|/usr/share/config/kdm/Xsetup}}.<br />
<br />
This process requires root access and mucking around in system config files, but will take effect earlier in the startup process than using xprofile.<br />
<br />
== Graphical frontends ==<br />
There are several graphical frontends available for {{ic|xrandr}}:<br />
<br />
=== ARandR ===<br />
ARandR provides a simple and convenient visual front end.<br />
<br />
The package can be found in the community repository: {{Pkg|arandr}}<br />
<br />
=== LXrandR ===<br />
The default monitor configuration tool for the [[LXDE]] desktop environment. <br />
<br />
This package is part of the community repository: {{Pkg|lxrandr}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Resolution lower than expected ===<br />
<br />
==== Try this first ====<br />
<br />
If you video card is recognized but the resolution is lower than you expect, you may try this.<br />
<br />
Background: ATI X1550 based video card and two LCD monitors DELL 2408(up to 1920x1200) and Samsung 206BW(up to 1680x1050). Upon first login after installation, the resolution default to 1152x864. xrandr does not list any resolution higher than 1152x864. You may want to try editing /etc/X11/xorg.conf, add a section about virtual screen, logout, login and see if this helps. If not then read on.<br />
<br />
Change xorg.conf<br />
{{hc|/etc/X11/xorg.conf|<br />
Section "Screen"<br />
...<br />
SubSection "Display"<br />
Virtual 3600 1200<br />
EndSubSection<br />
EndSection<br />
}}<br />
<br />
About the numbers: DELL on the left and Samsung on the right. So the virtual width is of sum of both LCD width 3600=1920+1680; Height then is figured as the max of them, which is max(1200,1050)=1200. If you put one LCD above the other, use this calculation instead: (max(width1, width2), height1+height2).<br />
<br />
==== Use cvt/xrandr tool to add the highest mode the LCD can do ====<br />
<br />
The actual order was different, as I tried to add new mode to one LCD at a time. Below is the combined/all-in-one quote<br />
$ cvt 1920 1200 60<br />
# 1920x1200 59.88 Hz (CVT 2.30MA) hsync: 74.56 kHz; pclk: 193.25 MHz<br />
Modeline "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203 1209 1245 -hsync +vsync<br />
$ cvt 1680 1050 60<br />
# 1680x1050 59.95 Hz (CVT 1.76MA) hsync: 65.29 kHz; pclk: 146.25 MHz<br />
Modeline "1680x1050_60.00" 146.25 1680 1784 1960 2240 1050 1053 1059 1089 -hsync +vsync<br />
$ xrandr --newmode "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203 1209 1245 -hsync +vsync<br />
$ xrandr --newmode "1680x1050_60.00" 146.25 1680 1784 1960 2240 1050 1053 1059 1089 -hsync +vsync<br />
$ xrandr --addmode DVI-1 "1920x1200_60.00"<br />
$ xrandr --addmode DVI-0 "1680x1050_60.00"<br />
<br />
== Obtaining modelines from Windows program PowerStrip ==<br />
<br />
[http://www.x.org/wiki/FAQVideoModes#ObtainingmodelinesfromWindowsprogramPowerStrip Obtaining modelines from Windows program PowerStrip].<br />
<br />
== Scripts ==<br />
<br />
{{hc|~/bin/xdisplay|2=<nowiki><br />
#!/bin/bash<br />
#<br />
# This script toggles the extended monitor outputs if something is connected<br />
#<br />
<br />
# your notebook monitor<br />
DEFAULT_OUTPUT='LVDS1'<br />
<br />
# outputs to toggle if connected<br />
OUTPUTS='VGA1 HDMI1'<br />
<br />
# get info from xrandr<br />
XRANDR=`xrandr`<br />
<br />
EXECUTE=""<br />
<br />
for CURRENT in $OUTPUTS<br />
do<br />
if [[ $XRANDR == *$CURRENT\ connected* ]] # is connected<br />
then<br />
if [[ $XRANDR == *$CURRENT\ connected\ \(* ]] # is disabled<br />
then<br />
EXECUTE+="--output $CURRENT --auto --above $DEFAULT_OUTPUT "<br />
else<br />
EXECUTE+="--output $CURRENT --off "<br />
fi<br />
else # make sure disconnected outputs are off <br />
EXECUTE+="--output $CURRENT --off "<br />
fi<br />
done<br />
<br />
xrandr --output $DEFAULT_OUTPUT --auto $EXECUTE<br />
</nowiki>}}<br />
<br />
== Using xrandr with VNC ==<br />
If you are using a VNC server that supports xrandr you can change the vnc resolution on the fly by using "xrandr -s <width>x<height>". tigervnc is an example of a client that supports xrandr<br />
<br />
Example:<br />
<br />
xrandr -s 1920x1200<br />
<br />
After you VNC in, if you open a console and type "xrandr" you will get a list of currently configured modes. Each of these modes can be activated with the xrandr -s option; however, if the mode you want does not exist in the list, you can add it by doing the following:<br />
<br />
Example: Say I want to add 1024x600 (a common netbook resolution)<br />
<br />
First run CVT to get the correct modeline for the resolution you want to add<br />
<br />
$ cvt 1024 600<br />
<br />
You will get something like the following output<br />
<br />
# 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz<br />
Modeline "1024x600_60.00" 49.00 1024 1072 1168 1312 600 603 613 624 -hsync +vsync<br />
<br />
Use that modeline output to run the commands below<br />
<br />
xrandr --newmode "1024x600" 49.00 1024 1072 1168 1312 600 603 613 624 -hsync +vsync<br />
xrandr --addmode default "1024x600"<br />
<br />
Doing the above will give you the ability to change to 1024x600 by typing xrandr -s 1024x600, but it will only last for the current x session. To insure that you can use the newly added resolution each time you start vncserver, add the following to ~/.vnc/xstartup<br />
<br />
xrandr --newmode "1024x600" 49.00 1024 1072 1168 1312 600 603 613 624 -hsync +vsync<br />
xrandr --addmode default "1024x600"</div>Chrkhttps://wiki.archlinux.org/index.php?title=DVB-S&diff=192969DVB-S2012-04-05T21:38:31Z<p>Chrk: </p>
<hr />
<div>[[Category:Audio/Video (English)]]<br />
{{i18n|DVB-S}}<br />
[[de:DVB-S]]<br />
{{Article summary start}}<br />
{{Article summary text|Covers the setup and use of DVB-S (sat TV) cards on Arch Linux.}}<br />
{{Article summary heading|Important}}<br />
{{Article summary text|This was only tested with the Pinnacle PCTV Sat, and may not work or won't help you with different cards.}}<br />
{{Article summary heading|Related articles}}<br />
{{Article summary wiki|MythTV Walkthrough}}<br />
{{Article summary end}}<br />
<br />
==Load required Modules==<br />
You have to lookup the chipset of your specific card; tools like '''lshwd''' may help you.<br />
<br />
===Pinnacle PCTV Sat===<br />
This card uses bt878 and cx24110 as chipset.<br />
<br />
Load them (under root) with:<br />
# modprobe dvb-bt8xx<br />
# modprobe cx24110<br />
If you want Arch to boot them on startup, add both modules to {{Ic|MODULES}} in {{ic|/etc/rc.conf}}.<br />
<br />
<br />
===Additional modules: S2-liplianin===<br />
However, there's not a working kernel module for all (especially newer) devices.<br />
<br />
Igor M. Liplianin manages some additional modules at his [http://mercurial.intuxication.org/hg/s2-liplianin mercurial repository]. <br />
<br />
====Setup====<br />
First of all, you have to download and prepare the source code.<br />
<br />
$ hg clone http://mercurial.intuxication.org/hg/s2-liplianin/<br />
$ cd s2-liplianin<br />
<br />
<br />
Unfortunately not all modules of liplianin are compatible with recent kernels and cause some trouble if you want to compile them hence you have to exclude these modules from the build process (if you do not need them). You can choose which modules you want to build by executing:<br />
<br />
$ make config<br />
<br />
which will create a config file: {{ic|v4l/.config}}. <br />
{{Note|If you want to edit the config file with another interface, take a look at {{ic|Install}} under the 'Module selection rules' section.}}<br />
<br />
After that, you have to build the chosen modules:<br />
<br />
$ make<br />
<br />
{{Note|It is very likely, that some modules won't compile. Try to exclude them (one step earlier) and run 'make' again.}}<br />
<br />
<br />
If all configured modules were compiled successfully, you can install the modules at the kernel's default modules directory by executing:<br />
<br />
# make install<br />
<br />
After that, reboot your machine.<br />
<br />
==Setup Permissions==<br />
To use your DVB-S card as user add him to the {{Ic|video}} group:<br />
# gpasswd -a [username] video<br />
<br />
==Scanning channels==<br />
{{Note | You can skip this part if you use Kaffeine.}}<br />
<br />
Most applications like szap or xine are needing a channel list created by '''scan''', which is part of '''dvb-utils'''.<br />
You'll find the dvb-utils package under the name {{Pkg|linuxtv-dvb-apps}} in the Community-Repo.<br />
<br />
Install it with:<br />
# pacman -S linuxtv-dvb-apps<br />
<br />
===Using scan===<br />
'''scan''' needs an channel to initialize scanning. In {{Ic|/usr/share/dvb/dvb-s/}} are some files which contain these channels; you will need that one that fits the satellite you are watching from.<br />
<br />
The following command will scan all channels and save them to {{ic|channels.conf}}:<br />
$ scan -x0 -t1 -s1 /usr/share/dvb/dvb-s/[your satellite] | tee channels.conf<br />
{{Note | The channel file doesn't have to be called {{ic|channels.conf}} but it's more convenient as you will see later.}}<br />
{{Note | Depending on your satellite dish setup you may have to try other arguments.}}<br />
<br />
===Using w_scan===<br />
[https://aur.archlinux.org/packages.php?ID=12028 w_scan] allows for automatic scanning of channels without configuration. Install it then issue:<br />
<br />
# w_scan -c [your country] > ~/someChannels.conf<br />
<br />
Alternatively you can also scan using the satellite position like 19.5E for Astra 1. Scans like that can be done as follows:<br />
<br />
# w_scan -fs -s S19E5 > ~/someChannels.conf<br />
<br />
You can also add the -X flag to generate tzap/czap/xine output instead of vdr output.<br />
<br />
# w_scan -X -c AU > ~/AustraliaChannels.conf<br />
<br />
====DiSEqC switch scanning (AKA multiple satellite LNB)====<br />
If you have a LNB with a DiSEqC switch in it you can manually select that using the -D option like so:<br />
<br />
# w_scan -fs -s S23E5 -D 1c > ~/someChannels.conf<br />
<br />
The above line should work but not all found channels where actually saved. The line below worked perfectly for me:<br />
<br />
# w_scan -fs -s S23E5 -a 0 -D 1c -o 7 -e 2 > ~/someChannels.conf<br />
<br />
{{Warning|I did found out that when using a LNB with a DiSEqC switch it's way more convenient to use -X ouptut which you can use in for example mplayer. Just append "-X" before the ">" that you see above.}}<br />
<br />
==Switching channels==<br />
{{Note | szap only works with satellite TV.}}<br />
<br />
By using '''zap''', which comes with '''dvb-utils''', you can switch channels, so you do not have to rely on the abilities of your player.<br />
<br />
'''szap''' needs the channel file we created earlier; it will try {{ic|~/.szap/channels.conf}} by default. You can move the {{ic|channels.conf}} there or you can use the {{Ic|"-c"}} command-line option.<br />
<br />
Switching channels works like this:<br />
$ szap -r [channel]<br />
{{Note | szap needs to keep running.}}<br />
<br />
You can list all available channels with:<br />
$ szap -q<br />
<br />
Now you can watch the stream for example with xine:<br />
$ xine -g stdin://mpeg2 < /dev/dvb/adapter0/dvr0<br />
or with mplayer:<br />
$ mplayer /dev/dvb/adapter0/dvr0<br />
or with mplayer, but using DVB directly:<br />
$ mplayer "dvb://RTL Television"<br />
You can find all the channel names by running szap -q (assuming the channel list is also in ~/.szap/channels.conf).<br />
<br />
==Software==<br />
<br />
===Kaffeine===<br />
Kaffeine is a really nice player; it supports EPG, time-shifting, and recording. Additionally Kaffeine has built-in channel-searching.<br />
<br />
Install it with:<br />
# pacman -S kaffeine<br />
<br />
*[http://archlinux.org/packages/search/?q=kaffeine More Information]<br />
*[http://kaffeine.sourceforge.net/ Project page]<br />
<br />
====Importing channel list====<br />
* Linosaw.de provides [http://www.linowsat.de/settings/vdr.html channels.conf] files for [[VDR]]<br />
* [http://free.pages.at/cleditor/vdr2kaffeine.htm conv2conf] converts these files into kaffeine channel list format<br />
<br />
===Me-tv===<br />
Me-tv is a simple but powerfull dvb-viewer, supporting EPG, recording and channel-searching with a light-weight gui.<br />
<br />
*It's in the official repository: pacman -S me-tv<br />
*SVN version in the AUR: https://aur.archlinux.org/packages.php?ID=27065<br />
<br />
===Klear===<br />
Klear is also a really nice player, but more than 4 years old (last release 2006). It supports EPG, time-shifting, and recording, videotext. Channel-searching is still missing. Install it from AUR:<br />
*[https://aur.archlinux.org/packages.php?do_Details=1&ID=2415&O=0&L=0&C=0&K=klear&SB=&SO=&PP=25&do_MyPackages=0&do_Orphans=0&SeB=nd AUR package]<br />
*[http://klear.org Project page]<br />
<br />
===Xine===<br />
Copy your channel file to {{ic|~/.xine/channels.conf}}.<br />
<br />
Watch a specific channel with following command:<br />
$ xine dvb://[channel]<br />
<br />
or use the playlist editor in Xine<br />
<br />
==Additional Resources==<br />
<br />
===TV Cards in general===<br />
*[http://wiki.ubuntuusers.de/TV-Karten Ubuntuusers.de-Wiki] (german)<br />
<br />
===Pinnacle Cards===<br />
*[http://pinnaclefanboard.com/ PinnacleFanBoard] (german, but you can ask in english as well)</div>Chrkhttps://wiki.archlinux.org/index.php?title=DVB-S&diff=192968DVB-S2012-04-05T21:37:30Z<p>Chrk: some hints concerning build errors</p>
<hr />
<div>[[Category:Audio/Video (English)]]<br />
{{i18n|DVB-S}}<br />
[[de:DVB-S]]<br />
{{Article summary start}}<br />
{{Article summary text|Covers the setup and use of DVB-S (sat TV) cards on Arch Linux.}}<br />
{{Article summary heading|Important}}<br />
{{Article summary text|This was only tested with the Pinnacle PCTV Sat, and may not work or won't help you with different cards.}}<br />
{{Article summary heading|Related articles}}<br />
{{Article summary wiki|MythTV Walkthrough}}<br />
{{Article summary end}}<br />
<br />
==Load required Modules==<br />
You have to lookup the chipset of your specific card; tools like '''lshwd''' may help you.<br />
<br />
===Pinnacle PCTV Sat===<br />
This card uses bt878 and cx24110 as chipset.<br />
<br />
Load them (under root) with:<br />
# modprobe dvb-bt8xx<br />
# modprobe cx24110<br />
If you want Arch to boot them on startup, add both modules to {{Ic|MODULES}} in {{ic|/etc/rc.conf}}.<br />
<br />
<br />
===Additional modules: S2-liplianin===<br />
However, there's not a working kernel module for all (especially newer) devices.<br />
<br />
Igor M. Liplianin manages some additional modules at his [http://mercurial.intuxication.org/hg/s2-liplianin mercurial repository]. <br />
<br />
====Setup====<br />
First of all, you have to download and prepare the source code.<br />
<br />
$ hg clone http://mercurial.intuxication.org/hg/s2-liplianin/<br />
$ cd s2-liplianin<br />
<br />
<br />
Unfortunately not all modules of liplianin are compatible with recent kernels and cause some trouble if you want to compile them hence you have to exclude these modules from the build process (if you do not need them). You can choose which modules you want to build by executing:<br />
<br />
$ make config<br />
<br />
which will create a config file: {{ic|v4l/.config}}. <br />
{{Note|If you want to edit the config file with another interface, take a look at {{ic|Install}} under the 'Module selection rules' section.}}<br />
<br />
After that, you have to build the chosen modules:<br />
<br />
$ make<br />
<br />
{{Note|It is very likely, that some modules won't compile. Try to exclude them (one step earlier) and run 'make' again.}}<br />
<br />
<br />
If all configured modules were compiled successfully, you can install the modules at the kernel's default modules directory by executing:<br />
<br />
# make install<br />
<br />
After that reboot your machine.<br />
<br />
==Setup Permissions==<br />
To use your DVB-S card as user add him to the {{Ic|video}} group:<br />
# gpasswd -a [username] video<br />
<br />
==Scanning channels==<br />
{{Note | You can skip this part if you use Kaffeine.}}<br />
<br />
Most applications like szap or xine are needing a channel list created by '''scan''', which is part of '''dvb-utils'''.<br />
You'll find the dvb-utils package under the name {{Pkg|linuxtv-dvb-apps}} in the Community-Repo.<br />
<br />
Install it with:<br />
# pacman -S linuxtv-dvb-apps<br />
<br />
===Using scan===<br />
'''scan''' needs an channel to initialize scanning. In {{Ic|/usr/share/dvb/dvb-s/}} are some files which contain these channels; you will need that one that fits the satellite you are watching from.<br />
<br />
The following command will scan all channels and save them to {{ic|channels.conf}}:<br />
$ scan -x0 -t1 -s1 /usr/share/dvb/dvb-s/[your satellite] | tee channels.conf<br />
{{Note | The channel file doesn't have to be called {{ic|channels.conf}} but it's more convenient as you will see later.}}<br />
{{Note | Depending on your satellite dish setup you may have to try other arguments.}}<br />
<br />
===Using w_scan===<br />
[https://aur.archlinux.org/packages.php?ID=12028 w_scan] allows for automatic scanning of channels without configuration. Install it then issue:<br />
<br />
# w_scan -c [your country] > ~/someChannels.conf<br />
<br />
Alternatively you can also scan using the satellite position like 19.5E for Astra 1. Scans like that can be done as follows:<br />
<br />
# w_scan -fs -s S19E5 > ~/someChannels.conf<br />
<br />
You can also add the -X flag to generate tzap/czap/xine output instead of vdr output.<br />
<br />
# w_scan -X -c AU > ~/AustraliaChannels.conf<br />
<br />
====DiSEqC switch scanning (AKA multiple satellite LNB)====<br />
If you have a LNB with a DiSEqC switch in it you can manually select that using the -D option like so:<br />
<br />
# w_scan -fs -s S23E5 -D 1c > ~/someChannels.conf<br />
<br />
The above line should work but not all found channels where actually saved. The line below worked perfectly for me:<br />
<br />
# w_scan -fs -s S23E5 -a 0 -D 1c -o 7 -e 2 > ~/someChannels.conf<br />
<br />
{{Warning|I did found out that when using a LNB with a DiSEqC switch it's way more convenient to use -X ouptut which you can use in for example mplayer. Just append "-X" before the ">" that you see above.}}<br />
<br />
==Switching channels==<br />
{{Note | szap only works with satellite TV.}}<br />
<br />
By using '''zap''', which comes with '''dvb-utils''', you can switch channels, so you do not have to rely on the abilities of your player.<br />
<br />
'''szap''' needs the channel file we created earlier; it will try {{ic|~/.szap/channels.conf}} by default. You can move the {{ic|channels.conf}} there or you can use the {{Ic|"-c"}} command-line option.<br />
<br />
Switching channels works like this:<br />
$ szap -r [channel]<br />
{{Note | szap needs to keep running.}}<br />
<br />
You can list all available channels with:<br />
$ szap -q<br />
<br />
Now you can watch the stream for example with xine:<br />
$ xine -g stdin://mpeg2 < /dev/dvb/adapter0/dvr0<br />
or with mplayer:<br />
$ mplayer /dev/dvb/adapter0/dvr0<br />
or with mplayer, but using DVB directly:<br />
$ mplayer "dvb://RTL Television"<br />
You can find all the channel names by running szap -q (assuming the channel list is also in ~/.szap/channels.conf).<br />
<br />
==Software==<br />
<br />
===Kaffeine===<br />
Kaffeine is a really nice player; it supports EPG, time-shifting, and recording. Additionally Kaffeine has built-in channel-searching.<br />
<br />
Install it with:<br />
# pacman -S kaffeine<br />
<br />
*[http://archlinux.org/packages/search/?q=kaffeine More Information]<br />
*[http://kaffeine.sourceforge.net/ Project page]<br />
<br />
====Importing channel list====<br />
* Linosaw.de provides [http://www.linowsat.de/settings/vdr.html channels.conf] files for [[VDR]]<br />
* [http://free.pages.at/cleditor/vdr2kaffeine.htm conv2conf] converts these files into kaffeine channel list format<br />
<br />
===Me-tv===<br />
Me-tv is a simple but powerfull dvb-viewer, supporting EPG, recording and channel-searching with a light-weight gui.<br />
<br />
*It's in the official repository: pacman -S me-tv<br />
*SVN version in the AUR: https://aur.archlinux.org/packages.php?ID=27065<br />
<br />
===Klear===<br />
Klear is also a really nice player, but more than 4 years old (last release 2006). It supports EPG, time-shifting, and recording, videotext. Channel-searching is still missing. Install it from AUR:<br />
*[https://aur.archlinux.org/packages.php?do_Details=1&ID=2415&O=0&L=0&C=0&K=klear&SB=&SO=&PP=25&do_MyPackages=0&do_Orphans=0&SeB=nd AUR package]<br />
*[http://klear.org Project page]<br />
<br />
===Xine===<br />
Copy your channel file to {{ic|~/.xine/channels.conf}}.<br />
<br />
Watch a specific channel with following command:<br />
$ xine dvb://[channel]<br />
<br />
or use the playlist editor in Xine<br />
<br />
==Additional Resources==<br />
<br />
===TV Cards in general===<br />
*[http://wiki.ubuntuusers.de/TV-Karten Ubuntuusers.de-Wiki] (german)<br />
<br />
===Pinnacle Cards===<br />
*[http://pinnaclefanboard.com/ PinnacleFanBoard] (german, but you can ask in english as well)</div>Chrkhttps://wiki.archlinux.org/index.php?title=DVB-S&diff=192959DVB-S2012-04-05T21:16:33Z<p>Chrk: Added some instructions for installing liplianian-modules</p>
<hr />
<div>[[Category:Audio/Video (English)]]<br />
{{i18n|DVB-S}}<br />
[[de:DVB-S]]<br />
{{Article summary start}}<br />
{{Article summary text|Covers the setup and use of DVB-S (sat TV) cards on Arch Linux.}}<br />
{{Article summary heading|Important}}<br />
{{Article summary text|This was only tested with the Pinnacle PCTV Sat, and may not work or won't help you with different cards.}}<br />
{{Article summary heading|Related articles}}<br />
{{Article summary wiki|MythTV Walkthrough}}<br />
{{Article summary end}}<br />
<br />
==Load required Modules==<br />
You have to lookup the chipset of your specific card; tools like '''lshwd''' may help you.<br />
<br />
===Pinnacle PCTV Sat===<br />
This card uses bt878 and cx24110 as chipset.<br />
<br />
Load them (under root) with:<br />
# modprobe dvb-bt8xx<br />
# modprobe cx24110<br />
If you want Arch to boot them on startup, add both modules to {{Ic|MODULES}} in {{ic|/etc/rc.conf}}.<br />
<br />
<br />
===Additional modules: S2-liplianin===<br />
However, there's not a working kernel module for all (especially newer) devices.<br />
<br />
Igor M. Liplianin manages some additional modules at his [http://mercurial.intuxication.org/hg/s2-liplianin mercurial repository]. <br />
<br />
====Setup====<br />
First of all, you have to download and prepare the source code.<br />
<br />
$ hg clone http://mercurial.intuxication.org/hg/s2-liplianin/<br />
$ cd s2-liplianin<br />
<br />
Unfortunately not all modules of liplianin are compatible with recent kernels and cause some trouble if you want to compile them. You can choose which modules you want to build by executing:<br />
<br />
$ make config<br />
<br />
which will create a config file: {{ic|v4l/.config}}. <br />
{{Note|If you want to edit the config file with another interface, take a look at {{ic|Install}} under the 'Module selection rules' section.}}<br />
<br />
After that, you have to build the chosen modules:<br />
<br />
$ make<br />
<br />
Now install the modules at the kernel's default modules directory by executing:<br />
<br />
# make install<br />
<br />
After that reboot your machine.<br />
<br />
==Setup Permissions==<br />
To use your DVB-S card as user add him to the {{Ic|video}} group:<br />
# gpasswd -a [username] video<br />
<br />
==Scanning channels==<br />
{{Note | You can skip this part if you use Kaffeine.}}<br />
<br />
Most applications like szap or xine are needing a channel list created by '''scan''', which is part of '''dvb-utils'''.<br />
You'll find the dvb-utils package under the name {{Pkg|linuxtv-dvb-apps}} in the Community-Repo.<br />
<br />
Install it with:<br />
# pacman -S linuxtv-dvb-apps<br />
<br />
===Using scan===<br />
'''scan''' needs an channel to initialize scanning. In {{Ic|/usr/share/dvb/dvb-s/}} are some files which contain these channels; you will need that one that fits the satellite you are watching from.<br />
<br />
The following command will scan all channels and save them to {{ic|channels.conf}}:<br />
$ scan -x0 -t1 -s1 /usr/share/dvb/dvb-s/[your satellite] | tee channels.conf<br />
{{Note | The channel file doesn't have to be called {{ic|channels.conf}} but it's more convenient as you will see later.}}<br />
{{Note | Depending on your satellite dish setup you may have to try other arguments.}}<br />
<br />
===Using w_scan===<br />
[https://aur.archlinux.org/packages.php?ID=12028 w_scan] allows for automatic scanning of channels without configuration. Install it then issue:<br />
<br />
# w_scan -c [your country] > ~/someChannels.conf<br />
<br />
Alternatively you can also scan using the satellite position like 19.5E for Astra 1. Scans like that can be done as follows:<br />
<br />
# w_scan -fs -s S19E5 > ~/someChannels.conf<br />
<br />
You can also add the -X flag to generate tzap/czap/xine output instead of vdr output.<br />
<br />
# w_scan -X -c AU > ~/AustraliaChannels.conf<br />
<br />
====DiSEqC switch scanning (AKA multiple satellite LNB)====<br />
If you have a LNB with a DiSEqC switch in it you can manually select that using the -D option like so:<br />
<br />
# w_scan -fs -s S23E5 -D 1c > ~/someChannels.conf<br />
<br />
The above line should work but not all found channels where actually saved. The line below worked perfectly for me:<br />
<br />
# w_scan -fs -s S23E5 -a 0 -D 1c -o 7 -e 2 > ~/someChannels.conf<br />
<br />
{{Warning|I did found out that when using a LNB with a DiSEqC switch it's way more convenient to use -X ouptut which you can use in for example mplayer. Just append "-X" before the ">" that you see above.}}<br />
<br />
==Switching channels==<br />
{{Note | szap only works with satellite TV.}}<br />
<br />
By using '''zap''', which comes with '''dvb-utils''', you can switch channels, so you do not have to rely on the abilities of your player.<br />
<br />
'''szap''' needs the channel file we created earlier; it will try {{ic|~/.szap/channels.conf}} by default. You can move the {{ic|channels.conf}} there or you can use the {{Ic|"-c"}} command-line option.<br />
<br />
Switching channels works like this:<br />
$ szap -r [channel]<br />
{{Note | szap needs to keep running.}}<br />
<br />
You can list all available channels with:<br />
$ szap -q<br />
<br />
Now you can watch the stream for example with xine:<br />
$ xine -g stdin://mpeg2 < /dev/dvb/adapter0/dvr0<br />
or with mplayer:<br />
$ mplayer /dev/dvb/adapter0/dvr0<br />
or with mplayer, but using DVB directly:<br />
$ mplayer "dvb://RTL Television"<br />
You can find all the channel names by running szap -q (assuming the channel list is also in ~/.szap/channels.conf).<br />
<br />
==Software==<br />
<br />
===Kaffeine===<br />
Kaffeine is a really nice player; it supports EPG, time-shifting, and recording. Additionally Kaffeine has built-in channel-searching.<br />
<br />
Install it with:<br />
# pacman -S kaffeine<br />
<br />
*[http://archlinux.org/packages/search/?q=kaffeine More Information]<br />
*[http://kaffeine.sourceforge.net/ Project page]<br />
<br />
====Importing channel list====<br />
* Linosaw.de provides [http://www.linowsat.de/settings/vdr.html channels.conf] files for [[VDR]]<br />
* [http://free.pages.at/cleditor/vdr2kaffeine.htm conv2conf] converts these files into kaffeine channel list format<br />
<br />
===Me-tv===<br />
Me-tv is a simple but powerfull dvb-viewer, supporting EPG, recording and channel-searching with a light-weight gui.<br />
<br />
*It's in the official repository: pacman -S me-tv<br />
*SVN version in the AUR: https://aur.archlinux.org/packages.php?ID=27065<br />
<br />
===Klear===<br />
Klear is also a really nice player, but more than 4 years old (last release 2006). It supports EPG, time-shifting, and recording, videotext. Channel-searching is still missing. Install it from AUR:<br />
*[https://aur.archlinux.org/packages.php?do_Details=1&ID=2415&O=0&L=0&C=0&K=klear&SB=&SO=&PP=25&do_MyPackages=0&do_Orphans=0&SeB=nd AUR package]<br />
*[http://klear.org Project page]<br />
<br />
===Xine===<br />
Copy your channel file to {{ic|~/.xine/channels.conf}}.<br />
<br />
Watch a specific channel with following command:<br />
$ xine dvb://[channel]<br />
<br />
or use the playlist editor in Xine<br />
<br />
==Additional Resources==<br />
<br />
===TV Cards in general===<br />
*[http://wiki.ubuntuusers.de/TV-Karten Ubuntuusers.de-Wiki] (german)<br />
<br />
===Pinnacle Cards===<br />
*[http://pinnaclefanboard.com/ PinnacleFanBoard] (german, but you can ask in english as well)</div>Chrk