https://wiki.archlinux.org/api.php?action=feedcontributions&user=Thayer&feedformat=atomArchWiki - User contributions [en]2024-03-29T12:52:11ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=User:Thayer&diff=756798User:Thayer2022-11-12T02:48:13Z<p>Thayer: /* about */</p>
<hr />
<div>==about==<br />
Thayer Williams<br /><br />
Vancouver, BC Canada<br />
<br />
[[Special:Contributions/Thayer |Arch Wiki Contributions]]</div>Thayerhttps://wiki.archlinux.org/index.php?title=User:Thayer&diff=756797User:Thayer2022-11-12T02:47:49Z<p>Thayer: </p>
<hr />
<div>==about==<br />
Thayer Williams<br /><br />
Vancouver, BC Canada<br />
<br />
[[Special:Contributions/Thayer |Arch Wiki Contributions]] ([[Special:Contributions/Thayer.w |contributions as Thayer.w]])</div>Thayerhttps://wiki.archlinux.org/index.php?title=DeveloperWiki_talk:TrademarkPolicy&diff=222020DeveloperWiki talk:TrademarkPolicy2012-09-08T04:17:58Z<p>Thayer: </p>
<hr />
<div>'''Attribution''' <br />
<br />
''The Arch Linux trademark policy is published under the CC-BY-SA license, courtesy of the Ubuntu project. You are welcome to base your own project trademark policies off of it, but you must give credit to the Ubuntu project as the original source, and let others use your changes freely. ''<br />
<br />
<br />
I'm sorry but don't knwo why Ubuntu?<br />
<br />
:It just means the text for ''our'' policy was based on the text used by the Ubuntu trademark policy, which required attribution to Ubuntu. --[[User:Thayer|thayer]] ([[User talk:Thayer|talk]]) 04:17, 8 September 2012 (UTC)</div>Thayerhttps://wiki.archlinux.org/index.php?title=DeveloperWiki_talk:TrademarkPolicy&diff=222019DeveloperWiki talk:TrademarkPolicy2012-09-08T04:17:08Z<p>Thayer: </p>
<hr />
<div>'''Attribution''' <br />
<br />
''The Arch Linux trademark policy is published under the CC-BY-SA license, courtesy of the Ubuntu project. You are welcome to base your own project trademark policies off of it, but you must give credit to the Ubuntu project as the original source, and let others use your changes freely. ''<br />
<br />
<br />
I'm sorry but don't knwo why Ubuntu?<br />
<br />
:It just means the text for the policy was based on the text used by the Ubuntu trademark policy, which required attribution to Ubuntu. --[[User:Thayer|thayer]] ([[User talk:Thayer|talk]]) 04:17, 8 September 2012 (UTC)</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmonad&diff=142973Xmonad2011-05-28T15:17:44Z<p>Thayer: /* Other Resources */</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Tiling WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[fr:Xmonad]]<br />
{{i18n|Xmonad}}<br />
<br />
[http://xmonad.org/ xmonad] is a tiling window manager for X. Windows are arranged automatically to tile the screen without gaps or overlap, maximizing screen use. Window manager features are accessible from the keyboard: a mouse is optional. <br />
<br />
xmonad is written, configured and extensible in [http://haskell.org/ Haskell]. Custom layout algorithms, key bindings and other extensions may be written by the user in config files. <br />
<br />
Layouts are applied dynamically, and different layouts may be used on each workspace. [[Xinerama]] is fully supported, allowing windows to be tiled on several physical screens.<br />
<br />
For more information, please visit the xmonad website: http://xmonad.org/<br />
<br />
==Installation==<br />
<br />
xmonad and xmonad-contrib is currently available in the community repo. A build for the current development snapshot (darcs) is in the [http://aur.archlinux.org/ aur]. The following instructions are for xmonad-darcs, the development snapshot.<br />
<br />
===Development version (xmonad-darcs)===<br />
<br />
The xmonad-darcs development version can be installed from the AUR, with some additional dependencies in [community]. Install them in the following order:<br />
<br />
* [http://aur.archlinux.org/packages.php?ID=12483 xmonad-darcs] - The core window manager<br />
* [http://aur.archlinux.org/packages.php?ID=13652 xmonad-contrib-darcs] - Contributed extensions providing custom layouts, configurations, etc.<br />
<br />
==Configuration==<br />
<br />
===Starting xmonad===<br />
To start xmonad automatically, simply add the command '''exec xmonad''' to your startup script (e.g. ~/.xinitrc). GDM and KDM users can create a new session file and then select xmonad from the appropriate Session menu.<br />
<br />
Recently, users in #xmonad have stated that the exec is not required; simply adding '''xmonad''' as the last line in your startup script is the proper way to start this WM. Please use whichever method works for you. If using ck-launch-session, the exec is probably still required.<br />
<br />
''Note:'' By default, xmonad does not set an X cursor, therefore the "cross" cursor is usually displayed which can be confusing for new users (thinking that xmonad has not launched correctly). To set the expected left-pointer, add the following to your startup file (e.g. ~/.xinitrc):<br />
<br />
xsetroot -cursor_name left_ptr<br />
<br />
Also, xmonad defaults to the U.S. keyboard layout, so if you want e. g. the German one, add:<br />
<br />
setxkbmap -layout de<br />
<br />
Example .xinitrc :<br />
# set the cursor<br />
xsetroot -cursor_name left_ptr<br />
# set German keyboard layout<br />
setxkbmap -layout de<br />
# start xmonad<br />
exec ck-launch-session xmonad<br />
<br />
If for some reason XMonad doesn't start, check if you have an .xmonad dir in your home dir else create it<br />
mkdir ~/.xmonad<br />
<br />
===Configuring xmonad===<br />
<br />
xmonad users can modify, override or extend the default settings with the ~/.xmonad/xmonad.hs configuration file. Recompiling is done on the fly, with the Mod+q shortcut.<br />
<br />
If you find you do not have a directory at ~/.xmonad, run xmonad --recompile to create it. <br />
<br />
The "default config" for xmonad is quite usuable and it is achieved by simply running without an xmonad.hs entirely. Therefore, even after you run --recompile you will most likely not have an ~/.xmonad/xmonad.hs file. If you would like to start tweaking things, simply create the file and edit it as described below. <br />
<br />
Because the xmonad configuration file is written in Haskell, non-programmers may have a difficult time adjusting settings. For detailed HOWTO's and example configs, we refer you to the following resources:<br />
<br />
* [http://haskell.org/haskellwiki/Xmonad xmonad wiki]<br />
* [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions xmonad FAQ]<br />
* Archlinux [http://bbs.archlinux.org/viewtopic.php?id=40636 forum thread]<br />
<br />
The best approach is to only place your changes and customizations in ~/.xmonad/xmonad.hs and write it such that any unset parameters are picked up from the built-in defaultConfig. <br />
<br />
This is achieved by writing an xmonad.hs like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = "urxvt"<br />
, modMask = mod4Mask<br />
, borderWidth = 3<br />
}<br />
<br />
This simply overrides the default terminal and borderwidth while leaving all other settings at their defaults (inherited from the function defaultConfig).<br />
<br />
As things get more complicated, it can be handy to call configuration options by function name inside the main function, and define these separately in their own sections of your xmonad.hs. This makes large customizations like your layout and manage hooks easier to visualize and maintain.<br />
<br />
The above simple xmonad.hs could have been written like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = myTerminal<br />
, modMask = myModMask<br />
, borderWidth = myBorderWidth<br />
}<br />
<br />
-- yes, these are functions; just very simple ones<br />
-- that accept no input and return static values<br />
myTerminal = "urxvt"<br />
myModMask = mod4Mask -- Win key or Super_L<br />
myBorderWidth = 3<br />
<br />
Also, order at top level (main, myTerminal, myModMask etc.), or within the {} does not matter in Haskell, as long as imports come first.<br />
<br />
The following is taken from the 0.9 config file template found [http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) here]. It is an example of the most common functions one might want to define in their main do block.<br />
<br />
{<br />
terminal = myTerminal,<br />
focusFollowsMouse = myFocusFollowsMouse,<br />
borderWidth = myBorderWidth,<br />
modMask = myModMask,<br />
-- numlockMask deprecated in 0.9.1<br />
-- numlockMask = myNumlockMask,<br />
workspaces = myWorkspaces,<br />
normalBorderColor = myNormalBorderColor,<br />
focusedBorderColor = myFocusedBorderColor,<br />
<br />
-- key bindings<br />
keys = myKeys,<br />
mouseBindings = myMouseBindings,<br />
<br />
-- hooks, layouts<br />
layoutHook = myLayout,<br />
manageHook = myManageHook,<br />
handleEventHook = myEventHook,<br />
logHook = myLogHook,<br />
startupHook = myStartupHook<br />
}<br />
<br />
===Exiting xmonad===<br />
To end the current xmonad session, press Mod+SHIFT+q (Mod being ALT by default).<br />
<br />
==Tips and tricks==<br />
===Complementary applications===<br />
There are number of complementary utilities that work well with xmonad. The most common of these include:<br />
<br />
* [http://tools.suckless.org/dmenu dmenu]<br />
* [[xmobar]]<br />
* [[dzen]] <br />
* [[Conky]] and [http://aur.archlinux.org/packages.php?ID=11884 conky-cli]<br />
* [[Unclutter]] - a small utility to hide the mouse pointer<br />
* [http://uhsure.com/xmonad-log-applet.html XMonad-log-applet] - an gnome applet for the gnome-panel ( the package is in [community]<br />
<br />
===Making room for conky or tray apps===<br />
Wrap your layouts with avoidStruts from XMonad.Hooks.ManageDocks for automatic dock/panel/trayer spacing:<br />
<br />
import XMonad<br />
import XMonad.Hooks.ManageDocks<br />
<br />
main=do<br />
xmonad $ defaultConfig<br />
{ ...<br />
, layoutHook=avoidStruts $ Tall ||| Wide ||| Full<br />
, manageHook=manageHook defaultConfig <+> manageDocks<br />
, ...<br />
}<br />
<br />
If you ever want to toggle the gaps, this action can be added to your key bindings:<br />
,((modMask x, xK_b ), sendMessage ToggleStruts)<br />
<br />
===Using xmobar with xmonad===<br />
'''[[xmobar]]''' is a light and minimalistic text based bar, designed to work with xmonad.<br><br />
To use xmobar with xmonad, you will need two packages in addition to the xmonad package, these are xmonad-contrib from [community] and xmobar or [http://aur.archlinux.org/packages.php?ID=13627 xmobar-darcs from aur].<br />
<br />
Here we will start xmobar from within xmonad, which reloads xmobar whenever you reload xmonad.<br />
<br />
Open up <tt>~/.xmonad/xmonad.hs</tt> in your favorite editor, and choose one of the two following options:<br />
<br />
====Option 1: Quick, less flexible====<br />
Note: there is also a <tt>dzen</tt> which you can substitute for <tt>xmobar</tt> in either case.<br />
<br />
Common imports:<br />
<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
The xmobar action starts xmobar and returns a modified config that includes all the options described in the [[xmonad#Option 2: More configurable|xmonad:Option2: More configurable]] choice.<br />
<br />
main=xmonad=<< xmobar myConfig<br />
myConfig=defaultConfig { modMask=mod4Mask, -- or any other configurations here ... }<br />
<br />
==== Option 2: More Configurable ====<br />
As of xmonad(-contrib) 0.9, there is a new [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html#v%3AstatusBar statusBar] function in [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html XMonad.Hooks.DynamicLog]. It allows you to use your own configuration for:<br />
* The command used to execute the bar<br />
* The PP that determines what's being written to the bar<br />
* The keybinding to toggle the gap for the bar<br />
<br />
Following is an example of how to use it:<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
-- Imports.<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
-- The main function.<br />
main = xmonad =<< statusBar myBar myPP toggleStrutsKey myConfig<br />
<br />
-- Command to launch the bar.<br />
myBar = "xmobar"<br />
<br />
-- Custom PP, configure it as you like. It determines what's being written to the bar.<br />
myPP = xmobarPP { ppCurrent = xmobarColor "#429942" "" . wrap "<" ">" }<br />
<br />
-- Keybinding to toggle the gap for the bar.<br />
toggleStrutsKey XConfig {XMonad.modMask = modMask} = (modMask, xK_b)<br />
<br />
-- Main configuration, override the defaults to your liking.<br />
myConfig = defaultConfig { modMask = mod4Mask }<br />
</nowiki><br />
}}<br />
<br />
==== Verify XMobar Config ====<br />
The template and default xmobarrcs contains this.<br />
<br />
At last, open up <tt>~/.xmobarrc</tt> and make sure you got StdinReader in the template and run the plugin. E.g.<br />
{{File|name=~/.xmobarrc|content=<br />
<nowiki><br />
Config { ...<br />
, commands = [ Run StdinReader .... ] <br />
...<br />
, template = " %StdinReader% ... "<br />
}<br />
</nowiki><br />
}}<br />
Now, all you should have to do is either to start, or restart xmonad.<br />
<br />
===Controlling xmonad with external scripts===<br />
Although there is no direct way to interact with xmonad via scripts, you can simulate keypress events using xdotool or other such programs, see this [http://ubuntuforums.org/archive/index.php/t-658040.html Ubuntu forums thread]. This command would simulate the keypress "Super+n":<br />
xdotool key Super+n<br />
<br />
===Launching another window manager within xmonad===<br />
If you are using xmonad darcs, as of January of 2011, you can restart to another window manager from within xmonad. You just need to write a small script, and add stuff to your xmonad.hs. Here is the script.<br />
<br />
<br />
{{File|name=~/bin/obtoxmd|content=<br />
<nowiki><br />
#!/bin/sh<br />
openbox<br />
xmonad<br />
</nowiki><br />
}}<br />
<br />
And here are the modifications you need to add to your xmonad.hs<br />
<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
<br />
import XMonad<br />
--You need to add this import<br />
import XMonad.Util.Replace<br />
<br />
main do<br />
-- And this "replace"<br />
replace<br />
xmonad $ defaultConfig<br />
{ <br />
--Add the usual here<br />
}<br />
<br />
</nowiki><br />
}}<br />
<br />
You also need to add the following keybinding<br />
<br />
{{File|name=~/xmonad/xmonad.hs|content=<br />
<nowiki><br />
--Add a keybinding as follows:<br />
((modm .|. shiftMask, xK_o ), restart "/home/abijr/bin/obtoxmd" True)<br />
</nowiki><br />
}}<br />
<br />
Just remember to add a comma before or after and change the path to your actual script path.Now just mod-q (restart xmonad to refresh the config), and than hit mod-shift-o and you should have openbox running with the same windows open as in xmonad. To return to xmonad you should just exit openbox. Here is a link to adamvo's xmonad.hs which uses this setup [http://www.haskell.org/haskellwiki/Xmonad/Config_archive/adamvo%27s_xmonad.hs Adamvo's Xmonad.hs]<br />
<br />
===Example configurations===<br />
Below are some example configurations from fellow xmonad users. Feel free to add links to your own.<br />
* brisbin33 :: complex and simpler branches, importable dzen and scratchpad modules, very readable :: [https://github.com/pbrisbin/xmonad-config config] [http://pbrisbin.com/static/screenshots/current_desktop.png screenshot]<br />
* hsa2 :: Simple configuration, with xmobar :: [http://www.difuzyon.net/linked/configs/xmonad.hs xmonad.hs], [http://www.difuzyon.net/linked/configs/dot.xmobarrc .xmobarrc].<br />
* jelly :: Configuration with prompt, different layouts, twinview with xmobar :: [http://github.com/jelly/dotfiles/tree/master/.xmonad/xmonad.hs xmonad.hs]<br />
* MrElendig :: Simple configuration, with xmobar :: [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmonad/xmonad.hs xmonad.hs], [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmobarrc .xmobarrc], [http://arch.har-ikkje.net/gfx/ss/2010-09-05-163305_2960x1050_scrot.png screenshot].<br />
* thayer :: A minimal mouse-friendly config ideal for netbooks :: [http://haskell.org/haskellwiki/Xmonad/Config_archive/Thayer_Williams%27_xmonad.hs configs] [http://haskell.org/haskellwiki/Image:Thayer-xmonad-20110511.png screenshot]<br />
* vogt :: Check out adamvo's config and many others in the official [http://haskell.org/haskellwiki/Xmonad/Config_archive Xmonad/Config archive]<br />
<br />
==Troubleshooting==<br />
===GNOME 3 and Xmonad===<br />
With the release of GNOME 3, some additional steps are necessary to make GNOME play nice with Xmonad.<br />
<br />
First, add an Xmonad session file for use by gnome-session (/usr/share/gnome-session/sessions/xmonad.session):<br />
<br />
<pre><br />
[GNOME Session]<br />
Name=Xmonad session<br />
RequiredComponents=gnome-panel;gnome-settings-daemon;<br />
RequiredProviders=windowmanager;notifications;<br />
DefaultProvider-windowmanager=xmonad<br />
DefaultProvider-notifications=notification-daemon<br />
</pre><br />
Now create a desktop file for GDM (/usr/share/xsessions/xmonad-gnome-session.desktop):<br />
<pre><br />
[Desktop Entry]<br />
Name=Xmonad GNOME<br />
Comment=Tiling window manager<br />
TryExec=/usr/bin/gnome-session<br />
Exec=gnome-session --session=xmonad<br />
Type=XSession<br />
</pre><br />
Xmonad should now appear in the list of GDM sessions and also play nicely with gnome-session itself.<br />
<br />
===GDM 2.x/KDM can not find xmonad===<br />
You can force GDM to launch xmonad by creating the file xmonad.desktop in the /usr/share/xsessions directory and add the contents:<br />
<br />
[Desktop Entry]<br />
Encoding=UTF-8<br />
Name=xmonad<br />
Comment=This session starts xmonad<br />
Exec=/usr/bin/xmonad<br />
Type=Application<br />
<br />
Now xmonad will show in your GDM session menu. Thanks to [http://santanuchatterjee.blogspot.com/2009/03/making-xmonad-to-show-up-in-gdm-session.html Santanu Chatterjee] for the hint.<br />
<br />
For KDM you will need to create the file here as /usr/share/apps/kdm/sessions/xmonad.desktop<br />
<br />
Official Doc's are here:<br />
[http://www.haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#How_can_I_use_xmonad_with_a_display_manager.3F_.28xdm.2C_kdm.2C_gdm.29 Haskell Doc Page]<br />
<br />
===Missing xmonad-i386-linux===<br />
Xmonad should automatically create the xmonad-i386-linux file (in $HOME/.xmonad/). If this it not the case you can grab a cool looking config file from the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad wiki] or create your [http://haskell.org/haskellwiki/Xmonad/Config_archive/John_Goerzen's_Configuration own]. Put the .hs and all others files in .xmonad/ and run the command from the folder:<br />
<br />
xmonad --recompile<br />
<br />
Now you should see the file.<br />
<br />
===Problems with Java applications===<br />
The standard Java gui toolkit has a hardcoded list of "non-reparenting" window managers. Since XMonad is not in that list, there can be some problems with running some java applications. One of the most common problems is "grey blobs", when the java application renders as a plain grey box instead of rendering the gui.<br />
<br />
There is several thing that can help:<br />
* If you are using openjdk6, you can export <tt> _JAVA_AWT_WM_NONREPARENTING=1</tt> .<br />
* If you are using Sun JRE/JDK, the best solution is usually to use [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-SetWMName.html SetWMName.] However, its effect may be nullified if one also uses XMonad.Hooks.EwmhDesktops, in which case<br />
>> setWMName "LG3D"<br />
added to the LogHook may help.<br />
<br />
For more details about the problem, refer to the [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#Problems_with_Java_applications.2C_Applet_java_console XMonad FAQ.]<br />
<br />
===Large gray areas at the bottom of gvim windows===<br />
This problem was mentioned in the [http://bbs.archlinux.org/viewtopic.php?id=65285 forums].<br />
<br />
A solution is to make a more pleasing background color: just put the following lines in {{filename|~/.gtkrc-2.0}}:<br />
<br />
style "vimfix" {<br />
bg[NORMAL] = "#242424" # this matches my gvim theme 'Normal' bg color.<br />
}<br />
widget "vim-main-window.*GtkForm" style "vimfix"<br />
<br />
Another possible solution would be to first include this in {{filename|xmonad.hs}}:<br />
<br />
import XMonad.Layout.LayoutHints<br />
...<br />
, layoutHook = layoutHints $ mylayout<br />
<br />
where "mylayout" is your layout. Then pressing your macro key plus "n" will adjust the window. To do this automatically, install xdotool from community and start gvim this way:<br />
<br />
, ((modm, xK_v), spawn "gvim; xdotool key Super+n")<br />
<br />
Replace "Super" (the windows key) with your own macro key, and replace "xK_v" with your own shortcut (xdotool is a way to simulate keyboard events).<br />
<br />
===Chromium/Chrome won't go fullscreen===<br />
If Chrome fails to go fullscreen when F11 is pressed, you can use the [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-EwmhDesktops.html XMonad.Hooks.EwmhDesktops] extension found in the xmonad-contrib package. Simply add the import statement to your xmonad.hs:<br />
import XMonad.Hooks.EwmhDesktops<br />
and then add ''handleEventHook = fullscreenEventHook'' to the appropriate place; for example:<br />
<pre><br />
...<br />
xmonad $ defaultConfig <br />
{ modMask = mod4Mask<br />
, handleEventHook = fullscreenEventHook<br />
} <br />
<br />
...<br />
</pre><br />
After a recompile/restart of Xmonad, Chromium should now repond to F11 (fullscreen) as expected.<br />
<br />
==Other Resources==<br />
[http://xmonad.org/ xmonad] - The official xmonad website<br />
<br />
[http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) xmonad.hs] - Template xmonad.hs<br />
<br />
[http://xmonad.org/tour.html xmonad: a guided tour]<br />
<br />
[[dzen]] - General purpose messaging and notification program<br />
<br />
[[dmenu]] - Dynamic X menu for the quick launching of programs<br />
<br />
[[Comparison of Tiling Window Managers]] - Arch wiki article providing an overview of mainstream tiling window managers</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmonad&diff=142971Xmonad2011-05-28T15:15:15Z<p>Thayer: /* Example configurations */</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Tiling WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[fr:Xmonad]]<br />
{{i18n|Xmonad}}<br />
<br />
[http://xmonad.org/ xmonad] is a tiling window manager for X. Windows are arranged automatically to tile the screen without gaps or overlap, maximizing screen use. Window manager features are accessible from the keyboard: a mouse is optional. <br />
<br />
xmonad is written, configured and extensible in [http://haskell.org/ Haskell]. Custom layout algorithms, key bindings and other extensions may be written by the user in config files. <br />
<br />
Layouts are applied dynamically, and different layouts may be used on each workspace. [[Xinerama]] is fully supported, allowing windows to be tiled on several physical screens.<br />
<br />
For more information, please visit the xmonad website: http://xmonad.org/<br />
<br />
==Installation==<br />
<br />
xmonad and xmonad-contrib is currently available in the community repo. A build for the current development snapshot (darcs) is in the [http://aur.archlinux.org/ aur]. The following instructions are for xmonad-darcs, the development snapshot.<br />
<br />
===Development version (xmonad-darcs)===<br />
<br />
The xmonad-darcs development version can be installed from the AUR, with some additional dependencies in [community]. Install them in the following order:<br />
<br />
* [http://aur.archlinux.org/packages.php?ID=12483 xmonad-darcs] - The core window manager<br />
* [http://aur.archlinux.org/packages.php?ID=13652 xmonad-contrib-darcs] - Contributed extensions providing custom layouts, configurations, etc.<br />
<br />
==Configuration==<br />
<br />
===Starting xmonad===<br />
To start xmonad automatically, simply add the command '''exec xmonad''' to your startup script (e.g. ~/.xinitrc). GDM and KDM users can create a new session file and then select xmonad from the appropriate Session menu.<br />
<br />
Recently, users in #xmonad have stated that the exec is not required; simply adding '''xmonad''' as the last line in your startup script is the proper way to start this WM. Please use whichever method works for you. If using ck-launch-session, the exec is probably still required.<br />
<br />
''Note:'' By default, xmonad does not set an X cursor, therefore the "cross" cursor is usually displayed which can be confusing for new users (thinking that xmonad has not launched correctly). To set the expected left-pointer, add the following to your startup file (e.g. ~/.xinitrc):<br />
<br />
xsetroot -cursor_name left_ptr<br />
<br />
Also, xmonad defaults to the U.S. keyboard layout, so if you want e. g. the German one, add:<br />
<br />
setxkbmap -layout de<br />
<br />
Example .xinitrc :<br />
# set the cursor<br />
xsetroot -cursor_name left_ptr<br />
# set German keyboard layout<br />
setxkbmap -layout de<br />
# start xmonad<br />
exec ck-launch-session xmonad<br />
<br />
If for some reason XMonad doesn't start, check if you have an .xmonad dir in your home dir else create it<br />
mkdir ~/.xmonad<br />
<br />
===Configuring xmonad===<br />
<br />
xmonad users can modify, override or extend the default settings with the ~/.xmonad/xmonad.hs configuration file. Recompiling is done on the fly, with the Mod+q shortcut.<br />
<br />
If you find you do not have a directory at ~/.xmonad, run xmonad --recompile to create it. <br />
<br />
The "default config" for xmonad is quite usuable and it is achieved by simply running without an xmonad.hs entirely. Therefore, even after you run --recompile you will most likely not have an ~/.xmonad/xmonad.hs file. If you would like to start tweaking things, simply create the file and edit it as described below. <br />
<br />
Because the xmonad configuration file is written in Haskell, non-programmers may have a difficult time adjusting settings. For detailed HOWTO's and example configs, we refer you to the following resources:<br />
<br />
* [http://haskell.org/haskellwiki/Xmonad xmonad wiki]<br />
* [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions xmonad FAQ]<br />
* Archlinux [http://bbs.archlinux.org/viewtopic.php?id=40636 forum thread]<br />
<br />
The best approach is to only place your changes and customizations in ~/.xmonad/xmonad.hs and write it such that any unset parameters are picked up from the built-in defaultConfig. <br />
<br />
This is achieved by writing an xmonad.hs like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = "urxvt"<br />
, modMask = mod4Mask<br />
, borderWidth = 3<br />
}<br />
<br />
This simply overrides the default terminal and borderwidth while leaving all other settings at their defaults (inherited from the function defaultConfig).<br />
<br />
As things get more complicated, it can be handy to call configuration options by function name inside the main function, and define these separately in their own sections of your xmonad.hs. This makes large customizations like your layout and manage hooks easier to visualize and maintain.<br />
<br />
The above simple xmonad.hs could have been written like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = myTerminal<br />
, modMask = myModMask<br />
, borderWidth = myBorderWidth<br />
}<br />
<br />
-- yes, these are functions; just very simple ones<br />
-- that accept no input and return static values<br />
myTerminal = "urxvt"<br />
myModMask = mod4Mask -- Win key or Super_L<br />
myBorderWidth = 3<br />
<br />
Also, order at top level (main, myTerminal, myModMask etc.), or within the {} does not matter in Haskell, as long as imports come first.<br />
<br />
The following is taken from the 0.9 config file template found [http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) here]. It is an example of the most common functions one might want to define in their main do block.<br />
<br />
{<br />
terminal = myTerminal,<br />
focusFollowsMouse = myFocusFollowsMouse,<br />
borderWidth = myBorderWidth,<br />
modMask = myModMask,<br />
-- numlockMask deprecated in 0.9.1<br />
-- numlockMask = myNumlockMask,<br />
workspaces = myWorkspaces,<br />
normalBorderColor = myNormalBorderColor,<br />
focusedBorderColor = myFocusedBorderColor,<br />
<br />
-- key bindings<br />
keys = myKeys,<br />
mouseBindings = myMouseBindings,<br />
<br />
-- hooks, layouts<br />
layoutHook = myLayout,<br />
manageHook = myManageHook,<br />
handleEventHook = myEventHook,<br />
logHook = myLogHook,<br />
startupHook = myStartupHook<br />
}<br />
<br />
===Exiting xmonad===<br />
To end the current xmonad session, press Mod+SHIFT+q (Mod being ALT by default).<br />
<br />
==Tips and tricks==<br />
===Complementary applications===<br />
There are number of complementary utilities that work well with xmonad. The most common of these include:<br />
<br />
* [http://tools.suckless.org/dmenu dmenu]<br />
* [[xmobar]]<br />
* [[dzen]] <br />
* [[Conky]] and [http://aur.archlinux.org/packages.php?ID=11884 conky-cli]<br />
* [[Unclutter]] - a small utility to hide the mouse pointer<br />
* [http://uhsure.com/xmonad-log-applet.html XMonad-log-applet] - an gnome applet for the gnome-panel ( the package is in [community]<br />
<br />
===Making room for conky or tray apps===<br />
Wrap your layouts with avoidStruts from XMonad.Hooks.ManageDocks for automatic dock/panel/trayer spacing:<br />
<br />
import XMonad<br />
import XMonad.Hooks.ManageDocks<br />
<br />
main=do<br />
xmonad $ defaultConfig<br />
{ ...<br />
, layoutHook=avoidStruts $ Tall ||| Wide ||| Full<br />
, manageHook=manageHook defaultConfig <+> manageDocks<br />
, ...<br />
}<br />
<br />
If you ever want to toggle the gaps, this action can be added to your key bindings:<br />
,((modMask x, xK_b ), sendMessage ToggleStruts)<br />
<br />
===Using xmobar with xmonad===<br />
'''[[xmobar]]''' is a light and minimalistic text based bar, designed to work with xmonad.<br><br />
To use xmobar with xmonad, you will need two packages in addition to the xmonad package, these are xmonad-contrib from [community] and xmobar or [http://aur.archlinux.org/packages.php?ID=13627 xmobar-darcs from aur].<br />
<br />
Here we will start xmobar from within xmonad, which reloads xmobar whenever you reload xmonad.<br />
<br />
Open up <tt>~/.xmonad/xmonad.hs</tt> in your favorite editor, and choose one of the two following options:<br />
<br />
====Option 1: Quick, less flexible====<br />
Note: there is also a <tt>dzen</tt> which you can substitute for <tt>xmobar</tt> in either case.<br />
<br />
Common imports:<br />
<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
The xmobar action starts xmobar and returns a modified config that includes all the options described in the [[xmonad#Option 2: More configurable|xmonad:Option2: More configurable]] choice.<br />
<br />
main=xmonad=<< xmobar myConfig<br />
myConfig=defaultConfig { modMask=mod4Mask, -- or any other configurations here ... }<br />
<br />
==== Option 2: More Configurable ====<br />
As of xmonad(-contrib) 0.9, there is a new [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html#v%3AstatusBar statusBar] function in [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html XMonad.Hooks.DynamicLog]. It allows you to use your own configuration for:<br />
* The command used to execute the bar<br />
* The PP that determines what's being written to the bar<br />
* The keybinding to toggle the gap for the bar<br />
<br />
Following is an example of how to use it:<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
-- Imports.<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
-- The main function.<br />
main = xmonad =<< statusBar myBar myPP toggleStrutsKey myConfig<br />
<br />
-- Command to launch the bar.<br />
myBar = "xmobar"<br />
<br />
-- Custom PP, configure it as you like. It determines what's being written to the bar.<br />
myPP = xmobarPP { ppCurrent = xmobarColor "#429942" "" . wrap "<" ">" }<br />
<br />
-- Keybinding to toggle the gap for the bar.<br />
toggleStrutsKey XConfig {XMonad.modMask = modMask} = (modMask, xK_b)<br />
<br />
-- Main configuration, override the defaults to your liking.<br />
myConfig = defaultConfig { modMask = mod4Mask }<br />
</nowiki><br />
}}<br />
<br />
==== Verify XMobar Config ====<br />
The template and default xmobarrcs contains this.<br />
<br />
At last, open up <tt>~/.xmobarrc</tt> and make sure you got StdinReader in the template and run the plugin. E.g.<br />
{{File|name=~/.xmobarrc|content=<br />
<nowiki><br />
Config { ...<br />
, commands = [ Run StdinReader .... ] <br />
...<br />
, template = " %StdinReader% ... "<br />
}<br />
</nowiki><br />
}}<br />
Now, all you should have to do is either to start, or restart xmonad.<br />
<br />
===Controlling xmonad with external scripts===<br />
Although there is no direct way to interact with xmonad via scripts, you can simulate keypress events using xdotool or other such programs, see this [http://ubuntuforums.org/archive/index.php/t-658040.html Ubuntu forums thread]. This command would simulate the keypress "Super+n":<br />
xdotool key Super+n<br />
<br />
===Launching another window manager within xmonad===<br />
If you are using xmonad darcs, as of January of 2011, you can restart to another window manager from within xmonad. You just need to write a small script, and add stuff to your xmonad.hs. Here is the script.<br />
<br />
<br />
{{File|name=~/bin/obtoxmd|content=<br />
<nowiki><br />
#!/bin/sh<br />
openbox<br />
xmonad<br />
</nowiki><br />
}}<br />
<br />
And here are the modifications you need to add to your xmonad.hs<br />
<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
<br />
import XMonad<br />
--You need to add this import<br />
import XMonad.Util.Replace<br />
<br />
main do<br />
-- And this "replace"<br />
replace<br />
xmonad $ defaultConfig<br />
{ <br />
--Add the usual here<br />
}<br />
<br />
</nowiki><br />
}}<br />
<br />
You also need to add the following keybinding<br />
<br />
{{File|name=~/xmonad/xmonad.hs|content=<br />
<nowiki><br />
--Add a keybinding as follows:<br />
((modm .|. shiftMask, xK_o ), restart "/home/abijr/bin/obtoxmd" True)<br />
</nowiki><br />
}}<br />
<br />
Just remember to add a comma before or after and change the path to your actual script path.Now just mod-q (restart xmonad to refresh the config), and than hit mod-shift-o and you should have openbox running with the same windows open as in xmonad. To return to xmonad you should just exit openbox. Here is a link to adamvo's xmonad.hs which uses this setup [http://www.haskell.org/haskellwiki/Xmonad/Config_archive/adamvo%27s_xmonad.hs Adamvo's Xmonad.hs]<br />
<br />
===Example configurations===<br />
Below are some example configurations from fellow xmonad users. Feel free to add links to your own.<br />
* brisbin33 :: complex and simpler branches, importable dzen and scratchpad modules, very readable :: [https://github.com/pbrisbin/xmonad-config config] [http://pbrisbin.com/static/screenshots/current_desktop.png screenshot]<br />
* hsa2 :: Simple configuration, with xmobar :: [http://www.difuzyon.net/linked/configs/xmonad.hs xmonad.hs], [http://www.difuzyon.net/linked/configs/dot.xmobarrc .xmobarrc].<br />
* jelly :: Configuration with prompt, different layouts, twinview with xmobar :: [http://github.com/jelly/dotfiles/tree/master/.xmonad/xmonad.hs xmonad.hs]<br />
* MrElendig :: Simple configuration, with xmobar :: [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmonad/xmonad.hs xmonad.hs], [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmobarrc .xmobarrc], [http://arch.har-ikkje.net/gfx/ss/2010-09-05-163305_2960x1050_scrot.png screenshot].<br />
* thayer :: A minimal mouse-friendly config ideal for netbooks :: [http://haskell.org/haskellwiki/Xmonad/Config_archive/Thayer_Williams%27_xmonad.hs configs] [http://haskell.org/haskellwiki/Image:Thayer-xmonad-20110511.png screenshot]<br />
* vogt :: Check out adamvo's config and many others in the official [http://haskell.org/haskellwiki/Xmonad/Config_archive Xmonad/Config archive]<br />
<br />
==Troubleshooting==<br />
===GNOME 3 and Xmonad===<br />
With the release of GNOME 3, some additional steps are necessary to make GNOME play nice with Xmonad.<br />
<br />
First, add an Xmonad session file for use by gnome-session (/usr/share/gnome-session/sessions/xmonad.session):<br />
<br />
<pre><br />
[GNOME Session]<br />
Name=Xmonad session<br />
RequiredComponents=gnome-panel;gnome-settings-daemon;<br />
RequiredProviders=windowmanager;notifications;<br />
DefaultProvider-windowmanager=xmonad<br />
DefaultProvider-notifications=notification-daemon<br />
</pre><br />
Now create a desktop file for GDM (/usr/share/xsessions/xmonad-gnome-session.desktop):<br />
<pre><br />
[Desktop Entry]<br />
Name=Xmonad GNOME<br />
Comment=Tiling window manager<br />
TryExec=/usr/bin/gnome-session<br />
Exec=gnome-session --session=xmonad<br />
Type=XSession<br />
</pre><br />
Xmonad should now appear in the list of GDM sessions and also play nicely with gnome-session itself.<br />
<br />
===GDM 2.x/KDM can not find xmonad===<br />
You can force GDM to launch xmonad by creating the file xmonad.desktop in the /usr/share/xsessions directory and add the contents:<br />
<br />
[Desktop Entry]<br />
Encoding=UTF-8<br />
Name=xmonad<br />
Comment=This session starts xmonad<br />
Exec=/usr/bin/xmonad<br />
Type=Application<br />
<br />
Now xmonad will show in your GDM session menu. Thanks to [http://santanuchatterjee.blogspot.com/2009/03/making-xmonad-to-show-up-in-gdm-session.html Santanu Chatterjee] for the hint.<br />
<br />
For KDM you will need to create the file here as /usr/share/apps/kdm/sessions/xmonad.desktop<br />
<br />
Official Doc's are here:<br />
[http://www.haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#How_can_I_use_xmonad_with_a_display_manager.3F_.28xdm.2C_kdm.2C_gdm.29 Haskell Doc Page]<br />
<br />
===Missing xmonad-i386-linux===<br />
Xmonad should automatically create the xmonad-i386-linux file (in $HOME/.xmonad/). If this it not the case you can grab a cool looking config file from the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad wiki] or create your [http://haskell.org/haskellwiki/Xmonad/Config_archive/John_Goerzen's_Configuration own]. Put the .hs and all others files in .xmonad/ and run the command from the folder:<br />
<br />
xmonad --recompile<br />
<br />
Now you should see the file.<br />
<br />
===Problems with Java applications===<br />
The standard Java gui toolkit has a hardcoded list of "non-reparenting" window managers. Since XMonad is not in that list, there can be some problems with running some java applications. One of the most common problems is "grey blobs", when the java application renders as a plain grey box instead of rendering the gui.<br />
<br />
There is several thing that can help:<br />
* If you are using openjdk6, you can export <tt> _JAVA_AWT_WM_NONREPARENTING=1</tt> .<br />
* If you are using Sun JRE/JDK, the best solution is usually to use [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-SetWMName.html SetWMName.] However, its effect may be nullified if one also uses XMonad.Hooks.EwmhDesktops, in which case<br />
>> setWMName "LG3D"<br />
added to the LogHook may help.<br />
<br />
For more details about the problem, refer to the [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#Problems_with_Java_applications.2C_Applet_java_console XMonad FAQ.]<br />
<br />
===Large gray areas at the bottom of gvim windows===<br />
This problem was mentioned in the [http://bbs.archlinux.org/viewtopic.php?id=65285 forums].<br />
<br />
A solution is to make a more pleasing background color: just put the following lines in {{filename|~/.gtkrc-2.0}}:<br />
<br />
style "vimfix" {<br />
bg[NORMAL] = "#242424" # this matches my gvim theme 'Normal' bg color.<br />
}<br />
widget "vim-main-window.*GtkForm" style "vimfix"<br />
<br />
Another possible solution would be to first include this in {{filename|xmonad.hs}}:<br />
<br />
import XMonad.Layout.LayoutHints<br />
...<br />
, layoutHook = layoutHints $ mylayout<br />
<br />
where "mylayout" is your layout. Then pressing your macro key plus "n" will adjust the window. To do this automatically, install xdotool from community and start gvim this way:<br />
<br />
, ((modm, xK_v), spawn "gvim; xdotool key Super+n")<br />
<br />
Replace "Super" (the windows key) with your own macro key, and replace "xK_v" with your own shortcut (xdotool is a way to simulate keyboard events).<br />
<br />
===Chromium/Chrome won't go fullscreen===<br />
If Chrome fails to go fullscreen when F11 is pressed, you can use the [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-EwmhDesktops.html XMonad.Hooks.EwmhDesktops] extension found in the xmonad-contrib package. Simply add the import statement to your xmonad.hs:<br />
import XMonad.Hooks.EwmhDesktops<br />
and then add ''handleEventHook = fullscreenEventHook'' to the appropriate place; for example:<br />
<pre><br />
...<br />
xmonad $ defaultConfig <br />
{ modMask = mod4Mask<br />
, handleEventHook = fullscreenEventHook<br />
} <br />
<br />
...<br />
</pre><br />
After a recompile/restart of Xmonad, Chromium should now repond to F11 (fullscreen) as expected.<br />
<br />
==Other Resources==<br />
[http://xmonad.org/ xmonad] - The official xmonad website<br />
<br />
[http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) xmonad.hs] - Template xmonad.hs<br />
<br />
[http://xmonad.org/tour.html xmonad: a guided tour]<br />
<br />
[[dzen]] - General purpose messaging and notification program<br />
<br />
[[dmenu]] - Dynamic X menu for the quick launching of programs</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmonad&diff=142969Xmonad2011-05-28T15:13:40Z<p>Thayer: sorted alphabetically, added my config links</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Tiling WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[fr:Xmonad]]<br />
{{i18n|Xmonad}}<br />
<br />
[http://xmonad.org/ xmonad] is a tiling window manager for X. Windows are arranged automatically to tile the screen without gaps or overlap, maximizing screen use. Window manager features are accessible from the keyboard: a mouse is optional. <br />
<br />
xmonad is written, configured and extensible in [http://haskell.org/ Haskell]. Custom layout algorithms, key bindings and other extensions may be written by the user in config files. <br />
<br />
Layouts are applied dynamically, and different layouts may be used on each workspace. [[Xinerama]] is fully supported, allowing windows to be tiled on several physical screens.<br />
<br />
For more information, please visit the xmonad website: http://xmonad.org/<br />
<br />
==Installation==<br />
<br />
xmonad and xmonad-contrib is currently available in the community repo. A build for the current development snapshot (darcs) is in the [http://aur.archlinux.org/ aur]. The following instructions are for xmonad-darcs, the development snapshot.<br />
<br />
===Development version (xmonad-darcs)===<br />
<br />
The xmonad-darcs development version can be installed from the AUR, with some additional dependencies in [community]. Install them in the following order:<br />
<br />
* [http://aur.archlinux.org/packages.php?ID=12483 xmonad-darcs] - The core window manager<br />
* [http://aur.archlinux.org/packages.php?ID=13652 xmonad-contrib-darcs] - Contributed extensions providing custom layouts, configurations, etc.<br />
<br />
==Configuration==<br />
<br />
===Starting xmonad===<br />
To start xmonad automatically, simply add the command '''exec xmonad''' to your startup script (e.g. ~/.xinitrc). GDM and KDM users can create a new session file and then select xmonad from the appropriate Session menu.<br />
<br />
Recently, users in #xmonad have stated that the exec is not required; simply adding '''xmonad''' as the last line in your startup script is the proper way to start this WM. Please use whichever method works for you. If using ck-launch-session, the exec is probably still required.<br />
<br />
''Note:'' By default, xmonad does not set an X cursor, therefore the "cross" cursor is usually displayed which can be confusing for new users (thinking that xmonad has not launched correctly). To set the expected left-pointer, add the following to your startup file (e.g. ~/.xinitrc):<br />
<br />
xsetroot -cursor_name left_ptr<br />
<br />
Also, xmonad defaults to the U.S. keyboard layout, so if you want e. g. the German one, add:<br />
<br />
setxkbmap -layout de<br />
<br />
Example .xinitrc :<br />
# set the cursor<br />
xsetroot -cursor_name left_ptr<br />
# set German keyboard layout<br />
setxkbmap -layout de<br />
# start xmonad<br />
exec ck-launch-session xmonad<br />
<br />
If for some reason XMonad doesn't start, check if you have an .xmonad dir in your home dir else create it<br />
mkdir ~/.xmonad<br />
<br />
===Configuring xmonad===<br />
<br />
xmonad users can modify, override or extend the default settings with the ~/.xmonad/xmonad.hs configuration file. Recompiling is done on the fly, with the Mod+q shortcut.<br />
<br />
If you find you do not have a directory at ~/.xmonad, run xmonad --recompile to create it. <br />
<br />
The "default config" for xmonad is quite usuable and it is achieved by simply running without an xmonad.hs entirely. Therefore, even after you run --recompile you will most likely not have an ~/.xmonad/xmonad.hs file. If you would like to start tweaking things, simply create the file and edit it as described below. <br />
<br />
Because the xmonad configuration file is written in Haskell, non-programmers may have a difficult time adjusting settings. For detailed HOWTO's and example configs, we refer you to the following resources:<br />
<br />
* [http://haskell.org/haskellwiki/Xmonad xmonad wiki]<br />
* [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions xmonad FAQ]<br />
* Archlinux [http://bbs.archlinux.org/viewtopic.php?id=40636 forum thread]<br />
<br />
The best approach is to only place your changes and customizations in ~/.xmonad/xmonad.hs and write it such that any unset parameters are picked up from the built-in defaultConfig. <br />
<br />
This is achieved by writing an xmonad.hs like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = "urxvt"<br />
, modMask = mod4Mask<br />
, borderWidth = 3<br />
}<br />
<br />
This simply overrides the default terminal and borderwidth while leaving all other settings at their defaults (inherited from the function defaultConfig).<br />
<br />
As things get more complicated, it can be handy to call configuration options by function name inside the main function, and define these separately in their own sections of your xmonad.hs. This makes large customizations like your layout and manage hooks easier to visualize and maintain.<br />
<br />
The above simple xmonad.hs could have been written like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = myTerminal<br />
, modMask = myModMask<br />
, borderWidth = myBorderWidth<br />
}<br />
<br />
-- yes, these are functions; just very simple ones<br />
-- that accept no input and return static values<br />
myTerminal = "urxvt"<br />
myModMask = mod4Mask -- Win key or Super_L<br />
myBorderWidth = 3<br />
<br />
Also, order at top level (main, myTerminal, myModMask etc.), or within the {} does not matter in Haskell, as long as imports come first.<br />
<br />
The following is taken from the 0.9 config file template found [http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) here]. It is an example of the most common functions one might want to define in their main do block.<br />
<br />
{<br />
terminal = myTerminal,<br />
focusFollowsMouse = myFocusFollowsMouse,<br />
borderWidth = myBorderWidth,<br />
modMask = myModMask,<br />
-- numlockMask deprecated in 0.9.1<br />
-- numlockMask = myNumlockMask,<br />
workspaces = myWorkspaces,<br />
normalBorderColor = myNormalBorderColor,<br />
focusedBorderColor = myFocusedBorderColor,<br />
<br />
-- key bindings<br />
keys = myKeys,<br />
mouseBindings = myMouseBindings,<br />
<br />
-- hooks, layouts<br />
layoutHook = myLayout,<br />
manageHook = myManageHook,<br />
handleEventHook = myEventHook,<br />
logHook = myLogHook,<br />
startupHook = myStartupHook<br />
}<br />
<br />
===Exiting xmonad===<br />
To end the current xmonad session, press Mod+SHIFT+q (Mod being ALT by default).<br />
<br />
==Tips and tricks==<br />
===Complementary applications===<br />
There are number of complementary utilities that work well with xmonad. The most common of these include:<br />
<br />
* [http://tools.suckless.org/dmenu dmenu]<br />
* [[xmobar]]<br />
* [[dzen]] <br />
* [[Conky]] and [http://aur.archlinux.org/packages.php?ID=11884 conky-cli]<br />
* [[Unclutter]] - a small utility to hide the mouse pointer<br />
* [http://uhsure.com/xmonad-log-applet.html XMonad-log-applet] - an gnome applet for the gnome-panel ( the package is in [community]<br />
<br />
===Making room for conky or tray apps===<br />
Wrap your layouts with avoidStruts from XMonad.Hooks.ManageDocks for automatic dock/panel/trayer spacing:<br />
<br />
import XMonad<br />
import XMonad.Hooks.ManageDocks<br />
<br />
main=do<br />
xmonad $ defaultConfig<br />
{ ...<br />
, layoutHook=avoidStruts $ Tall ||| Wide ||| Full<br />
, manageHook=manageHook defaultConfig <+> manageDocks<br />
, ...<br />
}<br />
<br />
If you ever want to toggle the gaps, this action can be added to your key bindings:<br />
,((modMask x, xK_b ), sendMessage ToggleStruts)<br />
<br />
===Using xmobar with xmonad===<br />
'''[[xmobar]]''' is a light and minimalistic text based bar, designed to work with xmonad.<br><br />
To use xmobar with xmonad, you will need two packages in addition to the xmonad package, these are xmonad-contrib from [community] and xmobar or [http://aur.archlinux.org/packages.php?ID=13627 xmobar-darcs from aur].<br />
<br />
Here we will start xmobar from within xmonad, which reloads xmobar whenever you reload xmonad.<br />
<br />
Open up <tt>~/.xmonad/xmonad.hs</tt> in your favorite editor, and choose one of the two following options:<br />
<br />
====Option 1: Quick, less flexible====<br />
Note: there is also a <tt>dzen</tt> which you can substitute for <tt>xmobar</tt> in either case.<br />
<br />
Common imports:<br />
<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
The xmobar action starts xmobar and returns a modified config that includes all the options described in the [[xmonad#Option 2: More configurable|xmonad:Option2: More configurable]] choice.<br />
<br />
main=xmonad=<< xmobar myConfig<br />
myConfig=defaultConfig { modMask=mod4Mask, -- or any other configurations here ... }<br />
<br />
==== Option 2: More Configurable ====<br />
As of xmonad(-contrib) 0.9, there is a new [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html#v%3AstatusBar statusBar] function in [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html XMonad.Hooks.DynamicLog]. It allows you to use your own configuration for:<br />
* The command used to execute the bar<br />
* The PP that determines what's being written to the bar<br />
* The keybinding to toggle the gap for the bar<br />
<br />
Following is an example of how to use it:<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
-- Imports.<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
-- The main function.<br />
main = xmonad =<< statusBar myBar myPP toggleStrutsKey myConfig<br />
<br />
-- Command to launch the bar.<br />
myBar = "xmobar"<br />
<br />
-- Custom PP, configure it as you like. It determines what's being written to the bar.<br />
myPP = xmobarPP { ppCurrent = xmobarColor "#429942" "" . wrap "<" ">" }<br />
<br />
-- Keybinding to toggle the gap for the bar.<br />
toggleStrutsKey XConfig {XMonad.modMask = modMask} = (modMask, xK_b)<br />
<br />
-- Main configuration, override the defaults to your liking.<br />
myConfig = defaultConfig { modMask = mod4Mask }<br />
</nowiki><br />
}}<br />
<br />
==== Verify XMobar Config ====<br />
The template and default xmobarrcs contains this.<br />
<br />
At last, open up <tt>~/.xmobarrc</tt> and make sure you got StdinReader in the template and run the plugin. E.g.<br />
{{File|name=~/.xmobarrc|content=<br />
<nowiki><br />
Config { ...<br />
, commands = [ Run StdinReader .... ] <br />
...<br />
, template = " %StdinReader% ... "<br />
}<br />
</nowiki><br />
}}<br />
Now, all you should have to do is either to start, or restart xmonad.<br />
<br />
===Controlling xmonad with external scripts===<br />
Although there is no direct way to interact with xmonad via scripts, you can simulate keypress events using xdotool or other such programs, see this [http://ubuntuforums.org/archive/index.php/t-658040.html Ubuntu forums thread]. This command would simulate the keypress "Super+n":<br />
xdotool key Super+n<br />
<br />
===Launching another window manager within xmonad===<br />
If you are using xmonad darcs, as of January of 2011, you can restart to another window manager from within xmonad. You just need to write a small script, and add stuff to your xmonad.hs. Here is the script.<br />
<br />
<br />
{{File|name=~/bin/obtoxmd|content=<br />
<nowiki><br />
#!/bin/sh<br />
openbox<br />
xmonad<br />
</nowiki><br />
}}<br />
<br />
And here are the modifications you need to add to your xmonad.hs<br />
<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
<br />
import XMonad<br />
--You need to add this import<br />
import XMonad.Util.Replace<br />
<br />
main do<br />
-- And this "replace"<br />
replace<br />
xmonad $ defaultConfig<br />
{ <br />
--Add the usual here<br />
}<br />
<br />
</nowiki><br />
}}<br />
<br />
You also need to add the following keybinding<br />
<br />
{{File|name=~/xmonad/xmonad.hs|content=<br />
<nowiki><br />
--Add a keybinding as follows:<br />
((modm .|. shiftMask, xK_o ), restart "/home/abijr/bin/obtoxmd" True)<br />
</nowiki><br />
}}<br />
<br />
Just remember to add a comma before or after and change the path to your actual script path.Now just mod-q (restart xmonad to refresh the config), and than hit mod-shift-o and you should have openbox running with the same windows open as in xmonad. To return to xmonad you should just exit openbox. Here is a link to adamvo's xmonad.hs which uses this setup [http://www.haskell.org/haskellwiki/Xmonad/Config_archive/adamvo%27s_xmonad.hs Adamvo's Xmonad.hs]<br />
<br />
===Example configurations===<br />
Below are some example configurations from fellow xmonad users. Feel free to add links to your own.<br />
* brisbin33 :: complex and simpler branches, importable dzen and scratchpad modules, very readable :: [https://github.com/pbrisbin/xmonad-config config] [http://pbrisbin.com/static/screenshots/current_desktop.png screenshot]<br />
* hsa2 :: Simple configuration, with xmobar :: [http://www.difuzyon.net/linked/configs/xmonad.hs xmonad.hs], [http://www.difuzyon.net/linked/configs/dot.xmobarrc .xmobarrc].<br />
* jelly :: Configuration with prompt, different layouts, twinview with xmobar :: [http://github.com/jelly/dotfiles/tree/master/.xmonad/xmonad.hs xmonad.hs]<br />
* MrElendig :: Simple configuration, with xmobar :: [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmonad/xmonad.hs xmonad.hs], [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmobarrc .xmobarrc], [http://arch.har-ikkje.net/gfx/ss/2010-09-05-163305_2960x1050_scrot.png screenshot].<br />
* thayer :: A minimal mouse-friendly config ideal for netbooks :: [http://haskell.org/haskellwiki/Xmonad/Config_archive/Thayer_Williams%27_xmonad.hs configs] [http://haskell.org/haskellwiki/Image:Thayer-xmonad-20110511.png screenshot]<br />
* vogt :: Check adamvo's config, and others in the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
<br />
==Troubleshooting==<br />
===GNOME 3 and Xmonad===<br />
With the release of GNOME 3, some additional steps are necessary to make GNOME play nice with Xmonad.<br />
<br />
First, add an Xmonad session file for use by gnome-session (/usr/share/gnome-session/sessions/xmonad.session):<br />
<br />
<pre><br />
[GNOME Session]<br />
Name=Xmonad session<br />
RequiredComponents=gnome-panel;gnome-settings-daemon;<br />
RequiredProviders=windowmanager;notifications;<br />
DefaultProvider-windowmanager=xmonad<br />
DefaultProvider-notifications=notification-daemon<br />
</pre><br />
Now create a desktop file for GDM (/usr/share/xsessions/xmonad-gnome-session.desktop):<br />
<pre><br />
[Desktop Entry]<br />
Name=Xmonad GNOME<br />
Comment=Tiling window manager<br />
TryExec=/usr/bin/gnome-session<br />
Exec=gnome-session --session=xmonad<br />
Type=XSession<br />
</pre><br />
Xmonad should now appear in the list of GDM sessions and also play nicely with gnome-session itself.<br />
<br />
===GDM 2.x/KDM can not find xmonad===<br />
You can force GDM to launch xmonad by creating the file xmonad.desktop in the /usr/share/xsessions directory and add the contents:<br />
<br />
[Desktop Entry]<br />
Encoding=UTF-8<br />
Name=xmonad<br />
Comment=This session starts xmonad<br />
Exec=/usr/bin/xmonad<br />
Type=Application<br />
<br />
Now xmonad will show in your GDM session menu. Thanks to [http://santanuchatterjee.blogspot.com/2009/03/making-xmonad-to-show-up-in-gdm-session.html Santanu Chatterjee] for the hint.<br />
<br />
For KDM you will need to create the file here as /usr/share/apps/kdm/sessions/xmonad.desktop<br />
<br />
Official Doc's are here:<br />
[http://www.haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#How_can_I_use_xmonad_with_a_display_manager.3F_.28xdm.2C_kdm.2C_gdm.29 Haskell Doc Page]<br />
<br />
===Missing xmonad-i386-linux===<br />
Xmonad should automatically create the xmonad-i386-linux file (in $HOME/.xmonad/). If this it not the case you can grab a cool looking config file from the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad wiki] or create your [http://haskell.org/haskellwiki/Xmonad/Config_archive/John_Goerzen's_Configuration own]. Put the .hs and all others files in .xmonad/ and run the command from the folder:<br />
<br />
xmonad --recompile<br />
<br />
Now you should see the file.<br />
<br />
===Problems with Java applications===<br />
The standard Java gui toolkit has a hardcoded list of "non-reparenting" window managers. Since XMonad is not in that list, there can be some problems with running some java applications. One of the most common problems is "grey blobs", when the java application renders as a plain grey box instead of rendering the gui.<br />
<br />
There is several thing that can help:<br />
* If you are using openjdk6, you can export <tt> _JAVA_AWT_WM_NONREPARENTING=1</tt> .<br />
* If you are using Sun JRE/JDK, the best solution is usually to use [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-SetWMName.html SetWMName.] However, its effect may be nullified if one also uses XMonad.Hooks.EwmhDesktops, in which case<br />
>> setWMName "LG3D"<br />
added to the LogHook may help.<br />
<br />
For more details about the problem, refer to the [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#Problems_with_Java_applications.2C_Applet_java_console XMonad FAQ.]<br />
<br />
===Large gray areas at the bottom of gvim windows===<br />
This problem was mentioned in the [http://bbs.archlinux.org/viewtopic.php?id=65285 forums].<br />
<br />
A solution is to make a more pleasing background color: just put the following lines in {{filename|~/.gtkrc-2.0}}:<br />
<br />
style "vimfix" {<br />
bg[NORMAL] = "#242424" # this matches my gvim theme 'Normal' bg color.<br />
}<br />
widget "vim-main-window.*GtkForm" style "vimfix"<br />
<br />
Another possible solution would be to first include this in {{filename|xmonad.hs}}:<br />
<br />
import XMonad.Layout.LayoutHints<br />
...<br />
, layoutHook = layoutHints $ mylayout<br />
<br />
where "mylayout" is your layout. Then pressing your macro key plus "n" will adjust the window. To do this automatically, install xdotool from community and start gvim this way:<br />
<br />
, ((modm, xK_v), spawn "gvim; xdotool key Super+n")<br />
<br />
Replace "Super" (the windows key) with your own macro key, and replace "xK_v" with your own shortcut (xdotool is a way to simulate keyboard events).<br />
<br />
===Chromium/Chrome won't go fullscreen===<br />
If Chrome fails to go fullscreen when F11 is pressed, you can use the [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-EwmhDesktops.html XMonad.Hooks.EwmhDesktops] extension found in the xmonad-contrib package. Simply add the import statement to your xmonad.hs:<br />
import XMonad.Hooks.EwmhDesktops<br />
and then add ''handleEventHook = fullscreenEventHook'' to the appropriate place; for example:<br />
<pre><br />
...<br />
xmonad $ defaultConfig <br />
{ modMask = mod4Mask<br />
, handleEventHook = fullscreenEventHook<br />
} <br />
<br />
...<br />
</pre><br />
After a recompile/restart of Xmonad, Chromium should now repond to F11 (fullscreen) as expected.<br />
<br />
==Other Resources==<br />
[http://xmonad.org/ xmonad] - The official xmonad website<br />
<br />
[http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) xmonad.hs] - Template xmonad.hs<br />
<br />
[http://xmonad.org/tour.html xmonad: a guided tour]<br />
<br />
[[dzen]] - General purpose messaging and notification program<br />
<br />
[[dmenu]] - Dynamic X menu for the quick launching of programs</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmonad&diff=142496Xmonad2011-05-23T09:37:36Z<p>Thayer: added GNOME 3 support info</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Tiling WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[fr:Xmonad]]<br />
{{i18n|Xmonad}}<br />
<br />
[http://xmonad.org/ xmonad] is a tiling window manager for X. Windows are arranged automatically to tile the screen without gaps or overlap, maximizing screen use. Window manager features are accessible from the keyboard: a mouse is optional. <br />
<br />
xmonad is written, configured and extensible in [http://haskell.org/ Haskell]. Custom layout algorithms, key bindings and other extensions may be written by the user in config files. <br />
<br />
Layouts are applied dynamically, and different layouts may be used on each workspace. [[Xinerama]] is fully supported, allowing windows to be tiled on several physical screens.<br />
<br />
For more information, please visit the xmonad website: http://xmonad.org/<br />
<br />
==Installation==<br />
<br />
xmonad and xmonad-contrib is currently available in the community repo. A build for the current development snapshot (darcs) is in the [http://aur.archlinux.org/ aur]. The following instructions are for xmonad-darcs, the development snapshot.<br />
<br />
===Development version (xmonad-darcs)===<br />
<br />
The xmonad-darcs development version can be installed from the AUR, with some additional dependencies in [community]. Install them in the following order:<br />
<br />
* [http://aur.archlinux.org/packages.php?ID=12483 xmonad-darcs] - The core window manager<br />
* [http://aur.archlinux.org/packages.php?ID=13652 xmonad-contrib-darcs] - Contributed extensions providing custom layouts, configurations, etc.<br />
<br />
==Configuration==<br />
<br />
===Starting xmonad===<br />
To start xmonad automatically, simply add the command '''exec xmonad''' to your startup script (e.g. ~/.xinitrc). GDM and KDM users can create a new session file and then select xmonad from the appropriate Session menu.<br />
<br />
Recently, users in #xmonad have stated that the exec is not required; simply adding '''xmonad''' as the last line in your startup script is the proper way to start this WM. Please use whichever method works for you. If using ck-launch-session, the exec is probably still required.<br />
<br />
''Note:'' By default, xmonad does not set an X cursor, therefore the "cross" cursor is usually displayed which can be confusing for new users (thinking that xmonad has not launched correctly). To set the expected left-pointer, add the following to your startup file (e.g. ~/.xinitrc):<br />
<br />
xsetroot -cursor_name left_ptr<br />
<br />
Also, xmonad defaults to the U.S. keyboard layout, so if you want e. g. the German one, add:<br />
<br />
setxkbmap -layout de<br />
<br />
Example .xinitrc :<br />
# set the cursor<br />
xsetroot -cursor_name left_ptr<br />
# set German keyboard layout<br />
setxkbmap -layout de<br />
# start xmonad<br />
exec ck-launch-session xmonad<br />
<br />
If for some reason XMonad doesn't start, check if you have an .xmonad dir in your home dir else create it<br />
mkdir ~/.xmonad<br />
<br />
===Configuring xmonad===<br />
<br />
xmonad users can modify, override or extend the default settings with the ~/.xmonad/xmonad.hs configuration file. Recompiling is done on the fly, with the Mod+q shortcut.<br />
<br />
If you find you do not have a directory at ~/.xmonad, run xmonad --recompile to create it. <br />
<br />
The "default config" for xmonad is quite usuable and it is achieved by simply running without an xmonad.hs entirely. Therefore, even after you run --recompile you will most likely not have an ~/.xmonad/xmonad.hs file. If you would like to start tweaking things, simply create the file and edit it as described below. <br />
<br />
Because the xmonad configuration file is written in Haskell, non-programmers may have a difficult time adjusting settings. For detailed HOWTO's and example configs, we refer you to the following resources:<br />
<br />
* [http://haskell.org/haskellwiki/Xmonad xmonad wiki]<br />
* [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions xmonad FAQ]<br />
* Archlinux [http://bbs.archlinux.org/viewtopic.php?id=40636 forum thread]<br />
<br />
The best approach is to only place your changes and customizations in ~/.xmonad/xmonad.hs and write it such that any unset parameters are picked up from the built-in defaultConfig. <br />
<br />
This is achieved by writing an xmonad.hs like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = "urxvt"<br />
, modMask = mod4Mask<br />
, borderWidth = 3<br />
}<br />
<br />
This simply overrides the default terminal and borderwidth while leaving all other settings at their defaults (inherited from the function defaultConfig).<br />
<br />
As things get more complicated, it can be handy to call configuration options by function name inside the main function, and define these separately in their own sections of your xmonad.hs. This makes large customizations like your layout and manage hooks easier to visualize and maintain.<br />
<br />
The above simple xmonad.hs could have been written like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = myTerminal<br />
, modMask = myModMask<br />
, borderWidth = myBorderWidth<br />
}<br />
<br />
-- yes, these are functions; just very simple ones<br />
-- that accept no input and return static values<br />
myTerminal = "urxvt"<br />
myModMask = mod4Mask -- Win key or Super_L<br />
myBorderWidth = 3<br />
<br />
Also, order at top level (main, myTerminal, myModMask etc.), or within the {} does not matter in Haskell, as long as imports come first.<br />
<br />
The following is taken from the 0.9 config file template found [http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) here]. It is an example of the most common functions one might want to define in their main do block.<br />
<br />
{<br />
terminal = myTerminal,<br />
focusFollowsMouse = myFocusFollowsMouse,<br />
borderWidth = myBorderWidth,<br />
modMask = myModMask,<br />
-- numlockMask deprecated in 0.9.1<br />
-- numlockMask = myNumlockMask,<br />
workspaces = myWorkspaces,<br />
normalBorderColor = myNormalBorderColor,<br />
focusedBorderColor = myFocusedBorderColor,<br />
<br />
-- key bindings<br />
keys = myKeys,<br />
mouseBindings = myMouseBindings,<br />
<br />
-- hooks, layouts<br />
layoutHook = myLayout,<br />
manageHook = myManageHook,<br />
handleEventHook = myEventHook,<br />
logHook = myLogHook,<br />
startupHook = myStartupHook<br />
}<br />
<br />
===Exiting xmonad===<br />
To end the current xmonad session, press Mod+SHIFT+q (Mod being ALT by default).<br />
<br />
==Tips and tricks==<br />
===Complementary applications===<br />
There are number of complementary utilities that work well with xmonad. The most common of these include:<br />
<br />
* [http://tools.suckless.org/dmenu dmenu]<br />
* [[xmobar]]<br />
* [[dzen]] <br />
* [[Conky]] and [http://aur.archlinux.org/packages.php?ID=11884 conky-cli]<br />
* [[Unclutter]] - a small utility to hide the mouse pointer<br />
* [http://uhsure.com/xmonad-log-applet.html XMonad-log-applet] - an gnome applet for the gnome-panel ( the package is in [community]<br />
<br />
===Making room for conky or tray apps===<br />
Wrap your layouts with avoidStruts from XMonad.Hooks.ManageDocks for automatic dock/panel/trayer spacing:<br />
<br />
import XMonad<br />
import XMonad.Hooks.ManageDocks<br />
<br />
main=do<br />
xmonad $ defaultConfig<br />
{ ...<br />
, layoutHook=avoidStruts $ Tall ||| Wide ||| Full<br />
, manageHook=manageHook defaultConfig <+> manageDocks<br />
, ...<br />
}<br />
<br />
If you ever want to toggle the gaps, this action can be added to your key bindings:<br />
,((modMask x, xK_b ), sendMessage ToggleStruts)<br />
<br />
===Using xmobar with xmonad===<br />
'''[[xmobar]]''' is a light and minimalistic text based bar, designed to work with xmonad.<br><br />
To use xmobar with xmonad, you will need two packages in addition to the xmonad package, these are xmonad-contrib from [community] and xmobar or [http://aur.archlinux.org/packages.php?ID=13627 xmobar-darcs from aur].<br />
<br />
Here we will start xmobar from within xmonad, which reloads xmobar whenever you reload xmonad.<br />
<br />
Open up <tt>~/.xmonad/xmonad.hs</tt> in your favorite editor, and choose one of the two following options:<br />
<br />
====Option 1: Quick, less flexible====<br />
Note: there is also a <tt>dzen</tt> which you can substitute for <tt>xmobar</tt> in either case.<br />
<br />
Common imports:<br />
<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
The xmobar action starts xmobar and returns a modified config that includes all the options described in the [[xmonad#Option 2: More configurable|xmonad:Option2: More configurable]] choice.<br />
<br />
main=xmonad=<< xmobar myConfig<br />
myConfig=defaultConfig { modMask=mod4Mask, -- or any other configurations here ... }<br />
<br />
==== Option 2: More Configurable ====<br />
As of xmonad(-contrib) 0.9, there is a new [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html#v%3AstatusBar statusBar] function in [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html XMonad.Hooks.DynamicLog]. It allows you to use your own configuration for:<br />
* The command used to execute the bar<br />
* The PP that determines what's being written to the bar<br />
* The keybinding to toggle the gap for the bar<br />
<br />
Following is an example of how to use it:<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
-- Imports.<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
-- The main function.<br />
main = xmonad =<< statusBar myBar myPP toggleStrutsKey myConfig<br />
<br />
-- Command to launch the bar.<br />
myBar = "xmobar"<br />
<br />
-- Custom PP, configure it as you like. It determines what's being written to the bar.<br />
myPP = xmobarPP { ppCurrent = xmobarColor "#429942" "" . wrap "<" ">" }<br />
<br />
-- Keybinding to toggle the gap for the bar.<br />
toggleStrutsKey XConfig {XMonad.modMask = modMask} = (modMask, xK_b)<br />
<br />
-- Main configuration, override the defaults to your liking.<br />
myConfig = defaultConfig { modMask = mod4Mask }<br />
</nowiki><br />
}}<br />
<br />
==== Verify XMobar Config ====<br />
The template and default xmobarrcs contains this.<br />
<br />
At last, open up <tt>~/.xmobarrc</tt> and make sure you got StdinReader in the template and run the plugin. E.g.<br />
{{File|name=~/.xmobarrc|content=<br />
<nowiki><br />
Config { ...<br />
, commands = [ Run StdinReader .... ] <br />
...<br />
, template = " %StdinReader% ... "<br />
}<br />
</nowiki><br />
}}<br />
Now, all you should have to do is either to start, or restart xmonad.<br />
<br />
===Controlling xmonad with external scripts===<br />
Although there is no direct way to interact with xmonad via scripts, you can simulate keypress events using xdotool or other such programs, see this [http://ubuntuforums.org/archive/index.php/t-658040.html Ubuntu forums thread]. This command would simulate the keypress "Super+n":<br />
xdotool key Super+n<br />
<br />
===Launching another window manager within xmonad===<br />
If you are using xmonad darcs, as of January of 2011, you can restart to another window manager from within xmonad. You just need to write a small script, and add stuff to your xmonad.hs. Here is the script.<br />
<br />
<br />
{{File|name=~/bin/obtoxmd|content=<br />
<nowiki><br />
#!/bin/sh<br />
openbox<br />
xmonad<br />
</nowiki><br />
}}<br />
<br />
And here are the modifications you need to add to your xmonad.hs<br />
<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
<br />
import XMonad<br />
--You need to add this import<br />
import XMonad.Util.Replace<br />
<br />
main do<br />
-- And this "replace"<br />
replace<br />
xmonad $ defaultConfig<br />
{ <br />
--Add the usual here<br />
}<br />
<br />
</nowiki><br />
}}<br />
<br />
You also need to add the following keybinding<br />
<br />
{{File|name=~/xmonad/xmonad.hs|content=<br />
<nowiki><br />
--Add a keybinding as follows:<br />
((modm .|. shiftMask, xK_o ), restart "/home/abijr/bin/obtoxmd" True)<br />
</nowiki><br />
}}<br />
<br />
Just remember to add a comma before or after and change the path to your actual script path.Now just mod-q (restart xmonad to refresh the config), and than hit mod-shift-o and you should have openbox running with the same windows open as in xmonad. To return to xmonad you should just exit openbox. Here is a link to adamvo's xmonad.hs which uses this setup [http://www.haskell.org/haskellwiki/Xmonad/Config_archive/adamvo%27s_xmonad.hs Adamvo's Xmonad.hs]<br />
<br />
===Example configurations===<br />
Below are some example configurations from fellow xmonad users. Feel free to add links to your own.<br />
* MrElendig :: Simple configuration, with xmobar :: [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmonad/xmonad.hs xmonad.hs], [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmobarrc .xmobarrc], [http://arch.har-ikkje.net/gfx/ss/2010-09-05-163305_2960x1050_scrot.png screenshot].<br />
* hsa2 :: Simple configuration, with xmobar :: [http://www.difuzyon.net/linked/configs/xmonad.hs xmonad.hs], [http://www.difuzyon.net/linked/configs/dot.xmobarrc .xmobarrc].<br />
* jelly :: Configuration with prompt, different layouts, twinview with xmobar :: [http://github.com/jelly/dotfiles/tree/master/.xmonad/xmonad.hs xmonad.hs]<br />
* vogt :: Check adamvo's config, and others in the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* brisbin33 :: complex and simpler branches, importable dzen and scratchpad modules, very readable :: [https://github.com/pbrisbin/xmonad-config config] [http://pbrisbin.com/static/screenshots/current_desktop.png screenshot]<br />
<br />
==Troubleshooting==<br />
===GNOME 3 and Xmonad===<br />
With the release of GNOME 3, some additional steps are necessary to make GNOME play nice with Xmonad.<br />
<br />
First, add an Xmonad session file for use by gnome-session (/usr/share/gnome-session/sessions/xmonad.session):<br />
<br />
<pre><br />
[GNOME Session]<br />
Name=Xmonad session<br />
RequiredComponents=gnome-panel;gnome-settings-daemon;<br />
RequiredProviders=windowmanager;notifications;<br />
DefaultProvider-windowmanager=xmonad<br />
DefaultProvider-notifications=notification-daemon<br />
</pre><br />
Now create a desktop file for GDM (/usr/share/xsessions/xmonad-gnome-session.desktop):<br />
<pre><br />
[Desktop Entry]<br />
Name=Xmonad GNOME<br />
Comment=Tiling window manager<br />
TryExec=/usr/bin/gnome-session<br />
Exec=gnome-session --session=xmonad<br />
Type=XSession<br />
</pre><br />
Xmonad should now appear in the list of GDM sessions and also play nicely with gnome-session itself.<br />
<br />
===GDM 2.x/KDM can not find xmonad===<br />
You can force GDM to launch xmonad by creating the file xmonad.desktop in the /usr/share/xsessions directory and add the contents:<br />
<br />
[Desktop Entry]<br />
Encoding=UTF-8<br />
Name=xmonad<br />
Comment=This session starts xmonad<br />
Exec=/usr/bin/xmonad<br />
Type=Application<br />
<br />
Now xmonad will show in your GDM session menu. Thanks to [http://santanuchatterjee.blogspot.com/2009/03/making-xmonad-to-show-up-in-gdm-session.html Santanu Chatterjee] for the hint.<br />
<br />
For KDM you will need to create the file here as /usr/share/apps/kdm/sessions/xmonad.desktop<br />
<br />
Official Doc's are here:<br />
[http://www.haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#How_can_I_use_xmonad_with_a_display_manager.3F_.28xdm.2C_kdm.2C_gdm.29 Haskell Doc Page]<br />
<br />
===Missing xmonad-i386-linux===<br />
Xmonad should automatically create the xmonad-i386-linux file (in $HOME/.xmonad/). If this it not the case you can grab a cool looking config file from the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad wiki] or create your [http://haskell.org/haskellwiki/Xmonad/Config_archive/John_Goerzen's_Configuration own]. Put the .hs and all others files in .xmonad/ and run the command from the folder:<br />
<br />
xmonad --recompile<br />
<br />
Now you should see the file.<br />
<br />
===Problems with Java applications===<br />
The standard Java gui toolkit has a hardcoded list of "non-reparenting" window managers. Since XMonad is not in that list, there can be some problems with running some java applications. One of the most common problems is "grey blobs", when the java application renders as a plain grey box instead of rendering the gui.<br />
<br />
There is several thing that can help:<br />
* If you are using openjdk6, you can export <tt> _JAVA_AWT_WM_NONREPARENTING=1</tt> .<br />
* If you are using Sun JRE/JDK, the best solution is usually to use [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-SetWMName.html SetWMName.] However, its effect may be nullified if one also uses XMonad.Hooks.EwmhDesktops, in which case<br />
>> setWMName "LG3D"<br />
added to the LogHook may help.<br />
<br />
For more details about the problem, refer to the [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#Problems_with_Java_applications.2C_Applet_java_console XMonad FAQ.]<br />
<br />
===Large gray areas at the bottom of gvim windows===<br />
This problem was mentioned in the [http://bbs.archlinux.org/viewtopic.php?id=65285 forums].<br />
<br />
A solution is to make a more pleasing background color: just put the following lines in {{filename|~/.gtkrc-2.0}}:<br />
<br />
style "vimfix" {<br />
bg[NORMAL] = "#242424" # this matches my gvim theme 'Normal' bg color.<br />
}<br />
widget "vim-main-window.*GtkForm" style "vimfix"<br />
<br />
Another possible solution would be to first include this in {{filename|xmonad.hs}}:<br />
<br />
import XMonad.Layout.LayoutHints<br />
...<br />
, layoutHook = layoutHints $ mylayout<br />
<br />
where "mylayout" is your layout. Then pressing your macro key plus "n" will adjust the window. To do this automatically, install xdotool from community and start gvim this way:<br />
<br />
, ((modm, xK_v), spawn "gvim; xdotool key Super+n")<br />
<br />
Replace "Super" (the windows key) with your own macro key, and replace "xK_v" with your own shortcut (xdotool is a way to simulate keyboard events).<br />
<br />
===Chromium/Chrome won't go fullscreen===<br />
If Chrome fails to go fullscreen when F11 is pressed, you can use the [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-EwmhDesktops.html XMonad.Hooks.EwmhDesktops] extension found in the xmonad-contrib package. Simply add the import statement to your xmonad.hs:<br />
import XMonad.Hooks.EwmhDesktops<br />
and then add ''handleEventHook = fullscreenEventHook'' to the appropriate place; for example:<br />
<pre><br />
...<br />
xmonad $ defaultConfig <br />
{ modMask = mod4Mask<br />
, handleEventHook = fullscreenEventHook<br />
} <br />
<br />
...<br />
</pre><br />
After a recompile/restart of Xmonad, Chromium should now repond to F11 (fullscreen) as expected.<br />
<br />
==Other Resources==<br />
[http://xmonad.org/ xmonad] - The official xmonad website<br />
<br />
[http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) xmonad.hs] - Template xmonad.hs<br />
<br />
[http://xmonad.org/tour.html xmonad: a guided tour]<br />
<br />
[[dzen]] - General purpose messaging and notification program<br />
<br />
[[dmenu]] - Dynamic X menu for the quick launching of programs</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmonad&diff=142488Xmonad2011-05-23T03:11:54Z<p>Thayer: /* Troubleshooting */</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Tiling WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[fr:Xmonad]]<br />
{{i18n|Xmonad}}<br />
<br />
[http://xmonad.org/ xmonad] is a tiling window manager for X. Windows are arranged automatically to tile the screen without gaps or overlap, maximizing screen use. Window manager features are accessible from the keyboard: a mouse is optional. <br />
<br />
xmonad is written, configured and extensible in [http://haskell.org/ Haskell]. Custom layout algorithms, key bindings and other extensions may be written by the user in config files. <br />
<br />
Layouts are applied dynamically, and different layouts may be used on each workspace. [[Xinerama]] is fully supported, allowing windows to be tiled on several physical screens.<br />
<br />
For more information, please visit the xmonad website: http://xmonad.org/<br />
<br />
==Installation==<br />
<br />
xmonad and xmonad-contrib is currently available in the community repo. A build for the current development snapshot (darcs) is in the [http://aur.archlinux.org/ aur]. The following instructions are for xmonad-darcs, the development snapshot.<br />
<br />
===Development version (xmonad-darcs)===<br />
<br />
The xmonad-darcs development version can be installed from the AUR, with some additional dependencies in [community]. Install them in the following order:<br />
<br />
* [http://aur.archlinux.org/packages.php?ID=12483 xmonad-darcs] - The core window manager<br />
* [http://aur.archlinux.org/packages.php?ID=13652 xmonad-contrib-darcs] - Contributed extensions providing custom layouts, configurations, etc.<br />
<br />
==Configuration==<br />
<br />
===Starting xmonad===<br />
To start xmonad automatically, simply add the command '''exec xmonad''' to your startup script (e.g. ~/.xinitrc). GDM and KDM users can create a new session file and then select xmonad from the appropriate Session menu.<br />
<br />
Recently, users in #xmonad have stated that the exec is not required; simply adding '''xmonad''' as the last line in your startup script is the proper way to start this WM. Please use whichever method works for you. If using ck-launch-session, the exec is probably still required.<br />
<br />
''Note:'' By default, xmonad does not set an X cursor, therefore the "cross" cursor is usually displayed which can be confusing for new users (thinking that xmonad has not launched correctly). To set the expected left-pointer, add the following to your startup file (e.g. ~/.xinitrc):<br />
<br />
xsetroot -cursor_name left_ptr<br />
<br />
Also, xmonad defaults to the U.S. keyboard layout, so if you want e. g. the German one, add:<br />
<br />
setxkbmap -layout de<br />
<br />
Example .xinitrc :<br />
# set the cursor<br />
xsetroot -cursor_name left_ptr<br />
# set German keyboard layout<br />
setxkbmap -layout de<br />
# start xmonad<br />
exec ck-launch-session xmonad<br />
<br />
If for some reason XMonad doesn't start, check if you have an .xmonad dir in your home dir else create it<br />
mkdir ~/.xmonad<br />
<br />
===Configuring xmonad===<br />
<br />
xmonad users can modify, override or extend the default settings with the ~/.xmonad/xmonad.hs configuration file. Recompiling is done on the fly, with the Mod+q shortcut.<br />
<br />
If you find you do not have a directory at ~/.xmonad, run xmonad --recompile to create it. <br />
<br />
The "default config" for xmonad is quite usuable and it is achieved by simply running without an xmonad.hs entirely. Therefore, even after you run --recompile you will most likely not have an ~/.xmonad/xmonad.hs file. If you would like to start tweaking things, simply create the file and edit it as described below. <br />
<br />
Because the xmonad configuration file is written in Haskell, non-programmers may have a difficult time adjusting settings. For detailed HOWTO's and example configs, we refer you to the following resources:<br />
<br />
* [http://haskell.org/haskellwiki/Xmonad xmonad wiki]<br />
* [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions xmonad FAQ]<br />
* Archlinux [http://bbs.archlinux.org/viewtopic.php?id=40636 forum thread]<br />
<br />
The best approach is to only place your changes and customizations in ~/.xmonad/xmonad.hs and write it such that any unset parameters are picked up from the built-in defaultConfig. <br />
<br />
This is achieved by writing an xmonad.hs like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = "urxvt"<br />
, modMask = mod4Mask<br />
, borderWidth = 3<br />
}<br />
<br />
This simply overrides the default terminal and borderwidth while leaving all other settings at their defaults (inherited from the function defaultConfig).<br />
<br />
As things get more complicated, it can be handy to call configuration options by function name inside the main function, and define these separately in their own sections of your xmonad.hs. This makes large customizations like your layout and manage hooks easier to visualize and maintain.<br />
<br />
The above simple xmonad.hs could have been written like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = myTerminal<br />
, modMask = myModMask<br />
, borderWidth = myBorderWidth<br />
}<br />
<br />
-- yes, these are functions; just very simple ones<br />
-- that accept no input and return static values<br />
myTerminal = "urxvt"<br />
myModMask = mod4Mask -- Win key or Super_L<br />
myBorderWidth = 3<br />
<br />
Also, order at top level (main, myTerminal, myModMask etc.), or within the {} does not matter in Haskell, as long as imports come first.<br />
<br />
The following is taken from the 0.9 config file template found [http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) here]. It is an example of the most common functions one might want to define in their main do block.<br />
<br />
{<br />
terminal = myTerminal,<br />
focusFollowsMouse = myFocusFollowsMouse,<br />
borderWidth = myBorderWidth,<br />
modMask = myModMask,<br />
-- numlockMask deprecated in 0.9.1<br />
-- numlockMask = myNumlockMask,<br />
workspaces = myWorkspaces,<br />
normalBorderColor = myNormalBorderColor,<br />
focusedBorderColor = myFocusedBorderColor,<br />
<br />
-- key bindings<br />
keys = myKeys,<br />
mouseBindings = myMouseBindings,<br />
<br />
-- hooks, layouts<br />
layoutHook = myLayout,<br />
manageHook = myManageHook,<br />
handleEventHook = myEventHook,<br />
logHook = myLogHook,<br />
startupHook = myStartupHook<br />
}<br />
<br />
===Exiting xmonad===<br />
To end the current xmonad session, press Mod+SHIFT+q (Mod being ALT by default).<br />
<br />
==Tips and tricks==<br />
===Complementary applications===<br />
There are number of complementary utilities that work well with xmonad. The most common of these include:<br />
<br />
* [http://tools.suckless.org/dmenu dmenu]<br />
* [[xmobar]]<br />
* [[dzen]] <br />
* [[Conky]] and [http://aur.archlinux.org/packages.php?ID=11884 conky-cli]<br />
* [[Unclutter]] - a small utility to hide the mouse pointer<br />
* [http://uhsure.com/xmonad-log-applet.html XMonad-log-applet] - an gnome applet for the gnome-panel ( the package is in [community]<br />
<br />
===Making room for conky or tray apps===<br />
Wrap your layouts with avoidStruts from XMonad.Hooks.ManageDocks for automatic dock/panel/trayer spacing:<br />
<br />
import XMonad<br />
import XMonad.Hooks.ManageDocks<br />
<br />
main=do<br />
xmonad $ defaultConfig<br />
{ ...<br />
, layoutHook=avoidStruts $ Tall ||| Wide ||| Full<br />
, manageHook=manageHook defaultConfig <+> manageDocks<br />
, ...<br />
}<br />
<br />
If you ever want to toggle the gaps, this action can be added to your key bindings:<br />
,((modMask x, xK_b ), sendMessage ToggleStruts)<br />
<br />
===Using xmobar with xmonad===<br />
'''[[xmobar]]''' is a light and minimalistic text based bar, designed to work with xmonad.<br><br />
To use xmobar with xmonad, you will need two packages in addition to the xmonad package, these are xmonad-contrib from [community] and xmobar or [http://aur.archlinux.org/packages.php?ID=13627 xmobar-darcs from aur].<br />
<br />
Here we will start xmobar from within xmonad, which reloads xmobar whenever you reload xmonad.<br />
<br />
Open up <tt>~/.xmonad/xmonad.hs</tt> in your favorite editor, and choose one of the two following options:<br />
<br />
====Option 1: Quick, less flexible====<br />
Note: there is also a <tt>dzen</tt> which you can substitute for <tt>xmobar</tt> in either case.<br />
<br />
Common imports:<br />
<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
The xmobar action starts xmobar and returns a modified config that includes all the options described in the [[xmonad#Option 2: More configurable|xmonad:Option2: More configurable]] choice.<br />
<br />
main=xmonad=<< xmobar myConfig<br />
myConfig=defaultConfig { modMask=mod4Mask, -- or any other configurations here ... }<br />
<br />
==== Option 2: More Configurable ====<br />
As of xmonad(-contrib) 0.9, there is a new [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html#v%3AstatusBar statusBar] function in [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html XMonad.Hooks.DynamicLog]. It allows you to use your own configuration for:<br />
* The command used to execute the bar<br />
* The PP that determines what's being written to the bar<br />
* The keybinding to toggle the gap for the bar<br />
<br />
Following is an example of how to use it:<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
-- Imports.<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
-- The main function.<br />
main = xmonad =<< statusBar myBar myPP toggleStrutsKey myConfig<br />
<br />
-- Command to launch the bar.<br />
myBar = "xmobar"<br />
<br />
-- Custom PP, configure it as you like. It determines what's being written to the bar.<br />
myPP = xmobarPP { ppCurrent = xmobarColor "#429942" "" . wrap "<" ">" }<br />
<br />
-- Keybinding to toggle the gap for the bar.<br />
toggleStrutsKey XConfig {XMonad.modMask = modMask} = (modMask, xK_b)<br />
<br />
-- Main configuration, override the defaults to your liking.<br />
myConfig = defaultConfig { modMask = mod4Mask }<br />
</nowiki><br />
}}<br />
<br />
==== Verify XMobar Config ====<br />
The template and default xmobarrcs contains this.<br />
<br />
At last, open up <tt>~/.xmobarrc</tt> and make sure you got StdinReader in the template and run the plugin. E.g.<br />
{{File|name=~/.xmobarrc|content=<br />
<nowiki><br />
Config { ...<br />
, commands = [ Run StdinReader .... ] <br />
...<br />
, template = " %StdinReader% ... "<br />
}<br />
</nowiki><br />
}}<br />
Now, all you should have to do is either to start, or restart xmonad.<br />
<br />
===Controlling xmonad with external scripts===<br />
Although there is no direct way to interact with xmonad via scripts, you can simulate keypress events using xdotool or other such programs, see this [http://ubuntuforums.org/archive/index.php/t-658040.html Ubuntu forums thread]. This command would simulate the keypress "Super+n":<br />
xdotool key Super+n<br />
<br />
===Launching another window manager within xmonad===<br />
If you are using xmonad darcs, as of January of 2011, you can restart to another window manager from within xmonad. You just need to write a small script, and add stuff to your xmonad.hs. Here is the script.<br />
<br />
<br />
{{File|name=~/bin/obtoxmd|content=<br />
<nowiki><br />
#!/bin/sh<br />
openbox<br />
xmonad<br />
</nowiki><br />
}}<br />
<br />
And here are the modifications you need to add to your xmonad.hs<br />
<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
<br />
import XMonad<br />
--You need to add this import<br />
import XMonad.Util.Replace<br />
<br />
main do<br />
-- And this "replace"<br />
replace<br />
xmonad $ defaultConfig<br />
{ <br />
--Add the usual here<br />
}<br />
<br />
</nowiki><br />
}}<br />
<br />
You also need to add the following keybinding<br />
<br />
{{File|name=~/xmonad/xmonad.hs|content=<br />
<nowiki><br />
--Add a keybinding as follows:<br />
((modm .|. shiftMask, xK_o ), restart "/home/abijr/bin/obtoxmd" True)<br />
</nowiki><br />
}}<br />
<br />
Just remember to add a comma before or after and change the path to your actual script path.Now just mod-q (restart xmonad to refresh the config), and than hit mod-shift-o and you should have openbox running with the same windows open as in xmonad. To return to xmonad you should just exit openbox. Here is a link to adamvo's xmonad.hs which uses this setup [http://www.haskell.org/haskellwiki/Xmonad/Config_archive/adamvo%27s_xmonad.hs Adamvo's Xmonad.hs]<br />
<br />
===Example configurations===<br />
Below are some example configurations from fellow xmonad users. Feel free to add links to your own.<br />
* MrElendig :: Simple configuration, with xmobar :: [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmonad/xmonad.hs xmonad.hs], [http://github.com/MrElendig/dotfiles-alice/blob/master/.xmobarrc .xmobarrc], [http://arch.har-ikkje.net/gfx/ss/2010-09-05-163305_2960x1050_scrot.png screenshot].<br />
* hsa2 :: Simple configuration, with xmobar :: [http://www.difuzyon.net/linked/configs/xmonad.hs xmonad.hs], [http://www.difuzyon.net/linked/configs/dot.xmobarrc .xmobarrc].<br />
* jelly :: Configuration with prompt, different layouts, twinview with xmobar :: [http://github.com/jelly/dotfiles/tree/master/.xmonad/xmonad.hs xmonad.hs]<br />
* vogt :: Check adamvo's config, and others in the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* brisbin33 :: complex and simpler branches, importable dzen and scratchpad modules, very readable :: [https://github.com/pbrisbin/xmonad-config config] [http://pbrisbin.com/static/screenshots/current_desktop.png screenshot]<br />
<br />
==Troubleshooting==<br />
===GDM/KDM can not find xmonad===<br />
You can force GDM to launch xmonad by creating the file xmonad.desktop in the /usr/share/xsessions directory and add the contents:<br />
<br />
[Desktop Entry]<br />
Encoding=UTF-8<br />
Name=xmonad<br />
Comment=This session starts xmonad<br />
Exec=/usr/bin/xmonad<br />
Type=Application<br />
<br />
Now xmonad will show in your GDM session menu. Thanks to [http://santanuchatterjee.blogspot.com/2009/03/making-xmonad-to-show-up-in-gdm-session.html Santanu Chatterjee] for the hint.<br />
<br />
For KDM you will need to create the file here as /usr/share/apps/kdm/sessions/xmonad.desktop<br />
<br />
Official Doc's are here:<br />
[http://www.haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#How_can_I_use_xmonad_with_a_display_manager.3F_.28xdm.2C_kdm.2C_gdm.29 Haskell Doc Page]<br />
<br />
===Missing xmonad-i386-linux===<br />
Xmonad should automatically create the xmonad-i386-linux file (in $HOME/.xmonad/). If this it not the case you can grab a cool looking config file from the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad wiki] or create your [http://haskell.org/haskellwiki/Xmonad/Config_archive/John_Goerzen's_Configuration own]. Put the .hs and all others files in .xmonad/ and run the command from the folder:<br />
<br />
xmonad --recompile<br />
<br />
Now you should see the file.<br />
<br />
===Problems with Java applications===<br />
The standard Java gui toolkit has a hardcoded list of "non-reparenting" window managers. Since XMonad is not in that list, there can be some problems with running some java applications. One of the most common problems is "grey blobs", when the java application renders as a plain grey box instead of rendering the gui.<br />
<br />
There is several thing that can help:<br />
* If you are using openjdk6, you can export <tt> _JAVA_AWT_WM_NONREPARENTING=1</tt> .<br />
* If you are using Sun JRE/JDK, the best solution is usually to use [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-SetWMName.html SetWMName.] However, its effect may be nullified if one also uses XMonad.Hooks.EwmhDesktops, in which case<br />
>> setWMName "LG3D"<br />
added to the LogHook may help.<br />
<br />
For more details about the problem, refer to the [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#Problems_with_Java_applications.2C_Applet_java_console XMonad FAQ.]<br />
<br />
===Large gray areas at the bottom of gvim windows===<br />
This problem was mentioned in the [http://bbs.archlinux.org/viewtopic.php?id=65285 forums].<br />
<br />
A solution is to make a more pleasing background color: just put the following lines in {{filename|~/.gtkrc-2.0}}:<br />
<br />
style "vimfix" {<br />
bg[NORMAL] = "#242424" # this matches my gvim theme 'Normal' bg color.<br />
}<br />
widget "vim-main-window.*GtkForm" style "vimfix"<br />
<br />
Another possible solution would be to first include this in {{filename|xmonad.hs}}:<br />
<br />
import XMonad.Layout.LayoutHints<br />
...<br />
, layoutHook = layoutHints $ mylayout<br />
<br />
where "mylayout" is your layout. Then pressing your macro key plus "n" will adjust the window. To do this automatically, install xdotool from community and start gvim this way:<br />
<br />
, ((modm, xK_v), spawn "gvim; xdotool key Super+n")<br />
<br />
Replace "Super" (the windows key) with your own macro key, and replace "xK_v" with your own shortcut (xdotool is a way to simulate keyboard events).<br />
<br />
===Chromium/Chrome won't go fullscreen===<br />
If Chrome fails to go fullscreen when F11 is pressed, you can use the [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-EwmhDesktops.html XMonad.Hooks.EwmhDesktops] extension found in the xmonad-contrib package. Simply add the import statement to your xmonad.hs:<br />
import XMonad.Hooks.EwmhDesktops<br />
and then add ''handleEventHook = fullscreenEventHook'' to the appropriate place; for example:<br />
<pre><br />
...<br />
xmonad $ defaultConfig <br />
{ modMask = mod4Mask<br />
, handleEventHook = fullscreenEventHook<br />
} <br />
<br />
...<br />
</pre><br />
After a recompile/restart of Xmonad, Chromium should now repond to F11 (fullscreen) as expected.<br />
<br />
==Other Resources==<br />
[http://xmonad.org/ xmonad] - The official xmonad website<br />
<br />
[http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) xmonad.hs] - Template xmonad.hs<br />
<br />
[http://xmonad.org/tour.html xmonad: a guided tour]<br />
<br />
[[dzen]] - General purpose messaging and notification program<br />
<br />
[[dmenu]] - Dynamic X menu for the quick launching of programs</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142050OpenSSH2011-05-19T19:31:01Z<p>Thayer: /* Trouble Shooting */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
Also:<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
$ ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
$ ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
$ xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
$ ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
$ ssh -X user@server-address<br />
server $ echo $DISPLAY<br />
localhost:10.0<br />
server $ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
# rc.d stop iptables<br />
<br />
or:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F INPUT<br />
# iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
# tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Read from socket failed: Connection reset by peer ===<br />
<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142048OpenSSH2011-05-19T19:30:00Z<p>Thayer: /* Speed up SSH */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
Also:<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
$ ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
$ ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
$ xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
$ ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
# rc.d stop iptables<br />
<br />
or:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F INPUT<br />
# iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
# tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Read from socket failed: Connection reset by peer ===<br />
<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142047OpenSSH2011-05-19T19:29:31Z<p>Thayer: /* X11 Forwarding */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
Also:<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
$ ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
$ ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
$ xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
# rc.d stop iptables<br />
<br />
or:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F INPUT<br />
# iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
# tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Read from socket failed: Connection reset by peer ===<br />
<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142046OpenSSH2011-05-19T19:26:57Z<p>Thayer: /* Is the traffic even getting to your computer? */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
# rc.d stop iptables<br />
<br />
or:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F INPUT<br />
# iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
# tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Read from socket failed: Connection reset by peer ===<br />
<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142045OpenSSH2011-05-19T19:26:42Z<p>Thayer: /* Are there firewall rules blocking the connection? */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
# rc.d stop iptables<br />
<br />
or:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F INPUT<br />
# iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Read from socket failed: Connection reset by peer ===<br />
<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142044OpenSSH2011-05-19T19:25:50Z<p>Thayer: /* Is SSH running and listening? */</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
# netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
rc.d stop iptables<br />
<br />
or:<br />
<br />
iptables -P INPUT ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -F INPUT<br />
iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Read from socket failed: Connection reset by peer ===<br />
<br />
Recent versions of openssh sometimes fail with the above error message, due to a bug involving elliptic curve cryptography. In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142027OpenSSH2011-05-19T16:34:43Z<p>Thayer: LoginGraceTime is already 120 seconds</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
To disable root login over SSH, add the following:<br />
PermitRootLogin no<br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
rc.d stop iptables<br />
<br />
or:<br />
<br />
iptables -P INPUT ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -F INPUT<br />
iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Are you suffering from the elliptic curves bug? ===<br />
<br />
Recent versions of openssh sometimes fail with the error message<br />
<br />
Read from socket failed: Connection reset by peer<br />
<br />
In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142026OpenSSH2011-05-19T16:31:05Z<p>Thayer: Latest config (and protocol 2 is now enforced by default)</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server<br />
}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
You might want to change some lines so that they look as following:<br />
<pre><br />
LoginGraceTime 120<br />
.<br />
.<br />
.<br />
PermitRootLogin no # (put yes here if you want root login)<br />
</pre><br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
rc.d stop iptables<br />
<br />
or:<br />
<br />
iptables -P INPUT ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -F INPUT<br />
iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Are you suffering from the elliptic curves bug? ===<br />
<br />
Recent versions of openssh sometimes fail with the error message<br />
<br />
Read from socket failed: Connection reset by peer<br />
<br />
In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142025OpenSSH2011-05-19T16:27:12Z<p>Thayer: Undo revision 142024 by Thayer (talk) (pasted wrong config)</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $<br />
<br />
# This is the ssh client system-wide configuration file. See<br />
# ssh_config(5) for more information. This file provides defaults for<br />
# users, and the values can be changed in per-user configuration files<br />
# or on the command line.<br />
<br />
# Configuration data is parsed as follows:<br />
# 1. command line options<br />
# 2. user-specific file<br />
# 3. system-wide file<br />
# Any configuration value is only changed the first time it is set.<br />
# Thus, host-specific definitions should be at the beginning of the<br />
# configuration file, and defaults at the end.<br />
<br />
# Site-wide defaults for some commonly used options. For a comprehensive<br />
# list of available options, their meanings and defaults, please see the<br />
# ssh_config(5) man page.<br />
<br />
# Host *<br />
# ForwardAgent no<br />
# ForwardX11 no<br />
# RhostsRSAAuthentication no<br />
# RSAAuthentication yes<br />
# PasswordAuthentication yes<br />
# HostbasedAuthentication no<br />
# GSSAPIAuthentication no<br />
# GSSAPIDelegateCredentials no<br />
# BatchMode no<br />
# CheckHostIP yes<br />
# AddressFamily any<br />
# ConnectTimeout 0<br />
# StrictHostKeyChecking ask<br />
# IdentityFile ~/.ssh/identity<br />
# IdentityFile ~/.ssh/id_rsa<br />
# IdentityFile ~/.ssh/id_dsa<br />
# Port 22<br />
# Protocol 2,1<br />
# Cipher 3des<br />
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc<br />
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160<br />
# EscapeChar ~<br />
# Tunnel no<br />
# TunnelDevice any:any<br />
# PermitLocalCommand no<br />
# VisualHostKey no<br />
# ProxyCommand ssh -q -W %h:%p gateway.example.com<br />
}}<br />
<br />
It is recommended to change the Protocol line into this:<br />
Protocol 2<br />
<br />
That means that only Protocol 2 will be used, since Protocol 1 is considered somewhat insecure.<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
<br />
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#Protocol 2,1<br />
ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh''host''key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh''host''rsa_key<br />
#HostKey /etc/ssh/ssh''host''dsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 768<br />
<br />
# Logging<br />
#obsoletes ~QuietMode and ~FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh''known''hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
#ChallengeResponseAuthentication yes<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing,<br />
# and session processing. If this is enabled, PAM authentication will<br />
# be allowed through the ~ChallengeResponseAuthentication mechanism.<br />
# Depending on your PAM configuration, this may bypass the setting of<br />
# PasswordAuthentication, ~PermitEmptyPasswords, and<br />
# "PermitRootLogin without-password". If you just want the PAM account and<br />
# session checks to run without PAM authentication, then enable this but set<br />
# ChallengeResponseAuthentication=no<br />
#UsePAM no<br />
<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression yes<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
<br />
# no default banner path<br />
#Banner /some/path<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
You might want to change some lines so that they look as following:<br />
<pre><br />
Protocol 2<br />
.<br />
.<br />
.<br />
LoginGraceTime 120<br />
.<br />
.<br />
.<br />
PermitRootLogin no # (put yes here if you want root login)<br />
</pre><br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
rc.d stop iptables<br />
<br />
or:<br />
<br />
iptables -P INPUT ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -F INPUT<br />
iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Are you suffering from the elliptic curves bug? ===<br />
<br />
Recent versions of openssh sometimes fail with the error message<br />
<br />
Read from socket failed: Connection reset by peer<br />
<br />
In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=OpenSSH&diff=142024OpenSSH2011-05-19T16:24:32Z<p>Thayer: Updated with most recent default config</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
{{i18n|SSH}}<br />
[[pl:SSH]]<br />
[[fr:ssh]]<br />
<br />
Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br />
<br />
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; file transfer can be accomplished using the associated SFTP or SCP protocols.<br />
<br />
An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an ''sshd'' daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, GNU/Linux, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.<br />
<br />
(Source: [[Wikipedia:Secure Shell]])<br />
<br />
= OpenSSH =<br />
<br />
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.<br />
<br />
OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals.<br />
<br />
== Installing OpenSSH ==<br />
# pacman -S openssh<br />
<br />
== Configuring SSH ==<br />
===Client===<br />
The SSH client configuration file can be found and edited in {{Filename|/etc/ssh/ssh_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/ssh_config|content=<br />
<br />
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#AddressFamily any<br />
#ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# The default requires explicit activation of protocol 1<br />
#Protocol 2<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh_host_key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh_host_rsa_key<br />
#HostKey /etc/ssh/ssh_host_dsa_key<br />
#HostKey /etc/ssh/ssh_host_ecdsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 1024<br />
<br />
# Logging<br />
# obsoletes QuietMode and FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
#MaxSessions 10<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
ChallengeResponseAuthentication no<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing, <br />
# and session processing. If this is enabled, PAM authentication will <br />
# be allowed through the ChallengeResponseAuthentication and<br />
# PasswordAuthentication. Depending on your PAM configuration,<br />
# PAM authentication via ChallengeResponseAuthentication may bypass<br />
# the setting of "PermitRootLogin without-password".<br />
# If you just want the PAM account and session checks to run without<br />
# PAM authentication, then enable this but set PasswordAuthentication<br />
# and ChallengeResponseAuthentication to 'no'.<br />
UsePAM yes<br />
<br />
#AllowAgentForwarding yes<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression delayed<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
#PermitTunnel no<br />
#ChrootDirectory none<br />
<br />
# no default banner path<br />
#Banner none<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server<br />
<br />
# Example of overriding settings on a per-user basis<br />
#Match User anoncvs<br />
# X11Forwarding no<br />
# AllowTcpForwarding no<br />
# ForceCommand cvs server}}<br />
<br />
===Daemon===<br />
The SSH daemon configuration file can be found and edited in {{Filename|/etc/ssh/ssh'''d'''_config}}.<br />
<br />
An example configuration: <br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
<br />
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $<br />
<br />
# This is the sshd server system-wide configuration file. See<br />
# sshd_config(5) for more information.<br />
<br />
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin<br />
<br />
# The strategy used for options in the default sshd_config shipped with<br />
# OpenSSH is to specify options with their default value where<br />
# possible, but leave them commented. Uncommented options change a<br />
# default value.<br />
<br />
#Port 22<br />
#Protocol 2,1<br />
ListenAddress 0.0.0.0<br />
#ListenAddress ::<br />
<br />
# HostKey for protocol version 1<br />
#HostKey /etc/ssh/ssh''host''key<br />
# HostKeys for protocol version 2<br />
#HostKey /etc/ssh/ssh''host''rsa_key<br />
#HostKey /etc/ssh/ssh''host''dsa_key<br />
<br />
# Lifetime and size of ephemeral version 1 server key<br />
#KeyRegenerationInterval 1h<br />
#ServerKeyBits 768<br />
<br />
# Logging<br />
#obsoletes ~QuietMode and ~FascistLogging<br />
#SyslogFacility AUTH<br />
#LogLevel INFO<br />
<br />
# Authentication:<br />
<br />
#LoginGraceTime 2m<br />
#PermitRootLogin yes<br />
#StrictModes yes<br />
#MaxAuthTries 6<br />
<br />
#RSAAuthentication yes<br />
#PubkeyAuthentication yes<br />
#AuthorizedKeysFile .ssh/authorized_keys<br />
<br />
# For this to work you will also need host keys in /etc/ssh/ssh''known''hosts<br />
#RhostsRSAAuthentication no<br />
# similar for protocol version 2<br />
#HostbasedAuthentication no<br />
# Change to yes if you don't trust ~/.ssh/known_hosts for<br />
# RhostsRSAAuthentication and HostbasedAuthentication<br />
#IgnoreUserKnownHosts no<br />
# Don't read the user's ~/.rhosts and ~/.shosts files<br />
#IgnoreRhosts yes<br />
<br />
# To disable tunneled clear text passwords, change to no here!<br />
#PasswordAuthentication yes<br />
#PermitEmptyPasswords no<br />
<br />
# Change to no to disable s/key passwords<br />
#ChallengeResponseAuthentication yes<br />
<br />
# Kerberos options<br />
#KerberosAuthentication no<br />
#KerberosOrLocalPasswd yes<br />
#KerberosTicketCleanup yes<br />
#KerberosGetAFSToken no<br />
<br />
# GSSAPI options<br />
#GSSAPIAuthentication no<br />
#GSSAPICleanupCredentials yes<br />
<br />
# Set this to 'yes' to enable PAM authentication, account processing,<br />
# and session processing. If this is enabled, PAM authentication will<br />
# be allowed through the ~ChallengeResponseAuthentication mechanism.<br />
# Depending on your PAM configuration, this may bypass the setting of<br />
# PasswordAuthentication, ~PermitEmptyPasswords, and<br />
# "PermitRootLogin without-password". If you just want the PAM account and<br />
# session checks to run without PAM authentication, then enable this but set<br />
# ChallengeResponseAuthentication=no<br />
#UsePAM no<br />
<br />
#AllowTcpForwarding yes<br />
#GatewayPorts no<br />
#X11Forwarding no<br />
#X11DisplayOffset 10<br />
#X11UseLocalhost yes<br />
#PrintMotd yes<br />
#PrintLastLog yes<br />
#TCPKeepAlive yes<br />
#UseLogin no<br />
#UsePrivilegeSeparation yes<br />
#PermitUserEnvironment no<br />
#Compression yes<br />
#ClientAliveInterval 0<br />
#ClientAliveCountMax 3<br />
#UseDNS yes<br />
#PidFile /var/run/sshd.pid<br />
#MaxStartups 10<br />
<br />
# no default banner path<br />
#Banner /some/path<br />
<br />
# override default of no subsystems<br />
Subsystem sftp /usr/lib/ssh/sftp-server}}<br />
<br />
<br />
To allow access only for some users add this line:<br />
AllowUsers user1 user2<br />
<br />
You might want to change some lines so that they look as following:<br />
<pre><br />
Protocol 2<br />
.<br />
.<br />
.<br />
LoginGraceTime 120<br />
.<br />
.<br />
.<br />
PermitRootLogin no # (put yes here if you want root login)<br />
</pre><br />
<br />
You could also uncomment the BANNER option and edit {{Filename|/etc/issue}} for a nice welcome message.<br />
<br />
{{Tip| You may want to change the default port from 22 to any higher port (see [http://en.wikipedia.org/wiki/Security_through_obscurity security through obscurity]).}} <br />
<br />
Even though the port ssh is running on could be detected by using a port-scanner like nmap, changing it will reduce the number of log entries caused by automated authentication attempts.<br />
<br />
{{Tip| Disabling password logins entirely may also increase security, since each user with access to the server will need to create ssh keys. (see [http://wiki.archlinux.org/index.php/Using_SSH_Keys Using SSH Keys]).}}<br />
<br />
{{File|name=/etc/ssh/sshd_config|content=<br />
PasswordAuthentication no<br />
ChallengeResponseAuthentication no}}<br />
<br />
===Allowing others in===<br />
{{Box Note | You have to adjust this file to remotely connect to your machine since the file is empty by default}}<br />
<br />
To let other people ssh to your machine you need to adjust {{Filename|/etc/hosts.allow}}, add the following:<br />
<br />
<pre><br />
# let everyone connect to you<br />
sshd: ALL<br />
<br />
# OR you can restrict it to a certain ip<br />
sshd: 192.168.0.1<br />
<br />
# OR restrict for a specific IP mask<br />
sshd: 10.0.0.0/255.255.255.0<br />
<br />
# OR restrict for an IP match<br />
sshd: 192.168.1.<br />
</pre><br />
<br />
Now you should check your {{Filename|/etc/hosts.deny}} for the following line and make sure it looks like this:<br />
ALL: ALL<br />
<br />
That's it. You can SSH out and others should be able to SSH in :).<br />
<br />
To start using the new configuration, restart the daemon (as root):<br />
# rc.d restart sshd<br />
<br />
== Managing SSHD Daemon ==<br />
Just add sshd to the "DAEMONS" section of your {{Filename|/etc/[[rc.conf]]}}:<br />
DAEMONS=(... ... '''sshd''' ... ...)<br />
<br />
To start/restart/stop the daemon, use the following:<br />
# rc.d {start|stop|restart} sshd<br />
<br />
==Connecting to the server==<br />
To connect to a server, run:<br />
$ ssh -p port user@server-address<br />
<br />
= Tips and Tricks =<br />
<br />
== Encrypted Socks Tunnel ==<br />
This is highly useful for laptop users connected to various unsafe wireless connections. The only thing you need is an SSH server running at a somewhat secure location, like your home or at work. It might be useful to use a dynamic DNS service like [http://www.dyndns.org/ DynDNS] so you don't have to remember your IP-address.<br />
<br />
=== Step 1: Start the Connection ===<br />
You only have to execute this single command in your favorite terminal to start the connection:<br />
$ ssh -ND 4711 user@host<br />
where {{Codeline|"user"}} is your username at the SSH server running at the {{Codeline|"host"}}. It will ask for your password, and then you're connected! The {{Codeline|"N"}} flag disables the interactive prompt, and the {{Codeline|"D"}} flag specifies the local port on which to listen on (you can choose any port number if you want).<br />
<br />
One way to make this easier is to put an alias line in your {{Filename|~/.bashrc}} file as following:<br />
alias sshtunnel="ssh -ND 4711 -v user@host"<br />
It's nice to add the verbose {{Codeline|"-v"}} flag, because then you can verify that it's actually connected from that output. Now you just have to execute the {{Codeline|"sshtunnel"}} command :)<br />
<br />
=== Step 2: Configure your Browser (or other programs) ===<br />
<br />
The above step is completely useless if you don't configure your web browser (or other programs) to use this newly created socks tunnel. Since the current version of SSH supports both SOCKS4 and SOCKS5, you can use either of them.<br />
<br />
* For Firefox: ''Edit &rarr; Preferences &rarr; Advanced &rarr; Network &rarr; Connection &rarr; Setting'':<br />
: Check the ''"Manual proxy configuration"'' radio button, and enter "localhost" in the ''"SOCKS host"'' text field, and then enter your port number in the next text field (I used 4711 above).<br />
<br />
Firefox does not automatically make DNS requests through the socks tunnel. This potential privacy concern can be mitigated by the following steps:<br />
<br />
# Type about:config into the Firefox location bar.<br />
# Search for network.proxy.socks_remote_dns<br />
# Set the value to true.<br />
# Restart the browser.<br />
<br />
* For Chromium: You can set the SOCKS settings as enviroment variables or as command line options. I recommend to add one of the following functions to your {{Filename|.bashrc}}:<br />
function secure_chromium {<br />
port=4711<br />
export SOCKS_SERVER=localhost:$port<br />
export SOCKS_VERSION=5<br />
chromium &<br />
exit<br />
}<br />
OR<br />
function secure_chromium {<br />
port=4711<br />
chromium --proxy-server="socks://localhost:$port" &<br />
exit<br />
}<br />
<br />
Now open a terminal and just do:<br />
$ secure_chromium<br />
<br />
Enjoy your secure tunnel!<br />
<br />
== X11 Forwarding ==<br />
<br />
To run graphical programs through a SSH connection you can enable X11 forwarding. An option needs to be set in the configuration files on the server and client (here "client" means your (desktop) machine your X11 Server runs on, and you will run X applications on the "server").<br />
<br />
Install xorg-xauth on the server:<br />
# pacman -S xorg-xauth<br />
<br />
* Enable the '''AllowTcpForwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Enable the '''X11Forwarding''' option in {{Filename|sshd_config}} on the '''server'''.<br />
* Set the '''X11DisplayOffset''' option in {{Filename|sshd_config}} on the '''server''' to 10.<br />
* Enable the '''X11UseLocalhost''' option in {{Filename|sshd_config}} on the '''server'''.<br />
<br />
<br />
* Enable the '''ForwardX11''' option in {{Filename|ssh_config}} on the '''client'''.<br />
<br />
To use the forwarding, log on to your server through ssh:<br />
# ssh -X -p port user@server-address<br />
If you receive errors trying to run graphical applications try trusted forwarding instead:<br />
# ssh -Y -p port user@server-address<br />
You can now start any X program on the remote server, the output will be forwarded to your local session:<br />
# xclock<br />
<br />
If you get "Cannot open display" errors try the following command as the non root user:<br />
$ xhost +<br />
<br />
the above command will allow anybody to forward X11 applications. To restrict forwarding to a particular host type:<br />
$ xhost +hostname<br />
<br />
where hostname is the name of the particular host you want to forward to. Type "man xhost" for more details.<br />
<br />
Be careful with some applications as they check for a running instance on the local machine. Firefox is an example. Either close running Firefox or use the following start parameter to start a remote instance on the local machine<br />
$ firefox -no-remote<br />
<br />
== Speed up SSH ==<br />
You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
ControlMaster auto<br />
ControlPath ~/.ssh/socket-%r@%h:%p<br />
<br />
Changing the ciphers used by SSH to less cpu-demanding ones can improve speed. In this aspect, the best choices are arcfour and blowfish-cbc. '''Please do not do this unless you know what you are doing; arcfour has a number of known weaknesses'''. To use them, run SSH with the {{Codeline|"c"}} flag, like this:<br />
# ssh -c arcfour,blowfish-cbc user@server-address<br />
To use them permanently, add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Ciphers arcfour,blowfish-cbc<br />
Another option to improve speed is to enable compression with the {{Codeline|"C"}} flag. A permanent solution is to add this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
Compression yes<br />
Login time can be shorten by using the {{Codeline|"4"}} flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in {{Filename|/etc/ssh/ssh_config}}:<br />
AddressFamily inet<br />
Another way of making these changes permanent is to create an alias in {{Filename|~/.bashrc}}:<br />
alias ssh='ssh -C4c arcfour,blowfish-cbc'<br />
<br />
=== Trouble Shooting ===<br />
<br />
Make sure your DISPLAY string is resolveable on the remote end:<br />
<br />
ssh -X user@server-address<br />
server$ echo $DISPLAY<br />
localhost:10.0<br />
server$ telnet localhost 6010<br />
localhost/6010: lookup failure: Temporary failure in name resolution <br />
<br />
can be fixed by adding localhost to {{Filename|/etc/hosts}}.<br />
<br />
== Mounting a Remote Filesystem with SSHFS ==<br />
<br />
Install sshfs<br />
# pacman -S sshfs<br />
<br />
Load the Fuse module<br />
# modprobe fuse<br />
Add fuse to the ''modules'' array in {{Filename|/etc/rc.conf}} to load it on each system boot.<br />
<br />
Mount the remote folder using sshfs<br />
# mkdir ~/remote_folder<br />
# sshfs USER@remote_server:/tmp ~/remote_folder<br />
<br />
The command above will cause the folder /tmp on the remote server to be mounted as ~/remote_folder on the local machine. Copying any file to this folder will result in transparent copying over the network using SFTP. Same concerns direct file editing, creating or removing.<br />
<br />
When we’re done working with the remote filesystem, we can unmount the remote folder by issuing:<br />
# fusermount -u ~/remote_folder<br />
<br />
If we work on this folder on a daily basis, it is wise to add it to the {{Filename|/etc/fstab}} table. This way is can be automatically mounted upon system boot or mounted manually (if {{Codeline|noauto}} option is chosen) without the need to specify the remote location each time. Here is a sample entry in the table:<br />
sshfs#USER@remote_server:/tmp /full/path/to/directory fuse defaults,auto,allow_other 0 0<br />
<br />
== Keep Alive ==<br />
<br />
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to {{Filename|~/.ssh/config}} or to {{Filename|/etc/ssh/ssh_config}} on the client.<br />
<br />
ServerAliveInterval 120<br />
<br />
This will send a "keep alive" signal to the server every 120 seconds.<br />
<br />
Conversely, to keep incoming connections alive, you can set<br />
<br />
ClientAliveInterval 120<br />
<br />
(or some other number greater than 0) in {{Filename|/etc/ssh/sshd_config}} on the server.<br />
<br />
== Save connection data in .ssh/config ==<br />
<br />
Whenever you want to connect to a server, you usually have to type at least its address and your username. To save that typing work for servers you regularly connect to, you can use the {{Filename|$HOME/.ssh/config}} file as shown in the following example:<br />
<br />
{{File|name=$HOME/.ssh/config|content=<br />
<br />
Host myserver<br />
HostName 123.123.123.123<br />
Port 12345<br />
User bob<br />
Host other_server<br />
HostName test.something.org<br />
User alice<br />
CheckHostIP no<br />
Cipher blowfish<br />
}}<br />
<br />
Now you can simply connect to the server by using the name you specified:<br />
<br />
$ ssh myserver<br />
<br />
To see a complete list of the possible options, check out ssh_config's manpage on your system or the [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config ssh_config documentation] on the official website.<br />
<br />
= Troubleshooting =<br />
<br />
== Connection Refused Problem ==<br />
<br />
=== Is SSH running and listening? ===<br />
<br />
netstat -tnlp | grep ssh<br />
<br />
If the above command doesn't display anything, then SSH is NOT running. Check <code>/var/log/messages</code> for errors etc.<br />
<br />
=== Are there firewall rules blocking the connection? ===<br />
<br />
Flush your iptables rules to make sure they are not interfering:<br />
<br />
rc.d stop iptables<br />
<br />
or:<br />
<br />
iptables -P INPUT ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -F INPUT<br />
iptables -F OUTPUT<br />
<br />
=== Have you allowed SSH in hosts.allow? ===<br />
<br />
Double check you have done [[#Allowing_others_in|this section]] correctly.<br />
<br />
=== Is the traffic even getting to your computer? ===<br />
<br />
Start a traffic dump on the computer you're having problems with:<br />
<br />
tcpdump -lnn -i any port ssh and tcp-syn<br />
<br />
This should show some basic information, then wait for any matching traffic to happen before displaying it. Try your connection now. If you don't see any output when you attempt to connect, then something outside of your computer is blocking the traffic (eg, hardware firewall, NAT router etc)<br />
<br />
=== Are you suffering from the elliptic curves bug? ===<br />
<br />
Recent versions of openssh sometimes fail with the error message<br />
<br />
Read from socket failed: Connection reset by peer<br />
<br />
In that case, edit the file<br />
<br />
~/.ssh/config<br />
<br />
or create it, if it doesn't already exist. Add the line<br />
<br />
HostKeyAlgorithms ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<br />
<br />
= See Also =<br />
*[[Using SSH Keys]]<br />
*[[Pam_abl]]<br />
*[[DenyHosts]]<br />
*[[Sshfs]]<br />
<br />
= Links & References =<br />
*[http://www.soloport.com/iptables.html A Cure for the Common SSH Login Attack]<br />
*[http://webssh.cz.cc Using your browser as SSH client]<br />
*[http://www.la-samhna.de/library/brutessh.html Defending against brute force ssh attacks]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Jekyll&diff=140686Jekyll2011-05-09T16:38:43Z<p>Thayer: link to project page in the first sentence.</p>
<hr />
<div>[[Category:HOWTOs (English)]]<br />
{{i18n|Jekyll}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Jekyll is a simple static site generator written in Ruby and developed by GitHub co-founder [http://tom.preston-werner.com/ Tom Preston-Werner]. This page provides a verbose tutorial to install and configure Jekyll for both inexperienced and advanced users.}}<br />
{{Article summary heading|Required software}}<br />
{{Article summary link|directory_watcher|http://rubygems.org/gems/directory_watcher}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Related article title}}<br />
{{Article summary end}}<br />
<br />
[http://jekyllrb.com/ Jekyll] is "a simple, blog aware, static site generator. It takes a template directory (representing the raw form of a website), runs it through Textile or Markdown and Liquid converters, and spits out a complete, static website suitable for serving with Apache or your favorite web server. This is also the engine behind [http://pages.github.com/ GitHub Pages], which you can use to host your project’s page or blog right here from GitHub." [https://github.com/mojombo/jekyll/wikiGitHub]<br />
<br />
Werner announced the release of Jekyll on [http://tom.preston-werner.com/2008/11/17/blogging-like-a-hacker.html his website] on November 17, 2008.<br />
<br />
== Installation ==<br />
Jekyll can be installed in Arch Linux with the [[Wikipedia:RubyGems|RubyGems]] package manager or using the applicable packages in the [[Arch User Repository]]. Both methods require the Ruby package in [extra] to be installed.<br />
<br />
=== RubyGems (Recommended)===<br />
The best way to install Jekyll is with [[Ruby#RubyGems|RubyGems]], a package manager for the Ruby programming language. RubyGems is installed alongside the [[Ruby]] package, which is located in the [http://www.archlinux.org/packages/?sort=&repo=Extra&q=ruby&maintainer=&last_update=&flagged=&limit=50 extra repository].<br />
$ pacman -S ruby ruby-docs<br />
Jekyll can then be installed for all users on the machine using the <tt>gem</tt> command as root. Alternative installation methods are available on the [[Ruby#RubyGems|Ruby]] page.<br />
<br />
Before installing Jekyll make sure to update RubyGems.<br />
$ gem update --system<br />
Then install Jekyll using the <tt>gem</tt> command.<br />
$ gem install jekyll<br />
<br />
=== Arch User Repository (Alternate) ===<br />
Jekyll is also packaged independently of RubyGems in the [http://aur.archlinux.org/packages.php?ID=44412 AUR]. Installation through AUR allows all packages to be maintained with [[Pacman]] rather than RubyGems.<br />
<br />
== Select a Markup Language==<br />
There are numerous different markup languages that are used to define text-to-HTML conversion tools.<br />
<br />
=== Textile (Default) ===<br />
[[Wikipedia:Textile (markup language)|Textile]] is the default markup language used by Jekyll.<br />
<br />
=== Markdown (Alternate) ===<br />
[http://daringfireball.net/projects/markdown/ Markdown] is a markup language and text-to-HTML conversion tool developed in Perl by [http://daringfireball.net/ John Gruber]. A perl and a pyhton implementation of Markdown can be found in [community], while numerous other implementations are available in the [http://aur.archlinux.org/packages.php?O=0&K=markdown&do_Search=Go AUR]. <br />
<br />
Additionally, it has been implemented in C as [http://www.pell.portland.or.us/~orc/Code/discount/ Discount] by [http://www.pell.portland.or.us/~orc/ David Parsons] and a Ruby extension was written by [http://tomayko.com/ Ryan Tomayko] as [https://github.com/rtomayko/rdiscount RDiscount]. You can install RDiscount with Rubygems as root '''or''' through the [http://aur.archlinux.org/packages.php?ID=34706 AUR].<br />
$ gem install rdiscount -s <nowiki>http://gemcutter.org</nowiki><br />
Then add the following line to your {{filename|_config.yml}}.<br />
markdown: rdiscount<br />
<br />
If you are unfamiliar with Markdown, Gruber's [http://daringfireball.net/projects/markdown/basics website] presents an excellent introduction. Additionally, you can try out Markdown using Gruber's online [http://daringfireball.net/projects/markdown/dingus conversion tool].<br />
<br />
== Configuration ==<br />
A default Jekyll directory tree looks like the following, where "." denotes the root directory of your Jeykll generated website.<br />
.<br />
|-- _config.yml<br />
|-- _layouts<br />
| |-- default.html<br />
| `-- post.html<br />
|-- _posts<br />
| |-- 2010-02-13-early-userspace-in-arch-linux.textile<br />
| `-- 2011-05-29-arch-linux-usb-install-and-rescue-media.textile<br />
|-- _site<br />
`-- index.html<br />
The default file structure is available from [https://github.com/danielmcgraw/Jekyll-Base Jekyll-Base] on GitHub.<br />
{{note|Daniel McGraw has setup a more extensive default file structure on [https://github.com/danielmcgraw/danielmcgraw.com.git GitHub].}}<br />
<br />
The {{filename|_config.yml}} file stores configuration data. It includes numerous configuration settings, which may also be called as flags. Full explanation and a default configuration can be found on <br />
[https://github.com/mojombo/jekyll/wiki/Configuration GitHub].<br />
<br />
Once you have configured your {{filename|_config.yml}} to your liking you need to create the files that will be processed by Jekyll to generate the website.<br />
<br />
== Usage ==<br />
Next you need to create templates that Jekyll can process. These templates make use of the Liquid templating system to input data. For a full explanation check [https://github.com/mojombo/jekyll/wiki/template-data GitHub].<br />
<br />
Additionally, each file besides {{filename|/_layouts/layout.html}} requires a [https://github.com/mojombo/jekyll/wiki/yaml-front-matter YAML Front Matter] heading.<br />
<br />
=== Create Index Layout ===<br />
This is a basic template for your {{filename|index.html}}, which is used to render your website's index page.<br />
{{file|name=index.html|content=<nowiki><br />
---<br />
layout: layout<br />
title: Jekyll Base<br />
---<br />
<br />
<div class="content"><br />
<div class="related"><br />
<ul><br />
{% for post in site.posts %}<br />
<li><br />
<span>{{ post.date | date: "%B %e, %Y" }}</span> <a href="{{ post.url }}">{{ post.title }}</a><br />
</li><br />
{% endfor %}<br />
</ul><br />
</div><br />
</div><br />
</nowiki>}}<br />
<br />
=== Create General Website Layout ===<br />
This is a basic template for your website's general layout. It will be referenced in the [[Wikipedia:YAML|YAML]] Front Matter blocks of each file (see: [[#Creating a Post|Creating a Post]]).<br />
{{file|name=_layouts/layout.html|content=<nowiki><br />
<!DOCTYPE HTML><br />
<br />
<html><br />
<head><br />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><br />
<meta name="author" content="Your Name" /><br />
<title>{{ page.title }}</title><br />
</head><br />
<body><br />
<header><br />
<h1><a href="/">Jekyll Base</a></h1><br />
</header><br />
<section><br />
{{ content }}<br />
</section><br />
</body><br />
</html><br />
</nowiki>}}<br />
<br />
=== Create Post Layout ===<br />
This is a basic template for each of your posts. Again, this will be referenced in the [[Wikipedia:YAML|YAML]] Front Matter blocks of each file (see: [[#Creating a Post|Creating a Post]]).<br />
{{file|name=_layouts/post.html|content=<nowiki><br />
---<br />
layout: layout<br />
title: sample title<br />
---<br />
<br />
<div class="content"><br />
<div id="post"><br />
<h1>{{ post.title }}</h1><br />
{{ content }}<br />
</div><br />
</div><br />
</nowiki>}}<br />
<br />
=== Creating a Post ===<br />
The content of each blog post will be contained within a file inside of the <tt>_posts</tt> directorys. To use the default naming convention each file should be saved with the year, month, date, post title and end with the *.md or *.textile depending on the markup language used (e.g. {{filename|2010-02-13-early-userspace-in-arch-linux.textile}}). The date defined in the filename will be used as the published date in the post. Additionally, the filename will be used to generate the permalink (i.e. /categories/year/month/day/title.html). To use an alternate permalink style or create your own review the explanation on [https://github.com/mojombo/jekyll/wiki/Permalinks GitHub].<br />
<br />
== Test ==<br />
To generate a static HTML website based on your Textile or Markdown documents run <tt>jekyll</tt>. To simultaneously test the generated HTML website run Jekyll with the <tt>--server</tt> flag.<br />
$ jekyll --server<br />
It is recommended to define server options in your {{filename|_config.yml}}. The default will start a server on port 4000, which can be accessed in your web browser at <tt>localhost:4000</tt>.<br />
<br />
== External Links ==<br />
*[[Wikipedia: YAML|YAML]]<br />
*[[Wikipedia: Textile (markup language)|Textile]]<br />
=== Tutorials ===<br />
*[http://danielmcgraw.com/2011/04/14/The-Ultimate-Guide-To-Getting-Started-With-Jekyll-Part-1/ Installation Tutorial] by Daniel McGraw<br />
*[http://danielmcgraw.com/2011/04/18/The-Ultimate-Guide-To-Getting-Started-With-Jekyll-Part-2/ Configuration Tutorial] by Daniel McGraw<br />
=== Examples ===<br />
Websites created with Jeykll by Arch Linux users. Further examples can be found on [https://github.com/mojombo/jekyll/wiki/sites GitHub].<br />
* [http://www.cinderwick.ca/ Personal website] by [[User:Thayer|Thayer]]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Jekyll&diff=140681Jekyll2011-05-09T16:32:35Z<p>Thayer: add sample title for populating Liquid tags</p>
<hr />
<div>[[Category:HOWTOs (English)]]<br />
{{i18n|Jekyll}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Jekyll is a simple static site generator written in Ruby and developed by GitHub co-founder [http://tom.preston-werner.com/ Tom Preston-Werner]. This page provides a verbose tutorial to install and configure Jekyll for both inexperienced and advanced users.}}<br />
{{Article summary heading|Required software}}<br />
{{Article summary link|directory_watcher|http://rubygems.org/gems/directory_watcher}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Related article title}}<br />
{{Article summary end}}<br />
<br />
"Jekyll is a simple, blog aware, static site generator. It takes a template directory (representing the raw form of a website), runs it through Textile or Markdown and Liquid converters, and spits out a complete, static website suitable for serving with Apache or your favorite web server. This is also the engine behind [http://pages.github.com/ GitHub Pages], which you can use to host your project’s page or blog right here from GitHub." [https://github.com/mojombo/jekyll/wikiGitHub]<br />
<br />
Werner announced the release of Jekyll on [http://tom.preston-werner.com/2008/11/17/blogging-like-a-hacker.html his website] on November 17, 2008.<br />
<br />
== Installation ==<br />
Jekyll can be installed in Arch Linux with the [[Wikipedia:RubyGems|RubyGems]] package manager or using the applicable packages in the [[Arch User Repository]]. Both methods require the Ruby package in [extra] to be installed.<br />
<br />
=== RubyGems (Recommended)===<br />
The best way to install Jekyll is with [[Ruby#RubyGems|RubyGems]], a package manager for the Ruby programming language. RubyGems is installed alongside the [[Ruby]] package, which is located in the [http://www.archlinux.org/packages/?sort=&repo=Extra&q=ruby&maintainer=&last_update=&flagged=&limit=50 extra repository].<br />
$ pacman -S ruby ruby-docs<br />
Jekyll can then be installed for all users on the machine using the <tt>gem</tt> command as root. Alternative installation methods are available on the [[Ruby#RubyGems|Ruby]] page.<br />
<br />
Before installing Jekyll make sure to update RubyGems.<br />
$ gem update --system<br />
Then install Jekyll using the <tt>gem</tt> command.<br />
$ gem install jekyll<br />
<br />
=== Arch User Repository (Alternate) ===<br />
Jekyll is also packaged independently of RubyGems in the [http://aur.archlinux.org/packages.php?ID=44412 AUR]. Installation through AUR allows all packages to be maintained with [[Pacman]] rather than RubyGems.<br />
<br />
== Select a Markup Language==<br />
There are numerous different markup languages that are used to define text-to-HTML conversion tools.<br />
<br />
=== Textile (Default) ===<br />
[[Wikipedia:Textile (markup language)|Textile]] is the default markup language used by Jekyll.<br />
<br />
=== Markdown (Alternate) ===<br />
[http://daringfireball.net/projects/markdown/ Markdown] is a markup language and text-to-HTML conversion tool developed in Perl by [http://daringfireball.net/ John Gruber]. A perl and a pyhton implementation of Markdown can be found in [community], while numerous other implementations are available in the [http://aur.archlinux.org/packages.php?O=0&K=markdown&do_Search=Go AUR]. <br />
<br />
Additionally, it has been implemented in C as [http://www.pell.portland.or.us/~orc/Code/discount/ Discount] by [http://www.pell.portland.or.us/~orc/ David Parsons] and a Ruby extension was written by [http://tomayko.com/ Ryan Tomayko] as [https://github.com/rtomayko/rdiscount RDiscount]. You can install RDiscount with Rubygems as root '''or''' through the [http://aur.archlinux.org/packages.php?ID=34706 AUR].<br />
$ gem install rdiscount -s <nowiki>http://gemcutter.org</nowiki><br />
Then add the following line to your {{filename|_config.yml}}.<br />
markdown: rdiscount<br />
<br />
If you are unfamiliar with Markdown, Gruber's [http://daringfireball.net/projects/markdown/basics website] presents an excellent introduction. Additionally, you can try out Markdown using Gruber's online [http://daringfireball.net/projects/markdown/dingus conversion tool].<br />
<br />
== Configuration ==<br />
A default Jekyll directory tree looks like the following, where "." denotes the root directory of your Jeykll generated website.<br />
.<br />
|-- _config.yml<br />
|-- _layouts<br />
| |-- default.html<br />
| `-- post.html<br />
|-- _posts<br />
| |-- 2010-02-13-early-userspace-in-arch-linux.textile<br />
| `-- 2011-05-29-arch-linux-usb-install-and-rescue-media.textile<br />
|-- _site<br />
`-- index.html<br />
The default file structure is available from [https://github.com/danielmcgraw/Jekyll-Base Jekyll-Base] on GitHub.<br />
{{note|Daniel McGraw has setup a more extensive default file structure on [https://github.com/danielmcgraw/danielmcgraw.com.git GitHub].}}<br />
<br />
The {{filename|_config.yml}} file stores configuration data. It includes numerous configuration settings, which may also be called as flags. Full explanation and a default configuration can be found on <br />
[https://github.com/mojombo/jekyll/wiki/Configuration GitHub].<br />
<br />
Once you have configured your {{filename|_config.yml}} to your liking you need to create the files that will be processed by Jekyll to generate the website.<br />
<br />
== Usage ==<br />
Next you need to create templates that Jekyll can process. These templates make use of the Liquid templating system to input data. For a full explanation check [https://github.com/mojombo/jekyll/wiki/template-data GitHub].<br />
<br />
Additionally, each file besides {{filename|/_layouts/layout.html}} requires a [https://github.com/mojombo/jekyll/wiki/yaml-front-matter YAML Front Matter] heading.<br />
<br />
=== Create Index Layout ===<br />
This is a basic template for your {{filename|index.html}}, which is used to render your website's index page.<br />
{{file|name=index.html|content=<nowiki><br />
---<br />
layout: layout<br />
title: Jekyll Base<br />
---<br />
<br />
<div class="content"><br />
<div class="related"><br />
<ul><br />
{% for post in site.posts %}<br />
<li><br />
<span>{{ post.date | date: "%B %e, %Y" }}</span> <a href="{{ post.url }}">{{ post.title }}</a><br />
</li><br />
{% endfor %}<br />
</ul><br />
</div><br />
</div><br />
</nowiki>}}<br />
<br />
=== Create General Website Layout ===<br />
This is a basic template for your website's general layout. It will be referenced in the [[Wikipedia:YAML|YAML]] Front Matter blocks of each file (see: [[#Creating a Post|Creating a Post]]).<br />
{{file|name=_layouts/layout.html|content=<nowiki><br />
<!DOCTYPE HTML><br />
<br />
<html><br />
<head><br />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><br />
<meta name="author" content="Your Name" /><br />
<title>{{ page.title }}</title><br />
</head><br />
<body><br />
<header><br />
<h1><a href="/">Jekyll Base</a></h1><br />
</header><br />
<section><br />
{{ content }}<br />
</section><br />
</body><br />
</html><br />
</nowiki>}}<br />
<br />
=== Create Post Layout ===<br />
This is a basic template for each of your posts. Again, this will be referenced in the [[Wikipedia:YAML|YAML]] Front Matter blocks of each file (see: [[#Creating a Post|Creating a Post]]).<br />
{{file|name=_layouts/post.html|content=<nowiki><br />
---<br />
layout: layout<br />
title: sample title<br />
---<br />
<br />
<div class="content"><br />
<div id="post"><br />
<h1>{{ post.title }}</h1><br />
{{ content }}<br />
</div><br />
</div><br />
</nowiki>}}<br />
<br />
=== Creating a Post ===<br />
The content of each blog post will be contained within a file inside of the <tt>_posts</tt> directorys. To use the default naming convention each file should be saved with the year, month, date, post title and end with the *.md or *.textile depending on the markup language used (e.g. {{filename|2010-02-13-early-userspace-in-arch-linux.textile}}). The date defined in the filename will be used as the published date in the post. Additionally, the filename will be used to generate the permalink (i.e. /categories/year/month/day/title.html). To use an alternate permalink style or create your own review the explanation on [https://github.com/mojombo/jekyll/wiki/Permalinks GitHub].<br />
<br />
== Test ==<br />
To generate a static HTML website based on your Textile or Markdown documents run <tt>jekyll</tt>. To simultaneously test the generated HTML website run Jekyll with the <tt>--server</tt> flag.<br />
$ jekyll --server<br />
It is recommended to define server options in your {{filename|_config.yml}}. The default will start a server on port 4000, which can be accessed in your web browser at <tt>localhost:4000</tt>.<br />
<br />
== External Links ==<br />
*[[Wikipedia: YAML|YAML]]<br />
*[[Wikipedia: Textile (markup language)|Textile]]<br />
=== Tutorials ===<br />
*[http://danielmcgraw.com/2011/04/14/The-Ultimate-Guide-To-Getting-Started-With-Jekyll-Part-1/ Installation Tutorial] by Daniel McGraw<br />
*[http://danielmcgraw.com/2011/04/18/The-Ultimate-Guide-To-Getting-Started-With-Jekyll-Part-2/ Configuration Tutorial] by Daniel McGraw<br />
=== Examples ===<br />
Websites created with Jeykll by Arch Linux users. Further examples can be found on [https://github.com/mojombo/jekyll/wiki/sites GitHub].<br />
* [http://www.cinderwick.ca/ Personal website] by [[User:Thayer|Thayer]]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmobar&diff=140285Xmobar2011-05-07T16:32:34Z<p>Thayer: /* Using ~/.xmobarrc */</p>
<hr />
<div>[[Category:Eye_candy_(English)]]<br />
[[Category:Utilities_(English)]]<br />
<br />
= Introduction =<br />
[http://projects.haskell.org/xmobar/ xmobar] is a lightweight bar written in haskell. It is one of the most popular bars to use together with [[Xmonad]].<br>Even though it is written in haskell, you don't need to know haskell to configure it.<br />
<br />
= Installation =<br />
xmobar can be found in the [community] repository and the development version (xmobar-git) can be found in [[AUR|aur]].<br />
<br />
= Configuration =<br />
Xmobar can be configured both with command line options and a configuration file (~/.xmobarrc).<br>Any command line option will override the coresponding option set in the configuration file.<br />
<br />
== Using ~/.xmobarrc ==<br />
Following is a short description of the options you can use in ~/.xmobarrc<br />
; font : The font to use. If you got XFT fonts enabled, prefix XFT fonts with xft:<br />
; fgColor : The default colour to use for the font, takes both colour names and hex colours.<br />
; bgColor : The colour of the bar, takes both colour names and hex colours.<br />
; position : The position of the bar. Keywords are: Top, TopW, Bottom, BottomW and Static.<br><br />
:* Top/Bottom - The top/bottom of the screen.<br />
:* TopW/BottomW - The top/bottom of the screen with a fixed with. They take 2 options:<br />
:** ''Alignment:'' '''L'''eft, '''C'''enter or '''R'''ight aligned.<br />
:** ''Width:'' An iteger for the width of the bar in percent.<br />
:: Example: Centered at the bottom of the screen, with a width of 75% of the screen.<br />
position = BottomW C 75<br />
:* Static - A fixed position on the screen, with a fixed with. Static takes 4 keyword arguments:<br />
:** xpos: Horisontal position in pixels, starting at the upper left corner.<br />
:** ypos: Vertical position in pixels, starting at the upper left corner.<br />
:** width: The width of the bar in pixels.<br />
:** height: The height of the bar in pixels.<br />
:: Example: Top left of the screen, with a width of 1024 pixels and height of 15 pixels<br />
position = Static { xpos = 0 , ypos = 0, width = 1024, height = 15 }<br />
; commands : For setting the options of the programs to run (optional).<br />
: commands is a comma seperated list of commands, and their options. Example:<br />
:: <tt>[Run Memory ["-t","Mem: <usedratio>%"] 10, Run Swap [] 10]</tt><br />
:: runs the Memory plugin, with the specified template, and the Swap plugin, with default args. And both with an update every second. (the update rate is in 1/10 seconds)<br />
; sepChar : The character to be used for indicating commands in the output template (default '%').<br />
; alignSep : A string of characters for aligning text in the output template. (default '}{') The text before the first char will be left aligned, the text between them will be centered, and the text to the right of the last char will be right aligned.<br />
; template : The output template is a string containing text and commands.<br />
:* %command% - An command to run. The output can contain a flag to set the colour of the text. You can change the '%' to some other char with '''sepChar'''<br />
:* <fc=''colour''></fc> - Sets the colour of a portion of text, takes both colour names and hex colours.<br />
<br />
=== Example .xmobarrc file ===<br />
<br />
<pre><br />
Config { font = "-misc-fixed-*-*-*-*-10-*-*-*-*-*-*-*"<br />
, bgColor = "black"<br />
, fgColor = "grey"<br />
, position = Top<br />
, lowerOnStart = True<br />
, commands = [ Run Weather "EGPF" ["-t","<station>: <tempC>C","-L","18","-H","25","--normal","green","--high","red","--low","lightblue"] 36000<br />
, Run Network "eth0" ["-L","0","-H","32","--normal","green","--high","red"] 10<br />
, Run Network "eth1" ["-L","0","-H","32","--normal","green","--high","red"] 10<br />
, Run Cpu ["-L","3","-H","50","--normal","green","--high","red"] 10<br />
, Run Memory ["-t","Mem: <usedratio>%"] 10<br />
, Run Swap [] 10<br />
, Run Com "uname" ["-s","-r"] "" 36000<br />
, Run Date "%a %b %_d %Y %H:%M:%S" "date" 10<br />
]<br />
, sepChar = "%"<br />
, alignSep = "}{"<br />
, template = "%cpu% | %memory% * %swap% | %eth0% - %eth1% }{ <fc=#ee9a00>%date%</fc>| %EGPF% | %uname%"<br />
}<br />
</pre><br />
<br />
== Gmail integration ==<br />
Consider installing xmobar package [http://aur.archlinux.org/packages.php?ID=43098 with GMail plugin], then add this to your xmobarrc:<br />
<br />
Config { ...<br />
, commands = [ <br />
...<br />
, Run GMail "gmail.username" "GmailPassword" ["-t", "Mail: <count>"] 3000<br />
...<br />
]<br />
, template = "%cpu% ... %gmail.username% ... <fc=#ee9a00>%date%</fc>"<br />
}<br />
<br />
== MPD intergration ==<br />
{{Out of date}}<br />
Since there also isn't an mpd plugin , you can use the same trick as the gmail plugin. You will need mpc for this , [http://github.com/jelly/dotfiles/blob/master/bin/mpd.sh here is the simple script] , save this script some where and run it like this :<br />
<br />
Run Com "sh" ["~/bin/mpd.sh"] "mpd" 10 <br />
<br />
In the template add this:<br />
%mpd%<br />
<br />
== Conky-Cli integration ==<br />
One might want to integrate conky-cli into xmobar because the plugins shipped with xmobar doesn't support displaying some types of information, such as the amount of space on a partition. Here is a bash script which pipes information from conky-cli into a text file which then cats the file.<br />
<pre><br />
#!/bin/bash<br />
# Filename: ~/.xmonad/conkyscript<br />
conky -c ~/.conkyclirc -i1 -q > conkystat &<br />
sleep 4<br />
killall -q conky<br />
cat conkystat<br />
rm conkystat<br />
</pre><br><br />
Add this line to the commands section inside ~/.xmobarrc which makes the script run every 30 seconds.<br />
<pre><br />
, Run Com ".xmonad/conkyscript" ["&"] "conky" 300<br />
</pre><br><br />
Then add this to your .xinitrc before "exec xmonad".<br />
<pre><br />
.xmonad/conkyscript &<br />
sleep 6 && xmobar &<br />
</pre><br><br />
Then add %conky% to your template section, and then it should work.<br />
= Resources = <br />
[http://hackage.haskell.org/package/xmobar xmobar on hackage]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmobar&diff=140284Xmobar2011-05-07T16:31:24Z<p>Thayer: </p>
<hr />
<div>[[Category:Eye_candy_(English)]]<br />
[[Category:Utilities_(English)]]<br />
<br />
= Introduction =<br />
[http://projects.haskell.org/xmobar/ xmobar] is a lightweight bar written in haskell. It is one of the most popular bars to use together with [[Xmonad]].<br>Even though it is written in haskell, you don't need to know haskell to configure it.<br />
<br />
= Installation =<br />
xmobar can be found in the [community] repository and the development version (xmobar-git) can be found in [[AUR|aur]].<br />
<br />
= Configuration =<br />
Xmobar can be configured both with command line options and a configuration file (~/.xmobarrc).<br>Any command line option will override the coresponding option set in the configuration file.<br />
<br />
== Using ~/.xmobarrc ==<br />
Following is a short description of the options you can use in ~/.xmobarrc<br />
; font : The font to use. If you got XFT fonts enabled, prefix XFT fonts with xft:<br />
; fgColor : The default colour to use for the font, takes both colour names and hex colours.<br />
; bgColor : The colour of the bar, takes both colour names and hex colours.<br />
; position : The position of the bar. Keywords are: Top, TopW, Bottom, BottomW and Static.<br><br />
:* Top/Bottom - The top/bottom of the screen.<br />
:* TopW/BottomW - The top/bottom of the screen with a fixed with. They take 2 options:<br />
:** ''Alignment:'' '''L'''eft, '''C'''enter or '''R'''ight aligned.<br />
:** ''Width:'' An iteger for the width of the bar in percent.<br />
:: Example: Centered at the bottom of the screen, with a width of 75% of the screen.<br />
position = BottomW C 75<br />
:* Static - A fixed position on the screen, with a fixed with. Static takes 4 keyword arguments:<br />
:** xpos: Horisontal position in pixels, starting at the upper left corner.<br />
:** ypos: Vertical position in pixels, starting at the upper left corner.<br />
:** width: The width of the bar in pixels.<br />
:** height: The height of the bar in pixels.<br />
:: Example: Top left of the screen, with a width of 1024 pixels and height of 15 pixels<br />
position = Static { xpos = 0 , ypos = 0, width = 1024, height = 15 }<br />
; commands : For setting the options of the programs to run (optional).<br />
: commands is a comma seperated list of commands, and their options. Example:<br />
:: <tt>[Run Memory ["-t","Mem: <usedratio>%"] 10, Run Swap [] 10]</tt><br />
:: runs the Memory plugin, with the specified template, and the Swap plugin, with default args. And both with an update every second. (the update rate is in 1/10 seconds)<br />
; sepChar : The character to be used for indicating commands in the output template (default '%').<br />
; alignSep : A string of characters for aligning text in the output template. (default '}{') The text before the first char will be left aligned, the text between them will be centered, and the text to the right of the last char will be right aligned.<br />
; template : The output template is a string containing text and commands.<br />
:* %command% - An command to run. The output can contain a flag to set the colour of the text. You can chage the '%' to some other char with '''sepChar'''<br />
:* <fc=''colour''></fc> - Sets the colour of a partion of text, takes both colour names and hex colours.<br />
<br />
=== Example .xmobarrc file ===<br />
<br />
<pre><br />
Config { font = "-misc-fixed-*-*-*-*-10-*-*-*-*-*-*-*"<br />
, bgColor = "black"<br />
, fgColor = "grey"<br />
, position = Top<br />
, lowerOnStart = True<br />
, commands = [ Run Weather "EGPF" ["-t","<station>: <tempC>C","-L","18","-H","25","--normal","green","--high","red","--low","lightblue"] 36000<br />
, Run Network "eth0" ["-L","0","-H","32","--normal","green","--high","red"] 10<br />
, Run Network "eth1" ["-L","0","-H","32","--normal","green","--high","red"] 10<br />
, Run Cpu ["-L","3","-H","50","--normal","green","--high","red"] 10<br />
, Run Memory ["-t","Mem: <usedratio>%"] 10<br />
, Run Swap [] 10<br />
, Run Com "uname" ["-s","-r"] "" 36000<br />
, Run Date "%a %b %_d %Y %H:%M:%S" "date" 10<br />
]<br />
, sepChar = "%"<br />
, alignSep = "}{"<br />
, template = "%cpu% | %memory% * %swap% | %eth0% - %eth1% }{ <fc=#ee9a00>%date%</fc>| %EGPF% | %uname%"<br />
}<br />
</pre><br />
<br />
== Gmail integration ==<br />
Consider installing xmobar package [http://aur.archlinux.org/packages.php?ID=43098 with GMail plugin], then add this to your xmobarrc:<br />
<br />
Config { ...<br />
, commands = [ <br />
...<br />
, Run GMail "gmail.username" "GmailPassword" ["-t", "Mail: <count>"] 3000<br />
...<br />
]<br />
, template = "%cpu% ... %gmail.username% ... <fc=#ee9a00>%date%</fc>"<br />
}<br />
<br />
== MPD intergration ==<br />
{{Out of date}}<br />
Since there also isn't an mpd plugin , you can use the same trick as the gmail plugin. You will need mpc for this , [http://github.com/jelly/dotfiles/blob/master/bin/mpd.sh here is the simple script] , save this script some where and run it like this :<br />
<br />
Run Com "sh" ["~/bin/mpd.sh"] "mpd" 10 <br />
<br />
In the template add this:<br />
%mpd%<br />
<br />
== Conky-Cli integration ==<br />
One might want to integrate conky-cli into xmobar because the plugins shipped with xmobar doesn't support displaying some types of information, such as the amount of space on a partition. Here is a bash script which pipes information from conky-cli into a text file which then cats the file.<br />
<pre><br />
#!/bin/bash<br />
# Filename: ~/.xmonad/conkyscript<br />
conky -c ~/.conkyclirc -i1 -q > conkystat &<br />
sleep 4<br />
killall -q conky<br />
cat conkystat<br />
rm conkystat<br />
</pre><br><br />
Add this line to the commands section inside ~/.xmobarrc which makes the script run every 30 seconds.<br />
<pre><br />
, Run Com ".xmonad/conkyscript" ["&"] "conky" 300<br />
</pre><br><br />
Then add this to your .xinitrc before "exec xmonad".<br />
<pre><br />
.xmonad/conkyscript &<br />
sleep 6 && xmobar &<br />
</pre><br><br />
Then add %conky% to your template section, and then it should work.<br />
= Resources = <br />
[http://hackage.haskell.org/package/xmobar xmobar on hackage]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Awesome_(window_manager)&diff=140159Awesome (window manager)2011-05-06T17:24:09Z<p>Thayer: /* Themes */</p>
<hr />
<div>[[Category:Dynamic WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|Awesome3}}<br />
<br />
From the awesome website:<br />
<br />
"''[http://awesome.naquadah.org/ awesome] is a highly configurable, next generation framework window manager for X. It is very fast, extensible and licensed under the GNU GPLv2 license.''<br />
<br />
''It is primarly targeted at power users, developers and any people dealing with every day computing tasks and who want to have fine-grained control on its graphical environment.''"<br />
<br />
==Installation==<br />
<br />
[http://aur.archlinux.org/packages.php?ID=41362 awesome] is available in the [[AUR]], due to its dependency on the unsupported cairo-xcb package. If you want unstable pre-release versions, you can install the [http://aur.archlinux.org/packages.php?ID=13916 awesome-git] package instead.<br />
<br />
==Getting Started==<br />
<br />
===Using awesome===<br />
To run awesome without a login manager, simply add '''<tt>exec awesome</tt>''' to the startup script of your choice (e.g. ~/.xinitrc.)<br />
<br />
If you have problems with some devices (like mounting usbkeys, reading dvds) be sure to read documentation about [[HAL]] and policykit. When you don't use a login manager, nothing is automated. In some cases, using '''<tt>exec ck-launch-session awesome</tt>''' can solve your problems.<br />
<br />
To start awesome from a login manager, see [[Display Manager|this article]]. <br />
<br />
'''[[SLIM]]''' is a popular lightweight login manager and comes highly recommended. You should do like this:<br />
<br />
1) Edit /etc/slim.conf for start awesome session, add awesome to sessions line. <br>For example: <br />
sessions awesome,wmii,xmonad<br />
2) Edit ~/.xinitrc file <br />
DEFAULT_SESSION=awesome<br />
case $1 in<br />
awesome|wmii|xmonad) exec $1 ;;<br />
*) exec $DEFAULT_SESSION ;;<br />
esac<br />
However, you can also start awesome as preferred user without any login manager and even without logging in, after editing ~/.xinitrc and /etc/inittab properly. Refer to the article [[Start X at boot]].<br />
<br />
==Configuration==<br />
Awesome includes some good default settings right out of the box, but sooner or later you'll want to change something. The lua based configuration file is at <tt>~/.config/awesome/rc.lua</tt>.<br />
<br />
===Creating the configuration file===<br />
First, run the following to create the directory needed in the next step:<br />
$ mkdir -p ~/.config/awesome/<br />
<br />
Whenever compiled, awesome will attempt to use whatever custom settings are contained in ~/.config/awesome/rc.lua. This file is not created by default, so we must copy the template file first:<br />
$ cp /etc/xdg/awesome/rc.lua ~/.config/awesome/<br />
<br />
The syntax of the configuration often changes when awesome updates. So, remember to repeate the command above when you get something strange with awesome, or you'd like to modify the configuration.<br />
<br />
For more information about configuring awesome, check out the [http://awesome.naquadah.org/wiki/Awesome_3_configuration configuration page at awesome wiki]<br />
<br />
===More configuration resources===<br />
{{Note|The syntax of awesome configuration changes regularly, so you will likely have to modify any file you download.}}<br />
<br />
Some good examples of rc.lua would be as follows:<br />
<br />
* http://git.sysphere.org/awesome-configs/tree/ - Awesome 3.4 configurations from Adrian C. (anrxc)<br />
* http://pastebin.com/f6e4b064e - Darthlukan's awesome 3.4 configuration. <br />
* http://www.calmar.ws/dotfiles/dotfiledir/dot_awesomerc.lua<br />
* http://github.com/wolgri/wolgri.config/tree/master/.config/awesome/rc.lua<br />
* http://oxmoz.no-ip.org/awesome/rc.lua<br />
* http://www.ugolnik.info/downloads/awesome/rc.lua (screen) - Awesome 3 with small titlebar and statusbar.<br />
* http://github.com/bash/dotfiles/blob/master/.config/awesome/rc.lua<br />
* http://github.com/nblock/config/blob/master/.config/awesome/rc.lua<br />
* User Configuration Files http://awesome.naquadah.org/wiki/User_Configuration_Files<br />
<br />
===Debug rc.lua using Xephyr===<br />
<br />
This is my prefered way to debug rc.lua, without breaking my current desktop. I first copy my rc.lua into a new file, rc.lua.new, and modify it as needed. Then, I run new instance of awesome in Xephyr (allows you to run X nested in another X's client window, supplying rc.lua.new as a config file like this:<br />
<br />
$ Xephyr -ac -br -noreset -screen 1152x720 :1 &<br />
$ DISPLAY=:1.0 awesome -c ~/.config/awesome/rc.lua.new<br />
<br />
Big advantage of this approach is that if I break rc.lua.new, I don't break my current awesome desktop (and possibly crash all my X apps, lose all unsaved things and so on...). Once I'm happy with my new settings, I move rc.lua.new to rc.lua and restart awesome. And I can be sure it will work and restarting with new config won't mess up things.<br />
<br />
==Themes==<br />
<br />
[http://awesome.naquadah.org/wiki/Beautiful Beautiful] is a lua library that allows you to theme awesome using an external file, it becomes very easy to dynamically change your whole awesome colours and wallpaper without changing your rc.lua. <br />
<br />
The default theme is at /usr/share/awesome/themes/default. Copy it to ~/.config/awesome/themes/default and change theme_path in rc.lua. <br />
<br />
More details [http://awesome.naquadah.org/wiki/Beautiful here]<br />
<br />
A few sample [http://awesome.naquadah.org/wiki/Beautiful_themes themes]<br />
<br />
===Setting up your wallpaper===<br />
<br />
Beautiful can handle your wallpaper, thus you don't need to set it up in your .xinitrc or .xsession files. This allows you to have a specific wallpaper for each theme. If you take a look at the default theme file you'll see a wallpaper_cmd key, the given command is executed when beautiful.init("path_to_theme_file") is run. You can put here you own command or remove/comment the key if you don't want Beautiful to interfere with your wallpaper business.<br />
<br />
For instance, if you use awsetbg to set your wallpaper, you can write:<br />
<br />
wallpaper_cmd = { "awsetbg -f .config/awesome/themes/awesome-wallpaper.png" }<br />
<br />
{{Note|For awsetbg to work you need to have a program that can manage desktop backgrounds installed. For example '''[[Feh]]'''.}}<br />
<br />
====Random Background Image====<br />
To rotate the wallpapers randomly, just comment the wallpaper_cmd line above, and add a script into your .xinitrc with the codes below:<br />
<pre><br />
while true;<br />
do<br />
awsetbg -r <path/to/the/directory/of/your/wallpapers><br />
sleep 15m<br />
done &<br />
</pre><br />
<br />
==Tips & Tricks==<br />
Feel free to add any tips or tricks that you would like to pass on to other awesome users.<br />
<br />
===Expose effect like compiz===<br />
<br />
Revelation brings up a view of all your open clients; left-clicking a client pops to the first tag that client is visible on and raises/focuses the client. In addition, the Enter key pops to the currently focused client, and Escape aborts. <br />
<br />
http://awesome.naquadah.org/wiki/Revelation<br />
<br />
===Hide / show wibox in awesome 3===<br />
<br />
To map Modkey-b to hide/show default statusbar on active screen (as default in awesome 2.3), add to your ''clientkeys'' in rc.lua:<br />
<br />
awful.key({ modkey }, "b", function ()<br />
mywibox[mouse.screen].visible = not mywibox[mouse.screen].visible<br />
end),<br />
<br />
===Enable printscreens===<br />
<br />
To enable printscreens in awesome through the PrtScr button you need to have a screen capturing program.<br />
Scrot is a easy to use utility for this purpose and is available in Arch repositories.<br />
<br />
Just type:<br />
# pacman -S scrot<br />
<br />
and install optional dependencies if you feel that you need them.<br />
<br />
Next of we need to get the key name for PrtScr, most often this is named "Print" but one can never be too sure.<br />
<br />
Start up:<br />
# xev<br />
<br />
And press the PrtScr button, the output should be something like:<br />
KeyPress event ....<br />
root 0x25c, subw 0x0, ...<br />
state 0x0, keycode 107 (keysym 0xff61, '''Print'''), same_screen YES,<br />
....<br />
<br />
In my case as you see, the keyname is Print.<br />
<br />
Now to the configuration of awesome!<br />
<br />
Somewhere in your globalkeys array (doesn't matter where) type:<br />
<br />
Lua code:<br />
<br />
awful.key({ }, "Print", function () awful.util.spawn("scrot -e 'mv $f ~/screenshots/ 2>/dev/null'") end),<br />
<br />
A good place to put this is bellow the keyhook for spawning a terminal.<br />
To find this line search for: awful.util.spawn(terminal) in your favourite text editor.<br />
<br />
Also, this function saves screenshots inside ~/screenshots/, edit this to fit your needs.<br />
<br />
===Dynamic tagging===<br />
<br />
[http://awesome.naquadah.org/wiki/Eminent Eminent] is a small lua library that monkey-patches awful to provide you with effortless and quick wmii-style dynamic tagging. Unlike shifty, eminent does not aim to provide a comprehensive tagging system, but tries to make dynamic tagging as simple as possible. In fact, besides importing the eminent library, you do not have to change your rc.lua at all, eminent does all the work for you.<br />
<br />
[http://awesome.naquadah.org/wiki/Shifty Shifty] is an Awesome 3 extension that implements dynamic tagging. It also implements fine client matching configuration allowing YOU to be the master of YOUR desktop only by setting two simple config variables and some keybindings!<br />
<br />
===Space Invaders===<br />
[http://awesome.naquadah.org/wiki/Space_Invaders Space Invaders] is a demo to show the possibilities of the Awesome Lua API.<br />
<br />
Please note that it is no longer included in the Awesome package since the 3.4-rc1 release.<br />
<br />
===Naughty for popup notification===<br />
See [https://awesome.naquadah.org/wiki/Naughty the awesome wiki page on naughty].<br />
<br />
===Popup Menus===<br />
There's a simple menu by default in awesome3, and customed menus seem very easy now. However, if you're using 2.x awesome, have a look at ''[http://awesome.naquadah.org/wiki/Awful.menu awful.menu]''.<br />
<br />
An example for awesome3:<br />
<pre><br />
myawesomemenu = {<br />
{ "lock", "xscreensaver-command -activate" },<br />
{ "manual", terminal .. " -e man awesome" },<br />
{ "edit config", editor_cmd .. " " .. awful.util.getdir("config") .. "/rc.lua" },<br />
{ "restart", awesome.restart },<br />
{ "quit", awesome.quit }<br />
}<br />
<br />
mycommons = {<br />
{ "pidgin", "pidgin" },<br />
{ "OpenOffice", "soffice-dev" },<br />
{ "Graphic", "gimp" }<br />
}<br />
<br />
mymainmenu = awful.menu.new({ items = { <br />
{ "terminal", terminal },<br />
{ "icecat", "icecat" },<br />
{ "Editor", "gvim" },<br />
{ "File Manager", "pcmanfm" },<br />
{ "VirtualBox", "VirtualBox" },<br />
{ "Common App", mycommons, beautiful.awesome_icon },<br />
{ "awesome", myawesomemenu, beautiful.awesome_icon }<br />
}<br />
})<br />
</pre><br />
<br />
===More Widgets in awesome===<br />
''Widgets in awesome are objects that you can add to any widget-box (statusbars and titlebars), they can provide various information about your system, and are useful for having access to this information, right from your window manager. Widgets are simple to use and offer a great deal of flexibility.'' -- Source [http://awesome.naquadah.org/wiki/Widgets_in_awesome Awesome Wiki: Widgets].<br />
<br />
There's a widely used widget library called '''Wicked''' (compatible with awesome versions '''prior to 3.4'''), that provides more widgets, like MPD widget, CPU usage, memory usage, etc. For more details see the [http://awesome.naquadah.org/wiki/Wicked Wicked page].<br />
<br />
As a replacement for Wicked in awesome v3.4 check '''[http://awesome.naquadah.org/wiki/Vicious Vicious]''', '''[http://awesome.naquadah.org/wiki/Obvious Obvious]''' and '''[http://awesome.naquadah.org/wiki/Bashets Bashets]'''. If you pick vicious, you should also take a good look at [http://git.sysphere.org/vicious/tree/README vicious documentation].<br />
<br />
===Transparency===<br />
Awesome has support for true transparency through xcompmgr. Note that you'll probably want the git version of xcompmgr, which is [http://aur.archlinux.org/packages.php?ID=16554 available in AUR]. <br />
<br />
Add this to your ~/.xinitrc:<br />
xcompmgr &<br />
See ''man xcompmgr'' or [[xcompmgr]] for more options.<br />
<br />
In awesome 3.4, window transparency can be set dynamically using signals. For example, your rc.lua could contain the following:<br />
<br />
client.add_signal("focus", function(c)<br />
c.border_color = beautiful.border_focus<br />
c.opacity = 1<br />
end)<br />
client.add_signal("unfocus", function(c)<br />
c.border_color = beautiful.border_normal<br />
c.opacity = 0.7<br />
end)<br />
'''If you got error messages about add_signal, using connect_signal insteaded.''' <br />
<br />
Note that if you are using conky, you must set it to create its own window instead of using the desktop. To do so, edit ~/.conkyrc to contain:<br />
<br />
own_window yes<br />
own_window_transparent yes<br />
own_window_type desktop<br />
<br />
Otherwise strange behavior may be observed, such as all windows becoming fully transparent. Note also that since conky will be creating a transparent window on your desktop, any actions defined in awesome's rc.lua for the desktop will not work where conky is.<br />
<br />
As of Awesome 3.1, there is built-in pseudo-transparency for wiboxes. To enable it, append 2 hexadecimal digits to the colors in your theme file (~/.config/awesome/themes/default, which is usually a copy of /usr/share/awesome/themes/default), like shown here:<br />
<br />
bg_normal = #000000AA<br />
<br />
where "AA" is the transparency value.<br />
<br />
==== ImageMagick ====<br />
You may have problems if you set your wallpaper with imagemagick's ''display'' command, it doesn't work well with xcompmgr. Please note that awsetbg may be using ''display'' if it doesn't have any other options. Installing habak, feh, hsetroot or whatever should fix the problem (''grep -A 1 wpsetters /usr/bin/awsetbg'' to see your options).<br />
<br />
===Autorun programs===<br />
''See also [https://awesome.naquadah.org/wiki/Autostart the Autostart page on the Awesome wiki].''<br />
<br />
awesome doesn't run programs set to autostart by the Freedesktop specification like GNOME or KDE. However, awesome does provide a few functions for starting programs (in addition to the Lua standard library function {{Codeline|os.execute}}). To run the same programs on startup as GNOME or KDE, you can install [http://aur.archlinux.org/packages.php?ID=41099 dex] from the [[AUR]] and then run that in your rc.lua:<br />
<br />
os.execute"dex -a"<br />
<br />
If you just want to set up a list of apps for awesome to launch at startup, you can create a table of all the commands you want to spawn and loop through it:<br />
<br />
do<br />
local cmds = <br />
{ <br />
"swiftfox",<br />
"mutt",<br />
"consonance",<br />
"linux-fetion",<br />
"weechat-curses",<br />
--and so on...<br />
}<br />
<br />
for _,i in pairs(cmds) do<br />
awful.util.spawn(i)<br />
end<br />
end<br />
<br />
(You could also run calls to {{codeline|os.execute}} with commands ending in '{{codeline|&}}', but it's probably a better idea to stick to the proper spawn function.)<br />
<br />
To run a program only if it is not currently running, you can spawn it with a shell command that runs the program only if {{Codeline|pgrep}} doesn't find a running process with the same name:<br />
function run_once(prg)<br />
awful.util.spawn_with_shell("pgrep -u $USER -x " .. prg .. " || (" .. prg .. ")")<br />
end<br />
<br />
So, for example, to run {{Codeline|parcellite}} only if there is not a {{Codeline|parcellite}} process already running:<br />
<br />
run_once("parcellite")<br />
<br />
===Passing content to widgets with awesome-client===<br />
<br />
You can easily send text to an awesome widget. Just create a new widget:<br />
<pre><br />
mywidget = widget({ type = "textbox", name = "mywidget" })<br />
mywidget.text = "initial text"<br />
</pre><br />
To update the text from an external source, use awesome-client:<br />
<pre> <br />
echo -e 'mywidget.text = "new text"' | awesome-client<br />
</pre><br />
Don't forget to add the widget to your wibox.<br />
<br />
===Using some eyecandy panels with awesome===<br />
<br />
If you like awesome lightweightness and functionality, but don't like it hacker stile look, you can transform it into eyecandy by using alternative panel. Just install xfce4-panel by:<br />
<pre><br />
sudo pacman -S xfce4-panel<br />
</pre><br />
Then add it to autorun section of your rc.lua (howto is written above). Supposing that configuration of panel won't be difficult for awesome user. You can also comment section, which create wiboxes for each screen (starting from "mywibox[s] = awful.wibox({ position = "top", screen = s })" ) but it isn't necessary. Any way don't forget to check your rc.lua by typing <br />
<pre><br />
awesome -k rc.lua<br />
</pre><br />
Also you should change your "modkey+R" keybinding, in order to start some other application launcher instead of built in awesome. Xfrun4, bashrun, etc. Check the Application launchers section of [[Openbox_Themes_and_Apps#Application_launchers|Openbox]] article for examples. Don't forget to add<br />
<pre><br />
properties = { floating = true } },<br />
{ rule = { instance = "$yourapplicationlauncher" },<br />
</pre><br />
to your rc.lua.<br />
It should work with other panels, but I didn't tested them. Also feel free to add other parts of DE to your awesome.<br />
<br />
===Fix Java (GUI appears gray only)===<br />
Guide taken from [https://bbs.archlinux.org/viewtopic.php?pid=450870].<br />
#Install {{Package Official|wmname}} from community<br />
#Run the following command or add it to your {{Filename|.xinitrc}}: {{Cli|wmname LG3D}}<br />
<br />
==Troubleshooting==<br />
<br />
===Mod4 key===<br />
<br />
The Mod4 is by default the '''Win key'''. If it's not mapped by default, for some reason, you can check the keycode of your Mod4 key with<br />
<br />
$ xev<br />
<br />
It should be 115 for the left one. Then add this to your ~/.xinitrc<br />
<br />
xmodmap -e "keycode 115 = Super_L" -e "add mod4 = Super_L"<br />
exec awesome<br />
<br />
The problem in this case is that some xorg installations recognize keycode 115, but incorrectly as the 'Select' key. The above command explictly remaps keycode 115 to the correct 'Super_L' key.<br />
<br />
====Mod4 key vs. IBM ThinkPad users====<br />
<br />
IBM ThinkPads do not come equipped with a Window key (although Lenovo have changed this tradition on their ThinkPads). As of writing, the Alt key is not used in command combinations by the default rc.lua (refer to the Awesome wiki for a table of commands), which allows it be used as a replacement for the Super/Mod4/Win key. To do this, edit your rc.lua and replace:<br />
<br />
modkey = "Mod4"<br />
<br />
by:<br />
<br />
modkey = "Mod1"<br />
<br />
Note: Awesome does a have a few commands that make use of Mod4 plus a single letter. Changing Mod4 to Mod1/Alt could cause overlaps for some key combinations. The small amount of instances where this happens can be changed in the rc.lua file.<br />
<br />
If you don't like to change the awesome standards, you might like to remap a key. For instance the caps lock key is rather useless (for me) adding the following contents to ~/.Xmodmap <br />
<br />
clear lock <br />
add mod4 = Caps_Lock<br />
<br />
and [[Extra Keyboard Keys in Xorg#Step 2: Testing|(re)load]] the file.<br />
This will change the caps lock key into the mod4 key and works nicely with the standard awesome settings. In addition, if needed, it provides the mod4 key to other X-programs as well.<br />
<br />
Not confirmed, but if recent updates of xorg related packages break mentioned remapping the second line can be replaced by (tested on a DasKeyboard with no left Super key):<br />
<br />
keysym Caps_Lock = Super_L Caps_Lock<br />
<br />
===Brasero===<br />
If Brasero doesn't detect your blank disks when started in Awesome, but works just fine when started in Gnome, try using<br />
$ dbus-launch brasero<br />
<br />
==External Links==<br />
* http://awesome.naquadah.org/wiki/FAQ - FAQ<br />
* http://www.lua.org/pil/ - Programming in Lua (first edition)<br />
* http://awesome.naquadah.org/ - The official awesome website<br />
* http://awesome.naquadah.org/wiki/Main_Page - the awesome wiki<br />
* http://www.penguinsightings.org/desktop/awesome/ - A review<br />
* http://compsoc.tardis.ed.ac.uk/wiki/AwesomeWM_guide - Awesome guide</div>Thayerhttps://wiki.archlinux.org/index.php?title=Awesome_(window_manager)&diff=140158Awesome (window manager)2011-05-06T17:23:31Z<p>Thayer: /* Themes */</p>
<hr />
<div>[[Category:Dynamic WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|Awesome3}}<br />
<br />
From the awesome website:<br />
<br />
"''[http://awesome.naquadah.org/ awesome] is a highly configurable, next generation framework window manager for X. It is very fast, extensible and licensed under the GNU GPLv2 license.''<br />
<br />
''It is primarly targeted at power users, developers and any people dealing with every day computing tasks and who want to have fine-grained control on its graphical environment.''"<br />
<br />
==Installation==<br />
<br />
[http://aur.archlinux.org/packages.php?ID=41362 awesome] is available in the [[AUR]], due to its dependency on the unsupported cairo-xcb package. If you want unstable pre-release versions, you can install the [http://aur.archlinux.org/packages.php?ID=13916 awesome-git] package instead.<br />
<br />
==Getting Started==<br />
<br />
===Using awesome===<br />
To run awesome without a login manager, simply add '''<tt>exec awesome</tt>''' to the startup script of your choice (e.g. ~/.xinitrc.)<br />
<br />
If you have problems with some devices (like mounting usbkeys, reading dvds) be sure to read documentation about [[HAL]] and policykit. When you don't use a login manager, nothing is automated. In some cases, using '''<tt>exec ck-launch-session awesome</tt>''' can solve your problems.<br />
<br />
To start awesome from a login manager, see [[Display Manager|this article]]. <br />
<br />
'''[[SLIM]]''' is a popular lightweight login manager and comes highly recommended. You should do like this:<br />
<br />
1) Edit /etc/slim.conf for start awesome session, add awesome to sessions line. <br>For example: <br />
sessions awesome,wmii,xmonad<br />
2) Edit ~/.xinitrc file <br />
DEFAULT_SESSION=awesome<br />
case $1 in<br />
awesome|wmii|xmonad) exec $1 ;;<br />
*) exec $DEFAULT_SESSION ;;<br />
esac<br />
However, you can also start awesome as preferred user without any login manager and even without logging in, after editing ~/.xinitrc and /etc/inittab properly. Refer to the article [[Start X at boot]].<br />
<br />
==Configuration==<br />
Awesome includes some good default settings right out of the box, but sooner or later you'll want to change something. The lua based configuration file is at <tt>~/.config/awesome/rc.lua</tt>.<br />
<br />
===Creating the configuration file===<br />
First, run the following to create the directory needed in the next step:<br />
$ mkdir -p ~/.config/awesome/<br />
<br />
Whenever compiled, awesome will attempt to use whatever custom settings are contained in ~/.config/awesome/rc.lua. This file is not created by default, so we must copy the template file first:<br />
$ cp /etc/xdg/awesome/rc.lua ~/.config/awesome/<br />
<br />
The syntax of the configuration often changes when awesome updates. So, remember to repeate the command above when you get something strange with awesome, or you'd like to modify the configuration.<br />
<br />
For more information about configuring awesome, check out the [http://awesome.naquadah.org/wiki/Awesome_3_configuration configuration page at awesome wiki]<br />
<br />
===More configuration resources===<br />
{{Note|The syntax of awesome configuration changes regularly, so you will likely have to modify any file you download.}}<br />
<br />
Some good examples of rc.lua would be as follows:<br />
<br />
* http://git.sysphere.org/awesome-configs/tree/ - Awesome 3.4 configurations from Adrian C. (anrxc)<br />
* http://pastebin.com/f6e4b064e - Darthlukan's awesome 3.4 configuration. <br />
* http://www.calmar.ws/dotfiles/dotfiledir/dot_awesomerc.lua<br />
* http://github.com/wolgri/wolgri.config/tree/master/.config/awesome/rc.lua<br />
* http://oxmoz.no-ip.org/awesome/rc.lua<br />
* http://www.ugolnik.info/downloads/awesome/rc.lua (screen) - Awesome 3 with small titlebar and statusbar.<br />
* http://github.com/bash/dotfiles/blob/master/.config/awesome/rc.lua<br />
* http://github.com/nblock/config/blob/master/.config/awesome/rc.lua<br />
* User Configuration Files http://awesome.naquadah.org/wiki/User_Configuration_Files<br />
<br />
===Debug rc.lua using Xephyr===<br />
<br />
This is my prefered way to debug rc.lua, without breaking my current desktop. I first copy my rc.lua into a new file, rc.lua.new, and modify it as needed. Then, I run new instance of awesome in Xephyr (allows you to run X nested in another X's client window, supplying rc.lua.new as a config file like this:<br />
<br />
$ Xephyr -ac -br -noreset -screen 1152x720 :1 &<br />
$ DISPLAY=:1.0 awesome -c ~/.config/awesome/rc.lua.new<br />
<br />
Big advantage of this approach is that if I break rc.lua.new, I don't break my current awesome desktop (and possibly crash all my X apps, lose all unsaved things and so on...). Once I'm happy with my new settings, I move rc.lua.new to rc.lua and restart awesome. And I can be sure it will work and restarting with new config won't mess up things.<br />
<br />
==Themes==<br />
<br />
[https://awesome.naquadah.org/wiki/Beautiful Beautiful] is a lua library that allows you to theme awesome using an external file, it becomes very easy to dynamically change your whole awesome colours and wallpaper without changing your rc.lua. <br />
<br />
The default theme is at /usr/share/awesome/themes/default. Copy it to ~/.config/awesome/themes/default and change theme_path in rc.lua. <br />
<br />
More details [http://awesome.naquadah.org/wiki/Beautiful here]<br />
<br />
A few sample [http://awesome.naquadah.org/wiki/Beautiful_themes themes]<br />
<br />
===Setting up your wallpaper===<br />
<br />
Beautiful can handle your wallpaper, thus you don't need to set it up in your .xinitrc or .xsession files. This allows you to have a specific wallpaper for each theme. If you take a look at the default theme file you'll see a wallpaper_cmd key, the given command is executed when beautiful.init("path_to_theme_file") is run. You can put here you own command or remove/comment the key if you don't want Beautiful to interfere with your wallpaper business.<br />
<br />
For instance, if you use awsetbg to set your wallpaper, you can write:<br />
<br />
wallpaper_cmd = { "awsetbg -f .config/awesome/themes/awesome-wallpaper.png" }<br />
<br />
{{Note|For awsetbg to work you need to have a program that can manage desktop backgrounds installed. For example '''[[Feh]]'''.}}<br />
<br />
====Random Background Image====<br />
To rotate the wallpapers randomly, just comment the wallpaper_cmd line above, and add a script into your .xinitrc with the codes below:<br />
<pre><br />
while true;<br />
do<br />
awsetbg -r <path/to/the/directory/of/your/wallpapers><br />
sleep 15m<br />
done &<br />
</pre><br />
<br />
==Tips & Tricks==<br />
Feel free to add any tips or tricks that you would like to pass on to other awesome users.<br />
<br />
===Expose effect like compiz===<br />
<br />
Revelation brings up a view of all your open clients; left-clicking a client pops to the first tag that client is visible on and raises/focuses the client. In addition, the Enter key pops to the currently focused client, and Escape aborts. <br />
<br />
http://awesome.naquadah.org/wiki/Revelation<br />
<br />
===Hide / show wibox in awesome 3===<br />
<br />
To map Modkey-b to hide/show default statusbar on active screen (as default in awesome 2.3), add to your ''clientkeys'' in rc.lua:<br />
<br />
awful.key({ modkey }, "b", function ()<br />
mywibox[mouse.screen].visible = not mywibox[mouse.screen].visible<br />
end),<br />
<br />
===Enable printscreens===<br />
<br />
To enable printscreens in awesome through the PrtScr button you need to have a screen capturing program.<br />
Scrot is a easy to use utility for this purpose and is available in Arch repositories.<br />
<br />
Just type:<br />
# pacman -S scrot<br />
<br />
and install optional dependencies if you feel that you need them.<br />
<br />
Next of we need to get the key name for PrtScr, most often this is named "Print" but one can never be too sure.<br />
<br />
Start up:<br />
# xev<br />
<br />
And press the PrtScr button, the output should be something like:<br />
KeyPress event ....<br />
root 0x25c, subw 0x0, ...<br />
state 0x0, keycode 107 (keysym 0xff61, '''Print'''), same_screen YES,<br />
....<br />
<br />
In my case as you see, the keyname is Print.<br />
<br />
Now to the configuration of awesome!<br />
<br />
Somewhere in your globalkeys array (doesn't matter where) type:<br />
<br />
Lua code:<br />
<br />
awful.key({ }, "Print", function () awful.util.spawn("scrot -e 'mv $f ~/screenshots/ 2>/dev/null'") end),<br />
<br />
A good place to put this is bellow the keyhook for spawning a terminal.<br />
To find this line search for: awful.util.spawn(terminal) in your favourite text editor.<br />
<br />
Also, this function saves screenshots inside ~/screenshots/, edit this to fit your needs.<br />
<br />
===Dynamic tagging===<br />
<br />
[http://awesome.naquadah.org/wiki/Eminent Eminent] is a small lua library that monkey-patches awful to provide you with effortless and quick wmii-style dynamic tagging. Unlike shifty, eminent does not aim to provide a comprehensive tagging system, but tries to make dynamic tagging as simple as possible. In fact, besides importing the eminent library, you do not have to change your rc.lua at all, eminent does all the work for you.<br />
<br />
[http://awesome.naquadah.org/wiki/Shifty Shifty] is an Awesome 3 extension that implements dynamic tagging. It also implements fine client matching configuration allowing YOU to be the master of YOUR desktop only by setting two simple config variables and some keybindings!<br />
<br />
===Space Invaders===<br />
[http://awesome.naquadah.org/wiki/Space_Invaders Space Invaders] is a demo to show the possibilities of the Awesome Lua API.<br />
<br />
Please note that it is no longer included in the Awesome package since the 3.4-rc1 release.<br />
<br />
===Naughty for popup notification===<br />
See [https://awesome.naquadah.org/wiki/Naughty the awesome wiki page on naughty].<br />
<br />
===Popup Menus===<br />
There's a simple menu by default in awesome3, and customed menus seem very easy now. However, if you're using 2.x awesome, have a look at ''[http://awesome.naquadah.org/wiki/Awful.menu awful.menu]''.<br />
<br />
An example for awesome3:<br />
<pre><br />
myawesomemenu = {<br />
{ "lock", "xscreensaver-command -activate" },<br />
{ "manual", terminal .. " -e man awesome" },<br />
{ "edit config", editor_cmd .. " " .. awful.util.getdir("config") .. "/rc.lua" },<br />
{ "restart", awesome.restart },<br />
{ "quit", awesome.quit }<br />
}<br />
<br />
mycommons = {<br />
{ "pidgin", "pidgin" },<br />
{ "OpenOffice", "soffice-dev" },<br />
{ "Graphic", "gimp" }<br />
}<br />
<br />
mymainmenu = awful.menu.new({ items = { <br />
{ "terminal", terminal },<br />
{ "icecat", "icecat" },<br />
{ "Editor", "gvim" },<br />
{ "File Manager", "pcmanfm" },<br />
{ "VirtualBox", "VirtualBox" },<br />
{ "Common App", mycommons, beautiful.awesome_icon },<br />
{ "awesome", myawesomemenu, beautiful.awesome_icon }<br />
}<br />
})<br />
</pre><br />
<br />
===More Widgets in awesome===<br />
''Widgets in awesome are objects that you can add to any widget-box (statusbars and titlebars), they can provide various information about your system, and are useful for having access to this information, right from your window manager. Widgets are simple to use and offer a great deal of flexibility.'' -- Source [http://awesome.naquadah.org/wiki/Widgets_in_awesome Awesome Wiki: Widgets].<br />
<br />
There's a widely used widget library called '''Wicked''' (compatible with awesome versions '''prior to 3.4'''), that provides more widgets, like MPD widget, CPU usage, memory usage, etc. For more details see the [http://awesome.naquadah.org/wiki/Wicked Wicked page].<br />
<br />
As a replacement for Wicked in awesome v3.4 check '''[http://awesome.naquadah.org/wiki/Vicious Vicious]''', '''[http://awesome.naquadah.org/wiki/Obvious Obvious]''' and '''[http://awesome.naquadah.org/wiki/Bashets Bashets]'''. If you pick vicious, you should also take a good look at [http://git.sysphere.org/vicious/tree/README vicious documentation].<br />
<br />
===Transparency===<br />
Awesome has support for true transparency through xcompmgr. Note that you'll probably want the git version of xcompmgr, which is [http://aur.archlinux.org/packages.php?ID=16554 available in AUR]. <br />
<br />
Add this to your ~/.xinitrc:<br />
xcompmgr &<br />
See ''man xcompmgr'' or [[xcompmgr]] for more options.<br />
<br />
In awesome 3.4, window transparency can be set dynamically using signals. For example, your rc.lua could contain the following:<br />
<br />
client.add_signal("focus", function(c)<br />
c.border_color = beautiful.border_focus<br />
c.opacity = 1<br />
end)<br />
client.add_signal("unfocus", function(c)<br />
c.border_color = beautiful.border_normal<br />
c.opacity = 0.7<br />
end)<br />
'''If you got error messages about add_signal, using connect_signal insteaded.''' <br />
<br />
Note that if you are using conky, you must set it to create its own window instead of using the desktop. To do so, edit ~/.conkyrc to contain:<br />
<br />
own_window yes<br />
own_window_transparent yes<br />
own_window_type desktop<br />
<br />
Otherwise strange behavior may be observed, such as all windows becoming fully transparent. Note also that since conky will be creating a transparent window on your desktop, any actions defined in awesome's rc.lua for the desktop will not work where conky is.<br />
<br />
As of Awesome 3.1, there is built-in pseudo-transparency for wiboxes. To enable it, append 2 hexadecimal digits to the colors in your theme file (~/.config/awesome/themes/default, which is usually a copy of /usr/share/awesome/themes/default), like shown here:<br />
<br />
bg_normal = #000000AA<br />
<br />
where "AA" is the transparency value.<br />
<br />
==== ImageMagick ====<br />
You may have problems if you set your wallpaper with imagemagick's ''display'' command, it doesn't work well with xcompmgr. Please note that awsetbg may be using ''display'' if it doesn't have any other options. Installing habak, feh, hsetroot or whatever should fix the problem (''grep -A 1 wpsetters /usr/bin/awsetbg'' to see your options).<br />
<br />
===Autorun programs===<br />
''See also [https://awesome.naquadah.org/wiki/Autostart the Autostart page on the Awesome wiki].''<br />
<br />
awesome doesn't run programs set to autostart by the Freedesktop specification like GNOME or KDE. However, awesome does provide a few functions for starting programs (in addition to the Lua standard library function {{Codeline|os.execute}}). To run the same programs on startup as GNOME or KDE, you can install [http://aur.archlinux.org/packages.php?ID=41099 dex] from the [[AUR]] and then run that in your rc.lua:<br />
<br />
os.execute"dex -a"<br />
<br />
If you just want to set up a list of apps for awesome to launch at startup, you can create a table of all the commands you want to spawn and loop through it:<br />
<br />
do<br />
local cmds = <br />
{ <br />
"swiftfox",<br />
"mutt",<br />
"consonance",<br />
"linux-fetion",<br />
"weechat-curses",<br />
--and so on...<br />
}<br />
<br />
for _,i in pairs(cmds) do<br />
awful.util.spawn(i)<br />
end<br />
end<br />
<br />
(You could also run calls to {{codeline|os.execute}} with commands ending in '{{codeline|&}}', but it's probably a better idea to stick to the proper spawn function.)<br />
<br />
To run a program only if it is not currently running, you can spawn it with a shell command that runs the program only if {{Codeline|pgrep}} doesn't find a running process with the same name:<br />
function run_once(prg)<br />
awful.util.spawn_with_shell("pgrep -u $USER -x " .. prg .. " || (" .. prg .. ")")<br />
end<br />
<br />
So, for example, to run {{Codeline|parcellite}} only if there is not a {{Codeline|parcellite}} process already running:<br />
<br />
run_once("parcellite")<br />
<br />
===Passing content to widgets with awesome-client===<br />
<br />
You can easily send text to an awesome widget. Just create a new widget:<br />
<pre><br />
mywidget = widget({ type = "textbox", name = "mywidget" })<br />
mywidget.text = "initial text"<br />
</pre><br />
To update the text from an external source, use awesome-client:<br />
<pre> <br />
echo -e 'mywidget.text = "new text"' | awesome-client<br />
</pre><br />
Don't forget to add the widget to your wibox.<br />
<br />
===Using some eyecandy panels with awesome===<br />
<br />
If you like awesome lightweightness and functionality, but don't like it hacker stile look, you can transform it into eyecandy by using alternative panel. Just install xfce4-panel by:<br />
<pre><br />
sudo pacman -S xfce4-panel<br />
</pre><br />
Then add it to autorun section of your rc.lua (howto is written above). Supposing that configuration of panel won't be difficult for awesome user. You can also comment section, which create wiboxes for each screen (starting from "mywibox[s] = awful.wibox({ position = "top", screen = s })" ) but it isn't necessary. Any way don't forget to check your rc.lua by typing <br />
<pre><br />
awesome -k rc.lua<br />
</pre><br />
Also you should change your "modkey+R" keybinding, in order to start some other application launcher instead of built in awesome. Xfrun4, bashrun, etc. Check the Application launchers section of [[Openbox_Themes_and_Apps#Application_launchers|Openbox]] article for examples. Don't forget to add<br />
<pre><br />
properties = { floating = true } },<br />
{ rule = { instance = "$yourapplicationlauncher" },<br />
</pre><br />
to your rc.lua.<br />
It should work with other panels, but I didn't tested them. Also feel free to add other parts of DE to your awesome.<br />
<br />
===Fix Java (GUI appears gray only)===<br />
Guide taken from [https://bbs.archlinux.org/viewtopic.php?pid=450870].<br />
#Install {{Package Official|wmname}} from community<br />
#Run the following command or add it to your {{Filename|.xinitrc}}: {{Cli|wmname LG3D}}<br />
<br />
==Troubleshooting==<br />
<br />
===Mod4 key===<br />
<br />
The Mod4 is by default the '''Win key'''. If it's not mapped by default, for some reason, you can check the keycode of your Mod4 key with<br />
<br />
$ xev<br />
<br />
It should be 115 for the left one. Then add this to your ~/.xinitrc<br />
<br />
xmodmap -e "keycode 115 = Super_L" -e "add mod4 = Super_L"<br />
exec awesome<br />
<br />
The problem in this case is that some xorg installations recognize keycode 115, but incorrectly as the 'Select' key. The above command explictly remaps keycode 115 to the correct 'Super_L' key.<br />
<br />
====Mod4 key vs. IBM ThinkPad users====<br />
<br />
IBM ThinkPads do not come equipped with a Window key (although Lenovo have changed this tradition on their ThinkPads). As of writing, the Alt key is not used in command combinations by the default rc.lua (refer to the Awesome wiki for a table of commands), which allows it be used as a replacement for the Super/Mod4/Win key. To do this, edit your rc.lua and replace:<br />
<br />
modkey = "Mod4"<br />
<br />
by:<br />
<br />
modkey = "Mod1"<br />
<br />
Note: Awesome does a have a few commands that make use of Mod4 plus a single letter. Changing Mod4 to Mod1/Alt could cause overlaps for some key combinations. The small amount of instances where this happens can be changed in the rc.lua file.<br />
<br />
If you don't like to change the awesome standards, you might like to remap a key. For instance the caps lock key is rather useless (for me) adding the following contents to ~/.Xmodmap <br />
<br />
clear lock <br />
add mod4 = Caps_Lock<br />
<br />
and [[Extra Keyboard Keys in Xorg#Step 2: Testing|(re)load]] the file.<br />
This will change the caps lock key into the mod4 key and works nicely with the standard awesome settings. In addition, if needed, it provides the mod4 key to other X-programs as well.<br />
<br />
Not confirmed, but if recent updates of xorg related packages break mentioned remapping the second line can be replaced by (tested on a DasKeyboard with no left Super key):<br />
<br />
keysym Caps_Lock = Super_L Caps_Lock<br />
<br />
===Brasero===<br />
If Brasero doesn't detect your blank disks when started in Awesome, but works just fine when started in Gnome, try using<br />
$ dbus-launch brasero<br />
<br />
==External Links==<br />
* http://awesome.naquadah.org/wiki/FAQ - FAQ<br />
* http://www.lua.org/pil/ - Programming in Lua (first edition)<br />
* http://awesome.naquadah.org/ - The official awesome website<br />
* http://awesome.naquadah.org/wiki/Main_Page - the awesome wiki<br />
* http://www.penguinsightings.org/desktop/awesome/ - A review<br />
* http://compsoc.tardis.ed.ac.uk/wiki/AwesomeWM_guide - Awesome guide</div>Thayerhttps://wiki.archlinux.org/index.php?title=Comparison_of_tiling_window_managers&diff=140155Comparison of tiling window managers2011-05-06T17:11:15Z<p>Thayer: /* Comparison table */</p>
<hr />
<div>[[Category:Tiling WMs (English)]]<br />
This article provides an unbiased comparison of the most popular ''tiling'' [[window manager]]s (as opposed to ''floating'' window managers).<br />
<br />
== Comparison table ==<br />
The following table lists the most popular tiling window managers alongside notable features, providing readers with a quick overview. More in-depth descriptions follow this table.<br />
<br />
{| border="1" cellpadding="4" cellspacing="0"<br />
|+ Comparison of tiling window managers<br />
! Window Manager !! Written in !! Configured with !! Management style !! System tray support !! On-the-fly reload !! Information bars !! Compositing !! Default layouts !! Pixel usage || External control !! Library !! Multiple (n) monitor behavior<br />
|-<br />
! [[Awesome]]<br />
| C || Lua || Dynamic || Built-in || Yes || Built-in, images and text || Yes, with an external manager such as xcompmgr || || variable borders, optional h-tab titles || dbus (if enabled) || XCB || n-tags (workspaces). Per default 9 are enabled. [https://awesome.naquadah.org/images/6mon.medium.png Example]<br />
|-<br />
! [[catwm]]<br />
| C || C (recompile) || Dynamic || None || No || None || No || v-stack, max || 1-pix borders || || Xlib || <br />
|-<br />
! [[dswm]]<br />
| Lisp || Lisp || Manual || None || Yes || Yes || No || || || || ||<br />
|-<br />
! [[dwm]]<br />
| C || C (recompile) || Dynamic || None || [[Dwm#Restart dwm without logging out or closing programs | Optional]] || Built-in, reads from root window name || Yes, with an external manager such as xcompmgr || v-stack, max || || || Xlib || n regions, 9 workspaces fixed to each region<br />
|-<br />
! [[echinus]]<br />
| C || Text || Dynamic || None || Yes || [http://aur.archlinux.org/packages.php?O=0&K=ourico&do_Search=Go ourico] || Yes, with an external manager such as xcompmgr || v-stack, b-stack, max || Variable borders & optional titles || || Xlib ||<br />
|-<br />
! [[euclid-wm]]<br />
| C || Text || Hybrid || None || Yes || External ([[dzen]]) || || rows, columns || 1-pix borders || || Xlib ||<br />
|-<br />
! [[i3]] <br />
| C || Text || Manual || None || Yes || [http://www.archlinux.org/packages/community/i686/i3status/ i3status] with [[dzen]] or xmobar || Yes, with an external manager such as xcompmgr || rows, columns, v-tab, h-tab, max || 2-pix borders, titles || commands via ipc || XCB || n regions<br />
|-<br />
! [[Ion3]] <br />
| C || Lua || Manual || trayion || Yes || configurable || ? || h-tab, max || || || ||<br />
|-<br />
! [[Musca]]<br />
| C || Text, own command set, C(recompile) || Manual || None || No, but allows running of musca commands on the fly || None || No || h-split, v-split, max || || commands, hooks || Xlib ||<br />
|-<br />
! [[Ratpoison]]<br />
| C || Text || Manual || None || Yes || Yes || No || max || || || ||<br />
|-<br />
! [[Scrotwm]]<br />
| C || Text || Dynamic || None || Yes || Built-in, reads from user script || No || nv-stack, nh-stack, max || 1-pix borders, no titles || || Xlib || n regions, 10 workspaces visible in any region<br />
|-<br />
! [[Stumpwm]]<br />
| Lisp || Lisp || Manual || None || Yes || Yes || No || || || || ||<br />
|-<br />
! [[subtle]]<br />
| C || Ruby || Manual || Built-in || Yes || Built-in (Ruby), external can be used as well || Yes, with an external manager such as xcompmgr || Variable grid || Variable borders, no titles || Hooks (Ruby), subtler (CLI), subtlext (Ruby extension) || Xlib || One workspace (view) per monitor (screen), placement on views via tags and per runtime<br />
|-<br />
! [[WMFS]]<br />
| C || Text || Dynamic || Built-in || Yes || Built-in, set with command, color text, images || May with external manager such as {d,x}compmgr || nh-stack (and invert), nv-stack (and invert), mirror-v, mirror-h, grid, free, max || variable borders, titles or no titles || commands || Xlib || Up to 36 tags(workspaces) per screen<br />
|-<br />
! [[wmii]]<br />
| C || Anything || Manual || witray || Yes || Built-in || Yes, with an external manager such as xcompmgr || columns, max, v-tab || titles || [http://9p.cat-v.org 9P filesystem] || || one big region<br />
|-<br />
! [[xmonad]]<br />
| Haskell || Haskell || Dynamic || None || Yes || No || Yes, with xmonad-contrib and an external manager || nv-stack, nh-stack, max || variable borders, no titles || || Xlib || n regions, 9 workspaces visible in any region<br />
|-<br />
! Window Manager !! Written in !! Configured with !! Management style !! System tray support !! On-the-fly reload !! Information bars !! Compositing !! Default layouts !! Pixel usage || External control !! Library !! Multiple (n) monitor behavior<br />
|}<br />
<br />
=== Management style ===<br />
Dynamic management emphasizes automatic management of window layouts for speed and simplicity. Manual management emphasizes manual adjustment of layout and sizing with potentially more precise control, at the cost of more time spent moving and sizing windows.<br />
<br />
=== Layouts ===<br />
A number of common layout types appear in several tiling WMs, although the terminology varies somewhat.<br />
* max: one window shown fullscreen (with or without a status bar, title and borders). Aka: monocle (dwm).<br />
* h-stack: master area in top half, other windows stack up horizontally in the bottom half. The master area may be resizable. May be inverted top-bottom (wmfs). Aka: bottom stack (dwm).<br />
* v-stack: master area in left half, other windows stack up vertically in the right half. The master area may be resizable. May be inverted left-right (wmfs). Aka: tile (dwm).<br />
* nh-stack: h-stack allowing >=1 windows in master area. Aka: nbstack (dwm)<br />
* nv-stack: v-stack allowing >=1 windows in master area. Aka: ntile (dwm)<br />
* mirror-h: nh-stack with stacks above and below the master area<br />
* mirror-v: nv-stack with stacks to the left and right of the master area<br />
* h-tab: one window shown fullscreen with all window titles shown horizontally (like browser tabs)<br />
* v-tab: one window shown fullscreen with all window titles shown vertically. Aka: stack (wmii).<br />
* h-split: a keybinding splits the current window horizontally creating space for another<br />
* v-split: a keybinding splits the current window horizontally creating space for another<br />
* columns: manual layout style which treats windows as belonging to vertical columns<br />
* rows: manual layout style which treats windows as belonging to horizontal rows<br />
* grid: window positions and sizes based on a regular NxM grid. May be automatic (like wmfs) or manual (like Subtle).<br />
<br />
=== Key bindings ===<br />
Tiling window managers are usually designed to be used entirely with the keyboard or with keyboard & mouse. This is for speed (reaching for and moving a mouse is slow) and ease of use. Sensible key bindings are crucial to making workflow fast and efficient. Some default sets are better than others, but generally the keys can be rebound as desired by the user.<br />
<br />
== [[Awesome]] ==<br />
[http://awesome.naquadah.org/ awesome] on its own can provide many of the functions of a desktop environment. Configured in Lua, it has a system tray, information bar, and launcher built in. There are extensions available to it written in Lua. Awesome uses XCB as opposed to Xlib, which may result in a speed increase. Awesome has other features as well, such as an early replacement for notification-daemon, a right-click menu similar to that of the *box window managers, and many other things.<br />
<br />
== [[catwm]] ==<br />
[[catwm]] is a small window manager, even simpler than dwm, written in C. Configuration is done by modifying the config.h file and recompiling.<br />
<br />
== [[dswm]] ==<br />
[http://sourceforge.net/projects/dswm/ dswm] ([http://aur.archlinux.org/packages.php?ID=47899 AUR]) (Deep Space Window Manager) is an offshoot of [[Stumpwm]].<br />
<br />
== [[dwm]] ==<br />
[http://dwm.suckless.org/ dwm] is by far the simplest of the window managers listed here. It does not include a tray app or automatic launcher, although dmenu integrates well with it, as they are from the same author. It has no text configuration file. Configuration is done entirely by modifying the C source code, and it must be recompiled and restarted each time it is changed. It is more lightweight than the others listed here, at the expense of certain features. The program size is already at the self-imposed line limit, restricting further development.<br />
<br />
== [[echinus]] ==<br />
[http://plhk.ru/echinus echinus] ([http://aur.archlinux.org/packages.php?O=0&K=echinus&do_Search=Go AUR]) is a<br />
simple and lightweight tiling and floating window manager for X11. It started as a dwm fork with easier configuration, and became a full-featured reparenting window manager with EWMH support. It has an EWMH-compatible panel/taskbar called [http://aur.archlinux.org/packages.php?O=0&K=ourico&do_Search=Go ourico].<br />
<br />
== [[euclid-wm]] ==<br />
[http://euclid-wm.sourceforge.net/index.php euclid-wm] ([http://aur.archlinux.org/packages.php?ID=38311 AUR]) is a hybrid manual and automatic window manager, with support for minimizing windows. Simplicity is one of its goals. A text configuration file controls key bindings and settings.<br />
<br />
== [[i3]] ==<br />
[http://i3.zekjur.net/ i3] was created because wmii, the authors' favorite window manager at the time, didn’t provide some features they wanted. Notable differences are in the areas of Xinerama and the table metaphor. For speed the Plan 9 interface of wmii is not implemented.<br />
<br />
== [[ion3]] ==<br />
Ion is a tiling window manager with tabbed frames. It uses Lua as an embedded interpreter which handles all of the configuration. It mainly uses the keyboard to access the functions but also supports the mouse for some things.<br />
<br />
== [[Musca]] ==<br />
A simple dynamic window manager for X, with features nicked from ratpoison and dwm:<br />
[http://aerosuidae.net/musca.html Musca] operates as a tiling window manager by default. It uses manual tiling, which means the user determines how the screen is divided into non-overlapping frames, with no restrictions on layout. Application windows always fill their assigned frame, with the exception of transient windows and popup dialog boxes which float above their parent application at the appropriate size. Once visible, applications do not change frames unless so instructed.<br />
<br />
== [[Ratpoison]] ==<br />
[http://www.nongnu.org/ratpoison/ Ratpoison] is configured with a simple text file, as opposed to some of the other tiling window managers which are configured with programming languages. While this reduces flexibility, it can be easier to understand. The information bar in Ratpoison is somewhat different, as it shows only when needed. It serves as both an application launcher as well as a notification bar. Ratpoison does not include a system tray and is quite lightweight.<br />
<br />
== [[Scrotwm]] ==<br />
[http://www.scrotwm.org/ scrotwm] is a small dynamic tiling window manager largely inspired by xmonad and dwm. It tries to stay out of the way so that valuable screen real estate can be used for much more important stuff. It has sane defaults and does not require one to learn a language to do any configuration, being configured with a text file. It was written by hackers for hackers and it strives to be small, compact, and fast. It has a built-in status bar fed from a user-defined script.<br />
<br />
== [[Stumpwm]] ==<br />
[http://www.nongnu.org/stumpwm/ Stumpwm] is similar to [[Ratpoison]] but is written and configured completely in Lisp. It can be reconfigured and reloaded while running. As with wmii and Ratpoison, it is a manual window manager. Its information bar can be set to show constantly or only when needed. It does not include a system tray.<br />
<br />
== [[subtle]] ==<br />
[http://subforge.org/projects/subtle subtle] is a tiling window manager with flexible manual layouts based on predefined sizes and positions corresponding by default to 1x2, 2x1, 1x3, 2x2 and 2x3 grid elements. It has workspace tags and automatic client tagging, mouse and keyboard control as well as an extendable statusbar.<br />
<br />
== [[wmfs]] ==<br />
[http://wmfs.info/ WMFS] (Window Manager From Scratch) is a lightweight and highly configurable tiling window manager for X. It can be configured with a configuration file, supports Xft ([http://www.freetype.org/ Freetype]) fonts and is compliant with the Extended Window Manager Hints ([http://standards.freedesktop.org/wm-spec/wm-spec-1.3.html EWMH]) specifications. It's still under heavy development<br />
<br />
== [[wmii]] ==<br />
[http://wmii.suckless.org/ wmii] uses a manual style of management -- the user must manually move windows around. While more work than dynamic management, this also provides more flexibility by default. wmii is configured via a [http://9p.cat-v.org 9P file system], which allows any program that can work with text to configure it. The default configuration is in bash and [http://rc.cat-v.org rc (the Plan 9 shell)], but programs exist written in ruby, for example. It has a status bar and launcher built in, and also an optional system tray (<tt>witray</tt>).<br />
<br />
== [[xmonad]] ==<br />
[http://xmonad.org/ xmonad] is written in Haskell, and it is configured in Haskell. This allows great flexibility, although this can be confusing at times. No text configuration file has been implemented. For all configuration changes xmonad must be recompiled, so the haskell compiler (over 485MB) must be installed. Compilation normally takes ~2 seconds, and can be done without affecting running programs. XMonad, in itself, is quite simple, but there is a large library called xmonad-contrib which provides many other features. XMonad does not include any utility programs, but others, such as [[dzen]] and [[xmobar]], make it easy to display such things as workspace information. xmonad does not come with an application launcher, but there are modules in xmonad-contrib which provide one, as well as programs like [[dmenu]] and gmrun. There is no system tray, but this can be provided by applications such as stalonetray and trayer.<br />
<br />
== More Resources ==<br />
The forum has a wealth of information about many of the tiling window managers compared here. Some notable threads specific to tilers include:<br />
<br />
=== Tiling WM threads ===<br />
<br />
*[https://bbs.archlinux.org/viewtopic.php?id=67104 Musca (Tiling Window Manager)]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=64645 Scrotwm thread]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=57549 The dwm thread]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=99064 The i3 thread]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=110714 The WMFS Thread (Window Manager From Scratch)]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=22592 The wmii thread]<br />
<br />
=== Threads featuring configs & hacks ===<br />
<br />
*[https://bbs.archlinux.org/viewtopic.php?id=92895 dwm hackers, unite! Share or request patches here!]<br />
*[https://bbs.archlinux.org/viewtopic.php?pid=304851 dzen and xmobar hacking thread]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=88926 Share your Awesome desktop]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=68622 Share your ratpoison experience]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=112486 Share your Subtle desktop !]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=94969 Share your xmonad desktop]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=74599 Show off your dwm configuration]<br />
*[https://bbs.archlinux.org/viewtopic.php?id=40636 xmonad hacking thread]<br />
<br />
=== Artwork for tilers ===<br />
*[https://bbs.archlinux.org/viewtopic.php?id=57768 dwm wallpapers]</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNOME&diff=139702GNOME2011-05-04T17:30:57Z<p>Thayer: /* Nautilus segmentation fault in non-GNOME environments */</p>
<hr />
<div>{{i18n|GNOME 3}}<br />
[[fr:gnome3]]<br />
<br />
[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|GNOME 3 provides a modern desktop, rewritten from scratch, using the GTK3+ toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary end}}<br />
<br />
For GNOME 3, the GNOME Project has started from scratch and created a completely new, modern desktop designed for today's users and technologies. In GNOME 3:<br />
* There is a new default modern visual theme and font<br />
* The Activities view which provides an easy way to access all your windows and applications<br />
* Built-in (integrated) messaging desktop services<br />
* A more subtle notifications system and a more discrete panel<br />
* A fast Activities search feature<br />
* A new System Settings application <br />
* ... and more features like: window tiling (Aero Snap like), an improved Nautilus etc. <br />
<br />
[more details on the [http://www.gnome3.org/ GNOME3] website]<br />
<br />
== Introduction ==<br />
<br />
GNOME3 comes with '''two''' interfaces, '''gnome-shell''' (the new, standard layout) and '''fallback''' mode. gnome-session will automatically detect if your computer is capable of running gnome-shell and will start fallback mode if not. <br />
<br />
'''Fallback''' mode is very similar to the GNOME 2.x layout (while using gnome-panel and metacity, instead of gnome-shell and Mutter).<br />
<br />
If you are on fallback mode you can still change the window manager with your preferred one.<br />
<br />
== Upgrade from the current gnome 2.32 ==<br />
<br />
{{Warning|The session might crash during the update and it is recommended that you run the update command in a screen session, from another DE or WM, or from tty}}<br />
<br />
# pacman -Syu <br />
<br />
'''Important''': You will end up with a system that has GNOME 3.x '''fallback''' mode. To install the new shell:<br />
<br />
# pacman -S gnome-shell<br />
<br />
== Installing to a new system ==<br />
<br />
GNOME 3 is in [extra]. You can install it by running the following command:<br />
<br />
# pacman -Syu gnome<br />
<br />
For additional applications<br />
<br />
# pacman -Syu gnome-extra<br />
<br />
===Daemons and modules needed by GNOME===<br />
<br />
The GNOME desktop requires one daemon, '''DBUS''' for proper operation. <br />
<br />
To start the DBUS daemon:<br />
# /etc/rc.d/dbus start<br />
<br />
Or add these daemons to the '''DAEMONS''' array in {{Filename|/etc/[[rc.conf]]}} so they will start on boot up, e.g.:<br />
<br />
DAEMONS=(syslog-ng '''dbus''' network crond)<br />
<br />
'''GVFS''' allows the mounting of virtual file systems (e.g. file systems over FTP or SMB) to be used by other applications, including the GNOME file manager Nautilus. This is done with the use of '''FUSE''': a user space virtual file system layer kernel module.<br />
<br />
To load the FUSE kernel module:<br />
# modprobe fuse<br />
<br />
Or add the module to the '''MODULES''' array in {{Filename|/etc/rc.conf}} so they will load at boot up, e.g.:<br />
<br />
MODULES=('''fuse''' usblp)<br />
<br />
{{Note|FUSE is a kernel module, not a daemon.}}<br />
<br />
===Running GNOME===<br />
<br />
For better desktop integration '''GDM''' is recommended (but other login managers, such as SLiM also work, see Policykit section).<br />
<br />
# pacman -S gdm<br />
<br />
Check out [[Display_Manager]] to learn how to start it correctly.<br />
<br />
If you prefer to start it from the console, add the following line to your {{Filename|~/.xinitrc}} file, making sure it's the last line and the only one that starts with ''exec'' (see [[xinitrc]]):<br />
exec ck-launch-session gnome-session<br />
<br />
Now GNOME will start when you enter the following command:<br />
$ startx<br />
<br />
== Using the shell ==<br />
<br />
See https://live.gnome.org/GnomeShell/CheatSheet<br />
<br />
== Customization ==<br />
=== Using Gnome-tweak-tool ===<br />
<br />
# pacman -S gnome-tweak-tool<br />
<br />
This tool can customize fonts, themes, minimize & maximize buttons and some other useful settings like what action is taken when the lid is closed.<br />
<br />
A good customization tutorial is http://blog.fpmurphy.com/2011/03/customizing-the-gnome-3-shell.html which explores the power of gsettings.<br />
<br />
===GDM Customization===<br />
<br />
GDM runs as the gdm user, which you need to be to change these settings. Login is disabled for the gdm user, so remove the "1" at the end of the gdm line in /etc/shadow to enable login. Don't forget to disable the account when you are done.<br />
<br />
gdm:!:14325:0:99999:7::'''1''':<br />
<br />
# su - gdm -s /bin/bash<br />
$ dbus-launch<br />
<br />
This command will print DBUS_SESSION_BUS_ADDRESS and DBUS_SESSION_BUS_PID. We need to export them<br />
<br />
$ export DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Jb433gMQHS,guid=fc14d4bf3d000e38276a5a2200000d38<br />
$ export DBUS_SESSION_BUS_PID=4283<br />
<br />
Check to see if dconf-service is running and if not, start it like this<br />
<br />
$ /usr/lib/dconf/dconf-service &<br />
<br />
====Wallpaper====<br />
$ GSETTINGS_BACKEND=dconf gsettings get org.gnome.desktop.background picture-uri<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/gnome/SundownDunes.jpg"<br />
<br />
You will need to point to a file where the gdm user has permission to read, not in your home directory.<br />
<br />
====Turning off the sound====<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.sound event-sounds false<br />
<br />
Insert a "1" back into /etc/shadow to disable gdm user login.<br />
<br />
=== Changing the GTK3 theme using settings.ini ===<br />
<br />
Similar to {{Filename|~/.gtkrc-2.0}} for GTK2+ it is possible to set the GTK3 (Gnome 3) theme via {{Filename|${XDG_CONFIG_HOME}/gtk-3.0/settings.ini}}. By default {{Filename|${XDG_CONFIG_HOME} }} is interpreted as {{Filename|~/.config}}.<br />
<br />
Only Adwaita theme exists in this moment for gtk3 and is available in '''gnome-themes-standard''' package.<br />
<br />
Example:<br />
<br />
[Settings]<br />
gtk-theme-name = Adwaita<br />
gtk-fallback-icon-theme = gnome<br />
# next option is applicable only if selected theme supports it<br />
gtk-application-prefer-dark-theme = true<br />
# set font name and dimension<br />
gtk-font-name = Sans 10<br />
<br />
It may be necessary to restart one's DE or WM for the settings to be applied.<br />
<br />
{{Note|More options can be find there: [http://developer.gnome.org/gtk3/3.0/GtkSettings.html#GtkSettings.properties GtkSettings documentation]}}<br />
<br />
===Setting an icon theme===<br />
<br />
{{Note | With gnome-tweak-tool version 3.0.3 and later, you can place icon theme you wish to use inside ~/.icons.}}<br />
<br />
Usefully, Gnome 3 is able to use Gnome 2 icon themes, which means you're not stuck with the default set. To do this, simply copy your desired icon theme's directory to ~/.icons. For example:<br />
<br />
$ cp -R /home/user/Desktop/my_new_icon_theme ~/.icons<br />
<br />
The new icon theme 'my_new_icon_theme' will now be selectable using the gnome-tweak-tool (under 'Interface'), otherwise it can be set with no need of gnome-tweak-tool by adding the gtk-icon-theme-name entry inside ${XDG_CONFIG_HOME}/gtk-3.0/settings.ini.<br />
{{file|name=${XDG_CONFIG_HOME}/gtk-3.0/settings.ini|content=<br />
.....<br />
gtk-icon-theme-name = my_new_icon_theme<br />
.....<br />
}}<br />
<br />
=== Start program automatically after login to GNOME 3 ===<br />
You can specify which programs to start automatically after login using the '''gnome-session-properties''' tool, which is a part of the '''gnome-session''' package.<br />
$ gnome-session-properties<br />
<br />
=== Removing folders from the "Computer" section in Nautilus's Places sidebar ===<br />
<br />
The displayed folders are specified in {{Filename|~/.config/user-dirs.dirs}} and can be altered with any editor. An execution of {{codeline|xdg-user-dirs-update}} will change them again, thus it may be advisable to set the file permissions to read-only.<br />
<br />
=== Setting the default terminal via console ===<br />
<br />
{{codeline|gsettings}}, which replaces {{codeline|gconftool-2}} in Gnome 3, is used to set e. g. the default terminal manually. The setting is relevant for ''nautilus-open-terminal''.<br />
<br />
The commands for [[rxvt-unicode|urxvt]] run as daemon:<br />
<br />
gsettings set org.gnome.desktop.default-applications.terminal exec urxvtc<br />
gsettings set org.gnome.desktop.default-applications.terminal exec-arg "'-e'"<br />
<br />
=== Setting Nautilus to Use Location Bar Entry ===<br />
<br />
If you want to enter path locations manually in Nautilus you can press ctrl+l. To make this persistent you can use gsettings.<br />
<br />
gsettings set org.gnome.nautilus.preferences always-use-location-entry true<br />
<br />
=== Disable accessibility icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''noa11y.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['a11y'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "noa11y.icon@panel.ui",<br />
"name": "na11y",<br />
"description": "Turn off the ally icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Disable bluetooth icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''nobluetooth.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['bluetooth'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "nobluetooth.icon@panel.ui",<br />
"name": "nbluetooth",<br />
"description": "Turn off the bluetooth icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Middle Mouse Button Emulation ===<br />
<br />
By default, GNOME 3 disables middle mouse button emulation regardless of Xorg settings ('''Emulate3Buttons'''). To enable middle mouse button emulation use:<br />
<br />
gsettings set org.gnome.settings-daemon.peripherals.mouse middle-button-enabled true<br />
<br />
== Enabling fallback mode==<br />
<br />
Your session will automatically start in fallback mode if gnome-shell is not present. If you want to enable it while having gnome-shell installed, open gnome-control-center. Open System Info > Graphics. Change ''Forced Fallback Mode'' to ''ON''.<br />
<br />
== Enabling hidden features ==<br />
<br />
Gnome 3.0 hides a lot of useful options which you can customize with '''dconf-editor''' or '''gconf-editor''' for settings not yet migrated to dconf.<br />
<br />
=== Changing Hotkeys ===<br />
<br />
In '''dconf-editor''', enable org.gnome.desktop.interface "can-change-accels".<br />
<br />
An example of changing the delete hotkey:<br />
Open nautilus, select any file/directory, then click "Edit" from the menubar, and hover over the "Move to Trash" menuitem.<br />
While hovering, push delete. The accel should change from "ctrl+del" to "del".<br />
<br />
Make sure you have selected a file, else the "Move to Trash" menuitem will be greyed out.<br />
You should disable "can-change-accels" afterwards, to prevent accidental accel changes.<br />
<br />
== How to shutdown through the Status menu ==<br />
<br />
For now, the Shutdown option seems to be hidden if the user presses the Status menu on the upper right. If you want to shutdown your system through the Status menu, click on it and then press the '''Alt''' button. The "'''Suspend'''" option will instantly turn into "Power off...", as long as you are pressing the Alt button, which will allow you to properly shutdown your system.<br />
<br />
You can also install the "Alternative Status Menu" extension (see the section on Enabling Extensions, below). This will put a permanent "Power Off" option in the Status menu below the usual suspend option.<br />
<br />
== Enabling integrated messaging ==<br />
<br />
Empathy, the engine behind the integrated messaging, and all of the system settings based on your messaging accounts will not show up unless the '''telepathy''' group of packages or at least one of the backends ('''telepathy-gabble''', or '''telepathy-haze''', for example) is installed. These are not included in the default Arch GNOME installs and the Empathy interface doesn't give a nice error message, it just fails to work silently. You can install them:<br />
<br />
# pacman -S telepathy<br />
<br />
== Enabling extensions ==<br />
<br />
Gnome Shell can be customised to an extent with extensions that have been written by others. These provide functionality like having a dock that is always present, and being able to change the shell theme. More details on the functionality of currently available extensions is given [http://www.webupd8.org/2011/04/gnome-shell-extensions-additional.html here] You can use the [http://aur.archlinux.org/packages.php?ID=47501 gnome-shell-extensions-git] package in the AUR to install them. Restart Gnome to enable them.<br />
<br />
If installing the extensions causes Gnome to stop working then you must remove the user-theme extension and and the auto-move-windows extension from their installation directory (could be in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions or /usr/local/share/gnome-shell/extensions). Removing or adding extensions to these directories will remove or install them form the system. More details on Gnome Shell extensions are available [https://live.gnome.org/GnomeShell/Extensions here].<br />
<br />
== Troubleshooting ==<br />
=== My GTK2+ apps show segfaults and won't start ===<br />
<br />
That usually happens when '''oxygen-gtk''' is installed. That theme conflicts somehow with GNOME 3's or/and GTK3 settings and when it has been set as a GTK2 theme, the GTK2 apps segfault with errors like:<br />
<br />
<pre> (firefox-bin:14345): GLib-GObject-WARNING **: invalid (NULL) pointer instance<br />
<br />
(firefox-bin:14345): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_colormap_get_visual: assertion `GDK_IS_COLORMAP (colormap)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_window_new: assertion `GDK_IS_WINDOW (parent)' failed<br />
Segmentation fault<br />
</pre><br />
<br />
The current "workaround" is to '''remove''' '''oxygen-gtk''' from the system completely and set another theme for your apps.<br />
<br />
=== Nautilus segmentation fault in non-GNOME environments ===<br />
Nautilus 3.x depends on gnome-icon-theme and will seg fault if it's missing. See [https://bugs.archlinux.org/task/24099 bug #24099].<br />
<br />
=== I use the ATI Catalyst driver and I encounter glitches and artifacts while using GNOME Shell ===<br />
<br />
For the moment, Catalyst is not proposed to be used while running GNOME Shell. The opensource ATI driver, xf86-video-ati, however, seems to be working properly with the GNOME 3 composited desktop.<br />
<br />
=== I have multiple monitors and the Dock extension appears stuck between them ===<br />
<br />
If you have multiple monitors configured using Nvidia Twinview, the dock extension may get sandwiched in-between the monitors. You can edit the source of this extension to reposition the dock to a position of your choosing.<br />
<br />
Edit '''/usr/share/gnome-shell/extensions/dock@gnome-shell-extensions.gnome.org/extension.js''' and locate this line in the source:<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-2, (primary.height-height)/2);<br />
<br />
The first parameter is the X position of the dock display, by subtracting 15 pixels as opposed to 2 pixels from this it correctly positioned on my primary monitor, you can play around with any X,Y coordinate pair to position it correctly.<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-15, (primary.height-height)/2);<br />
<br />
=== There are no event sounds for Empathy and other programs ===<br />
The '''sound-theme-freedesktop''' package must be installed for the default event sounds:<br />
# pacman -S sound-theme-freedesktop<br />
<br />
=== Editing hotkeys via can-change-accels fails ===<br />
It is also possible to manually change the keys via an application's so-called accel map file. Where it is to be found is up to the application: For instance, Thunar's is at {{Filename|~/.config/Thunar/accels.scm}}, whereas Nautilus's is located at {{Filename|~/.gnome2/accels/nautilus}}. The file should contain a list of possible hotkeys, each unchanged line commented out with a leading ";" that has to be removed for a change to become active.<br />
<br />
=== "Failed to load session 'gnome-fallback'" message ===<br />
Check if '''notification-daemon''' is installed.<br />
# pacman -S notification-daemon</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNOME&diff=139701GNOME2011-05-04T17:30:41Z<p>Thayer: /* Nautilus seg faults in non-GNOME environments */</p>
<hr />
<div>{{i18n|GNOME 3}}<br />
[[fr:gnome3]]<br />
<br />
[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|GNOME 3 provides a modern desktop, rewritten from scratch, using the GTK3+ toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary end}}<br />
<br />
For GNOME 3, the GNOME Project has started from scratch and created a completely new, modern desktop designed for today's users and technologies. In GNOME 3:<br />
* There is a new default modern visual theme and font<br />
* The Activities view which provides an easy way to access all your windows and applications<br />
* Built-in (integrated) messaging desktop services<br />
* A more subtle notifications system and a more discrete panel<br />
* A fast Activities search feature<br />
* A new System Settings application <br />
* ... and more features like: window tiling (Aero Snap like), an improved Nautilus etc. <br />
<br />
[more details on the [http://www.gnome3.org/ GNOME3] website]<br />
<br />
== Introduction ==<br />
<br />
GNOME3 comes with '''two''' interfaces, '''gnome-shell''' (the new, standard layout) and '''fallback''' mode. gnome-session will automatically detect if your computer is capable of running gnome-shell and will start fallback mode if not. <br />
<br />
'''Fallback''' mode is very similar to the GNOME 2.x layout (while using gnome-panel and metacity, instead of gnome-shell and Mutter).<br />
<br />
If you are on fallback mode you can still change the window manager with your preferred one.<br />
<br />
== Upgrade from the current gnome 2.32 ==<br />
<br />
{{Warning|The session might crash during the update and it is recommended that you run the update command in a screen session, from another DE or WM, or from tty}}<br />
<br />
# pacman -Syu <br />
<br />
'''Important''': You will end up with a system that has GNOME 3.x '''fallback''' mode. To install the new shell:<br />
<br />
# pacman -S gnome-shell<br />
<br />
== Installing to a new system ==<br />
<br />
GNOME 3 is in [extra]. You can install it by running the following command:<br />
<br />
# pacman -Syu gnome<br />
<br />
For additional applications<br />
<br />
# pacman -Syu gnome-extra<br />
<br />
===Daemons and modules needed by GNOME===<br />
<br />
The GNOME desktop requires one daemon, '''DBUS''' for proper operation. <br />
<br />
To start the DBUS daemon:<br />
# /etc/rc.d/dbus start<br />
<br />
Or add these daemons to the '''DAEMONS''' array in {{Filename|/etc/[[rc.conf]]}} so they will start on boot up, e.g.:<br />
<br />
DAEMONS=(syslog-ng '''dbus''' network crond)<br />
<br />
'''GVFS''' allows the mounting of virtual file systems (e.g. file systems over FTP or SMB) to be used by other applications, including the GNOME file manager Nautilus. This is done with the use of '''FUSE''': a user space virtual file system layer kernel module.<br />
<br />
To load the FUSE kernel module:<br />
# modprobe fuse<br />
<br />
Or add the module to the '''MODULES''' array in {{Filename|/etc/rc.conf}} so they will load at boot up, e.g.:<br />
<br />
MODULES=('''fuse''' usblp)<br />
<br />
{{Note|FUSE is a kernel module, not a daemon.}}<br />
<br />
===Running GNOME===<br />
<br />
For better desktop integration '''GDM''' is recommended (but other login managers, such as SLiM also work, see Policykit section).<br />
<br />
# pacman -S gdm<br />
<br />
Check out [[Display_Manager]] to learn how to start it correctly.<br />
<br />
If you prefer to start it from the console, add the following line to your {{Filename|~/.xinitrc}} file, making sure it's the last line and the only one that starts with ''exec'' (see [[xinitrc]]):<br />
exec ck-launch-session gnome-session<br />
<br />
Now GNOME will start when you enter the following command:<br />
$ startx<br />
<br />
== Using the shell ==<br />
<br />
See https://live.gnome.org/GnomeShell/CheatSheet<br />
<br />
== Customization ==<br />
=== Using Gnome-tweak-tool ===<br />
<br />
# pacman -S gnome-tweak-tool<br />
<br />
This tool can customize fonts, themes, minimize & maximize buttons and some other useful settings like what action is taken when the lid is closed.<br />
<br />
A good customization tutorial is http://blog.fpmurphy.com/2011/03/customizing-the-gnome-3-shell.html which explores the power of gsettings.<br />
<br />
===GDM Customization===<br />
<br />
GDM runs as the gdm user, which you need to be to change these settings. Login is disabled for the gdm user, so remove the "1" at the end of the gdm line in /etc/shadow to enable login. Don't forget to disable the account when you are done.<br />
<br />
gdm:!:14325:0:99999:7::'''1''':<br />
<br />
# su - gdm -s /bin/bash<br />
$ dbus-launch<br />
<br />
This command will print DBUS_SESSION_BUS_ADDRESS and DBUS_SESSION_BUS_PID. We need to export them<br />
<br />
$ export DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Jb433gMQHS,guid=fc14d4bf3d000e38276a5a2200000d38<br />
$ export DBUS_SESSION_BUS_PID=4283<br />
<br />
Check to see if dconf-service is running and if not, start it like this<br />
<br />
$ /usr/lib/dconf/dconf-service &<br />
<br />
====Wallpaper====<br />
$ GSETTINGS_BACKEND=dconf gsettings get org.gnome.desktop.background picture-uri<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/gnome/SundownDunes.jpg"<br />
<br />
You will need to point to a file where the gdm user has permission to read, not in your home directory.<br />
<br />
====Turning off the sound====<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.sound event-sounds false<br />
<br />
Insert a "1" back into /etc/shadow to disable gdm user login.<br />
<br />
=== Changing the GTK3 theme using settings.ini ===<br />
<br />
Similar to {{Filename|~/.gtkrc-2.0}} for GTK2+ it is possible to set the GTK3 (Gnome 3) theme via {{Filename|${XDG_CONFIG_HOME}/gtk-3.0/settings.ini}}. By default {{Filename|${XDG_CONFIG_HOME} }} is interpreted as {{Filename|~/.config}}.<br />
<br />
Only Adwaita theme exists in this moment for gtk3 and is available in '''gnome-themes-standard''' package.<br />
<br />
Example:<br />
<br />
[Settings]<br />
gtk-theme-name = Adwaita<br />
gtk-fallback-icon-theme = gnome<br />
# next option is applicable only if selected theme supports it<br />
gtk-application-prefer-dark-theme = true<br />
# set font name and dimension<br />
gtk-font-name = Sans 10<br />
<br />
It may be necessary to restart one's DE or WM for the settings to be applied.<br />
<br />
{{Note|More options can be find there: [http://developer.gnome.org/gtk3/3.0/GtkSettings.html#GtkSettings.properties GtkSettings documentation]}}<br />
<br />
===Setting an icon theme===<br />
<br />
{{Note | With gnome-tweak-tool version 3.0.3 and later, you can place icon theme you wish to use inside ~/.icons.}}<br />
<br />
Usefully, Gnome 3 is able to use Gnome 2 icon themes, which means you're not stuck with the default set. To do this, simply copy your desired icon theme's directory to ~/.icons. For example:<br />
<br />
$ cp -R /home/user/Desktop/my_new_icon_theme ~/.icons<br />
<br />
The new icon theme 'my_new_icon_theme' will now be selectable using the gnome-tweak-tool (under 'Interface'), otherwise it can be set with no need of gnome-tweak-tool by adding the gtk-icon-theme-name entry inside ${XDG_CONFIG_HOME}/gtk-3.0/settings.ini.<br />
{{file|name=${XDG_CONFIG_HOME}/gtk-3.0/settings.ini|content=<br />
.....<br />
gtk-icon-theme-name = my_new_icon_theme<br />
.....<br />
}}<br />
<br />
=== Start program automatically after login to GNOME 3 ===<br />
You can specify which programs to start automatically after login using the '''gnome-session-properties''' tool, which is a part of the '''gnome-session''' package.<br />
$ gnome-session-properties<br />
<br />
=== Removing folders from the "Computer" section in Nautilus's Places sidebar ===<br />
<br />
The displayed folders are specified in {{Filename|~/.config/user-dirs.dirs}} and can be altered with any editor. An execution of {{codeline|xdg-user-dirs-update}} will change them again, thus it may be advisable to set the file permissions to read-only.<br />
<br />
=== Setting the default terminal via console ===<br />
<br />
{{codeline|gsettings}}, which replaces {{codeline|gconftool-2}} in Gnome 3, is used to set e. g. the default terminal manually. The setting is relevant for ''nautilus-open-terminal''.<br />
<br />
The commands for [[rxvt-unicode|urxvt]] run as daemon:<br />
<br />
gsettings set org.gnome.desktop.default-applications.terminal exec urxvtc<br />
gsettings set org.gnome.desktop.default-applications.terminal exec-arg "'-e'"<br />
<br />
=== Setting Nautilus to Use Location Bar Entry ===<br />
<br />
If you want to enter path locations manually in Nautilus you can press ctrl+l. To make this persistent you can use gsettings.<br />
<br />
gsettings set org.gnome.nautilus.preferences always-use-location-entry true<br />
<br />
=== Disable accessibility icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''noa11y.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['a11y'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "noa11y.icon@panel.ui",<br />
"name": "na11y",<br />
"description": "Turn off the ally icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Disable bluetooth icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''nobluetooth.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['bluetooth'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "nobluetooth.icon@panel.ui",<br />
"name": "nbluetooth",<br />
"description": "Turn off the bluetooth icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Middle Mouse Button Emulation ===<br />
<br />
By default, GNOME 3 disables middle mouse button emulation regardless of Xorg settings ('''Emulate3Buttons'''). To enable middle mouse button emulation use:<br />
<br />
gsettings set org.gnome.settings-daemon.peripherals.mouse middle-button-enabled true<br />
<br />
== Enabling fallback mode==<br />
<br />
Your session will automatically start in fallback mode if gnome-shell is not present. If you want to enable it while having gnome-shell installed, open gnome-control-center. Open System Info > Graphics. Change ''Forced Fallback Mode'' to ''ON''.<br />
<br />
== Enabling hidden features ==<br />
<br />
Gnome 3.0 hides a lot of useful options which you can customize with '''dconf-editor''' or '''gconf-editor''' for settings not yet migrated to dconf.<br />
<br />
=== Changing Hotkeys ===<br />
<br />
In '''dconf-editor''', enable org.gnome.desktop.interface "can-change-accels".<br />
<br />
An example of changing the delete hotkey:<br />
Open nautilus, select any file/directory, then click "Edit" from the menubar, and hover over the "Move to Trash" menuitem.<br />
While hovering, push delete. The accel should change from "ctrl+del" to "del".<br />
<br />
Make sure you have selected a file, else the "Move to Trash" menuitem will be greyed out.<br />
You should disable "can-change-accels" afterwards, to prevent accidental accel changes.<br />
<br />
== How to shutdown through the Status menu ==<br />
<br />
For now, the Shutdown option seems to be hidden if the user presses the Status menu on the upper right. If you want to shutdown your system through the Status menu, click on it and then press the '''Alt''' button. The "'''Suspend'''" option will instantly turn into "Power off...", as long as you are pressing the Alt button, which will allow you to properly shutdown your system.<br />
<br />
You can also install the "Alternative Status Menu" extension (see the section on Enabling Extensions, below). This will put a permanent "Power Off" option in the Status menu below the usual suspend option.<br />
<br />
== Enabling integrated messaging ==<br />
<br />
Empathy, the engine behind the integrated messaging, and all of the system settings based on your messaging accounts will not show up unless the '''telepathy''' group of packages or at least one of the backends ('''telepathy-gabble''', or '''telepathy-haze''', for example) is installed. These are not included in the default Arch GNOME installs and the Empathy interface doesn't give a nice error message, it just fails to work silently. You can install them:<br />
<br />
# pacman -S telepathy<br />
<br />
== Enabling extensions ==<br />
<br />
Gnome Shell can be customised to an extent with extensions that have been written by others. These provide functionality like having a dock that is always present, and being able to change the shell theme. More details on the functionality of currently available extensions is given [http://www.webupd8.org/2011/04/gnome-shell-extensions-additional.html here] You can use the [http://aur.archlinux.org/packages.php?ID=47501 gnome-shell-extensions-git] package in the AUR to install them. Restart Gnome to enable them.<br />
<br />
If installing the extensions causes Gnome to stop working then you must remove the user-theme extension and and the auto-move-windows extension from their installation directory (could be in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions or /usr/local/share/gnome-shell/extensions). Removing or adding extensions to these directories will remove or install them form the system. More details on Gnome Shell extensions are available [https://live.gnome.org/GnomeShell/Extensions here].<br />
<br />
== Troubleshooting ==<br />
=== My GTK2+ apps show segfaults and won't start ===<br />
<br />
That usually happens when '''oxygen-gtk''' is installed. That theme conflicts somehow with GNOME 3's or/and GTK3 settings and when it has been set as a GTK2 theme, the GTK2 apps segfault with errors like:<br />
<br />
<pre> (firefox-bin:14345): GLib-GObject-WARNING **: invalid (NULL) pointer instance<br />
<br />
(firefox-bin:14345): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_colormap_get_visual: assertion `GDK_IS_COLORMAP (colormap)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_window_new: assertion `GDK_IS_WINDOW (parent)' failed<br />
Segmentation fault<br />
</pre><br />
<br />
The current "workaround" is to '''remove''' '''oxygen-gtk''' from the system completely and set another theme for your apps.<br />
<br />
=== Nautilus segmentation fault in non-GNOME environments ===<br />
Nautilus depends on gnome-icon-theme and will seg fault if it's missing. See [https://bugs.archlinux.org/task/24099 bug #24099].<br />
<br />
=== I use the ATI Catalyst driver and I encounter glitches and artifacts while using GNOME Shell ===<br />
<br />
For the moment, Catalyst is not proposed to be used while running GNOME Shell. The opensource ATI driver, xf86-video-ati, however, seems to be working properly with the GNOME 3 composited desktop.<br />
<br />
=== I have multiple monitors and the Dock extension appears stuck between them ===<br />
<br />
If you have multiple monitors configured using Nvidia Twinview, the dock extension may get sandwiched in-between the monitors. You can edit the source of this extension to reposition the dock to a position of your choosing.<br />
<br />
Edit '''/usr/share/gnome-shell/extensions/dock@gnome-shell-extensions.gnome.org/extension.js''' and locate this line in the source:<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-2, (primary.height-height)/2);<br />
<br />
The first parameter is the X position of the dock display, by subtracting 15 pixels as opposed to 2 pixels from this it correctly positioned on my primary monitor, you can play around with any X,Y coordinate pair to position it correctly.<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-15, (primary.height-height)/2);<br />
<br />
=== There are no event sounds for Empathy and other programs ===<br />
The '''sound-theme-freedesktop''' package must be installed for the default event sounds:<br />
# pacman -S sound-theme-freedesktop<br />
<br />
=== Editing hotkeys via can-change-accels fails ===<br />
It is also possible to manually change the keys via an application's so-called accel map file. Where it is to be found is up to the application: For instance, Thunar's is at {{Filename|~/.config/Thunar/accels.scm}}, whereas Nautilus's is located at {{Filename|~/.gnome2/accels/nautilus}}. The file should contain a list of possible hotkeys, each unchanged line commented out with a leading ";" that has to be removed for a change to become active.<br />
<br />
=== "Failed to load session 'gnome-fallback'" message ===<br />
Check if '''notification-daemon''' is installed.<br />
# pacman -S notification-daemon</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNOME&diff=139700GNOME2011-05-04T17:30:18Z<p>Thayer: /* Troubleshooting */</p>
<hr />
<div>{{i18n|GNOME 3}}<br />
[[fr:gnome3]]<br />
<br />
[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|GNOME 3 provides a modern desktop, rewritten from scratch, using the GTK3+ toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary end}}<br />
<br />
For GNOME 3, the GNOME Project has started from scratch and created a completely new, modern desktop designed for today's users and technologies. In GNOME 3:<br />
* There is a new default modern visual theme and font<br />
* The Activities view which provides an easy way to access all your windows and applications<br />
* Built-in (integrated) messaging desktop services<br />
* A more subtle notifications system and a more discrete panel<br />
* A fast Activities search feature<br />
* A new System Settings application <br />
* ... and more features like: window tiling (Aero Snap like), an improved Nautilus etc. <br />
<br />
[more details on the [http://www.gnome3.org/ GNOME3] website]<br />
<br />
== Introduction ==<br />
<br />
GNOME3 comes with '''two''' interfaces, '''gnome-shell''' (the new, standard layout) and '''fallback''' mode. gnome-session will automatically detect if your computer is capable of running gnome-shell and will start fallback mode if not. <br />
<br />
'''Fallback''' mode is very similar to the GNOME 2.x layout (while using gnome-panel and metacity, instead of gnome-shell and Mutter).<br />
<br />
If you are on fallback mode you can still change the window manager with your preferred one.<br />
<br />
== Upgrade from the current gnome 2.32 ==<br />
<br />
{{Warning|The session might crash during the update and it is recommended that you run the update command in a screen session, from another DE or WM, or from tty}}<br />
<br />
# pacman -Syu <br />
<br />
'''Important''': You will end up with a system that has GNOME 3.x '''fallback''' mode. To install the new shell:<br />
<br />
# pacman -S gnome-shell<br />
<br />
== Installing to a new system ==<br />
<br />
GNOME 3 is in [extra]. You can install it by running the following command:<br />
<br />
# pacman -Syu gnome<br />
<br />
For additional applications<br />
<br />
# pacman -Syu gnome-extra<br />
<br />
===Daemons and modules needed by GNOME===<br />
<br />
The GNOME desktop requires one daemon, '''DBUS''' for proper operation. <br />
<br />
To start the DBUS daemon:<br />
# /etc/rc.d/dbus start<br />
<br />
Or add these daemons to the '''DAEMONS''' array in {{Filename|/etc/[[rc.conf]]}} so they will start on boot up, e.g.:<br />
<br />
DAEMONS=(syslog-ng '''dbus''' network crond)<br />
<br />
'''GVFS''' allows the mounting of virtual file systems (e.g. file systems over FTP or SMB) to be used by other applications, including the GNOME file manager Nautilus. This is done with the use of '''FUSE''': a user space virtual file system layer kernel module.<br />
<br />
To load the FUSE kernel module:<br />
# modprobe fuse<br />
<br />
Or add the module to the '''MODULES''' array in {{Filename|/etc/rc.conf}} so they will load at boot up, e.g.:<br />
<br />
MODULES=('''fuse''' usblp)<br />
<br />
{{Note|FUSE is a kernel module, not a daemon.}}<br />
<br />
===Running GNOME===<br />
<br />
For better desktop integration '''GDM''' is recommended (but other login managers, such as SLiM also work, see Policykit section).<br />
<br />
# pacman -S gdm<br />
<br />
Check out [[Display_Manager]] to learn how to start it correctly.<br />
<br />
If you prefer to start it from the console, add the following line to your {{Filename|~/.xinitrc}} file, making sure it's the last line and the only one that starts with ''exec'' (see [[xinitrc]]):<br />
exec ck-launch-session gnome-session<br />
<br />
Now GNOME will start when you enter the following command:<br />
$ startx<br />
<br />
== Using the shell ==<br />
<br />
See https://live.gnome.org/GnomeShell/CheatSheet<br />
<br />
== Customization ==<br />
=== Using Gnome-tweak-tool ===<br />
<br />
# pacman -S gnome-tweak-tool<br />
<br />
This tool can customize fonts, themes, minimize & maximize buttons and some other useful settings like what action is taken when the lid is closed.<br />
<br />
A good customization tutorial is http://blog.fpmurphy.com/2011/03/customizing-the-gnome-3-shell.html which explores the power of gsettings.<br />
<br />
===GDM Customization===<br />
<br />
GDM runs as the gdm user, which you need to be to change these settings. Login is disabled for the gdm user, so remove the "1" at the end of the gdm line in /etc/shadow to enable login. Don't forget to disable the account when you are done.<br />
<br />
gdm:!:14325:0:99999:7::'''1''':<br />
<br />
# su - gdm -s /bin/bash<br />
$ dbus-launch<br />
<br />
This command will print DBUS_SESSION_BUS_ADDRESS and DBUS_SESSION_BUS_PID. We need to export them<br />
<br />
$ export DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Jb433gMQHS,guid=fc14d4bf3d000e38276a5a2200000d38<br />
$ export DBUS_SESSION_BUS_PID=4283<br />
<br />
Check to see if dconf-service is running and if not, start it like this<br />
<br />
$ /usr/lib/dconf/dconf-service &<br />
<br />
====Wallpaper====<br />
$ GSETTINGS_BACKEND=dconf gsettings get org.gnome.desktop.background picture-uri<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/gnome/SundownDunes.jpg"<br />
<br />
You will need to point to a file where the gdm user has permission to read, not in your home directory.<br />
<br />
====Turning off the sound====<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.sound event-sounds false<br />
<br />
Insert a "1" back into /etc/shadow to disable gdm user login.<br />
<br />
=== Changing the GTK3 theme using settings.ini ===<br />
<br />
Similar to {{Filename|~/.gtkrc-2.0}} for GTK2+ it is possible to set the GTK3 (Gnome 3) theme via {{Filename|${XDG_CONFIG_HOME}/gtk-3.0/settings.ini}}. By default {{Filename|${XDG_CONFIG_HOME} }} is interpreted as {{Filename|~/.config}}.<br />
<br />
Only Adwaita theme exists in this moment for gtk3 and is available in '''gnome-themes-standard''' package.<br />
<br />
Example:<br />
<br />
[Settings]<br />
gtk-theme-name = Adwaita<br />
gtk-fallback-icon-theme = gnome<br />
# next option is applicable only if selected theme supports it<br />
gtk-application-prefer-dark-theme = true<br />
# set font name and dimension<br />
gtk-font-name = Sans 10<br />
<br />
It may be necessary to restart one's DE or WM for the settings to be applied.<br />
<br />
{{Note|More options can be find there: [http://developer.gnome.org/gtk3/3.0/GtkSettings.html#GtkSettings.properties GtkSettings documentation]}}<br />
<br />
===Setting an icon theme===<br />
<br />
{{Note | With gnome-tweak-tool version 3.0.3 and later, you can place icon theme you wish to use inside ~/.icons.}}<br />
<br />
Usefully, Gnome 3 is able to use Gnome 2 icon themes, which means you're not stuck with the default set. To do this, simply copy your desired icon theme's directory to ~/.icons. For example:<br />
<br />
$ cp -R /home/user/Desktop/my_new_icon_theme ~/.icons<br />
<br />
The new icon theme 'my_new_icon_theme' will now be selectable using the gnome-tweak-tool (under 'Interface'), otherwise it can be set with no need of gnome-tweak-tool by adding the gtk-icon-theme-name entry inside ${XDG_CONFIG_HOME}/gtk-3.0/settings.ini.<br />
{{file|name=${XDG_CONFIG_HOME}/gtk-3.0/settings.ini|content=<br />
.....<br />
gtk-icon-theme-name = my_new_icon_theme<br />
.....<br />
}}<br />
<br />
=== Start program automatically after login to GNOME 3 ===<br />
You can specify which programs to start automatically after login using the '''gnome-session-properties''' tool, which is a part of the '''gnome-session''' package.<br />
$ gnome-session-properties<br />
<br />
=== Removing folders from the "Computer" section in Nautilus's Places sidebar ===<br />
<br />
The displayed folders are specified in {{Filename|~/.config/user-dirs.dirs}} and can be altered with any editor. An execution of {{codeline|xdg-user-dirs-update}} will change them again, thus it may be advisable to set the file permissions to read-only.<br />
<br />
=== Setting the default terminal via console ===<br />
<br />
{{codeline|gsettings}}, which replaces {{codeline|gconftool-2}} in Gnome 3, is used to set e. g. the default terminal manually. The setting is relevant for ''nautilus-open-terminal''.<br />
<br />
The commands for [[rxvt-unicode|urxvt]] run as daemon:<br />
<br />
gsettings set org.gnome.desktop.default-applications.terminal exec urxvtc<br />
gsettings set org.gnome.desktop.default-applications.terminal exec-arg "'-e'"<br />
<br />
=== Setting Nautilus to Use Location Bar Entry ===<br />
<br />
If you want to enter path locations manually in Nautilus you can press ctrl+l. To make this persistent you can use gsettings.<br />
<br />
gsettings set org.gnome.nautilus.preferences always-use-location-entry true<br />
<br />
=== Disable accessibility icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''noa11y.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['a11y'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "noa11y.icon@panel.ui",<br />
"name": "na11y",<br />
"description": "Turn off the ally icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Disable bluetooth icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''nobluetooth.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['bluetooth'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "nobluetooth.icon@panel.ui",<br />
"name": "nbluetooth",<br />
"description": "Turn off the bluetooth icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Middle Mouse Button Emulation ===<br />
<br />
By default, GNOME 3 disables middle mouse button emulation regardless of Xorg settings ('''Emulate3Buttons'''). To enable middle mouse button emulation use:<br />
<br />
gsettings set org.gnome.settings-daemon.peripherals.mouse middle-button-enabled true<br />
<br />
== Enabling fallback mode==<br />
<br />
Your session will automatically start in fallback mode if gnome-shell is not present. If you want to enable it while having gnome-shell installed, open gnome-control-center. Open System Info > Graphics. Change ''Forced Fallback Mode'' to ''ON''.<br />
<br />
== Enabling hidden features ==<br />
<br />
Gnome 3.0 hides a lot of useful options which you can customize with '''dconf-editor''' or '''gconf-editor''' for settings not yet migrated to dconf.<br />
<br />
=== Changing Hotkeys ===<br />
<br />
In '''dconf-editor''', enable org.gnome.desktop.interface "can-change-accels".<br />
<br />
An example of changing the delete hotkey:<br />
Open nautilus, select any file/directory, then click "Edit" from the menubar, and hover over the "Move to Trash" menuitem.<br />
While hovering, push delete. The accel should change from "ctrl+del" to "del".<br />
<br />
Make sure you have selected a file, else the "Move to Trash" menuitem will be greyed out.<br />
You should disable "can-change-accels" afterwards, to prevent accidental accel changes.<br />
<br />
== How to shutdown through the Status menu ==<br />
<br />
For now, the Shutdown option seems to be hidden if the user presses the Status menu on the upper right. If you want to shutdown your system through the Status menu, click on it and then press the '''Alt''' button. The "'''Suspend'''" option will instantly turn into "Power off...", as long as you are pressing the Alt button, which will allow you to properly shutdown your system.<br />
<br />
You can also install the "Alternative Status Menu" extension (see the section on Enabling Extensions, below). This will put a permanent "Power Off" option in the Status menu below the usual suspend option.<br />
<br />
== Enabling integrated messaging ==<br />
<br />
Empathy, the engine behind the integrated messaging, and all of the system settings based on your messaging accounts will not show up unless the '''telepathy''' group of packages or at least one of the backends ('''telepathy-gabble''', or '''telepathy-haze''', for example) is installed. These are not included in the default Arch GNOME installs and the Empathy interface doesn't give a nice error message, it just fails to work silently. You can install them:<br />
<br />
# pacman -S telepathy<br />
<br />
== Enabling extensions ==<br />
<br />
Gnome Shell can be customised to an extent with extensions that have been written by others. These provide functionality like having a dock that is always present, and being able to change the shell theme. More details on the functionality of currently available extensions is given [http://www.webupd8.org/2011/04/gnome-shell-extensions-additional.html here] You can use the [http://aur.archlinux.org/packages.php?ID=47501 gnome-shell-extensions-git] package in the AUR to install them. Restart Gnome to enable them.<br />
<br />
If installing the extensions causes Gnome to stop working then you must remove the user-theme extension and and the auto-move-windows extension from their installation directory (could be in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions or /usr/local/share/gnome-shell/extensions). Removing or adding extensions to these directories will remove or install them form the system. More details on Gnome Shell extensions are available [https://live.gnome.org/GnomeShell/Extensions here].<br />
<br />
== Troubleshooting ==<br />
=== My GTK2+ apps show segfaults and won't start ===<br />
<br />
That usually happens when '''oxygen-gtk''' is installed. That theme conflicts somehow with GNOME 3's or/and GTK3 settings and when it has been set as a GTK2 theme, the GTK2 apps segfault with errors like:<br />
<br />
<pre> (firefox-bin:14345): GLib-GObject-WARNING **: invalid (NULL) pointer instance<br />
<br />
(firefox-bin:14345): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_colormap_get_visual: assertion `GDK_IS_COLORMAP (colormap)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_window_new: assertion `GDK_IS_WINDOW (parent)' failed<br />
Segmentation fault<br />
</pre><br />
<br />
The current "workaround" is to '''remove''' '''oxygen-gtk''' from the system completely and set another theme for your apps.<br />
<br />
=== Nautilus seg faults in non-GNOME environments ===<br />
Nautilus depends on gnome-icon-theme and will seg fault if it's missing. See [https://bugs.archlinux.org/task/24099 bug #24099].<br />
<br />
=== I use the ATI Catalyst driver and I encounter glitches and artifacts while using GNOME Shell ===<br />
<br />
For the moment, Catalyst is not proposed to be used while running GNOME Shell. The opensource ATI driver, xf86-video-ati, however, seems to be working properly with the GNOME 3 composited desktop.<br />
<br />
=== I have multiple monitors and the Dock extension appears stuck between them ===<br />
<br />
If you have multiple monitors configured using Nvidia Twinview, the dock extension may get sandwiched in-between the monitors. You can edit the source of this extension to reposition the dock to a position of your choosing.<br />
<br />
Edit '''/usr/share/gnome-shell/extensions/dock@gnome-shell-extensions.gnome.org/extension.js''' and locate this line in the source:<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-2, (primary.height-height)/2);<br />
<br />
The first parameter is the X position of the dock display, by subtracting 15 pixels as opposed to 2 pixels from this it correctly positioned on my primary monitor, you can play around with any X,Y coordinate pair to position it correctly.<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-15, (primary.height-height)/2);<br />
<br />
=== There are no event sounds for Empathy and other programs ===<br />
The '''sound-theme-freedesktop''' package must be installed for the default event sounds:<br />
# pacman -S sound-theme-freedesktop<br />
<br />
=== Editing hotkeys via can-change-accels fails ===<br />
It is also possible to manually change the keys via an application's so-called accel map file. Where it is to be found is up to the application: For instance, Thunar's is at {{Filename|~/.config/Thunar/accels.scm}}, whereas Nautilus's is located at {{Filename|~/.gnome2/accels/nautilus}}. The file should contain a list of possible hotkeys, each unchanged line commented out with a leading ";" that has to be removed for a change to become active.<br />
<br />
=== "Failed to load session 'gnome-fallback'" message ===<br />
Check if '''notification-daemon''' is installed.<br />
# pacman -S notification-daemon</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNOME&diff=139699GNOME2011-05-04T17:25:54Z<p>Thayer: spelling</p>
<hr />
<div>{{i18n|GNOME 3}}<br />
[[fr:gnome3]]<br />
<br />
[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|GNOME 3 provides a modern desktop, rewritten from scratch, using the GTK3+ toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary end}}<br />
<br />
For GNOME 3, the GNOME Project has started from scratch and created a completely new, modern desktop designed for today's users and technologies. In GNOME 3:<br />
* There is a new default modern visual theme and font<br />
* The Activities view which provides an easy way to access all your windows and applications<br />
* Built-in (integrated) messaging desktop services<br />
* A more subtle notifications system and a more discrete panel<br />
* A fast Activities search feature<br />
* A new System Settings application <br />
* ... and more features like: window tiling (Aero Snap like), an improved Nautilus etc. <br />
<br />
[more details on the [http://www.gnome3.org/ GNOME3] website]<br />
<br />
== Introduction ==<br />
<br />
GNOME3 comes with '''two''' interfaces, '''gnome-shell''' (the new, standard layout) and '''fallback''' mode. gnome-session will automatically detect if your computer is capable of running gnome-shell and will start fallback mode if not. <br />
<br />
'''Fallback''' mode is very similar to the GNOME 2.x layout (while using gnome-panel and metacity, instead of gnome-shell and Mutter).<br />
<br />
If you are on fallback mode you can still change the window manager with your preferred one.<br />
<br />
== Upgrade from the current gnome 2.32 ==<br />
<br />
{{Warning|The session might crash during the update and it is recommended that you run the update command in a screen session, from another DE or WM, or from tty}}<br />
<br />
# pacman -Syu <br />
<br />
'''Important''': You will end up with a system that has GNOME 3.x '''fallback''' mode. To install the new shell:<br />
<br />
# pacman -S gnome-shell<br />
<br />
== Installing to a new system ==<br />
<br />
GNOME 3 is in [extra]. You can install it by running the following command:<br />
<br />
# pacman -Syu gnome<br />
<br />
For additional applications<br />
<br />
# pacman -Syu gnome-extra<br />
<br />
===Daemons and modules needed by GNOME===<br />
<br />
The GNOME desktop requires one daemon, '''DBUS''' for proper operation. <br />
<br />
To start the DBUS daemon:<br />
# /etc/rc.d/dbus start<br />
<br />
Or add these daemons to the '''DAEMONS''' array in {{Filename|/etc/[[rc.conf]]}} so they will start on boot up, e.g.:<br />
<br />
DAEMONS=(syslog-ng '''dbus''' network crond)<br />
<br />
'''GVFS''' allows the mounting of virtual file systems (e.g. file systems over FTP or SMB) to be used by other applications, including the GNOME file manager Nautilus. This is done with the use of '''FUSE''': a user space virtual file system layer kernel module.<br />
<br />
To load the FUSE kernel module:<br />
# modprobe fuse<br />
<br />
Or add the module to the '''MODULES''' array in {{Filename|/etc/rc.conf}} so they will load at boot up, e.g.:<br />
<br />
MODULES=('''fuse''' usblp)<br />
<br />
{{Note|FUSE is a kernel module, not a daemon.}}<br />
<br />
===Running GNOME===<br />
<br />
For better desktop integration '''GDM''' is recommended (but other login managers, such as SLiM also work, see Policykit section).<br />
<br />
# pacman -S gdm<br />
<br />
Check out [[Display_Manager]] to learn how to start it correctly.<br />
<br />
If you prefer to start it from the console, add the following line to your {{Filename|~/.xinitrc}} file, making sure it's the last line and the only one that starts with ''exec'' (see [[xinitrc]]):<br />
exec ck-launch-session gnome-session<br />
<br />
Now GNOME will start when you enter the following command:<br />
$ startx<br />
<br />
== Using the shell ==<br />
<br />
See https://live.gnome.org/GnomeShell/CheatSheet<br />
<br />
== Customization ==<br />
=== Using Gnome-tweak-tool ===<br />
<br />
# pacman -S gnome-tweak-tool<br />
<br />
This tool can customize fonts, themes, minimize & maximize buttons and some other useful settings like what action is taken when the lid is closed.<br />
<br />
A good customization tutorial is http://blog.fpmurphy.com/2011/03/customizing-the-gnome-3-shell.html which explores the power of gsettings.<br />
<br />
===GDM Customization===<br />
<br />
GDM runs as the gdm user, which you need to be to change these settings. Login is disabled for the gdm user, so remove the "1" at the end of the gdm line in /etc/shadow to enable login. Don't forget to disable the account when you are done.<br />
<br />
gdm:!:14325:0:99999:7::'''1''':<br />
<br />
# su - gdm -s /bin/bash<br />
$ dbus-launch<br />
<br />
This command will print DBUS_SESSION_BUS_ADDRESS and DBUS_SESSION_BUS_PID. We need to export them<br />
<br />
$ export DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Jb433gMQHS,guid=fc14d4bf3d000e38276a5a2200000d38<br />
$ export DBUS_SESSION_BUS_PID=4283<br />
<br />
Check to see if dconf-service is running and if not, start it like this<br />
<br />
$ /usr/lib/dconf/dconf-service &<br />
<br />
====Wallpaper====<br />
$ GSETTINGS_BACKEND=dconf gsettings get org.gnome.desktop.background picture-uri<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/gnome/SundownDunes.jpg"<br />
<br />
You will need to point to a file where the gdm user has permission to read, not in your home directory.<br />
<br />
====Turning off the sound====<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.sound event-sounds false<br />
<br />
Insert a "1" back into /etc/shadow to disable gdm user login.<br />
<br />
=== Changing the GTK3 theme using settings.ini ===<br />
<br />
Similar to {{Filename|~/.gtkrc-2.0}} for GTK2+ it is possible to set the GTK3 (Gnome 3) theme via {{Filename|${XDG_CONFIG_HOME}/gtk-3.0/settings.ini}}. By default {{Filename|${XDG_CONFIG_HOME} }} is interpreted as {{Filename|~/.config}}.<br />
<br />
Only Adwaita theme exists in this moment for gtk3 and is available in '''gnome-themes-standard''' package.<br />
<br />
Example:<br />
<br />
[Settings]<br />
gtk-theme-name = Adwaita<br />
gtk-fallback-icon-theme = gnome<br />
# next option is applicable only if selected theme supports it<br />
gtk-application-prefer-dark-theme = true<br />
# set font name and dimension<br />
gtk-font-name = Sans 10<br />
<br />
It may be necessary to restart one's DE or WM for the settings to be applied.<br />
<br />
{{Note|More options can be find there: [http://developer.gnome.org/gtk3/3.0/GtkSettings.html#GtkSettings.properties GtkSettings documentation]}}<br />
<br />
===Setting an icon theme===<br />
<br />
{{Note | With gnome-tweak-tool version 3.0.3 and later, you can place icon theme you wish to use inside ~/.icons.}}<br />
<br />
Usefully, Gnome 3 is able to use Gnome 2 icon themes, which means you're not stuck with the default set. To do this, simply copy your desired icon theme's directory to ~/.icons. For example:<br />
<br />
$ cp -R /home/user/Desktop/my_new_icon_theme ~/.icons<br />
<br />
The new icon theme 'my_new_icon_theme' will now be selectable using the gnome-tweak-tool (under 'Interface'), otherwise it can be set with no need of gnome-tweak-tool by adding the gtk-icon-theme-name entry inside ${XDG_CONFIG_HOME}/gtk-3.0/settings.ini.<br />
{{file|name=${XDG_CONFIG_HOME}/gtk-3.0/settings.ini|content=<br />
.....<br />
gtk-icon-theme-name = my_new_icon_theme<br />
.....<br />
}}<br />
<br />
=== Start program automatically after login to GNOME 3 ===<br />
You can specify which programs to start automatically after login using the '''gnome-session-properties''' tool, which is a part of the '''gnome-session''' package.<br />
$ gnome-session-properties<br />
<br />
=== Removing folders from the "Computer" section in Nautilus's Places sidebar ===<br />
<br />
The displayed folders are specified in {{Filename|~/.config/user-dirs.dirs}} and can be altered with any editor. An execution of {{codeline|xdg-user-dirs-update}} will change them again, thus it may be advisable to set the file permissions to read-only.<br />
<br />
=== Setting the default terminal via console ===<br />
<br />
{{codeline|gsettings}}, which replaces {{codeline|gconftool-2}} in Gnome 3, is used to set e. g. the default terminal manually. The setting is relevant for ''nautilus-open-terminal''.<br />
<br />
The commands for [[rxvt-unicode|urxvt]] run as daemon:<br />
<br />
gsettings set org.gnome.desktop.default-applications.terminal exec urxvtc<br />
gsettings set org.gnome.desktop.default-applications.terminal exec-arg "'-e'"<br />
<br />
=== Setting Nautilus to Use Location Bar Entry ===<br />
<br />
If you want to enter path locations manually in Nautilus you can press ctrl+l. To make this persistent you can use gsettings.<br />
<br />
gsettings set org.gnome.nautilus.preferences always-use-location-entry true<br />
<br />
=== Disable accessibility icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''noa11y.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['a11y'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "noa11y.icon@panel.ui",<br />
"name": "na11y",<br />
"description": "Turn off the ally icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Disable bluetooth icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''nobluetooth.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['bluetooth'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "nobluetooth.icon@panel.ui",<br />
"name": "nbluetooth",<br />
"description": "Turn off the bluetooth icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Middle Mouse Button Emulation ===<br />
<br />
By default, GNOME 3 disables middle mouse button emulation regardless of Xorg settings ('''Emulate3Buttons'''). To enable middle mouse button emulation use:<br />
<br />
gsettings set org.gnome.settings-daemon.peripherals.mouse middle-button-enabled true<br />
<br />
== Enabling fallback mode==<br />
<br />
Your session will automatically start in fallback mode if gnome-shell is not present. If you want to enable it while having gnome-shell installed, open gnome-control-center. Open System Info > Graphics. Change ''Forced Fallback Mode'' to ''ON''.<br />
<br />
== Enabling hidden features ==<br />
<br />
Gnome 3.0 hides a lot of useful options which you can customize with '''dconf-editor''' or '''gconf-editor''' for settings not yet migrated to dconf.<br />
<br />
=== Changing Hotkeys ===<br />
<br />
In '''dconf-editor''', enable org.gnome.desktop.interface "can-change-accels".<br />
<br />
An example of changing the delete hotkey:<br />
Open nautilus, select any file/directory, then click "Edit" from the menubar, and hover over the "Move to Trash" menuitem.<br />
While hovering, push delete. The accel should change from "ctrl+del" to "del".<br />
<br />
Make sure you have selected a file, else the "Move to Trash" menuitem will be greyed out.<br />
You should disable "can-change-accels" afterwards, to prevent accidental accel changes.<br />
<br />
== How to shutdown through the Status menu ==<br />
<br />
For now, the Shutdown option seems to be hidden if the user presses the Status menu on the upper right. If you want to shutdown your system through the Status menu, click on it and then press the '''Alt''' button. The "'''Suspend'''" option will instantly turn into "Power off...", as long as you are pressing the Alt button, which will allow you to properly shutdown your system.<br />
<br />
You can also install the "Alternative Status Menu" extension (see the section on Enabling Extensions, below). This will put a permanent "Power Off" option in the Status menu below the usual suspend option.<br />
<br />
== Enabling integrated messaging ==<br />
<br />
Empathy, the engine behind the integrated messaging, and all of the system settings based on your messaging accounts will not show up unless the '''telepathy''' group of packages or at least one of the backends ('''telepathy-gabble''', or '''telepathy-haze''', for example) is installed. These are not included in the default Arch GNOME installs and the Empathy interface doesn't give a nice error message, it just fails to work silently. You can install them:<br />
<br />
# pacman -S telepathy<br />
<br />
== Enabling extensions ==<br />
<br />
Gnome Shell can be customised to an extent with extensions that have been written by others. These provide functionality like having a dock that is always present, and being able to change the shell theme. More details on the functionality of currently available extensions is given [http://www.webupd8.org/2011/04/gnome-shell-extensions-additional.html here] You can use the [http://aur.archlinux.org/packages.php?ID=47501 gnome-shell-extensions-git] package in the AUR to install them. Restart Gnome to enable them.<br />
<br />
If installing the extensions causes Gnome to stop working then you must remove the user-theme extension and and the auto-move-windows extension from their installation directory (could be in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions or /usr/local/share/gnome-shell/extensions). Removing or adding extensions to these directories will remove or install them form the system. More details on Gnome Shell extensions are available [https://live.gnome.org/GnomeShell/Extensions here].<br />
<br />
== Troubleshooting ==<br />
=== My GTK2+ apps show segfaults and won't start ===<br />
<br />
That usually happens when '''oxygen-gtk''' is installed. That theme conflicts somehow with GNOME 3's or/and GTK3 settings and when it has been set as a GTK2 theme, the GTK2 apps segfault with errors like:<br />
<br />
<pre> (firefox-bin:14345): GLib-GObject-WARNING **: invalid (NULL) pointer instance<br />
<br />
(firefox-bin:14345): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_colormap_get_visual: assertion `GDK_IS_COLORMAP (colormap)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_window_new: assertion `GDK_IS_WINDOW (parent)' failed<br />
Segmentation fault<br />
</pre><br />
<br />
The current "workaround" is to '''remove''' '''oxygen-gtk''' from the system completely and set another theme for your apps.<br />
<br />
=== I use the ATI Catalyst driver and I encounter glitches and artifacts while using GNOME Shell ===<br />
<br />
For the moment, Catalyst is not proposed to be used while running GNOME Shell. The opensource ATI driver, xf86-video-ati, however, seems to be working properly with the GNOME 3 composited desktop.<br />
<br />
=== I have multiple monitors and the Dock extension appears stuck between them ===<br />
<br />
If you have multiple monitors configured using Nvidia Twinview, the dock extension may get sandwiched in-between the monitors. You can edit the source of this extension to reposition the dock to a position of your choosing.<br />
<br />
Edit '''/usr/share/gnome-shell/extensions/dock@gnome-shell-extensions.gnome.org/extension.js''' and locate this line in the source:<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-2, (primary.height-height)/2);<br />
<br />
The first parameter is the X position of the dock display, by subtracting 15 pixels as opposed to 2 pixels from this it correctly positioned on my primary monitor, you can play around with any X,Y coordinate pair to position it correctly.<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-15, (primary.height-height)/2);<br />
<br />
=== There are no event sounds for Empathy and other programs ===<br />
The '''sound-theme-freedesktop''' package must be installed for the default event sounds:<br />
# pacman -S sound-theme-freedesktop<br />
<br />
=== Editing hotkeys via can-change-accels fails ===<br />
It is also possible to manually change the keys via an application's so-called accel map file. Where it is to be found is up to the application: For instance, Thunar's is at {{Filename|~/.config/Thunar/accels.scm}}, whereas Nautilus's is located at {{Filename|~/.gnome2/accels/nautilus}}. The file should contain a list of possible hotkeys, each unchanged line commented out with a leading ";" that has to be removed for a change to become active.<br />
<br />
=== "Failed to load session 'gnome-fallback'" message ===<br />
Check if '''notification-daemon''' is installed.<br />
# pacman -S notification-daemon</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNOME&diff=139698GNOME2011-05-04T17:25:26Z<p>Thayer: spelling</p>
<hr />
<div>{{i18n|GNOME 3}}<br />
[[fr:gnome3]]<br />
<br />
[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|GNOME 3 provides a modern desktop, rewritten from scratch, using the GTK3+ toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary end}}<br />
<br />
For GNOME 3, the GNOME Project has started from scratch and created a completely new, modern desktop designed for today's users and technologies. In GNOME 3:<br />
* There is a new default modern visual theme and font<br />
* The Activities view which provides an easy way to access all your windows and applications<br />
* Built-in (integrated) messaging desktop services<br />
* A more subtle notifications system and a more discrete panel<br />
* A fast Activities search feature<br />
* A new System Settings application <br />
* ... and more features like: window tiling (Aero Snap like), an improved Nautilus etc. <br />
<br />
[more details on the [http://www.gnome3.org/ GNOME3] website]<br />
<br />
== Introduction ==<br />
<br />
GNOME3 comes with '''two''' interfaces, '''gnome-shell''' (the new, standard layout) and '''fallback''' mode. gnome-session will automatically detect if your computer is capable of running gnome-shell and will start fallback mode if not. <br />
<br />
'''Fallback''' mode is very similar to the GNOME 2.x layout (while using gnome-panel and metacity, instead of gnome-shell and Mutter).<br />
<br />
If you are on fallback mode you can still change the window manager with your preferred one.<br />
<br />
== Upgrade from the current gnome 2.32 ==<br />
<br />
{{Warning|The session might crash during the update and it is recommended that you run the update command in a screen session, from another DE or WM, or from tty}}<br />
<br />
# pacman -Syu <br />
<br />
'''Important''': You will end up with a system that has GNOME 3.x '''fallback''' mode. To install the new shell:<br />
<br />
# pacman -S gnome-shell<br />
<br />
== Installing to a new system ==<br />
<br />
GNOME 3 is in [extra]. You can install it by running the following command:<br />
<br />
# pacman -Syu gnome<br />
<br />
For additional applications<br />
<br />
# pacman -Syu gnome-extra<br />
<br />
===Daemons and modules needed by GNOME===<br />
<br />
The GNOME desktop requires one daemon, '''DBUS''' for proper operation. <br />
<br />
To start the DBUS daemon:<br />
# /etc/rc.d/dbus start<br />
<br />
Or add these daemons to the '''DAEMONS''' array in {{Filename|/etc/[[rc.conf]]}} so they will start on boot up, e.g.:<br />
<br />
DAEMONS=(syslog-ng '''dbus''' network crond)<br />
<br />
'''GVFS''' allows the mounting of virtual file systems (e.g. file systems over FTP or SMB) to be used by other applications, including the GNOME file manager Nautilus. This is done with the use of '''FUSE''': a user space virtual file system layer kernel module.<br />
<br />
To load the FUSE kernel module:<br />
# modprobe fuse<br />
<br />
Or add the module to the '''MODULES''' array in {{Filename|/etc/rc.conf}} so they will load at boot up, e.g.:<br />
<br />
MODULES=('''fuse''' usblp)<br />
<br />
{{Note|FUSE is a kernel module, not a daemon.}}<br />
<br />
===Running GNOME===<br />
<br />
For better desktop integration '''GDM''' is recommended (but other login managers, such as SLiM also work, see Policykit section).<br />
<br />
# pacman -S gdm<br />
<br />
Check out [[Display_Manager]] to learn how to start it correctly.<br />
<br />
If you prefer to start it from the console, add the following line to your {{Filename|~/.xinitrc}} file, making sure it's the last line and the only one that starts with ''exec'' (see [[xinitrc]]):<br />
exec ck-launch-session gnome-session<br />
<br />
Now GNOME will start when you enter the following command:<br />
$ startx<br />
<br />
== Using the shell ==<br />
<br />
See https://live.gnome.org/GnomeShell/CheatSheet<br />
<br />
== Customization ==<br />
=== Using Gnome-tweak-tool ===<br />
<br />
# pacman -S gnome-tweak-tool<br />
<br />
This tool can customize fonts, themes, minimize & maximize buttons and some other useful settings like what action is taken when the lid is closed.<br />
<br />
A good customization tutorial is http://blog.fpmurphy.com/2011/03/customizing-the-gnome-3-shell.html which explores the power of gsettings.<br />
<br />
===GDM Customization===<br />
<br />
GDM runs as the gdm user, which you need to be to change these settings. Login is disabled for the gdm user, so remove the "1" at the end of the gdm line in /etc/shadow to enable login. Don't forget to disable the account when you are done.<br />
<br />
gdm:!:14325:0:99999:7::'''1''':<br />
<br />
# su - gdm -s /bin/bash<br />
$ dbus-launch<br />
<br />
This command will print DBUS_SESSION_BUS_ADDRESS and DBUS_SESSION_BUS_PID. We need to export them<br />
<br />
$ export DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Jb433gMQHS,guid=fc14d4bf3d000e38276a5a2200000d38<br />
$ export DBUS_SESSION_BUS_PID=4283<br />
<br />
Check to see if dconf-service is running and if not, start it like this<br />
<br />
$ /usr/lib/dconf/dconf-service &<br />
<br />
====Wallpaper====<br />
$ GSETTINGS_BACKEND=dconf gsettings get org.gnome.desktop.background picture-uri<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/gnome/SundownDunes.jpg"<br />
<br />
You will need to point to a file where the gdm user has permission to read, not in your home directory.<br />
<br />
====Turning off the sound====<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.sound event-sounds false<br />
<br />
Insert a "1" back into /etc/shadow to disable gdm user login.<br />
<br />
=== Changing the GTK3 theme using settings.ini ===<br />
<br />
Similar to {{Filename|~/.gtkrc-2.0}} for GTK2+ it is possible to set the GTK3 (Gnome 3) theme via {{Filename|${XDG_CONFIG_HOME}/gtk-3.0/settings.ini}}. By default {{Filename|${XDG_CONFIG_HOME} }} is interpreted as {{Filename|~/.config}}.<br />
<br />
Only Adwaita theme exists in this moment for gtk3 and is available in '''gnome-themes-standard''' package.<br />
<br />
Example:<br />
<br />
[Settings]<br />
gtk-theme-name = Adwaita<br />
gtk-fallback-icon-theme = gnome<br />
# next option is applicable only if selected theme supports it<br />
gtk-application-prefer-dark-theme = true<br />
# set font name and dimension<br />
gtk-font-name = Sans 10<br />
<br />
It may be necessary to restart one's DE or WM for the settings to be applied.<br />
<br />
{{Note|More options can be find there: [http://developer.gnome.org/gtk3/3.0/GtkSettings.html#GtkSettings.properties GtkSettings documentation]}}<br />
<br />
===Setting an icon theme===<br />
<br />
{{Note | With gnome-tweak-tool version 3.0.3 and later, you can place icon theme you wish to use inside ~/.icons.}}<br />
<br />
Usefully, Gnome 3 is able to use Gnome 2 icon themes, which means you're not stuck with the default set. To do this, simply copy your desired icon theme's directory to ~/.icons. For example:<br />
<br />
$ cp -R /home/user/Desktop/my_new_icon_theme ~/.icons<br />
<br />
The new icon theme 'my_new_icon_theme' will now be selectable using the gnome-tweak-tool (under 'Interface'), otherwise it can be set with no need of gnome-tweak-tool by adding the gtk-icon-theme-name entry inside ${XDG_CONFIG_HOME}/gtk-3.0/settings.ini.<br />
{{file|name=${XDG_CONFIG_HOME}/gtk-3.0/settings.ini|content=<br />
.....<br />
gtk-icon-theme-name = my_new_icon_theme<br />
.....<br />
}}<br />
<br />
=== Start program automatically after login to GNOME 3 ===<br />
You can specify which programs to start automatically after login using the '''gnome-session-properties''' tool, which is a part of the '''gnome-session''' package.<br />
$ gnome-session-properties<br />
<br />
=== Removing folders from the "Computer" section in Nautilus's Places sidebar ===<br />
<br />
The displayed folders are specified in {{Filename|~/.config/user-dirs.dirs}} and can be altered with any editor. An execution of {{codeline|xdg-user-dirs-update}} will change them again, thus it may be advisable to set the file permissions to read-only.<br />
<br />
=== Setting the default terminal via console ===<br />
<br />
{{codeline|gsettings}}, which replaces {{codeline|gconftool-2}} in Gnome 3, is used to set e. g. the default terminal manually. The setting is relevant for ''nautilus-open-terminal''.<br />
<br />
The commands for [[rxvt-unicode|urxvt]] run as daemon:<br />
<br />
gsettings set org.gnome.desktop.default-applications.terminal exec urxvtc<br />
gsettings set org.gnome.desktop.default-applications.terminal exec-arg "'-e'"<br />
<br />
=== Setting Nautilus to Use Location Bar Entry ===<br />
<br />
If you want to enter path locations manually in Nautilus you can press ctrl+l. To make this persistent you can use gsettings.<br />
<br />
gsettings set org.gnome.nautilus.preferences always-use-location-entry true<br />
<br />
=== Disable accessibility icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''noa11y.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['a11y'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "noa11y.icon@panel.ui",<br />
"name": "na11y",<br />
"description": "Turn off the ally icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== disable bluetooth icon in panel ===<br />
First deactivate it as startup-service: [[GNOME_3#Start_program_automatically_after_login_to_GNOME_3]]<br />
<br />
After that create a folder named '''nobluetooth.icon@panel.ui''' in '''$HOME/.local/share/gnome-shell/extensions'''. In this folder create two files. The first one is named '''extension.js''' and has this content:<br />
const Panel = imports.ui.panel;<br />
<br />
function main() {<br />
Panel.STANDARD_TRAY_ICON_SHELL_IMPLEMENTATION['bluetooth'] = '';<br />
}<br />
The second one is named '''metadata.json''' and has this content:<br />
{<br />
"shell-version": ["3.0.1"],<br />
"uuid": "nobluetooth.icon@panel.ui",<br />
"name": "nbluetooth",<br />
"description": "Turn off the bluetooth icon in the panel"<br />
}<br />
Now restart the gnome-shell (press '''ALT+F2''', type '''r''' and press '''Enter''') and the icon is away. If this extensions stops working adjust the shell-version number in the metadata-file according to your version.<br />
<br />
=== Middle Mouse Button Emulation ===<br />
<br />
By default, GNOME 3 disables middle mouse button emulation regardless of Xorg settings ('''Emulate3Buttons'''). To enable middle mouse button emulation use:<br />
<br />
gsettings set org.gnome.settings-daemon.peripherals.mouse middle-button-enabled true<br />
<br />
== Enabling fallback mode==<br />
<br />
Your session will automatically start in fallback mode if gnome-shell is not present. If you want to enable it while having gnome-shell installed, open gnome-control-center. Open System Info > Graphics. Change ''Forced Fallback Mode'' to ''ON''.<br />
<br />
== Enabling hidden features ==<br />
<br />
Gnome 3.0 hides a lot of useful options which you can customize with '''dconf-editor''' or '''gconf-editor''' for settings not yet migrated to dconf.<br />
<br />
=== Changing Hotkeys ===<br />
<br />
In '''dconf-editor''', enable org.gnome.desktop.interface "can-change-accels".<br />
<br />
An example of changing the delete hotkey:<br />
Open nautilus, select any file/directory, then click "Edit" from the menubar, and hover over the "Move to Trash" menuitem.<br />
While hovering, push delete. The accel should change from "ctrl+del" to "del".<br />
<br />
Make sure you have selected a file, else the "Move to Trash" menuitem will be greyed out.<br />
You should disable "can-change-accels" afterwards, to prevent accidental accel changes.<br />
<br />
== How to shutdown through the Status menu ==<br />
<br />
For now, the Shutdown option seems to be hidden if the user presses the Status menu on the upper right. If you want to shutdown your system through the Status menu, click on it and then press the '''Alt''' button. The "'''Suspend'''" option will instantly turn into "Power off...", as long as you are pressing the Alt button, which will allow you to properly shutdown your system.<br />
<br />
You can also install the "Alternative Status Menu" extension (see the section on Enabling Extensions, below). This will put a permanent "Power Off" option in the Status menu below the usual suspend option.<br />
<br />
== Enabling integrated messaging ==<br />
<br />
Empathy, the engine behind the integrated messaging, and all of the system settings based on your messaging accounts will not show up unless the '''telepathy''' group of packages or at least one of the backends ('''telepathy-gabble''', or '''telepathy-haze''', for example) is installed. These are not included in the default Arch GNOME installs and the Empathy interface doesn't give a nice error message, it just fails to work silently. You can install them:<br />
<br />
# pacman -S telepathy<br />
<br />
== Enabling extensions ==<br />
<br />
Gnome Shell can be customised to an extent with extensions that have been written by others. These provide functionality like having a dock that is always present, and being able to change the shell theme. More details on the functionality of currently available extensions is given [http://www.webupd8.org/2011/04/gnome-shell-extensions-additional.html here] You can use the [http://aur.archlinux.org/packages.php?ID=47501 gnome-shell-extensions-git] package in the AUR to install them. Restart Gnome to enable them.<br />
<br />
If installing the extensions causes Gnome to stop working then you must remove the user-theme extension and and the auto-move-windows extension from their installation directory (could be in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions or /usr/local/share/gnome-shell/extensions). Removing or adding extensions to these directories will remove or install them form the system. More details on Gnome Shell extensions are available [https://live.gnome.org/GnomeShell/Extensions here].<br />
<br />
== Troubleshooting ==<br />
=== My GTK2+ apps show segfaults and won't start ===<br />
<br />
That usually happens when '''oxygen-gtk''' is installed. That theme conflicts somehow with GNOME 3's or/and GTK3 settings and when it has been set as a GTK2 theme, the GTK2 apps segfault with errors like:<br />
<br />
<pre> (firefox-bin:14345): GLib-GObject-WARNING **: invalid (NULL) pointer instance<br />
<br />
(firefox-bin:14345): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_colormap_get_visual: assertion `GDK_IS_COLORMAP (colormap)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_window_new: assertion `GDK_IS_WINDOW (parent)' failed<br />
Segmentation fault<br />
</pre><br />
<br />
The current "workaround" is to '''remove''' '''oxygen-gtk''' from the system completely and set another theme for your apps.<br />
<br />
=== I use the ATI Catalyst driver and I encounter glitches and artifacts while using GNOME Shell ===<br />
<br />
For the moment, Catalyst is not proposed to be used while running GNOME Shell. The opensource ATI driver, xf86-video-ati, however, seems to be working properly with the GNOME 3 composited desktop.<br />
<br />
=== I have multiple monitors and the Dock extension appears stuck between them ===<br />
<br />
If you have multiple monitors configured using Nvidia Twinview, the dock extension may get sandwiched in-between the monitors. You can edit the source of this extension to reposition the dock to a position of your choosing.<br />
<br />
Edit '''/usr/share/gnome-shell/extensions/dock@gnome-shell-extensions.gnome.org/extension.js''' and locate this line in the source:<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-2, (primary.height-height)/2);<br />
<br />
The first parameter is the X position of the dock display, by subtracting 15 pixels as opposed to 2 pixels from this it correctly positioned on my primary monitor, you can play around with any X,Y coordinate pair to position it correctly.<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-15, (primary.height-height)/2);<br />
<br />
=== There are no event sounds for Empathy and other programs ===<br />
The '''sound-theme-freedesktop''' package must be installed for the default event sounds:<br />
# pacman -S sound-theme-freedesktop<br />
<br />
=== Editing hotkeys via can-change-accels fails ===<br />
It is also possible to manually change the keys via an application's so-called accel map file. Where it is to be found is up to the application: For instance, Thunar's is at {{Filename|~/.config/Thunar/accels.scm}}, whereas Nautilus's is located at {{Filename|~/.gnome2/accels/nautilus}}. The file should contain a list of possible hotkeys, each unchanged line commented out with a leading ";" that has to be removed for a change to become active.<br />
<br />
=== "Failed to load session 'gnome-fallback'" message ===<br />
Check if '''notification-daemon''' is installed.<br />
# pacman -S notification-daemon</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNOME&diff=139273GNOME2011-05-02T09:33:17Z<p>Thayer: in-line comments will invalidate the setting</p>
<hr />
<div>{{i18n|GNOME 3}}<br />
[[fr:gnome3]]<br />
<br />
[[Category:Desktop environments (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
{{Article summary start}}<br />
{{Article summary text|GNOME 3 provides a modern desktop, rewritten from scratch, using the GTK3+ toolkit.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Graphical user interface overview}}}}<br />
{{Article summary end}}<br />
<br />
For GNOME 3, the GNOME Project has started from scratch and created a completely new, modern desktop designed for today's users and technologies. In GNOME 3:<br />
* There is a new default modern visual theme and font<br />
* The Activities view which provides an easy way to access all your windows and applications<br />
* Built-in (integrated) messaging desktop services<br />
* A more subtle notifications system and a more discrete panel<br />
* A fast Activities search feature<br />
* A new System Settings application <br />
* ... and more features like: window tiling (Aero Snap like), an improved Nautilus etc. <br />
<br />
[more details on the [http://www.gnome3.org/ GNOME3] website]<br />
<br />
== Introduction ==<br />
<br />
GNOME3 comes with '''two''' interfaces, '''gnome-shell''' (the new, standard layout) and '''fallback''' mode. gnome-session will automatically detect if your computer is capable of running gnome-shell and will start fallback mode if not. <br />
<br />
'''Fallback''' mode is very similar to the GNOME 2.x layout (while using gnome-panel and metacity, instead of gnome-shell and Mutter).<br />
<br />
If you are on fallback mode you can still change the window manager with your preferred one.<br />
<br />
== Upgrade from the current gnome 2.32 ==<br />
<br />
{{Warning|The session might crash during the update and it is recommended that you run the update command in a screen session, from another DE or WM, or from tty}}<br />
<br />
# pacman -Syu <br />
<br />
'''Important''': You will end up with a system that has GNOME 3.x '''fallback''' mode. To install the new shell:<br />
<br />
# pacman -S gnome-shell<br />
<br />
== Installing to a new system ==<br />
<br />
GNOME 3 is in [extra]. You can install it by running the following command:<br />
<br />
# pacman -Syu gnome<br />
<br />
For additional applications<br />
<br />
# pacman -Syu gnome-extra<br />
<br />
===Daemons and modules needed by GNOME===<br />
<br />
The GNOME desktop requires one daemon, '''DBUS''' for proper operation. <br />
<br />
To start the DBUS daemon:<br />
# /etc/rc.d/dbus start<br />
<br />
Or add these daemons to the '''DAEMONS''' array in {{Filename|/etc/[[rc.conf]]}} so they will start on boot up, e.g.:<br />
<br />
DAEMONS=(syslog-ng '''dbus''' network crond)<br />
<br />
'''GVFS''' allows the mounting of virtual file systems (e.g. file systems over FTP or SMB) to be used by other applications, including the GNOME file manager Nautilus. This is done with the use of '''FUSE''': a user space virtual file system layer kernel module.<br />
<br />
To load the FUSE kernel module:<br />
# modprobe fuse<br />
<br />
Or add the module to the '''MODULES''' array in {{Filename|/etc/rc.conf}} so they will load at boot up, e.g.:<br />
<br />
MODULES=('''fuse''' usblp)<br />
<br />
{{Note|FUSE is a kernel module, not a daemon.}}<br />
<br />
===Running GNOME===<br />
<br />
For better desktop integration '''GDM''' is recommended (but other login managers, such as SLiM also work, see Policykit section).<br />
<br />
# pacman -S gdm<br />
<br />
Check out [[Display_Manager]] to learn how to start it correctly.<br />
<br />
If you prefer to start it from the console, add the following line to your {{Filename|~/.xinitrc}} file, making sure it's the last line and the only one that starts with ''exec'' (see [[xinitrc]]):<br />
exec ck-launch-session gnome-session<br />
<br />
Now GNOME will start when you enter the following command:<br />
$ startx<br />
<br />
== Using the shell ==<br />
<br />
See https://live.gnome.org/GnomeShell/CheatSheet<br />
<br />
== Customization ==<br />
=== Using Gnome-tweak-tool ===<br />
<br />
# pacman -S gnome-tweak-tool<br />
<br />
This tool can customize fonts, themes, minimize & maximize buttons and some other useful settings like what action is taken when the lid is closed.<br />
<br />
A good customization tutorial is http://blog.fpmurphy.com/2011/03/customizing-the-gnome-3-shell.html which explores the power of gsettings.<br />
<br />
===Setting an icon theme===<br />
<br />
{{Note | With gnome-tweak-tool version 3.0.3 and later, you can place icon theme you wish to use inside ~/.icons.}}<br />
<br />
Usefully, Gnome 3 is able to use Gnome 2 icon themes, which means you're not stuck with the default set. To do this, simply copy your desired icon theme's directory to ~/.icons. For example:<br />
<br />
$ cp -R /home/user/Desktop/my_new_icon_theme ~/.icons<br />
<br />
The new icon theme 'my_new_icon_theme' will now be selectable using the gnome-tweak-tool (under 'Interface'), otherwise it can be set with no need of gnome-tweak-tool by adding the gtk-icon-theme-name entry inside ${XDG_CONFIG_HOME}/gtk-3.0/settings.ini.<br />
{{file|name=${XDG_CONFIG_HOME}/gtk-3.0/settings.ini|content=<br />
.....<br />
gtk-icon-theme-name = my_new_icon_theme<br />
.....<br />
}}<br />
<br />
===GDM===<br />
<br />
# su - gdm -s /bin/bash<br />
$ dbus-launch<br />
<br />
This command will print DBUS_SESSION_BUS_ADDRESS and DBUS_SESSION_BUS_PID. We need to export them<br />
<br />
$ export DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Jb433gMQHS,guid=fc14d4bf3d000e38276a5a2200000d38<br />
$ export DBUS_SESSION_BUS_PID=4283<br />
<br />
Check to see if dconf-service is running and if not, start it like this<br />
<br />
$ /usr/lib/dconf/dconf-service &<br />
<br />
====Wallpaper====<br />
$ GSETTINGS_BACKEND=dconf gsettings get org.gnome.desktop.background picture-uri<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/backgrounds/gnome/SundownDunes.jpg"<br />
<br />
====Turning off the sound====<br />
$ GSETTINGS_BACKEND=dconf gsettings set org.gnome.desktop.sound event-sounds false<br />
<br />
=== Changing the GTK3 theme using settings.ini ===<br />
<br />
Similar to {{Filename|~/.gtkrc-2.0}} for GTK2+ it is possible to set the GTK3 (Gnome 3) theme via {{Filename|${XDG_CONFIG_HOME}/gtk-3.0/settings.ini}}. By default {{Filename|${XDG_CONFIG_HOME} }} is interpreted as {{Filename|~/.config}}.<br />
<br />
Only Adwaita theme exists in this moment for gtk3 and is available in '''gnome-themes-standard''' package.<br />
<br />
Example:<br />
<br />
[Settings]<br />
gtk-theme-name = Adwaita<br />
gtk-fallback-icon-theme = gnome<br />
gtk-application-prefer-dark-theme = true<br />
gtk-font-name = Sans 10<br />
<br />
It may be necessary to restart one's DE or WM for the settings to be applied.<br />
<br />
{{Note|More options can be find there: [http://developer.gnome.org/gtk3/3.0/GtkSettings.html#GtkSettings.properties GtkSettings documentation]}}<br />
<br />
=== Start program automatically after login to GNOME 3 ===<br />
You can specify which programs to start automatically after login using the '''gnome-session-properties''' tool, which is a part of the '''gnome-session''' package.<br />
$ gnome-session-properties<br />
<br />
=== Removing folders from the "Computer" section in Nautilus's Places sidebar ===<br />
<br />
The displayed folders are specified in {{Filename|~/.config/user-dirs.dirs}} and can be altered with any editor. An execution of {{codeline|xdg-user-dirs-update}} will change them again, thus it may be advisable to set the file permissions to read-only.<br />
<br />
=== Setting the default terminal via console ===<br />
<br />
{{codeline|gsettings}}, which replaces {{codeline|gconftool-2}} in Gnome 3, is used to set e. g. the default terminal manually. The setting is relevant for ''nautilus-open-terminal''.<br />
<br />
The commands for [[rxvt-unicode|urxvt]] run as daemon:<br />
<br />
gsettings set org.gnome.desktop.default-applications.terminal exec urxvtc<br />
gsettings set org.gnome.desktop.default-applications.terminal exec-arg "'-e'"<br />
<br />
=== Setting Nautilus to Use Location Bar Entry ===<br />
<br />
If you want to enter path locations manually in Nautilus you can press ctrl+l. To make this persistent you can use gsettings.<br />
<br />
gsettings set org.gnome.nautilus.preferences always-use-location-entry true<br />
<br />
== Enabling fallback mode==<br />
<br />
Your session will automatically start in fallback mode if gnome-shell is not present. If you want to enable it while having gnome-shell installed, open gnome-control-center. Open System Info > Graphics. Change ''Forced Fallback Mode'' to ''ON''.<br />
<br />
== Enabling hidden features ==<br />
<br />
Gnome 3.0 hides a lot of useful options which you can customize with '''dconf-editor''' or '''gconf-editor''' for settings not yet migrated to dconf.<br />
<br />
=== Changing Hotkeys ===<br />
<br />
In '''dconf-editor''', enable org.gnome.desktop.interface "can-change-accels".<br />
<br />
An example of changing the delete hotkey:<br />
Open nautilus, select any file/directory, then click "Edit" from the menubar, and hover over the "Move to Trash" menuitem.<br />
While hovering, push delete. The accel should change from "ctrl+del" to "del".<br />
<br />
Make sure you have selected a file, else the "Move to Trash" menuitem will be greyed out.<br />
You should disable "can-change-accels" afterwards, to prevent accidental accel changes.<br />
<br />
== How to shutdown through the Status menu ==<br />
<br />
For now, the Shutdown option seems to be hidden if the user presses the Status menu on the upper right. If you want to shutdown your system through the Status menu, click on it and then press the '''Alt''' button. The "'''Suspend'''" option will instantly turn into "Power off...", as long as you are pressing the Alt button, which will allow you to properly shutdown your system.<br />
<br />
You can also install the "Alternative Status Menu" extension (see the section on Enabling Extensions, below). This will put a permanent "Power Off" option in the Status menu below the usual suspend option.<br />
<br />
== Enabling integrated messaging ==<br />
<br />
Empathy, the engine behind the integrated messaging, and all of the system settings based on your messaging accounts will not show up unless the '''telepathy''' group of packages or at least one of the backends ('''telepathy-gabble''', or '''telepathy-haze''', for example) is installed. These are not included in the default Arch GNOME installs and the Empathy interface doesn't give a nice error message, it just fails to work silently. You can install them:<br />
<br />
# pacman -S telepathy<br />
<br />
== Enabling extensions ==<br />
<br />
Gnome Shell can be customised to an extent with extensions that have been written by others. These provide functionality like having a dock that is always present, and being able to change the shell theme. More details on the functionality of currently available extensions is given [http://www.webupd8.org/2011/04/gnome-shell-extensions-additional.html here] You can use the [http://aur.archlinux.org/packages.php?ID=47501 gnome-shell-extensions-git] package in the AUR to install them. Restart Gnome to enable them.<br />
<br />
If installing the extensions causes Gnome to stop working then you must remove the user-theme extension and and the auto-move-windows extension from their installation directory (could be in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions or /usr/local/share/gnome-shell/extensions). Removing or adding extensions to these directories will remove or install them form the system. More details on Gnome Shell extensions are available [https://live.gnome.org/GnomeShell/Extensions here].<br />
<br />
== Troubleshooting ==<br />
=== My GTK2+ apps show segfaults and won't start ===<br />
<br />
That usually happens when '''oxygen-gtk''' is installed. That theme conflicts somehow with GNOME 3's or/and GTK3 settings and when it has been set as a GTK2 theme, the GTK2 apps segfault with errors like:<br />
<br />
<pre> (firefox-bin:14345): GLib-GObject-WARNING **: invalid (NULL) pointer instance<br />
<br />
(firefox-bin:14345): GLib-GObject-CRITICAL **: g_signal_connect_data: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_colormap_get_visual: assertion `GDK_IS_COLORMAP (colormap)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_default_colormap: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_screen_get_root_window: assertion `GDK_IS_SCREEN (screen)' failed<br />
<br />
(firefox-bin:14345): Gdk-CRITICAL **: IA__gdk_window_new: assertion `GDK_IS_WINDOW (parent)' failed<br />
Segmentation fault<br />
</pre><br />
<br />
The current "workaround" is to '''remove''' '''oxygen-gtk''' from the system completely and set another theme for your apps.<br />
<br />
=== I use the ATI Catalyst driver and I encounter glitches and artifacts while using GNOME Shell ===<br />
<br />
For the moment, Catalyst is not proposed to be used while running GNOME Shell. The opensource ATI driver, xf86-video-ati, however, seems to be working properly with the GNOME 3 composited desktop.<br />
<br />
=== I have multiple monitors and the Dock extension appears stuck between them ===<br />
<br />
If you have multiple monitors configured using Nvidia Twinview, the dock extension may get sandwiched in-between the monitors. You can edit the source of this extension to reposition the dock to a position of your choosing.<br />
<br />
Edit '''/usr/share/gnome-shell/extensions/dock@gnome-shell-extensions.gnome.org/extension.js''' and locate this line in the source:<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-2, (primary.height-height)/2);<br />
<br />
The first parameter is the X position of the dock display, by subtracting 15 pixels as opposed to 2 pixels from this it correctly positioned on my primary monitor, you can play around with any X,Y coordinate pair to position it correctly.<br />
<br />
this.actor.set_position(primary.width-this._item_size-this._spacing-15, (primary.height-height)/2);<br />
<br />
=== There are no event sounds for Empathy and other programs ===<br />
The '''sound-theme-freedesktop''' package must be installed for the default event sounds:<br />
# pacman -S sound-theme-freedesktop<br />
<br />
=== Editing hotkeys via can-change-accels fails ===<br />
It is also possible to manually change the keys via an application's so-called accel map file. Where it is to be found is up to the application: For instance, Thunar's is at {{Filename|~/.config/Thunar/accels.scm}}, whereas Nautilus's is located at {{Filename|~/.gnome2/accels/nautilus}}. The file should contain a list of possible hotkeys, each unchanged line commented out with a leading ";" that has to be removed for a change to become active.<br />
<br />
=== "Failed to load session 'gnome-fallback'" message ===<br />
Check if '''notification-daemon''' is installed.<br />
# pacman -S notification-daemon</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNU_Screen&diff=129806GNU Screen2011-02-03T22:03:29Z<p>Thayer: /* Use 256 colors */</p>
<hr />
<div>[[Category:Utilities (English)]]<br />
[[Category:HOWTOs (English)]]<br />
GNU Screen is a wrapper that allows separation between the text program and the shell from which it was launched. This allows the user to, for example, start a text program in a terminal in X, kill X, and continue to interact with the program. Here are a couple of tips and tricks you may be interested in.<br />
<br />
If you are looking for a tutorial, the gentoo wiki contains a nice one: http://en.gentoo-wiki.com/wiki/Screen<br />
<br />
== Basics == <br />
Commands are entered pressing Control A and then the key binding. The escape key can be changed with the ''escape'' option in ~/.screenrc. IE:<br />
<pre><br />
escape ``<br />
</pre><br />
sets the escape key to `<br />
<br />
=== Common Commands ===<br />
C-a ?<br />
:Displays commands and it's defaults (VERY important :p)<br />
C-a "<br />
:Window list<br />
C-a 0<br />
:opens window 0<br />
C-a A<br />
:Rename the current window<br />
C-a c<br />
:Create a new window (with shell)<br />
C-a S<br />
:Split current region into two regions<br />
C-a <TAB><br />
:Switch the input focus to the next region<br />
C-a C-a<br />
:Toggle between current and previous region<br />
C-a <ESC> <br />
:Enter Copy Mode (use enter to select a range of text)<br />
C-a ]<br />
:Paste text<br />
C-a Q<br />
:Close all regions but the current one<br />
C-a d<br />
:Detach from the current screen session, and leave it running. Use screen -r to resume<br />
<br />
== Start at window 1 ==<br />
By default, the first screen window is 0. If you'd rather never have a window 0 and start instead with 1, put something like the following in your ~/.screenrc:<br />
<pre><br />
bind c screen 1<br />
bind ^c screen 1<br />
bind 0 select 10 <br />
screen 1<br />
</pre><br />
<br />
== Nested Screen Sessions ==<br />
It's possible to get stuck in a nested screen session. A common scenario: you start an ssh session from within a screen session. Within the ssh session, you start screen. By default, the outer screen session that was launched first responds to C-a commands. To send a command to the inner screen session, use C-a a, followed by your command. For example:<br />
<br />
C-a a d<br />
:Detaches the inner screen session.<br />
C-a a K<br />
:Kills the inner screen session.<br />
<br />
== Fix for residual editor text ==<br />
When you open a text editor like nano in screen and then close it, the text may stay visible in your terminal. To fix this, put the following in your ~/.screenrc:<br />
<pre><br />
altscreen on<br />
</pre><br />
<br />
== Use 256 colors ==<br />
By default, screen uses an 8-color terminal emulator. Use the following line to enable more colors, which is useful if you are using a more-capable terminal emulator:<br />
<pre><br />
term screen-256color<br />
</pre><br />
<br />
If this fails to render 256 colors in [[xterm]], try the following instead:<br />
<pre><br />
attrcolor b ".I" # allow bold colors - necessary for some reason<br />
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm' # tell screen how to set colors. AB = background, AF=foreground<br />
defbce on # use current bg color for erased chars<br />
</pre><br />
<br />
== Use 256 Colors with Rxvt-Unicode (urxvt) ==<br />
If you are using rxvt-unicode-256color from community, you may need to add this line in your ~/.screenrc to enable 256 colors while in screen.<br />
<pre><br />
terminfo rxvt-unicode 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'<br />
</pre><br />
<br />
== Informative statusbar ==<br />
The default statusbar may be a little lacking. You may find this one more helpful:<br />
<pre><br />
hardstatus off<br />
hardstatus alwayslastline<br />
hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %m-%d<br />
%{W} %c %{g}]'<br />
</pre><br />
<br />
== Turn welcome message off == <br />
Cause it's annoying. Add to ~/.screenrc:<br />
<pre><br />
startup_message off<br />
</pre><br />
<br />
== Turn your hardstatus line into a dynamic urxvt|xterm|aterm window title ==<br />
This one's pretty simple; just switch your current hardstatus line into a caption line with notification, and edit accordingly:<br />
<br />
<pre><br />
backtick 1 5 5 true<br />
termcapinfo rxvt* 'hs:ts=\E]2;:fs=\007:ds=\E]2;\007'<br />
hardstatus string "screen (%n: %t)"<br />
caption string "%{= kw}%Y-%m-%d;%c %{= kw}%-Lw%{= kG}%{+b}[%n %t]%{-b}%{= kw}%+Lw%1`"<br />
caption always<br />
</pre><br />
<br />
This will give you something like "screen (0 bash)" in the title of your terminal emulator. The caption supplies the date, current time, and colorizes your screen window collection.<br />
<br />
==Use X scrolling mechanism==<br />
The scroll buffer of GNU Screen can be accessed with C-a [. However, this is very inconvenient. To use the scroll bar of e.g. xterm or konsole, add the following line to ~/.screenrc<br />
termcapinfo xterm* ti@:te@<br />
<br />
==Add a GRUB entry to boot into Screen==<br />
If you mostly use X but occasionally want to run a Screen-as-window-manager session, here's one way to do it by adding a GRUB entry for Screen on a virtual console (text terminal). <br />
<br />
GRUB allows you to designate what runlevel you want so we'll use runlevel 4 for this purpose. Clone an appropriate GRUB entry and add a '4' to the kernel boot parameters list, like so:<br />
<br />
<pre><br />
# (0) Arch Linux<br />
title Arch Linux Screen<br />
root (hd0,2)<br />
kernel /boot/vmlinuz26 root=/dev/disk/your_disk ro acpi_no_auto_ssdt irqpoll 4<br />
initrd /boot/kernel26.img<br />
</pre><br />
<br />
Add some entries to /etc/inittab to indicate what should happen on runlevel 4, substituting your user name for <user>:<br />
<pre><br />
# gnu screen on rl4<br />
scr2:4:respawn:/sbin/mingetty --autologin <user> tty1 linux<br />
</pre><br />
The line uses mingetty to [[automatically login some user to a virtual console on startup]]. You will need to install the [http://aur.archlinux.org/packages.php?ID=13793 mingetty package] (AUR). The inittab line segments are separated by colons. The first part (scr*) is simply an id. The second part is the runlevel: This should only happen on runlevel 4 (which isn't used in any default setup - 3 is by default for a tty login and 5 is for X). 'Respawn' causes init to repeat the command (i.e. autologin) if the user logs out. <br />
We'll need to see that nothing else happens on virtual console 1 when we use runlevel 4, so remove '4' from the the first of the agetty lines:<br />
<br />
<pre>c1:235:respawn:/sbin/agetty -8 38400 vc/1 linux</pre><br />
<br />
Once logged in we want to ensure that screen is started. Add the following to the end of your .bash_profile:<br />
<pre><br />
vico="$(tty | grep -oE ....$)"<br />
case "$vico" in<br />
tty1) TERM=screen; exec /usr/bin/screen -R arch;;<br />
esac<br />
<br />
</pre><br />
This checks for the current runlevel and will launch a screen session immediately after the autologin if the runlevel is 4.<br />
<br />
This can also be adapted to run screen on a virtual console next to X, simply checking for the current tty instead of the current runlevel. This check to see if we're on virtual console 3:<br />
<pre><br />
vico="$(tty | grep -oE ....$)"<br />
case "$vico" in<br />
vc/3) TERM=screen; exec /usr/bin/screen;;<br />
esac<br />
</pre><br />
Set inittab/mingetty to automaically log in to vc/3 on runlevel 5 and you're set.<br />
<br />
== Fix Midnight Commander hard hang when starting in screen ==<br />
In some cases (need deeper inspection) [https://bugzilla.redhat.com/show_bug.cgi?id=168076 old gpm bug] gets alive. So, then you try to run mc inside screen, you get a frozen screen's window. Try to kill gpm daemon before starting mc and/or disable it in ''/etc/rc.conf''.<br />
<br />
== See Also ==<br />
* [http://www.macosxhints.com/article.php?story=20021114055617124 MacOSX Hints - Automatically using screen in your shell]<br />
* [http://en.gentoo-wiki.com/wiki/Screen#Tab-bar Gentoo Wiki - Using tabs with screen]<br />
* [http://bbs.archlinux.org/viewtopic.php?id=50647 Arch Forums - Regarding 256 color issue with urxvt]<br />
* [http://bbs.archlinux.org/viewtopic.php?id=55618 Arch Forums - .screenrc configs with screenshots]<br />
* [[tmux]], another multiplexer</div>Thayerhttps://wiki.archlinux.org/index.php?title=GNU_Screen&diff=129567GNU Screen2011-02-01T16:55:17Z<p>Thayer: /* Use 256 colors */</p>
<hr />
<div>[[Category:Utilities (English)]]<br />
[[Category:HOWTOs (English)]]<br />
GNU Screen is a wrapper that allows separation between the text program and the shell from which it was launched. This allows the user to, for example, start a text program in a terminal in X, kill X, and continue to interact with the program. Here are a couple of tips and tricks you may be interested in.<br />
<br />
If you are looking for a tutorial, the gentoo wiki contains a nice one: http://en.gentoo-wiki.com/wiki/Screen<br />
<br />
== Basics == <br />
Commands are entered pressing Control A and then the key binding. The escape key can be changed with the ''escape'' option in ~/.screenrc. IE:<br />
<pre><br />
escape ``<br />
</pre><br />
sets the escape key to `<br />
<br />
=== Common Commands ===<br />
C-a ?<br />
:Displays commands and it's defaults (VERY important :p)<br />
C-a "<br />
:Window list<br />
C-a 0<br />
:opens window 0<br />
C-a A<br />
:Rename the current window<br />
C-a c<br />
:Create a new window (with shell)<br />
C-a S<br />
:Split current region into two regions<br />
C-a <TAB><br />
:Switch the input focus to the next region<br />
C-a C-a<br />
:Toggle between current and previous region<br />
C-a <ESC> <br />
:Enter Copy Mode (use enter to select a range of text)<br />
C-a ]<br />
:Paste text<br />
C-a Q<br />
:Close all regions but the current one<br />
C-a d<br />
:Detach from the current screen session, and leave it running. Use screen -r to resume<br />
<br />
== Start at window 1 ==<br />
By default, the first screen window is 0. If you'd rather never have a window 0 and start instead with 1, put something like the following in your ~/.screenrc:<br />
<pre><br />
bind c screen 1<br />
bind ^c screen 1<br />
bind 0 select 10 <br />
screen 1<br />
</pre><br />
<br />
== Nested Screen Sessions ==<br />
It's possible to get stuck in a nested screen session. A common scenario: you start an ssh session from within a screen session. Within the ssh session, you start screen. By default, the outer screen session that was launched first responds to C-a commands. To send a command to the inner screen session, use C-a a, followed by your command. For example:<br />
<br />
C-a a d<br />
:Detaches the inner screen session.<br />
C-a a K<br />
:Kills the inner screen session.<br />
<br />
== Fix for residual editor text ==<br />
When you open a text editor like nano in screen and then close it, the text may stay visible in your terminal. To fix this, put the following in your ~/.screenrc:<br />
<pre><br />
altscreen on<br />
</pre><br />
<br />
== Use 256 colors ==<br />
By default, screen uses an 8-color terminal emulator. Use the following line to enable more colors, which is useful if you are using a more-capable terminal emulator:<br />
<pre><br />
term screen-256color<br />
</pre><br />
<br />
If this fails to render 256 colors in [[xterm]], try the following instead:<br />
<pre><br />
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm' # tell screen how to set colors. AB = background, AF=foreground<br />
defbce on # use current bg color for erased chars<br />
</pre><br />
<br />
== Use 256 Colors with Rxvt-Unicode (urxvt) ==<br />
If you are using rxvt-unicode-256color from community, you may need to add this line in your ~/.screenrc to enable 256 colors while in screen.<br />
<pre><br />
terminfo rxvt-unicode 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'<br />
</pre><br />
<br />
== Informative statusbar ==<br />
The default statusbar may be a little lacking. You may find this one more helpful:<br />
<pre><br />
hardstatus off<br />
hardstatus alwayslastline<br />
hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %m-%d<br />
%{W} %c %{g}]'<br />
</pre><br />
<br />
== Turn welcome message off == <br />
Cause it's annoying. Add to ~/.screenrc:<br />
<pre><br />
startup_message off<br />
</pre><br />
<br />
== Turn your hardstatus line into a dynamic urxvt|xterm|aterm window title ==<br />
This one's pretty simple; just switch your current hardstatus line into a caption line with notification, and edit accordingly:<br />
<br />
<pre><br />
backtick 1 5 5 true<br />
termcapinfo rxvt* 'hs:ts=\E]2;:fs=\007:ds=\E]2;\007'<br />
hardstatus string "screen (%n: %t)"<br />
caption string "%{= kw}%Y-%m-%d;%c %{= kw}%-Lw%{= kG}%{+b}[%n %t]%{-b}%{= kw}%+Lw%1`"<br />
caption always<br />
</pre><br />
<br />
This will give you something like "screen (0 bash)" in the title of your terminal emulator. The caption supplies the date, current time, and colorizes your screen window collection.<br />
<br />
==Use X scrolling mechanism==<br />
The scroll buffer of GNU Screen can be accessed with C-a [. However, this is very inconvenient. To use the scroll bar of e.g. xterm or konsole, add the following line to ~/.screenrc<br />
termcapinfo xterm* ti@:te@<br />
<br />
==Add a GRUB entry to boot into Screen==<br />
If you mostly use X but occasionally want to run a Screen-as-window-manager session, here's one way to do it by adding a GRUB entry for Screen on a virtual console (text terminal). <br />
<br />
GRUB allows you to designate what runlevel you want so we'll use runlevel 4 for this purpose. Clone an appropriate GRUB entry and add a '4' to the kernel boot parameters list, like so:<br />
<br />
<pre><br />
# (0) Arch Linux<br />
title Arch Linux Screen<br />
root (hd0,2)<br />
kernel /boot/vmlinuz26 root=/dev/disk/your_disk ro acpi_no_auto_ssdt irqpoll 4<br />
initrd /boot/kernel26.img<br />
</pre><br />
<br />
Add some entries to /etc/inittab to indicate what should happen on runlevel 4, substituting your user name for <user>:<br />
<pre><br />
# gnu screen on rl4<br />
scr2:4:respawn:/sbin/mingetty --autologin <user> tty1 linux<br />
</pre><br />
The line uses mingetty to [[automatically login some user to a virtual console on startup]]. You will need to install the [http://aur.archlinux.org/packages.php?ID=13793 mingetty package] (AUR). The inittab line segments are separated by colons. The first part (scr*) is simply an id. The second part is the runlevel: This should only happen on runlevel 4 (which isn't used in any default setup - 3 is by default for a tty login and 5 is for X). 'Respawn' causes init to repeat the command (i.e. autologin) if the user logs out. <br />
We'll need to see that nothing else happens on virtual console 1 when we use runlevel 4, so remove '4' from the the first of the agetty lines:<br />
<br />
<pre>c1:235:respawn:/sbin/agetty -8 38400 vc/1 linux</pre><br />
<br />
Once logged in we want to ensure that screen is started. Add the following to the end of your .bash_profile:<br />
<pre><br />
vico="$(tty | grep -oE ....$)"<br />
case "$vico" in<br />
tty1) TERM=screen; exec /usr/bin/screen -R arch;;<br />
esac<br />
<br />
</pre><br />
This checks for the current runlevel and will launch a screen session immediately after the autologin if the runlevel is 4.<br />
<br />
This can also be adapted to run screen on a virtual console next to X, simply checking for the current tty instead of the current runlevel. This check to see if we're on virtual console 3:<br />
<pre><br />
vico="$(tty | grep -oE ....$)"<br />
case "$vico" in<br />
vc/3) TERM=screen; exec /usr/bin/screen;;<br />
esac<br />
</pre><br />
Set inittab/mingetty to automaically log in to vc/3 on runlevel 5 and you're set.<br />
<br />
== Fix Midnight Commander hard hang when starting in screen ==<br />
In some cases (need deeper inspection) [https://bugzilla.redhat.com/show_bug.cgi?id=168076 old gpm bug] gets alive. So, then you try to run mc inside screen, you get a frozen screen's window. Try to kill gpm daemon before starting mc and/or disable it in ''/etc/rc.conf''.<br />
<br />
== See Also ==<br />
* [http://www.macosxhints.com/article.php?story=20021114055617124 MacOSX Hints - Automatically using screen in your shell]<br />
* [http://en.gentoo-wiki.com/wiki/Screen#Tab-bar Gentoo Wiki - Using tabs with screen]<br />
* [http://bbs.archlinux.org/viewtopic.php?id=50647 Arch Forums - Regarding 256 color issue with urxvt]<br />
* [http://bbs.archlinux.org/viewtopic.php?id=55618 Arch Forums - .screenrc configs with screenshots]<br />
* [[tmux]], another multiplexer</div>Thayerhttps://wiki.archlinux.org/index.php?title=Disabling_IPv6&diff=129565Disabling IPv62011-02-01T16:46:06Z<p>Thayer: Article cleanup; removed deprecated info and restructured content.</p>
<hr />
<div>[[Category:Networking (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|IPv6 - Disabling the Module}}<br />
<br />
Not only does the IPv6 module take around 250k of memory, it has also been reported that disabling the feature notoriously speeds up network access for programs that erroneously try to query servers with this newer version. Incidentally, [[Firefox]] is listed among the affected applications. So until the widespread adoption of IPv6, one may benefit by disabling the module.<br />
<br />
Since Arch's official kernel26 package version 2.6.16.2-1, IPv6 is no longer compiled directly into the kernel, but as a module entitled ipv6. Many users don't require the features, and may benefit from added performance (many programs will query IPv6 addresses first, unaware that you don't have an IPv6 connection) and more free memory (250k, that's a mighty big module) if removed.<br />
<br />
==Method 1: Disable until needed==<br />
The ipv6 module is normally loaded at boot. There are many programs which will also load the ipv6 module after the system has booted if they detect that it is available. In fact, these programs load net-pf-10, which is an alias to ipv6. You may wish to stop all such activity. Adding the following line to {{Filename|/etc/modprobe.d/modprobe.conf}} will disable the automatic loading of ipv6, but will still allow you to load it manually if needed.<br />
<br />
# disable autoload of ipv6<br />
alias net-pf-10 off<br />
<br />
==Method 2: Disable entirely==<br />
An alternative method is to disable the module completely by adding the following to {{Filename|/etc/modprobe.d/modprobe.conf}}:<br />
options ipv6 disable=1<br />
<br />
==Disable IPv6 during pre-init process==<br />
You can also add {{Filename|/etc/modprobe.d/modprobe.conf}} to your {{Filename|/etc/mkinitcpio.conf}} and [[Mkinitcpio#Image_creation_and_activation|rebuild the kernel ram disk]] to have the IPv6 module disabled earlier in the boot process.<br />
<br />
==Additional resources==<br />
[http://www.kernel.org/doc/Documentation/networking/ipv6.txt ipv6] - kernel.org Documentation</div>Thayerhttps://wiki.archlinux.org/index.php?title=Dwm&diff=124172Dwm2010-12-05T22:36:02Z<p>Thayer: removing a 404</p>
<hr />
<div>[[Category:Dynamic WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|dwm}}<br />
{{Article summary start|Summary}}<br />
{{Article summary text|Information on installing and configuring dwm}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|dmenu}}<br />
{{Article summary wiki|wmii}}<br />
{{Article summary end}}<br />
{{DISPLAYTITLE:dwm}}<br />
[http://dwm.suckless.org/ dwm] is a dynamic window manager for [[X]]. It manages windows in tiled, stacked, and full-screen layouts, as well as many others with the help of optional patches. Layouts can be applied dynamically, optimizing the environment for the application in use and the task performed. dwm is extremely lightweight and fast, written in C and with a stated design goal of remaining under 2000 source lines of code. It provides multi-head support for xrandr and Xinerama.<br />
<br />
==Installing==<br />
These instructions will install dwm using [[makepkg]] along with the Arch Build System, or [[ABS]] for short. This will allow reconfiguring it at a later time without complications. If only interested in installing dwm for a test drive, simply install the binary package from the repositories instead:<br />
# pacman -S dwm<br />
<br />
Note that by omitting compiling dwm from source a great deal of customizability is lost, since dwm's entire configuration is performed by editing its source code. Taking this in mind, the rest of the article assumes that dwm has been compiled from source as explained in the entirety of this section.<br />
<br />
You will probably also want to consider installing [[dmenu]], a fast and lightweight dynamic menu for X:<br />
# pacman -S dmenu<br />
<br />
===Requirements===<br />
Basic programming tools present in {{package Official|base-devel}} are needed in order to compile dwm and build a package for it, and the {{package Official|abs}} package is also a requisite for fetching the necessary build scripts:<br />
# pacman -S base-devel abs<br />
<br />
===Download build scripts with ABS===<br />
Once the required packages are installed, use ABS to fetch the latest build scripts from the repositories:<br />
# abs<br />
<br />
Lastly, copy the dwm build scripts from the ABS tree to a temporary directory. For example:<br />
$ cp -r /var/abs/community/dwm ~/dwm<br />
<br />
===Build and install package===<br />
Use {{Codeline|cd}} by switching to the directory containing the build scripts (the example above used {{Filename|~/dwm}}). Then run:<br />
$ makepkg -i<br />
<br />
This will compile dwm, build an Arch Linux package containing the resulting files, and install the package file all in one step. If problems are encountered, review the output for specific information. <br />
<br />
{{Tip|If this directory ({{filename|~/dwm}}) is saved, it can subsequently be used for making changes to the default configuration.}}<br />
<br />
==Configuring==<br />
dwm, as mentioned before, is exclusively configured at compile-time via some of its source files, namely {{Filename|config.h}} and {{Filename|config.mk}}. While the initial configuration provides a good set of defaults, it's realistic to expect that at some point potential users will probably want to make adjustments to their setups.<br />
<br />
===Method 1: ABS rebuild (recommended)===<br />
Modifying dwm is quite simple using this route.<br />
<br />
====Customizing config.h====<br />
Browse to the dwm source code directory saved during the [[#Installing|installation process]]; {{filename|~/dwm}} in the example. The {{filename|config.h}} found within this directory is where the general dwm preferences are stored. Most settings within the file should be self-explanatory, while others may not share the same trait. For detailed information on these settings, see the [http://www.suckless.org/dwm/ dwm website].<br />
<br />
{{note|Be sure to make a backup copy of config.h before modifying it, just in case something goes wrong.}}<br />
<br />
Once changes have been made, pipe the new md5sums into the [[PKGBUILD]]:<br />
$ makepkg -g >> PKGBUILD<br />
This will eliminate a checksum mismatch between the official config.h and the new revised copy.<br />
<br />
Now, compile and reinstall:<br />
$ makepkg -efi<br />
<br />
Assuming the configuration changes were valid, this command will compile dwm, build and reinstall the resulting package. If problems were encountered, review the output for specific information.<br />
<br />
Finally, restart dwm in order to apply the changes.<br />
<br />
====Notes====<br />
From now on, instead of updating the md5sums for every {{filename|config.h}} revision, which are known to become frequent, one may erase the md5sums array and build dwm with the {{codeline|--skipinteg}} option:<br />
$ makepkg -efi --skipinteg<br />
<br />
And after adding a few lines to dwm's start-up script, it is possible to [[#Restart dwm without logging out or closing programs|restart dwm without logging out or closing programs]].<br />
<br />
===Method 2: Mercurial (advanced)===<br />
dwm is maintained upstream within a [http://www.selenic.com/mercurial/wiki/ Mercurial] version control system at [http://hg.suckless.org/dwm suckless.org]. Those already familiar with Mercurial may find it more convenient to maintain configurations and patches within this system. A [http://www.suckless.org/dwm/customisation/patch_queue.html detailed tutorial] on this method is available at the dwm website.<br />
<br />
Before building dwm from the Mercurial sources, be sure to alter config.mk accordingly, because failure to do so may result in X crashes. Here are the values that need changing:<br />
<br />
Modify {{codeline|PREFIX}}:<br />
PREFIX = /usr<br />
The X11 include folder:<br />
X11INC = /usr/include/X11<br />
And the the X11 lib directory:<br />
X11LIB = /usr/lib/X11<br />
<br />
==Starting dwm==<br />
To start dwm with {{Codeline|startx}} or the [[SLIM]] login manager, simply append the following to {{Filename|~/.xinitrc}}: <br />
exec dwm<br />
<br />
For [[GDM]], add it to {{Filename|~/.Xclients}} instead, and select "Run XClient Script" from the Sessions menu.<br />
<br />
==Statusbar configuration==<br />
dwm uses the root window's name to display information in its statusbar, which can be changed with {{Codeline|xsetroot -name}}.<br />
<br />
===Basic statusbar===<br />
This example prints the date in [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] format. Add it to files {{filename|~/.xinitrc}} or {{filename|~/.Xclients}}:<br />
<pre><br />
while true; do<br />
xsetroot -name "$( date +"%F %R" )"<br />
sleep 1m # Update time every minute<br />
done &<br />
exec dwm<br />
</pre><br />
<br />
Here is an example intended for laptops that depends on the {{Package Official|acpi}} package for showing battery information:<br />
<pre><br />
while true ; do<br />
xsetroot -name "$( acpi -b | awk '{ print $3, $4 }' | tr -d ',' )"<br />
sleep 1m<br />
done &<br />
exec dwm<br />
</pre><br />
<br />
The script displays the amount of battery remaining besides its charging status by using the awk command to trim away the unneeded text from acpi, and tr to remove the commas.<br />
<br />
An alternative to the above is to selectively show the battery status depending on the current charging state:<br />
<pre><br />
while true; do<br />
batt=$(LC_ALL=C acpi -b)<br />
<br />
case $batt in<br />
*Discharging*)<br />
batt="${batt#* * * }"<br />
batt="${batt%%, *} "<br />
;;<br />
*)<br />
batt=""<br />
;;<br />
esac<br />
<br />
xsetroot -name "$batt$(date +%R)"<br />
<br />
sleep 60<br />
done &<br />
<br />
exec dwm<br />
</pre><br />
<br />
Finally, make sure there is only one instance of dwm in {{filename|~/.xinitrc}} or {{filename|~/.Xclients}}, so combining everything together should resemble this:<br />
~/.setbg<br />
autocutsel &<br />
termirssi &<br />
urxvt &<br />
<br />
while true; do<br />
xsetroot -name "$(date +"%F %R")"<br />
sleep 1m # Update time every minute<br />
done &<br />
'''exec dwm'''<br />
<br />
Here is another example that displays also the alsa volume and the battery state. The latter only when the system is off-line.<br />
<br />
#set statusbar<br />
while true<br />
do<br />
if acpi -a | grep off-line > /dev/null; then<br />
xsetroot -name "Bat. $( acpi -b | awk '{ print $4 " " $5 }' | tr -d ',' ) | Vol. $(amixer get Master | tail -1 | awk '{ print $5}' | tr -d '[]') | $(date +"%a, %b %d %R")"<br />
else<br />
xsetroot -name "Vol. $(amixer get Master | tail -1 | awk '{ print $5}' | tr -d '[]') | $(date +"%a, %b %d %R")"<br />
fi<br />
sleep 1s <br />
done &<br />
<br />
===Conky statusbar===<br />
Available from the [[AUR]], {{package AUR|conky-cli}} is a special build of conky which prints to <tt>stdout</tt>. If already accustomed to [[conky]], a statusbar rich with information can be ready within minutes. Once conky has been configured to preference, simply print it to the statusbar with {{Codeline|xsetroot -name}}:<br />
conky | while read -r; do xsetroot -name "$REPLY"; done &<br />
exec dwm<br />
<br />
The following is a sample conkyrc for a dual core CPU, displaying several stats:<br />
<pre><br />
background no<br />
out_to_console yes<br />
update_interval 2<br />
total_run_times 0<br />
use_spacer none<br />
<br />
TEXT<br />
$mpd_smart :: ${cpu cpu1}% / ${cpu cpu2}% ${loadavg 1} ${loadavg 2 3} :: ${acpitemp}c :: $memperc% ($mem) :: ${downspeed eth0}K/s ${upspeed eth0}K/s :: ${time %a %b %d %I:%M%P}<br />
</pre><br />
<br />
==Basic usage==<br />
===Using dmenu===<br />
Dmenu is a useful addon to dwm. Rather than a standard list-style menu, it acts as a sort of autocomplete to typing in the names of binaries. It is more advanced than many program launchers and integrates well within dwm.<br />
<br />
To start it, press {{Keypress|Mod1}} + {{Keypress|P}} ({{Keypress|Mod1}} should be the {{Keypress|Alt}} key by default). This can, of course, be changed if you so desire. Then, simply type in the first few characters of the binary you wish to run until you see it along the top bar. Then, simply use your left and right arrow keys to navigate to it and press enter.<br />
<br />
For more information, see [[dmenu]].<br />
<br />
===Controlling windows===<br />
====Moving a window to another tag====<br />
Moving a window from one tag to another is very simple. To do so, simply bring the window into focus by hovering over it with your cursor, then press {{Keypress|Shift}} + {{Keypress|Mod1}} + {{Keypress|x}}, where 'x' is the number of the tag to which you want to move the window. [Mod1] is, by default, the {{Keypress|Alt}} key.<br />
====Closing a window====<br />
To cleanly close a window using dwm, simply press {{Keypress|Shift}} + {{Keypress|Mod1}} + {{Keypress|C}}.<br />
<br />
====Window layouts====<br />
By default, dwm will operate in tiled mode. This can be observed by new windows on the same tag growing smaller and smaller as new windows are opened. The windows will, together, will up the entire screen (except for the menu bar) at all times. There are, however, two other modes: floating and monocle. Floating mode should be familiar to users of non-tiling window managers; it allows users to rearrange windows as they please. Monocle mode will keep a single window visible at all times.<br />
<br />
To switch to floating mode, simply press {{Keypress|Mod1}} + {{Keypress|F}}. {{Keypress|Mod1}} is, by default, the {{Keypress|Alt}} key. To check if you are in floating mode, you should see something like this next to the numbered tags in the top right corner of the screen: X>.<br />
<br />
To switch to monocole mode, press {{Keypress|Mod1}} + {{Keypress|M}}. To check if you are in monocle mode, you can see an M in square brackets (if no windows are open on that tag) or a number in square brackets (which corresponds with the number of windows open on that tag). Thus, a tag with no windows open would display this: [M], and a tag with 'n' windows open would display this: [n].<br />
<br />
To return to tiled mode, press {{Keypress|Mod1}} + {{Keypress|T}}. You will see a symbol which looks like this: []= .<br />
<br />
===Exiting dwm===<br />
To cleanly exit dwm, press {{Keypress|Shift}} + {{Keypress|Mod1}} + {{Keypress|Q}}.<br />
<br />
Source: [http://dwm.suckless.org/tutorial dwm tutorial].<br />
<br />
==Extended usage==<br />
<br />
===Patches & additional tiling modes===<br />
The official website has a number of [http://www.suckless.org/dwm/patches patches] that can add extra functionality to dwm. Users can easily customize dwm by applying the modifications they like. The [http://www.suckless.org/dwm/patches/bottom_stack.html Bottom Stack] patch provides an additional tiling mode that splits the screen horizontally, as opposed to the default vertically oriented tiling mode. Similarly, bstack horizontal splits the tiles horizontally. <br />
<br />
The [http://dwm.suckless.org/patches/gapless_grid gaplessgrid patch] allows windows to be tiled like a grid.<br />
<br />
====Enable one layout per tag====<br />
The default behaviour of dwm is to apply the currently selected layout for all tags.To have different layouts for different tags use the [http://dwm.suckless.org/patches/pertag pertag] patch.<br />
<br />
===Fixing gaps around terminal windows===<br />
If there are empty gaps of desktop space outside terminal windows, it is likely due to the terminal's font size. Either adjust the size until finding the ideal scale that closes the gap, or toggle {{Codeline|resizehints}} to ''False'' in {{filename|config.h}}:<br />
static Bool resizehints = False; /* False means respect size hints in tiled resizals */<br />
<br />
This will cause dwm to ignore resize requests from all client windows, not just terminals. The downside to this workaround is that some terminals may suffer redraw anomalies, such as ghost lines and premature line wraps, among others.<br />
<br />
====Urxvt====<br />
Another choice for [[urxvt]] users is applying the [[urxvt#Fix maximized window gaps|hints patch]] and regressing to dwm's original behaviour:<br />
static Bool resizehints = '''True''';<br />
<br />
===Restart dwm without logging out or closing programs===<br />
For restarting dwm without logging out or closing applications, change or add a startup script so that it loads dwm in a ''while'' loop, like this:<br />
<pre><br />
while true; do<br />
# Log stderror to a file <br />
dwm 2> ~/.dwm.log<br />
# No error logging<br />
#dwm >/dev/null 2>&1<br />
done<br />
</pre><br />
<br />
dwm can now be restarted without destroying other X windows by pressing the usual Mod-Shift-Q combination.<br />
<br />
It's a good idea to place the above startup script into a separate file, {{Filename|~/bin/startdwm}} for instance, and execute it through {{filename|~/.xinitrc}}. From this point on, when desiring to actually end the X session simply execute {{Codeline|killall startdwm}}, or bind it to a convenient key.<br />
<br />
===Make the right Alt key work as if it were Mod4 (Windows Key)===<br />
When using Mod4 (aka Super/Windows Key) as the {{codeline|MODKEY}}, it may be equally convenient to have the right Alt key (Alt_R) act as Mod4. This will allow performing otherwise awkward keystrokes one-handed, such as zooming with Alt_R+Enter. <br />
<br />
First, find out which keycode is assigned to Alt_R:<br />
xmodmap -pke | grep Alt_R<br />
<br />
Then simply add the following to the startup script (e.g. {{filename|~/.xinitrc}}), changing the keycode ''113'' if necessary to the result gathered by the previous {{codeline|xmodmap}} command:<br />
xmodmap -e "keycode 113 = Super_L" # reassign Alt_R to Super_L<br />
xmodmap -e "remove mod1 = Super_L" # make sure X keeps it out of the mod1 group<br />
<br />
Now, any functions that are triggered by a Super_L (Windows) key press will also be triggered by an Alt_R key press.<br />
===Disable focus follows mouse behaviour===<br />
To disable focus follows mouse behaviour comment out the following line in definiton of struct handler in dwm.c <br />
<pre>[EnterNotify] = enternotify, </pre><br />
<br />
===Adding custom keybinds/shortcuts===<br />
Two entries are needed in {{filename|config.h}} to create custom keybinds. One under the "/* commands /*" section, and another under the "static Key keys[] = {" section.<br />
<br />
static const char *<keybindname>[] = { "<command>", "<flags>", "<arguments>", NULL };<br />
<br />
<keybindname> can be anything... <command> <-flags> and <arguments> can be anything but they have to be individually enclosed in "",<br />
<br />
{ MODKEY, XK_<key>, spawn, {.v = <keybindname> } },<br />
<br />
...would bind Mod+<key> to the command defined previously.<br />
<br />
{ MODKEY|ShiftMask, XK_<key>, spawn, {.v = <keybindname> } },<br />
<br />
...would bind Mod+Shift+<key> Use ControlMask for Ctrl key.<br />
<br />
Single keys such as Fn or multimedia keys have to be bound with the hex codes obtainable from the program "xev"<br />
<br />
{ 0, <0xff00>, spawn, {.v = <keybindname> } },<br />
<br />
...would bind foo key <0xff00> to <keybindname><br />
<br />
===Fixing misbehaving Java applications===<br />
<br />
As of JRE 6u20, Java applications misbehave in dwm because it is not a known window manager to Java. This causes menus to close when the mouse is released, and other little issues. First, install wmname from the [community] repository:<br />
# pacman -S wmname<br />
<br />
Now all you have to do is use wmname to set a WM name that Java recognizes:<br />
$ wmname LG3D<br />
<br />
This is not permanent, so you may want to add this command to your .xinitrc.<br />
<br />
<br />
==Resources==<br />
* [http://www.suckless.org/dwm dwm's official website]<br />
* [[dmenu]] - Simple application launcher from the developers of dwm<br />
* The [http://bbs.archlinux.org/viewtopic.php?id=57549/ dwm thread] on the forums<br />
* [http://bbs.archlinux.org/viewtopic.php?id=92895/ Hacking dwm thread]<br />
* Check out the forums' [http://bbs.archlinux.org/viewtopic.php?id=57768/ wallpaper thread] for a selection of dwm wallpapers<br />
* [http://www.xsnake.net/howto/dwm/dwm-eng.php HowTo by Snake]<br />
* [http://0x80.org/blog/?p=72 Moved to dwm]</div>Thayerhttps://wiki.archlinux.org/index.php?title=SSH_keys&diff=116412SSH keys2010-09-04T20:55:26Z<p>Thayer: /* Troubleshooting */</p>
<hr />
<div>[[Category:Networking (English)]]<br />
[[Category:Security (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|Using SSH Keys}}<br />
<br />
= What are SSH Keys? =<br />
<br />
By using SSH Keys (a public and private key to be precise), you can easily connect to a server, or multiple servers, without having to enter your password for each system.<br />
<br />
It is possible to setup your keys without a passphrase, however that is unwise as if anyone gets hold of your key they can use it. This guide describes how to setup your system so that passphrases are remembered securely.<br />
<br />
== Generating SSH Keys ==<br />
<br />
If you don't already have OpenSSH installed, install it now as it is not installed by default on Arch.<br />
<br />
# pacman -S openssh<br />
<br />
The keys can then be generated by running the ssh-keygen command as a user:<br />
<br />
$ ssh-keygen -b 1024 -t dsa<br />
Generating public/private dsa key pair.<br />
Enter file in which to save the key (/home/mith/.ssh/id_dsa):<br />
Enter passphrase (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /home/mith/.ssh/id_dsa.<br />
Your public key has been saved in /home/mith/.ssh/id_dsa.pub.<br />
The key fingerprint is:<br />
x6:68:xx:93:98:8x:87:95:7x:2x:4x:x9:81:xx:56:94 mith@middleearth<br />
<br />
It will prompt you for a location (which you should leave as the default), however the passphrase is the important bit! I hopefully need not tell you the rules of a good passphrase?<br />
<br />
So what did we just do? We generated a 1024 bit long ({{Codeline|-b 1024}}) public/private dsa ({{Codeline|-t dsa}}) key pair with the {{Codeline|ssh-keygen}} command.<br />
<br />
If you want to create a RSA key pair instead of DSA just use {{Codeline|-t rsa}} (do not specify key length "-b" as default key length for RSA is 2048 and is sufficient).<br />
<br />
== Copying the keys to the remote server == <br />
<br />
Now you have generated the keys you need to copy them to the remote server. By default, for OpenSSH, the public key needs to be concatenated into {{Filename|~/.ssh/authorized_keys}}.<br />
<br />
$ scp ~/.ssh/id_dsa.pub mith@metawire.org:<br />
<br />
This copies the public key ({{Filename|id_dsa.pub}}) to your remote server via {{Codeline|scp}} (note the {{Codeline|:}} at the end of the server address). The file ends up in the home directory, but you can specify another path if you like.<br />
<br />
Next up, on the remote server, you need to create the {{Filename|~/.ssh}} directory if it doesn't exist and concatenate the key {{Filename|authorized_keys}} file:<br />
<br />
$ ssh mith@metawire.org<br />
mith@metawire.org's password:<br />
$ mkdir ~/.ssh<br />
$ cat ~/id_dsa.pub >> ~/.ssh/authorized_keys<br />
$ rm ~/id_dsa.pub<br />
$ chmod 600 ~/.ssh/authorized_keys<br />
<br />
The last two commands remove the public key from the server (which isn't needed now), and sets the correct permissions on the authorized_keys file.<br />
<br />
If you now disconnect from the server, and attempt to reconnect, you should be asked for the passphrase of the key:<br />
<br />
$ ssh mith@metawire.org<br />
Enter passphrase for key '/home/mith/.ssh/id_dsa':<br />
<br />
If you are unable to login with the key, double check the permissions on the {{Filename|authorized_keys}} file.<br />
<br />
Also check the permissions on the {{Filename|~/.ssh}} directory, which should have write permissions off for 'group' and 'other'. Run the following command to disable 'group' and 'other' write permissions for the {{Filename|~/.ssh}} directory:<br />
$ chmod go-w ~/.ssh<br />
<br />
= Remember key passphrases =<br />
<br />
Now you can login to your servers by using a key instead of a password, but how is this any easier, as you still need to enter the key passphrase? The answer is to use a SSH agent, a program which remembers the passphrases of your keys! There a number of different tools available, so have a read through and choose the one which seems best for you.<br />
<br />
== ssh-agent ==<br />
<br />
ssh-agent is the default agent included with OpenSSH.<br />
<br />
$ ssh-agent<br />
SSH_AUTH_SOCK=/tmp/ssh-vEGjCM2147/agent.2147; export SSH_AUTH_SOCK;<br />
SSH_AGENT_PID=2148; export SSH_AGENT_PID;<br />
echo Agent pid 2148;<br />
<br />
When you run {{Codeline|ssh-agent}}, it will print out what environment variables it would use. To make use of these variables, run the command through the {{Codeline|eval}} command.<br />
<br />
$ eval `ssh-agent`<br />
Agent pid 2157<br />
<br />
You can add this to {{Filename|/etc/profile}} so that it will be run whenever you open a session:<br />
<br />
# echo 'eval `ssh-agent`' >> /etc/profile<br />
<br />
Note the correct quotes, the first ones are single quotes, where as the second are backticks!<br />
<br />
Now that the {{Codeline|ssh-agent}} is running, we need to tell it that we have a private key and where that is.<br />
<br />
$ ssh-add ~/.ssh/id_dsa<br />
Enter passphrase for /home/user/.ssh/id_dsa:<br />
Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)<br />
<br />
We were asked for our passphrase, entered it, that's all. Now you can login to your remote server without having to enter your password while your private key is password-protected. Sweet isn't it?<br />
<br />
The only downside is that a new instance of {{Codeline|ssh-agent}} needs to be created for every new console (shell) you open, that means you have to run {{Codeline|ssh-add}} every time again on each console. There is a workaround to that with a program or rather a script called [http://www.gentoo.org/proj/en/keychain/index.xml keychain] which is covered in the next section.<br />
<br />
=== Using GnuPG Agent ===<br />
<br />
The [[GnuPG]] agent, distributed with the {{Package Official|gnupg2}} package, has OpenSSH agent emulation. If you use GPG you might consider using its agent to take care of all of your keys. Otherwise you might like the PIN entry dialog it provides and its passphrase management, which is different from keychain.<br />
<br />
To start using GPG agent for your SSH keys you should first start the gpg-agent with the {{Codeline|--enable-ssh-support}} option. Example (don't forget to make the file executable):<br />
{{File|name=/etc/profile.d/gpg-agent.sh|content=<nowiki><br />
#!/bin/sh<br />
<br />
envfile="${HOME}/.gnupg/gpg-agent.env"<br />
if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then<br />
eval "$(cat "$envfile")"<br />
else<br />
eval "$(gpg-agent --enable-ssh-support --daemon --write-env-file "$envfile")"<br />
fi<br />
</nowiki>}}<br />
<br />
Once gpg-agent is running you can use ssh-add to approve keys, just like you did with plain ssh-agent. The list of approved keys is stored in the {{Filename|~/.gnupg/sshcontrol}} file. Once your key is approved you will get a PIN entry dialog every time your passphrase is needed. You can control passphrase caching in the {{Filename|~/.gnupg/gpg-agent.conf}} file. The following example would have gpg-agent cache your keys for 3 hours: <br />
<br />
# Cache settings<br />
default-cache-ttl 10800<br />
default-cache-ttl-ssh 10800<br />
<br />
Other useful settings for this file include the PIN entry program (GTK, QT or ncurses version), keyboard grabbing and so on...:<br />
<br />
# Environment file<br />
write-env-file /home/username/.gnupg/gpg-agent.info<br />
<br />
# Keyboard control<br />
#no-grab<br />
<br />
# PIN entry program<br />
#pinentry-program /usr/bin/pinentry-curses<br />
#pinentry-program /usr/bin/pinentry-qt4<br />
pinentry-program /usr/bin/pinentry-gtk-2<br />
<br />
=== Using keychain ===<br />
<br />
[http://www.gentoo.org/proj/en/keychain/index.xml Keychain] manages one or more specified private keys. When initialized it will ask for the passphrase for the private key(s) and store it. That way your private key is password protected but you won't have to enter your password over and over again.<br />
<br />
Install keychain from the extra repo:<br />
<br />
# pacman -S keychain<br />
<br />
Create the following file and make it executable:<br />
{{File|name=/etc/profile.d/keychain.sh|content=<nowiki><br />
eval `keychain --eval --nogui -Q -q id_rsa`<br />
</nowiki>}}<br />
<br />
Or<br />
<br />
{{File|name=/etc/profile.d/keychain.sh|content=<nowiki><br />
/usr/bin/keychain -Q -q --nogui ~/.ssh/id_dsa<br />
[[ -f $HOME/.keychain/$HOSTNAME-sh ]] && source $HOME/.keychain/$HOSTNAME-sh<br />
</nowiki>}}<br />
<br />
{{Tip| If you want greater security replace -Q with --clear but will be less convenient.}}<br />
<br />
If necessary, replace {{Filename|~/.ssh/id_dsa}} with {{Filename|~/.ssh/id_rsa}}. For those using a non-Bash compatible shell, see {{Codeline|keychain --help}} or {{Codeline|man keychain}} for details on other shells.<br />
<br />
Close your shell and open it again. Keychain should come up and if it's your first run it will ask your for the passphrase of the specified private key.<br />
<br />
=== Using ssh-agent and x11-ssh-askpass ===<br />
<br />
You need to start the ssh-agent everytime you start a new Xsession. The ssh-agent will be closed when the X session ends.<br />
<br />
Install x11-ssh-askpass which will ask your passphrase everytime you open a new Xsession:<br />
<br />
# pacman -S x11-ssh-askpass<br />
<br />
Prepend this into your {{Filename|~/.xsession}}:<br />
<br />
eval `/usr/bin/ssh-agent`<br />
SSH_ASKPASS=/usr/lib/openssh/x11-ssh-askpass ssh-add < /dev/null<br />
# then the end of the file with for example "exec dwm"<br />
<br />
== GNOME Keyring ==<br />
If you use the [[GNOME]] desktop, the [[Gnome Keyring]] tool can be used as an SSH agent. Visit the [[Gnome Keyring]] article.<br />
<br />
= Troubleshooting =<br />
If it appears that the SSH server is ignoring your keys, ensure that you have the proper permissions set on all relevant files.<br />
<br />
For the local machine:<br />
<br />
$ chmod ~/ 755<br />
$ chmod ~/.ssh 700<br />
$ chmod ~/.ssh/id_rsa 600<br />
<br />
For the remote machine:<br />
<br />
$ chmod ~/ 755<br />
$ chmod ~/.ssh 700<br />
$ chmod ~/.ssh/authorized_keys 600<br />
<br />
Failing this, run the sshd in debug mode and monitor the output while connecting:<br />
<br />
# /usr/sbin/sshd -d<br />
<br />
= Useful Links / Information =<br />
* [http://www.arches.uga.edu/~pkeck/ssh/ HOWTO: set up ssh keys]<br />
<!-- Not Found + [http://particle.phys.uvic.ca/doc_sshkey.html ] --><br />
* [http://www-106.ibm.com/developerworks/linux/library/l-keyc.html OpenSSH key management, Part 1]<br />
* [http://www-106.ibm.com/developerworks/linux/library/l-keyc2/ OpenSSH key management, Part 2]<br />
* [http://www-106.ibm.com/developerworks/library/l-keyc3/ OpenSSH key management, Part 3]<br />
* [http://kimmo.suominen.com/docs/ssh/ Getting started with SSH]<br />
* Manual Pages: [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html ssh-keygen(1)]</div>Thayerhttps://wiki.archlinux.org/index.php?title=SSH_keys&diff=116411SSH keys2010-09-04T20:54:26Z<p>Thayer: /* Useful Links / Information */</p>
<hr />
<div>[[Category:Networking (English)]]<br />
[[Category:Security (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|Using SSH Keys}}<br />
<br />
= What are SSH Keys? =<br />
<br />
By using SSH Keys (a public and private key to be precise), you can easily connect to a server, or multiple servers, without having to enter your password for each system.<br />
<br />
It is possible to setup your keys without a passphrase, however that is unwise as if anyone gets hold of your key they can use it. This guide describes how to setup your system so that passphrases are remembered securely.<br />
<br />
== Generating SSH Keys ==<br />
<br />
If you don't already have OpenSSH installed, install it now as it is not installed by default on Arch.<br />
<br />
# pacman -S openssh<br />
<br />
The keys can then be generated by running the ssh-keygen command as a user:<br />
<br />
$ ssh-keygen -b 1024 -t dsa<br />
Generating public/private dsa key pair.<br />
Enter file in which to save the key (/home/mith/.ssh/id_dsa):<br />
Enter passphrase (empty for no passphrase):<br />
Enter same passphrase again:<br />
Your identification has been saved in /home/mith/.ssh/id_dsa.<br />
Your public key has been saved in /home/mith/.ssh/id_dsa.pub.<br />
The key fingerprint is:<br />
x6:68:xx:93:98:8x:87:95:7x:2x:4x:x9:81:xx:56:94 mith@middleearth<br />
<br />
It will prompt you for a location (which you should leave as the default), however the passphrase is the important bit! I hopefully need not tell you the rules of a good passphrase?<br />
<br />
So what did we just do? We generated a 1024 bit long ({{Codeline|-b 1024}}) public/private dsa ({{Codeline|-t dsa}}) key pair with the {{Codeline|ssh-keygen}} command.<br />
<br />
If you want to create a RSA key pair instead of DSA just use {{Codeline|-t rsa}} (do not specify key length "-b" as default key length for RSA is 2048 and is sufficient).<br />
<br />
== Copying the keys to the remote server == <br />
<br />
Now you have generated the keys you need to copy them to the remote server. By default, for OpenSSH, the public key needs to be concatenated into {{Filename|~/.ssh/authorized_keys}}.<br />
<br />
$ scp ~/.ssh/id_dsa.pub mith@metawire.org:<br />
<br />
This copies the public key ({{Filename|id_dsa.pub}}) to your remote server via {{Codeline|scp}} (note the {{Codeline|:}} at the end of the server address). The file ends up in the home directory, but you can specify another path if you like.<br />
<br />
Next up, on the remote server, you need to create the {{Filename|~/.ssh}} directory if it doesn't exist and concatenate the key {{Filename|authorized_keys}} file:<br />
<br />
$ ssh mith@metawire.org<br />
mith@metawire.org's password:<br />
$ mkdir ~/.ssh<br />
$ cat ~/id_dsa.pub >> ~/.ssh/authorized_keys<br />
$ rm ~/id_dsa.pub<br />
$ chmod 600 ~/.ssh/authorized_keys<br />
<br />
The last two commands remove the public key from the server (which isn't needed now), and sets the correct permissions on the authorized_keys file.<br />
<br />
If you now disconnect from the server, and attempt to reconnect, you should be asked for the passphrase of the key:<br />
<br />
$ ssh mith@metawire.org<br />
Enter passphrase for key '/home/mith/.ssh/id_dsa':<br />
<br />
If you are unable to login with the key, double check the permissions on the {{Filename|authorized_keys}} file.<br />
<br />
Also check the permissions on the {{Filename|~/.ssh}} directory, which should have write permissions off for 'group' and 'other'. Run the following command to disable 'group' and 'other' write permissions for the {{Filename|~/.ssh}} directory:<br />
$ chmod go-w ~/.ssh<br />
<br />
= Remember key passphrases =<br />
<br />
Now you can login to your servers by using a key instead of a password, but how is this any easier, as you still need to enter the key passphrase? The answer is to use a SSH agent, a program which remembers the passphrases of your keys! There a number of different tools available, so have a read through and choose the one which seems best for you.<br />
<br />
== ssh-agent ==<br />
<br />
ssh-agent is the default agent included with OpenSSH.<br />
<br />
$ ssh-agent<br />
SSH_AUTH_SOCK=/tmp/ssh-vEGjCM2147/agent.2147; export SSH_AUTH_SOCK;<br />
SSH_AGENT_PID=2148; export SSH_AGENT_PID;<br />
echo Agent pid 2148;<br />
<br />
When you run {{Codeline|ssh-agent}}, it will print out what environment variables it would use. To make use of these variables, run the command through the {{Codeline|eval}} command.<br />
<br />
$ eval `ssh-agent`<br />
Agent pid 2157<br />
<br />
You can add this to {{Filename|/etc/profile}} so that it will be run whenever you open a session:<br />
<br />
# echo 'eval `ssh-agent`' >> /etc/profile<br />
<br />
Note the correct quotes, the first ones are single quotes, where as the second are backticks!<br />
<br />
Now that the {{Codeline|ssh-agent}} is running, we need to tell it that we have a private key and where that is.<br />
<br />
$ ssh-add ~/.ssh/id_dsa<br />
Enter passphrase for /home/user/.ssh/id_dsa:<br />
Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)<br />
<br />
We were asked for our passphrase, entered it, that's all. Now you can login to your remote server without having to enter your password while your private key is password-protected. Sweet isn't it?<br />
<br />
The only downside is that a new instance of {{Codeline|ssh-agent}} needs to be created for every new console (shell) you open, that means you have to run {{Codeline|ssh-add}} every time again on each console. There is a workaround to that with a program or rather a script called [http://www.gentoo.org/proj/en/keychain/index.xml keychain] which is covered in the next section.<br />
<br />
=== Using GnuPG Agent ===<br />
<br />
The [[GnuPG]] agent, distributed with the {{Package Official|gnupg2}} package, has OpenSSH agent emulation. If you use GPG you might consider using its agent to take care of all of your keys. Otherwise you might like the PIN entry dialog it provides and its passphrase management, which is different from keychain.<br />
<br />
To start using GPG agent for your SSH keys you should first start the gpg-agent with the {{Codeline|--enable-ssh-support}} option. Example (don't forget to make the file executable):<br />
{{File|name=/etc/profile.d/gpg-agent.sh|content=<nowiki><br />
#!/bin/sh<br />
<br />
envfile="${HOME}/.gnupg/gpg-agent.env"<br />
if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then<br />
eval "$(cat "$envfile")"<br />
else<br />
eval "$(gpg-agent --enable-ssh-support --daemon --write-env-file "$envfile")"<br />
fi<br />
</nowiki>}}<br />
<br />
Once gpg-agent is running you can use ssh-add to approve keys, just like you did with plain ssh-agent. The list of approved keys is stored in the {{Filename|~/.gnupg/sshcontrol}} file. Once your key is approved you will get a PIN entry dialog every time your passphrase is needed. You can control passphrase caching in the {{Filename|~/.gnupg/gpg-agent.conf}} file. The following example would have gpg-agent cache your keys for 3 hours: <br />
<br />
# Cache settings<br />
default-cache-ttl 10800<br />
default-cache-ttl-ssh 10800<br />
<br />
Other useful settings for this file include the PIN entry program (GTK, QT or ncurses version), keyboard grabbing and so on...:<br />
<br />
# Environment file<br />
write-env-file /home/username/.gnupg/gpg-agent.info<br />
<br />
# Keyboard control<br />
#no-grab<br />
<br />
# PIN entry program<br />
#pinentry-program /usr/bin/pinentry-curses<br />
#pinentry-program /usr/bin/pinentry-qt4<br />
pinentry-program /usr/bin/pinentry-gtk-2<br />
<br />
=== Using keychain ===<br />
<br />
[http://www.gentoo.org/proj/en/keychain/index.xml Keychain] manages one or more specified private keys. When initialized it will ask for the passphrase for the private key(s) and store it. That way your private key is password protected but you won't have to enter your password over and over again.<br />
<br />
Install keychain from the extra repo:<br />
<br />
# pacman -S keychain<br />
<br />
Create the following file and make it executable:<br />
{{File|name=/etc/profile.d/keychain.sh|content=<nowiki><br />
eval `keychain --eval --nogui -Q -q id_rsa`<br />
</nowiki>}}<br />
<br />
Or<br />
<br />
{{File|name=/etc/profile.d/keychain.sh|content=<nowiki><br />
/usr/bin/keychain -Q -q --nogui ~/.ssh/id_dsa<br />
[[ -f $HOME/.keychain/$HOSTNAME-sh ]] && source $HOME/.keychain/$HOSTNAME-sh<br />
</nowiki>}}<br />
<br />
{{Tip| If you want greater security replace -Q with --clear but will be less convenient.}}<br />
<br />
If necessary, replace {{Filename|~/.ssh/id_dsa}} with {{Filename|~/.ssh/id_rsa}}. For those using a non-Bash compatible shell, see {{Codeline|keychain --help}} or {{Codeline|man keychain}} for details on other shells.<br />
<br />
Close your shell and open it again. Keychain should come up and if it's your first run it will ask your for the passphrase of the specified private key.<br />
<br />
=== Using ssh-agent and x11-ssh-askpass ===<br />
<br />
You need to start the ssh-agent everytime you start a new Xsession. The ssh-agent will be closed when the X session ends.<br />
<br />
Install x11-ssh-askpass which will ask your passphrase everytime you open a new Xsession:<br />
<br />
# pacman -S x11-ssh-askpass<br />
<br />
Prepend this into your {{Filename|~/.xsession}}:<br />
<br />
eval `/usr/bin/ssh-agent`<br />
SSH_ASKPASS=/usr/lib/openssh/x11-ssh-askpass ssh-add < /dev/null<br />
# then the end of the file with for example "exec dwm"<br />
<br />
== GNOME Keyring ==<br />
If you use the [[GNOME]] desktop, the [[Gnome Keyring]] tool can be used as an SSH agent. Visit the [[Gnome Keyring]] article.<br />
<br />
= Troubleshooting =<br />
If it appears that the SSH server is ignoring your keys, ensure that you have the proper permissions set on all relevant files.<br />
<br />
For the local machine:<br />
<br />
$ chmod ~/ 755<br />
$ chmod ~/.ssh 700<br />
$ chmod ~/.ssh/id_rsa 600<br />
<br />
For the remote machine:<br />
<br />
$ chmod ~/ 755<br />
$ chmod ~/.ssh 700<br />
$ chmod ~/.ssh/authorized_keys 600<br />
<br />
= Useful Links / Information =<br />
* [http://www.arches.uga.edu/~pkeck/ssh/ HOWTO: set up ssh keys]<br />
<!-- Not Found + [http://particle.phys.uvic.ca/doc_sshkey.html ] --><br />
* [http://www-106.ibm.com/developerworks/linux/library/l-keyc.html OpenSSH key management, Part 1]<br />
* [http://www-106.ibm.com/developerworks/linux/library/l-keyc2/ OpenSSH key management, Part 2]<br />
* [http://www-106.ibm.com/developerworks/library/l-keyc3/ OpenSSH key management, Part 3]<br />
* [http://kimmo.suominen.com/docs/ssh/ Getting started with SSH]<br />
* Manual Pages: [http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html ssh-keygen(1)]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Xmonad&diff=112714Xmonad2010-07-27T18:47:23Z<p>Thayer: /* Controling xmonad with external scripts */</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Tiling WMs (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n_links_start}}<br />
{{i18n_entry|English|Xmonad}}<br />
{{i18n_entry|Türkçe|Xmonad (Türkçe)}}<br />
{{i18n_links_end}}<br />
[http://xmonad.org/ xmonad] is a tiling window manager for X. Windows are arranged automatically to tile the screen without gaps or overlap, maximizing screen use. Window manager features are accessible from the keyboard: a mouse is optional. <br />
<br />
xmonad is written, configured and extensible in [http://haskell.org/ Haskell]. Custom layout algorithms, key bindings and other extensions may be written by the user in config files. <br />
<br />
Layouts are applied dynamically, and different layouts may be used on each workspace. [[Xinerama]] is fully supported, allowing windows to be tiled on several physical screens.<br />
<br />
For more information, please visit the xmonad website: http://xmonad.org/<br />
<br />
==Installation==<br />
<br />
xmonad and xmonad-contrib is currently available in the community repo. A build for the current development snapshot (darcs) is in the [http://aur.archlinux.org/ aur]. The following instructions are for xmonad-darcs, the development snapshot.<br />
<br />
===Development version (xmonad-darcs)===<br />
<br />
The xmonad-darcs development version can be installed from the AUR, with some additional dependencies in [community]. Install them in the following order:<br />
<br />
* [http://aur.archlinux.org/packages.php?ID=12483 xmonad-darcs] - The core window manager<br />
* [http://aur.archlinux.org/packages.php?ID=13652 xmonad-contrib-darcs] - Contributed extensions providing custom layouts, configurations, etc.<br />
<br />
==Configuration==<br />
<br />
===Starting xmonad===<br />
To start xmonad automatically, simply add the command '''exec xmonad''' to your startup script (e.g. ~/.xinitrc). GDM and KDM users can create a new session file and then select xmonad from the appropriate Session menu.<br />
<br />
Recently, users in #xmonad have stated that the exec is not required; simply adding '''xmonad''' as the last line in your startup script is the proper way to start this WM. Please use whichever method works for you. If using ck-launch-session, the exec is probably still required.<br />
<br />
''Note:'' By default, xmonad does not set an X cursor, therefore the "cross" cursor is usually displayed which can be confusing for new users (thinking that xmonad has not launched correctly). To set the expected left-pointer, add the following to your startup file (e.g. ~/.xinitrc):<br />
<br />
xsetroot -cursor_name left_ptr<br />
<br />
Also, xmonad defaults to the U.S. keyboard layout, so if you want e. g. the German one, add:<br />
<br />
setxkbmap -layout de<br />
<br />
Example .xinitrc :<br />
# set the cursor<br />
xsetroot -cursor_name left_ptr<br />
# set German keyboard layout<br />
setxkbmap -layout de<br />
# start xmonad<br />
exec ck-launch-session xmonad<br />
<br />
===Configuring xmonad===<br />
<br />
xmonad users can modify, override or extend the default settings with the ~/.xmonad/xmonad.hs configuration file. Recompiling is done on the fly, with the Mod+q shortcut.<br />
<br />
If you find you do not have a directory at ~/.xmonad, run xmonad --recompile to create it. <br />
<br />
The "default config" for xmonad is quite usuable and it is achieved by simply running without an xmonad.hs entirely. Therefore, even after you run --recompile you will most likely not have an ~/.xmonad/xmonad.hs file. If you would like to start tweaking things, simply create the file and edit it as described below. <br />
<br />
Because the xmonad configuration file is written in Haskell, non-programmers may have a difficult time adjusting settings. For detailed HOWTO's and example configs, we refer you to the following resources:<br />
<br />
* [http://haskell.org/haskellwiki/Xmonad xmonad wiki]<br />
* [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions xmonad FAQ]<br />
<br />
The best approach is to only place your changes and customizations in ~/.xmonad/xmonad.hs and write it such that any unset parameters are picked up from the built-in defaultConfig. <br />
<br />
This is achieved by writing an xmonad.hs like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = "urxvt"<br />
, modMask = mod4Mask<br />
, borderWidth = 3<br />
}<br />
<br />
This simply overrides the default terminal and borderwidth while leaving all other settings at their defaults (inherited from the function defaultConfig).<br />
<br />
As things get more complicated, it can be handy to call configuration options by function name inside the main function, and define these separately in their own sections of your xmonad.hs. This makes large customizations like your layout and manage hooks easier to visualize and maintain.<br />
<br />
The above simple xmonad.hs could have been written like this:<br />
<br />
import XMonad<br />
<br />
main = do<br />
xmonad $ defaultConfig<br />
{ terminal = myTerminal<br />
, modMask = myModMask<br />
, borderWidth = myBorderWidth<br />
}<br />
<br />
-- yes, these are functions; just very simple ones<br />
-- that accept no input and return static values<br />
myTerminal = "urxvt"<br />
myModMask = mod4Mask -- Win key or Super_L<br />
myBorderWidth = 3<br />
<br />
Also, order at top level (main, myTerminal, myModMask etc.), or within the {} does not matter in Haskell, as long as imports come first.<br />
<br />
The following is taken from the 0.9 config file template found [http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_(0.9) here]. It is an example of the most common functions one might want to define in their main do block.<br />
<br />
{<br />
terminal = myTerminal,<br />
focusFollowsMouse = myFocusFollowsMouse,<br />
borderWidth = myBorderWidth,<br />
modMask = myModMask,<br />
-- numlockMask deprecated in 0.9.1<br />
-- numlockMask = myNumlockMask,<br />
workspaces = myWorkspaces,<br />
normalBorderColor = myNormalBorderColor,<br />
focusedBorderColor = myFocusedBorderColor,<br />
<br />
-- key bindings<br />
keys = myKeys,<br />
mouseBindings = myMouseBindings,<br />
<br />
-- hooks, layouts<br />
layoutHook = myLayout,<br />
manageHook = myManageHook,<br />
handleEventHook = myEventHook,<br />
logHook = myLogHook,<br />
startupHook = myStartupHook<br />
}<br />
<br />
===Exiting xmonad===<br />
To end the current xmonad session, press Mod+SHIFT+q (Mod being ALT by default).<br />
<br />
==Tips and tricks==<br />
===Complementary applications===<br />
There are number of complementary utilities that work well with xmonad. The most common of these include:<br />
<br />
* [http://tools.suckless.org/dmenu dmenu]<br />
* [[xmobar]]<br />
* [[dzen]] <br />
* [[Conky]] and [http://aur.archlinux.org/packages.php?ID=11884 conky-cli]<br />
* [[Unclutter]] - a small utility to hide the mouse pointer<br />
<br />
===Making room for conky or tray apps===<br />
Wrap your layouts with avoidStruts from XMonad.Hooks.ManageDocks for automatic dock/panel/trayer spacing:<br />
<br />
import XMonad<br />
import XMonad.Hooks.ManageDocks<br />
<br />
main=do<br />
xmonad $ defaultConfig<br />
{ ...<br />
, layoutHook=avoidStruts $ Tall ||| Wide ||| Full<br />
, manageHook=manageHook defaultConfig <+> manageDocks<br />
, ...<br />
}<br />
<br />
If you ever want to toggle the gaps, this action can be added to your key bindings:<br />
,((modMask x, xK_b ), sendMessage ToggleStruts)<br />
<br />
===Using xmobar with xmonad===<br />
'''[[xmobar]]''' is a light and minimalistic text based bar, designed to work with xmonad.<br><br />
To use xmobar with xmonad, you will need two packages in addition to the xmonad package, these are xmonad-contrib from [community] and xmobar or [http://aur.archlinux.org/packages.php?ID=13627 xmobar-darcs from aur].<br />
<br />
Here we will start xmobar from within xmonad, which reloads xmobar whenever you reload xmonad.<br />
<br />
Open up <tt>~/.xmonad/xmonad.hs</tt> in your favorite editor, and choose one of the two following options:<br />
<br />
====Option 1: Quick, less flexible====<br />
Note: there is also a <tt>dzen</tt> which you can substitute for <tt>xmobar</tt> in either case.<br />
<br />
Common imports:<br />
<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
The xmobar action starts xmobar and returns a modified config that includes all the options described in the [[xmonad#Option 2: More configurable|xmonad:Option2: More configurable]] choice.<br />
<br />
main=xmonad=<< xmobar myConfig<br />
myConfig=defaultConfig { modMask=mod4Mask, -- or any other configurations here ... }<br />
<br />
==== Option 2: More Configurable ====<br />
As of xmonad(-contrib) 0.9, there is a new [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html#v%3AstatusBar statusBar] function in [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-DynamicLog.html XMonad.Hooks.DynamicLog]. It allows you to use your own configuration for:<br />
* The command used to execute the bar<br />
* The PP that determines what's being written to the bar<br />
* The keybinding to toggle the gap for the bar<br />
<br />
Following is an example of how to use it:<br />
{{File|name=~/.xmonad/xmonad.hs|content=<br />
<nowiki><br />
-- Imports.<br />
import XMonad<br />
import XMonad.Hooks.DynamicLog<br />
<br />
-- The main function.<br />
main = xmonad =<< statusBar myBar myPP toggleStrutsKey myConfig<br />
<br />
-- Command to launch the bar.<br />
myBar = "xmobar"<br />
<br />
-- Custom PP, configure it as you like. It determines what's being written to the bar.<br />
myPP = xmobarPP { ppCurrent = xmobarColor "#429942" "" . wrap "<" ">" }<br />
<br />
-- Keybinding to toggle the gap for the bar.<br />
toggleStrutsKey XConfig {XMonad.modMask = modMask} = (modMask, xK_b)<br />
<br />
-- Main configuration, override the defaults to your liking.<br />
myConfig = defaultConfig { modMask = mod4Mask }<br />
</nowiki><br />
}}<br />
<br />
==== Verify XMobar Config ====<br />
The template and default xmobarrcs contains this.<br />
<br />
At last, open up <tt>~/.xmobarrc</tt> and make sure you got StdinReader in the template and run the plugin. E.g.<br />
{{File|name=~/.xmobarrc|content=<br />
<nowiki><br />
Config { ...<br />
, commands = [ Run StdinReader .... ] <br />
...<br />
, template = " %StdinReader% ... "<br />
}<br />
</nowiki><br />
}}<br />
Now, all you should have to do is either to start, or restart xmonad.<br />
<br />
===Controlling xmonad with external scripts===<br />
Although there is no direct way to interact with xmonad via scripts, you can simulate keypress events using xdotool or other such programs, see this [http://ubuntuforums.org/archive/index.php/t-658040.html Ubuntu forums thread]. This command would simulate the keypress "Super+n":<br />
xdotool key Super+n<br />
<br />
===Example configurations===<br />
Below are some example configurations from fellow xmonad users. Feel free to add links to your own.<br />
* MrElendig :: Simple configuration, with xmobar :: [http://arch.har-ikkje.net/configs/home/dot.xmonad/xmonad.hs xmonad.hs], [http://arch.har-ikkje.net/configs/home/dot.xmobarrc .xmobarrc], [http://arch.har-ikkje.net/gfx/ss/2008-11-15-161451_1680x1050_scrot.png screenshot].<br />
* hsa2 :: Simple configuration, with xmobar :: [http://www.difuzyon.net/linked/configs/xmonad.hs xmonad.hs], [http://www.difuzyon.net/linked/configs/dot.xmobarrc .xmobarrc].<br />
* jelly :: Configuration with prompt, different layouts, twinview with xmobar :: [http://github.com/jelly/dotfiles/tree/master/.xmonad/xmonad.hs xmonad.hs], [http://github.com/jelly/dotfiles/tree/master/.xmobarrc .xmonbarrc]<br />
* vogt :: Check adamvo's config, and others in the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad config archive]<br />
* brisbin33 :: always changing (xmonad-darcs req'd), status bar[s], imLayout, very readable :: [http://pbrisbin.com:8080/dotfiles/xmonad_xmonad.hs config] [http://pbrisbin.com:8080/pages/desktops.php?page=0 screenshots]<br />
<br />
==Troubleshooting==<br />
===GDM can not find xmonad===<br />
You can force GDM to launch xmonad by creating the file xmonad.desktop in the /usr/share/xsessions directory and add the contents:<br />
<br />
[Desktop Entry]<br />
Encoding=UTF-8<br />
Name=xmonad<br />
Comment=This session starts xmonad<br />
Exec=/usr/bin/xmonad<br />
Type=Application<br />
<br />
Now xmonad will show in your GDM session menu. Thanks to [http://santanuchatterjee.blogspot.com/2009/03/making-xmonad-to-show-up-in-gdm-session.html Santanu Chatterjee] for the hint.<br />
<br />
===Missing xmonad-i386-linux===<br />
Xmonad should automatically create the xmonad-i386-linux file (in $HOME/.xmonad/). If this it not the case you can grab a cool looking config file from the [http://haskell.org/haskellwiki/Xmonad/Config_archive xmonad wiki] or create your [http://haskell.org/haskellwiki/Xmonad/Config_archive/John_Goerzen's_Configuration own]. Put the .hs and all others files in .xmonad/ and run the command from the folder:<br />
<br />
xmonad --recompile<br />
<br />
Now you should see the file.<br />
<br />
===Problems with Java applications===<br />
The standard Java gui toolkit has a hardcoded list of "non-reparenting" window managers. Since XMonad is not in that list, there can be some problems with running some java applications. One of the most common problems is "grey blobs", when the java application renders as a plain grey box instead of rendering the gui.<br />
<br />
There is several thing that can help:<br />
* If you are using openjdk6, you can export <tt> _JAVA_AWT_WM_NONREPARENTING=1</tt> .<br />
* If you are using Sun JRE/JDK, the best solution is usually to use [http://xmonad.org/xmonad-docs/xmonad-contrib/XMonad-Hooks-SetWMName.html SetWMName.] However, its effect may be nullified if one also uses XMonad.Hooks.EwmhDesktops, in which case<br />
>> setWMName "LG3D"<br />
added to the LogHook may help.<br />
<br />
For more details about the problem, refer to the [http://haskell.org/haskellwiki/Xmonad/Frequently_asked_questions#Problems_with_Java_applications.2C_Applet_java_console XMonad FAQ.]<br />
<br />
===Large gray areas at the bottom of gvim windows===<br />
This problem was mentioned in the [http://bbs.archlinux.org/viewtopic.php?id=65285 forums], but I finally found a more complete solution. First, in xmonad.hs, include<br />
<br />
import XMonad.Layout.LayoutHints<br />
...<br />
, layoutHook = layoutHints $ mylayout<br />
<br />
where "mylayout" is your layout. Then pressing your macro key plus "n" will adjust the window. To do this automatically, install xdotool from community and start gvim this way,<br />
<br />
, ((modm, xK_v), spawn "gvim; xdotool key Super+n")<br />
<br />
Replace "Super" (the windows key) with your own macro key, and replace "xK_v" with your own shortcut. xdotool is a way to simulate keyboard events.<br />
<br />
Another solution is to make a more pleasing background color. Put the following lines in ~/.gtkrc-2.0<br />
<br />
style "vimfix" {<br />
bg[NORMAL] = "#242424" # this matches my gvim theme 'Normal' bg color.<br />
}<br />
widget "vim-main-window.*GtkForm" style "vimfix"<br />
<br />
==Other Resources==<br />
[http://xmonad.org/ xmonad] - The official xmonad website<br />
<br />
[http://haskell.org/haskellwiki/Xmonad/Config_archive/Template_xmonad.hs_%280.8%29 xmonad.hs] - Original xmonad.hs<br />
<br />
[http://xmonad.org/tour.html xmonad: a guided tour]<br />
<br />
[[dzen]] - General purpose messaging and notification program<br />
<br />
[[dmenu]] - Dynamic X menu for the quick launching of programs</div>Thayerhttps://wiki.archlinux.org/index.php?title=X_resources&diff=108682X resources2010-06-13T15:15:13Z<p>Thayer: i18n template update</p>
<hr />
<div>{{i18n|Xdefaults}}<br />
[[de:Xdefaults]]<br />
[[Category:Dotfiles (English)]]<br />
[[Category:X Server (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
'''Xdefaults''' is a user-level configuration ''dotfile'', typically located at {{Filename|~/.Xdefaults}}. When present, it is parsed by the {{Codeline|xrdb}} (Xorg resource database) program automatically when [[Xorg]] is started, and can be used to set or override preferences for X and X applications. It can do many operations, including:<br />
* defining terminal colours<br />
* configuring terminal preferences<br />
* setting DPI, antialiasing, hinting and other X font settings<br />
* changing the Xcursor theme<br />
* theming xscreensaver<br />
* altering preferences on low-level X applications (xclock, xpdf, etc.)<br />
<br />
==Getting started==<br />
<br />
===Creating .Xdefaults===<br />
The file {{Filename|~/.Xdefaults}} does not exist by default. To create it, open a terminal and type the following as a normal user:<br />
$ touch ~/.Xdefaults<br />
Being a plain-text file, you can edit your {{Filename|~/.Xdefaults}} file with the text editor of your choice.<br />
<br />
===Default settings===<br />
To see the default settings for your installed X11 apps, look in {{Filename|/usr/share/X11/app-defaults/}}.<br />
<br />
===Xdefaults syntax===<br />
====The basic syntax====<br />
The syntax of an Xdefaults file is as follows:<br />
'''name.Class.resource: value'''<br />
and here is a real world example:<br />
xscreensaver.Dialog.headingFont: -*-fixed-bold-r-*-*-*-100-*-*-*-*-iso8859-1<br />
<br />
;name<br />
:The name of the application, such xterm, xpdf, etc<br />
<br />
;class<br />
:The classification used to group resources together. Class names are typically uppercase.<br />
<br />
;resource<br />
:The name of the resource whose value is to be changed. Resources are typically lowercase with uppercase concatenation.<br />
<br />
;value<br />
:The actual value of the resource. This can be 1 of 3 types:<br />
:* Integer (whole numbers)<br />
:* Boolean (true/false, yes/no, on/off)<br />
:* String (a string of characters) (for example a word (white), a color (#ffffff), or a path (/usr/bin/firefox))<br />
<br />
;delimiters<br />
:A period ('''.''') is used to signify each step down into the hierarchy -- in the above example we start at name, then descend into Class, and finally into the resource itself. A colon (''':''') is used to separate the resource declaration from the actual value.<br />
<br />
====Wildcard matching====<br />
The asterisk can be used as a wildcard, making it easy to write a single rule that can be applied to many different applications or elements. <br />
<br />
Using the previous example, if you want to apply the same font to all programs (not just xscreensaver) that contain the class name ''Dialog'' which contains the resource name ''headingFont'', you would write:<br />
'''*'''Dialog.headingFont: -*-fixed-bold-r-*-*-*-100-*-*-*-*-iso8859-1<br />
<br />
If you want to apply this same rule to all programs that contain the resource ''headingFont'' regardless of its class, you would write:<br />
'''*'''headingFont: -*-fixed-bold-r-*-*-*-100-*-*-*-*-iso8859-1<br />
<br />
====Commenting====<br />
To add a comment to your Xdefaults file, simply prefix it with an exclamation point (!), for example:<br />
! This is a comment placed above some Xft settings<br />
xft.dpi: 96 ! this is an inline comment<br />
<br />
! The following rule will be ignored because it has been commented out<br />
!xft.antialias: true<br />
<br />
==Sample usage==<br />
The following samples should provide a good understanding of how application settings can be modified using an Xdefaults file. For full details, refer to the man page of the application in question.<br />
<br />
===File header===<br />
If desired, you can add a header to {{Filename|~/.Xdefaults}} which not only explains the file's contents, but also instruct vim how to perform syntax highlighting and other formatting. For example:<br />
<pre><br />
! ----------------------------------------------------------------------------<br />
! file: ~/.Xdefaults<br />
! author: Thayer Williams - http://cinderwick.ca<br />
! modified: November 2008<br />
! vim:enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=xdefaults:<br />
! ----------------------------------------------------------------------------<br />
</pre><br />
<br />
This will instruct vim to use UTF-8 encoding, display line numbers, auto-indent, smart-indent, expand tabs to spaces, set tabs to equal 4 spaces, and set the autocommand Filetype to "xdefaults".<br />
<br />
It is a good habit to get into, especially if you'd like to make your dotfiles available for public consumption.<br />
<br />
===Terminal colors===<br />
Most terminals, including [[xterm]] and [[urxvt]], support at least 16 basic colors. The following is an example of a 16-color scheme.<br />
<br />
The colors 0-7 are the 'normal' colors, while colors 8-15 are their 'bright' counterparts (used for highlighting, etc.)<br />
<pre><br />
! terminal colors ------------------------------------------------------------<br />
<br />
! tangoesque scheme<br />
*background: #111111<br />
*foreground: #babdb6<br />
! Black (not tango) + DarkGrey<br />
*color0: #000000<br />
*color8: #555753<br />
! DarkRed + Red<br />
*color1: #ff6565<br />
*color9: #ff8d8d<br />
! DarkGreen + Green<br />
*color2: #93d44f<br />
*color10: #c8e7a8<br />
! DarkYellow + Yellow<br />
*color3: #eab93d<br />
*color11: #ffc123<br />
! DarkBlue + Blue<br />
*color4: #204a87<br />
*color12: #3465a4<br />
! DarkMangenta + Mangenta<br />
*color5: #ce5c00<br />
*color13: #f57900<br />
!DarkCyan + Cyan (both not tango)<br />
*color6: #89b6e2<br />
*color14: #46a4ff<br />
! LightGrey + White<br />
*color7: #cccccc<br />
*color15: #ffffff<br />
</pre><br />
<br />
For more examples of color schemes, see the [[#More resources]] section at the bottom of this article.<br />
<br />
===Desktop preferences===<br />
<br />
====Xcursor settings====<br />
Set the theme and size of your mouse cursor:<br />
<pre><br />
! Xcursor --------------------------------------------------------------------<br />
<br />
Xcursor*theme: Vanilla-DMZ-AA<br />
Xcursor.size: 22<br />
</pre><br />
Available themes reside in {{Filename|/usr/share/icons}} and local themes can be installed to {{Filename|~/.icons}}.<br />
<br />
====Xft Font Settings====<br />
You can define basic font settings without the need of a {{Filename|fonts.conf}} file or Desktop Environment. Note however, the use of a desktop environment and/or {{Filename|fonts.conf}} can override these settings. Your best option is to use one or the other, but not both.<br />
<pre><br />
! Xft settings ---------------------------------------------------------------<br />
<br />
Xft.dpi: 96<br />
Xft.antialias: true<br />
Xft.rgba: rgb<br />
Xft.hinting: true<br />
Xft.hintstyle: hintslight<br />
</pre><br />
<br />
===xterm preferences===<br />
This will open Xterm in an 80x25 character window with a scroll-bar and scroll capability for the last 512 lines.<br />
<br />
The specified [[Fonts#Terminal|Terminus]] facename is a popular and clean terminal font.<br />
<pre><br />
! xterm ----------------------------------------------------------------------<br />
<br />
xterm*geometry: 80x25<br />
xterm*faceName: terminusbold:pixelsize=14<br />
!xterm*font: -*-dina-medium-r-*-*-16-*-*-*-*-*-*-*<br />
xterm*dynamicColors: true<br />
xterm*utf8: 2<br />
xterm*eightBitInput: true<br />
xterm*saveLines: 512<br />
xterm*scrollTtyKeypress: true<br />
xterm*scrollTtyOutput: false<br />
xterm*scrollBar: true<br />
xterm*rightScrollBar: true<br />
xterm*jumpScroll: true<br />
xterm*multiScroll: true<br />
xterm*toolBar: false<br />
</pre><br />
<br />
===urxvt preferences===<br />
Rxvt-unicode features an extensive list of options which can be configured via Xdefaults. Refer to the [[urxvt]] man page for details.<br />
<pre><br />
! rxvt-unicode ---------------------------------------------------------------<br />
<br />
! font preference<br />
urxvt*font: -*-terminus-*-*-*-*-*-*-*-*-*-*-*-*<br />
urxvt*boldFont: -*-terminus-*-*-*-*-*-*-*-*-*-*-*-*<br />
!initial size<br />
urxvt*geometry: 120x35<br />
!internal whitespace<br />
urxvt*internalBorder: 5<br />
!fade text n% upon unfocus<br />
urxvt*fading: 20<br />
!darken=(0 to 100) lighten=(-1 to -100)<br />
urxvt*shading: 30<br />
!tint background with this color<br />
urxvt*tintColor: black<br />
!set to 32-bit for real transparency (compositing required)<br />
!urxvt*depth: 24<br />
!save n lines of scrollback buffer<br />
urxvt*saveLines: 32767<br />
!flash screen for attention<br />
urxvt*visualBell: true<br />
!jump to bottom (prompt) on keypress<br />
urxvt*scrollTtyKeypress: true<br />
!jump to bottom (prompt) when tty gets new lines<br />
urxvt*scrollWithBuffer: false<br />
!jump to bottom (prompt) on tty output<br />
urxvt*scrollTtyOutput: false<br />
!toggle scrollbar<br />
urxvt*scrollBar: false<br />
!scrollbar styles: rxvt, plain, next or xterm<br />
urxvt*scrollstyle: plain<br />
!scrollbar alignment<br />
urxvt*scrollBar_right: true<br />
urxvt*scrollColor: #777777<br />
urxvt*cursorColor: #ffcc00<br />
!enable pseudo-transparency (requires depth: 24 (see above))<br />
urxvt*inheritPixmap: true<br />
!delimiters for double-click mouse selection<br />
urxvt*cutchars: "()*,<>[]{}|'<br />
!screen dump settings<br />
urxvt*print-pipe: cat > $(echo urxvt.dump.$(date +'%Y%M%d%H%m%S'))<br />
!secondary screen scroll (default enabled)<br />
urxvt*secondaryScroll: true<br />
!de-iconify (map) on receipt of a bell character<br />
urxvt*mapAlert: true<br />
!inhibit writing record into the system log file utmp<br />
urxvt*utmpInhibit: true<br />
!! BEGIN urlLauncher settings !!<br />
urxvt*perl-lib: /usr/lib/urxvt/perl/<br />
urxvt*perl-ext-common: default,matcher<br />
urxvt*urlLauncher: /usr/bin/firefox<br />
urxvt*matcher.button: 1<br />
!! END urlLauncher settings !!<br />
<br />
!transparent=0000 opaque=ffff<br />
urxvt*background: rgba:1111/1111/1111/dddd<br />
</pre><br />
<br />
===aterm preferences===<br />
Sample settings for aterm (very similar to urxvt)<br />
<pre><br />
!aterm settings------------------------------------------------------------- <br />
<br />
aterm*background: black<br />
aterm*foreground: white<br />
aterm*transparent: true<br />
aterm*shading: 30<br />
aterm*cursorColor: gray<br />
aterm*saveLines: 2000<br />
!aterm*tinting: gray<br />
aterm*scrollBar: false<br />
!aterm*scrollBar_right: true<br />
aterm*transpscrollbar: true<br />
aterm*borderwidth: 0<br />
aterm*font: -*-terminus-*-*-*-*-*-*-*-*-*-*-*-*<br />
aterm*geometry: 80x25<br />
!aterm*fading: 70 <br />
</pre><br />
<br />
===xpdf preferences===<br />
Some basic settings for '''xpdf''', a lightweight PDF viewer:<br />
<pre><br />
! xpdf -----------------------------------------------------------------------<br />
<br />
xpdf*enableFreetype: yes<br />
xpdf*antialias: yes<br />
xpdf*foreground: black<br />
xpdf*background: white<br />
xpdf*urlCommand: /usr/bin/firefox %s<br />
</pre><br />
Anything more detailed than the above you should be putting in {{Filename|~/.xpdfrc}} instead. See {{Codeline|xpdf}} man page for more information. ''Note:'' viKeys is deprecated.<br />
<br />
===lal clock===<br />
<pre><br />
! lal clock ------------------------------------------------------------------<br />
<br />
lal*font: Arial<br />
lal*fontsize: 12<br />
lal*bold: true<br />
lal*color: #ffffff<br />
lal*width: 150<br />
lal*format: %a %b %d %l:%M%P<br />
</pre><br />
<br />
===xclock preferences===<br />
Some basic '''xclock''' settings. See xclock man page for all X resources.<br />
<pre><br />
! xclock ---------------------------------------------------------------------<br />
<br />
xclock*update: 1<br />
xclock*analog: false<br />
xclock*Foreground: white<br />
xclock*background: black<br />
</pre><br />
<br />
===x11-ssh-askpass===<br />
<pre><br />
! x11-ssh-askpass ------------------------------------------------------------<br />
<br />
x11-ssh-askpass*font: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
x11-ssh-askpass*background: #000000<br />
x11-ssh-askpass*foreground: #ffffff<br />
x11-ssh-askpass.Button*background: #000000<br />
x11-ssh-askpass.Indicator*foreground: #ff9900<br />
x11-ssh-askpass.Indicator*background: #090909<br />
x11-ssh-askpass*topShadowColor: #000000<br />
x11-ssh-askpass*bottomShadowColor: #000000<br />
x11-ssh-askpass.*borderWidth: 1<br />
</pre><br />
<br />
===xscreensaver theming===<br />
A sample '''xscreensaver''' theme. For more information, refer to the xscreensaver man page. [http://www.flickr.com/photos/cinderwick/2685038363/ View] the resulting theme.<br />
<pre><br />
! xscreensaver ---------------------------------------------------------------<br />
<br />
!font settings<br />
xscreensaver.Dialog.headingFont: -*-dina-bold-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.bodyFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.labelFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.unameFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.buttonFont: -*-dina-bold-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.dateFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.passwd.passwdFont: -*-dina-bold-r-*-*-12-*-*-*-*-*-*-*<br />
!general dialog box (affects main hostname, username, password text)<br />
xscreensaver.Dialog.foreground: #ffffff<br />
xscreensaver.Dialog.background: #111111<br />
xscreensaver.Dialog.topShadowColor: #111111<br />
xscreensaver.Dialog.bottomShadowColor: #111111<br />
xscreensaver.Dialog.Button.foreground: #666666<br />
xscreensaver.Dialog.Button.background: #ffffff<br />
!username/password input box and date text colour<br />
xscreensaver.Dialog.text.foreground: #666666<br />
xscreensaver.Dialog.text.background: #ffffff<br />
xscreensaver.Dialog.internalBorderWidth:24<br />
xscreensaver.Dialog.borderWidth: 20<br />
xscreensaver.Dialog.shadowThickness: 2<br />
!timeout bar (background is actually determined by Dialog.text.background)<br />
xscreensaver.passwd.thermometer.foreground: #ff0000<br />
xscreensaver.passwd.thermometer.background: #000000<br />
xscreensaver.passwd.thermometer.width: 8<br />
!datestamp format--see the strftime(3) manual page for details<br />
xscreensaver.dateFormat: %I:%M%P %a %b %d, %Y<br />
</pre><br />
<br />
===xcalc preferences===<br />
Some '''xcalc''' settings to colorize and customize buttons.<br />
<pre><br />
!xcalc-----------------------------------------------------------------------<br />
<br />
xcalc*geometry: 200x275<br />
xcalc.ti.bevel.background: #111111<br />
xcalc.ti.bevel.screen.background: #000000<br />
xcalc.ti.bevel.screen.DEG.background: #000000<br />
xcalc.ti.bevel.screen.DEG.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.GRAD.background: #000000<br />
xcalc.ti.bevel.screen.GRAD.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.RAD.background: #000000<br />
xcalc.ti.bevel.screen.RAD.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.INV.background: #000000<br />
xcalc.ti.bevel.screen.INV.foreground: Red<br />
xcalc.ti.bevel.screen.LCD.background: #000000<br />
xcalc.ti.bevel.screen.LCD.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.LCD.shadowWidth: 0<br />
xcalc.ti.bevel.screen.M.background: #000000<br />
xcalc.ti.bevel.screen.M.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.P.background: #000000<br />
xcalc.ti.bevel.screen.P.foreground: Yellow<br />
xcalc.ti.Command.foreground: White<br />
xcalc.ti.Command.background: #777777<br />
xcalc.ti.button5.background: Orange3<br />
xcalc.ti.button19.background: #611161<br />
xcalc.ti.button18.background: #611161<br />
xcalc.ti.button20.background: #611111<br />
!uncomment to change label on division button<br />
!xcalc.ti.button20.label: /<br />
xcalc.ti.button25.background: #722222<br />
xcalc.ti.button30.background: #833333<br />
xcalc.ti.button35.background: #944444<br />
xcalc.ti.button40.background: #a55555<br />
xcalc.ti.button22.background: #222262<br />
xcalc.ti.button23.background: #222262<br />
xcalc.ti.button24.background: #222272<br />
xcalc.ti.button27.background: #333373<br />
xcalc.ti.button28.background: #333373<br />
xcalc.ti.button29.background: #333373<br />
xcalc.ti.button32.background: #444484<br />
xcalc.ti.button33.background: #444484<br />
xcalc.ti.button34.background: #444484<br />
xcalc.ti.button37.background: #555595<br />
xcalc.ti.button38.background: #555595<br />
xcalc.ti.button39.background: #555595<br />
XCalc*Cursor: hand2<br />
XCalc*ShapeStyle: rectangle<br />
</pre><br />
<br />
==Color scheme scripts==<br />
Any of the following scripts will display a chart of your current terminal color scheme. Handy for testing and whatnot.<br />
<br />
===Script #1===<br />
<pre><br />
#!/bin/bash<br />
#<br />
# This file echoes a bunch of color codes to the <br />
# terminal to demonstrate what's available. Each <br />
# line is the color code of one forground color,<br />
# out of 17 (default + 16 escapes), followed by a <br />
# test use of that color on all nine background <br />
# colors (default + 8 escapes).<br />
#<br />
<br />
T='gYw' # The test text<br />
<br />
echo -e "\n 40m 41m 42m 43m\<br />
44m 45m 46m 47m";<br />
<br />
for FGs in ' m' ' 1m' ' 30m' '1;30m' ' 31m' '1;31m' ' 32m' \<br />
'1;32m' ' 33m' '1;33m' ' 34m' '1;34m' ' 35m' '1;35m' \<br />
' 36m' '1;36m' ' 37m' '1;37m';<br />
do FG=${FGs// /}<br />
echo -en " $FGs \033[$FG $T "<br />
for BG in 40m 41m 42m 43m 44m 45m 46m 47m;<br />
do echo -en "$EINS \033[$FG\033[$BG $T \033[0m";<br />
done<br />
echo;<br />
done<br />
echo<br />
</pre><br />
<br />
===Script #2===<br />
<pre><br />
#!/bin/bash<br />
# Original: http://frexx.de/xterm-256-notes/<br />
# http://frexx.de/xterm-256-notes/data/colortable16.sh<br />
# Modified by Aaron Griffin<br />
# and further by Kazuo Teramoto<br />
FGNAMES=(' black ' ' red ' ' green ' ' yellow' ' blue ' 'magenta' ' cyan ' ' white ')<br />
BGNAMES=('DFT' 'BLK' 'RED' 'GRN' 'YEL' 'BLU' 'MAG' 'CYN' 'WHT')<br />
<br />
echo " ┌──────────────────────────────────────────────────────────────────────────┐"<br />
for b in {0..8}; do<br />
((b>0)) && bg=$((b+39))<br />
<br />
echo -en "\033[0m ${BGNAMES[b]} │ "<br />
<br />
for f in {0..7}; do<br />
echo -en "\033[${bg}m\033[$((f+30))m ${FGNAMES[f]} "<br />
done<br />
<br />
echo -en "\033[0m │"<br />
echo -en "\033[0m\n\033[0m │ "<br />
<br />
for f in {0..7}; do<br />
echo -en "\033[${bg}m\033[1;$((f+30))m ${FGNAMES[f]} "<br />
done<br />
<br />
echo -en "\033[0m │"<br />
echo -e "\033[0m"<br />
<br />
((b<8)) &&<br />
echo " ├──────────────────────────────────────────────────────────────────────────┤"<br />
done<br />
echo " └──────────────────────────────────────────────────────────────────────────┘"<br />
</pre><br />
<br />
===Script #3===<br />
<pre><br />
#!/bin/bash<br />
# Original: http://frexx.de/xterm-256-notes/<br />
# http://frexx.de/xterm-256-notes/data/colortable16.sh<br />
# Modified by Aaron Griffin<br />
# and further by Kazuo Teramoto<br />
<br />
<br />
FGNAMES=(' black ' ' red ' ' green ' ' yellow' ' blue ' 'magenta' ' cyan ' ' white ')<br />
BGNAMES=('DFT' 'BLK' 'RED' 'GRN' 'YEL' 'BLU' 'MAG' 'CYN' 'WHT')<br />
echo " ----------------------------------------------------------------------------"<br />
for b in $(seq 0 8); do<br />
if [ "$b" -gt 0 ]; then<br />
bg=$(($b+39))<br />
fi<br />
<br />
echo -en "\033[0m ${BGNAMES[$b]} : "<br />
for f in $(seq 0 7); do<br />
echo -en "\033[${bg}m\033[$(($f+30))m ${FGNAMES[$f]} "<br />
done<br />
echo -en "\033[0m :"<br />
<br />
echo -en "\033[0m\n\033[0m : "<br />
for f in $(seq 0 7); do<br />
echo -en "\033[${bg}m\033[1;$(($f+30))m ${FGNAMES[$f]} "<br />
done<br />
echo -en "\033[0m :"<br />
echo -e "\033[0m"<br />
<br />
if [ "$b" -lt 8 ]; then<br />
echo " ----------------------------------------------------------------------------"<br />
fi<br />
done<br />
echo " ----------------------------------------------------------------------------"<br />
</pre><br />
<br />
===Script #4===<br />
<pre><br />
#!/usr/bin/env lua<br />
<br />
local function cl(e)<br />
return ('\27[%sm'):format(e)<br />
end<br />
<br />
local function print_fg(bg, pre)<br />
for fg = 30,37 do<br />
fg = pre..fg<br />
io.write(cl(bg), cl(fg), (' %6s '):format(fg), cl(0))<br />
end<br />
end<br />
<br />
for bg = 40,47 do<br />
io.write(cl(0), ' ', bg, ' ')<br />
print_fg(bg, '')<br />
io.write('\n ')<br />
print_fg(bg, '1;')<br />
print('\n')<br />
end<br />
<br />
-- Andres P<br />
</pre><br />
<br />
==Contributed .Xdefaults==<br />
Check out these links for some real world examples of Xdefaults, contributed by fellow community members:<br />
<br />
http://dotfiles.org/~buttons/.Xdefaults<br/><br />
http://code.suckless.org/hg/dextra/file/513faba2591f/dolby/Xdefaults<br/><br />
http://github.com/stxza/arch-linux-configs/tree/master/.Xdefaults<br/><br />
http://dotfiles.org/~wraith/.Xdefaults<br/><br />
http://dotfiles.org/~tdy/.Xdefaults<br/><br />
http://github.com/jelly/dotfiles/tree/master/.Xdefaults<br/><br />
<br />
==More resources==<br />
* [http://phraktured.net/terminal-colors/ Terminal Color Schemes]- a gallery of terminal color schemes by our very own Aaron Griffin<br />
* [http://gentoo-wiki.com/TIP_Linux_Colors_in_Aterm/rxvt TIP Linux Colors in Aterm/rxvt] - Gentoo wiki article with loads of information<br />
* [https://engineering.purdue.edu/ECN/Support/KB/Docs/UsingTheXdefaultsFil Using the Xdefaults File] - An in-depth article on how X interprets the Xdefaults file<br />
* [http://wiki.afterstep.org/index.php?title=Rxvt-Unicode_Configuration_Tutorial Rxvt-unicode Configuration Tutorial] - lots of information for urxvt users<br />
* [http://mkaz.com/ref/xterm_colors.html Available Colors and their names] - listing of available colors and their color names for xterm and other X-applications.</div>Thayerhttps://wiki.archlinux.org/index.php?title=Font_configuration&diff=108121Font configuration2010-06-07T05:31:22Z<p>Thayer: auto-hinter does not use hintstyle, hinting does.</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Fonts (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|Font Configuration}}<br />
{{Article summary start}}<br />
{{Article summary text|An overview of font configuration options and various techniques for improving the readability of fonts}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Fonts}}: Information on adding fonts and font recommendations<br />
{{Article summary wiki|Java Fonts - Sun JRE}}: Fonts specific to Sun's Java machine<br />
{{Article summary wiki|MS Fonts}}: Adding Microsoft fonts and mimicking Windows' font settings<br />
{{Article summary end}}<br />
<br />
== Font paths ==<br />
<br />
For fonts to be known to applications, they must be cataloged for easy and quick access. [[Wikipedia:Fontconfig|Fontconfig]] is a library designed to provide a list of available fonts to applications, and also for configuration for how fonts get rendered. Though fontconfig is the standard in today's Linux, some applications still rely on the original method of font categorization: the Xorg server configuration file ({{Filename|/etc/X11/xorg.conf}}).<br />
<br />
=== Fontconfig ===<br />
<br />
Fontconfig gathers all it's configurations in a central file ({{Filename|/etc/fonts/fonts.conf}}). Fontconfig-aware applications source this file to know available fonts and how they get rendered. This file is a conglomeration of rules from the various fontconfig configurations (the global configuration ({{Filename|/etc/fonts/local.conf}}), the configured presets in {{Filename|/etc/fonts/conf.d/}}, and the user configuration file ({{Filename|~/.fonts.conf}}).<br />
<br />
The font paths initially known to fontconfig are: {{Filename|/usr/share/fonts/}} and {{Filename|~/.fonts/}} (of which fontconfig will scan recursively). For ease of organization and installation, it is recommended to use these font paths when [[Fonts|installing new fonts]].<br />
<br />
To see a list of known fontconfig fonts in an easy to read format, type:<br />
<br />
fc-list | sed 's,:.*,,' | sort -u<br />
<br />
=== Xorg ===<br />
<br />
Check for Xorg's known font paths by reviewing its log:<br />
<br />
$ grep /fonts /var/log/Xorg.0.log<br />
<br />
Keep in mind that Xorg does not search recursively through the {{Filename|/usr/share/fonts}} directory like fontconfig does. To add a path, the full path must be used:<br />
<br />
<pre><br />
Section "Files"<br />
FontPath "/usr/share/fonts/example-font-directory"<br />
EndSection<br />
</pre><br />
<br />
To see a list of known Xorg fonts use {{Codeline|xlsfonts}}.<br />
<br />
== Fontconfig configuration ==<br />
<br />
The font rendering packages on Arch Linux includes support for ''freetype2'' with the bytecode interpreter (BCI) enabled. However, defining your own font configuration may at times be necessary. If you have an LCD monitor, consider additionally using the [[#LCD_filter_patched_packages|LCD filter packages]] for better readability. <br />
<br />
Configuration can be done either per-user through {{Filename|~/.fonts.conf}}, or globally with {{Filename|/etc/fonts/local.conf}}. The settings in the per-user configuration have precedence over the global configuration. Both these files use the same syntax. Remember not to edit the {{filename|/etc/fonts/fonts.conf}} file; it is a temporary file and shouldn't be edited since it's replaced during fontconfig updates.<br />
<br />
There are already a number of configured presets in the directory {{Filename|/etc/fonts/conf.avail}}. These presets can be linked to both per-user and globally for quicker configuration. Take note that these presets will override matching settings in their respective configuration files.<br />
<br />
For example, to enable sub-pixel RGB rendering globally:<br />
<br />
# cd /etc/fonts/conf.d<br />
# ln -s ../conf.avail/10-sub-pixel-rgb.conf<br />
<br />
To do the same but instead for a per-user configuration:<br />
<br />
$ mkdir ~/.fonts.conf.d<br />
$ ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf ~/.fonts.conf.d<br />
<br />
{{Note|For some desktop environments (such as [[Gnome]] and [[KDE]]) using the ''Font Control Panel'' will automatically create or overwrite the user font configuration file. For these desktop environments, it is best to match your already defined font configurations to get the expected behavior.}}<br />
<br />
=== Basic settings ===<br />
<br />
The configuration files will need informational headers before settings can be entered:<br />
<br />
<pre><br />
<?xml version="1.0"?><br />
<!DOCTYPE fontconfig SYSTEM "fonts.dtd"><br />
<fontconfig><br />
<br />
... <br />
<br />
</fontconfig><br />
</pre><br />
<br />
To avoid repetition, the rest of the configuration examples in this article will omit these tags.<br />
<br />
==== Anti-aliasing ====<br />
<br />
[[Wikipedia:Antialiased font|Anti-aliasing]] (aka font rasterization) converts vectors fonts to bitmap for display purposes and in doing so provides a font smoothing effect. Without anti-aliasing (even at higher DPIs) fonts will appear jagged so anti-aliasing is enabled by default.<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="antialias" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
</pre><br />
<br />
==== Hinting ====<br />
<br />
[[Wikipedia:Font hinting|Font hinting]] adjusts the spacing of fonts so that they line up with the pixel grid. Fonts will not line up correctly without hinted until displays have 300 [[Xorg#Display_size_and_DPI|DPI]] or greater. Two types of hinting are available<br />
<br />
* {{Codeline|hinting}} - Normal, preset hinting, with several types available.<br />
* {{Codeline|autohint}} - Auto discovery for hinting.<br />
<br />
To enable normal hinting:<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="hinting" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
</pre><br />
<br />
==== Auto-hinting ====<br />
<br />
To enable auto-hinting:<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="autohint" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
</pre><br />
<br />
===== Hint style =====<br />
<br />
Hint style is the amount of influence the '''hinting''' mode has. Hinting can be set to: {{Codeline|hintfull}}, {{Codeline|hintmedium}}, {{Codeline|hintslight}} (recommended) and {{Codeline|hintnone}}.<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="hintstyle" mode="assign"><br />
<const>hintslight</const><br />
</edit><br />
</match><br />
</pre><br />
<br />
==== Subpixel rendering ====<br />
<br />
''RGB, BGR, V-RGB (vertical), or V-BGR''<br />
<br />
Most monitors manufactured today use the Red, Green, Blue (RGB) specification. Fontconfig will need to know your monitor type to be able to display your fonts correctly. If you notice unusual colors around font's borders, discover you monitor type [http://www.lagom.nl/lcd-test/subpixel.php here] and define it in your font configuration:<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="rgba" mode="assign"><br />
<const>rgb</const><br />
</edit><br />
</match><br />
</pre><br />
<br />
Like the automatic settings most DE font control panels establish, it is recommended to disable subpixel rendering when using the auto hinter since the combination of the two may result in unsatisfactory rendering.<br />
<br />
== LCD filter patched packages ==<br />
<br />
Some distributions choose not to use the LCD filter patches for font rendering due to patent ambiguity. If you choose, you can add these patched packages on your own. These patched packages are available in the [[AUR]] and easily installable by using an [[AUR helper]]. A few considerations:<br />
<br />
* All of these methods are designed for LCD displays but some CRT users may see improvements using the ''ClearType'' packages.<br />
* Configuration is sometimes necessary.<br />
* The new font effects will not be displayed until the application restarts.<br />
<br />
=== Original LCD packages ===<br />
<br />
These are the vanilla LCD packages and have less pre-configured options and will not have any experimental patches applied.<br />
<br />
Remove the conflicting packages:<br />
<br />
pacman -Rd libxft cairo<br />
<br />
Install the patched packages from the AUR using the AUR helper of your choice. The package names are:<br />
<br />
fontconfig-lcd cairo-lcd<br />
<br />
Then install the patched packages from the repositories using pacman:<br />
<br />
pacman -S libxft-lcd<br />
<br />
=== Ubuntu patched packages ===<br />
<br />
Ubuntu uses the original LCD patched packages and adds extra configurations, and occasionally patches.<br />
<br />
First, the conflicting packages need to be removed:<br />
<br />
pacman -Rd libxft cairo fontconfig freetype2<br />
<br />
Then install the patched packages from the [[AUR]] using an AUR helper of your choice. The package names are:<br />
<br />
freetype2-ubuntu fontconfig-ubuntu libxft-ubuntu cairo-ubuntu<br />
<br />
=== ClearType packages ===<br />
<br />
Cleartype is a different type of font rendering that is used in Windows systems and is designed to work on both LCD and CRT monitors.<br />
<br />
Remove the conflicting packages:<br />
<br />
pacman -Rd cairo libxft freetype2<br />
<br />
And then install the patched packages from the AUR. Package names:<br />
<br />
freetype2-cleartype libxft-cleartype cairo-cleartype<br />
<br />
=== Reverting to original packages ===<br />
<br />
To restore the unpatched packages, first uninstall the patched versions then reinstall the originals:<br />
<br />
pacman -S freetype2 libxft cairo<br />
<br />
== Additional fontconfig configuration ==<br />
<br />
=== Disable auto-hinter for bold fonts ===<br />
<br />
The auto-hinter uses sophisticated methods for font rendering, but often makes bold fonts too wide. Fortunately, a solution can be turning off the auto-hinter for bold fonts while leaving it on for the rest:<br />
...<br />
<match target="font"><br />
<test name="weight" compare="more"><br />
<const>medium</const><br />
</test><br />
<edit name="autohint" mode="assign"><br />
<bool>false</bool><br />
</edit><br />
</match><br />
...<br />
<br />
=== Enable anti-aliasing only for bigger fonts ===<br />
<br />
''See also [http://sharpfonts.com/ sharpfonts.com] for related information''<br />
<br />
Some users prefer the sharper rendering that anti-aliasing doesn't offer:<br />
<br />
<pre><br />
...<br />
<match target="font"><br />
<edit name="antialias" mode="assign"><br />
<bool>false</bool><br />
</edit> <br />
</match><br />
<br />
<match target="font" ><br />
<test name="size" qual="any" compare="more"><br />
<double>12</double><br />
</test><br />
<edit name="antialias" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
<br />
<match target="font" ><br />
<test name="pixelsize" qual="any" compare="more"><br />
<double>17</double><br />
</test><br />
<edit name="antialias" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
...<br />
</pre><br />
<br />
=== Replace fonts ===<br />
<br />
The most reliable way to do this is to add an XML fragment similar to the one below. This will cause Bitstream Vera Sans to be used in place of Helvetica:<br />
...<br />
<match target="pattern" name="family" ><br />
<test name="family" qual="any" ><br />
<string>Helvetica</string><br />
</test><br />
<edit name="family" mode="assign"><br />
<string>Bitstream Vera Sans</string><br />
</edit><br />
</match><br />
...<br />
An alternate approach is to set the "preferred" font, but ''this only works if the original font is not on the system'', in which case the one specified will be substituted:<br />
...<br />
< !-- Replace Helvetica with Bitstream Vera Sans Mono --><br />
< !-- Note, an alias for Helvetica should already exist in default conf files --><br />
<alias><br />
<family>Helvetica</family><br />
<prefer><family>Bitstream Vera Sans Mono</family></prefer><br />
<default><family>fixed</family></default><br />
</alias><br />
...<br />
<br />
=== LCD Type ===<br />
<br />
The fontconfig-lcd package by default uses the {{Codeline|lcddefault}} (very possible Ubuntu's does too) filter that will work for most users. Other filters are available that can be used in special situations: {{Codeline|lcdlight}}; a lighter filter ideal for fonts that look too bold or fuzzy, {{Codeline|lcdlegacy}}, the original Cairo filter; and {{Codeline|lcdnone}} to disable it entirely.<br />
<br />
<pre><br />
<match target="font"><br />
<edit mode="assign" name="lcdfilter"><br />
<const>lcddefault</const><br />
</edit><br />
</match><br />
</pre><br />
<br />
=== Disable bitmap fonts ===<br />
<br />
To disable bitmap fonts in fontconfig, use {{filename|70-no-bitmaps.conf}} (which is not placed by fontconfig by default):<br />
<br />
# rm /etc/fonts/conf.d/70-yes-bitmaps.conf <br />
# ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d<br />
<br />
Depending on the type of fontconfig you are using (default, or -lcd patched) you can choose which fonts to replace bitmaps fonts with (Helvetica, Courier and Times bitmap mapts to TTF fonts) by:<br />
<br />
# ln -s /etc/conf.avail/29-replace-bitmap-fonts.conf /etc/fonts/conf.d<br />
<br />
=== Create bold and italic styles for incomplete fonts ===<br />
<br />
Freetype has the ability to automatically create ''italic'' and '''bold''' styles for fonts that do not have them, but only if explicitly required by the application. Given programs rarely send these requests, this section covers manually forcing generation of missing styles.<br />
<br />
Start by editing {{Filename|/usr/share/fonts/fonts.cache-1}} as explained below. Store a copy of the modifications on another file, because a font update with {{Codeline|fc-cache}} will overwrite {{Filename|/usr/share/fonts/fonts.cache-1}}.<br />
<br />
Assuming the Dupree font is installed:<br />
"dupree.ttf" 0 "Dupree:style=Regular:slant=0:weight=80:width=100:foundry=unknown:index=0:outline=True:''etc...''<br />
<br />
Duplicate the line, change {{Codeline|<nowiki>style=Regular</nowiki>}} to {{Codeline|<nowiki>style=Bold</nowiki>}} or any other style. Also change {{Codeline|<nowiki>slant=0</nowiki>}} to {{Codeline|<nowiki>slant=100</nowiki>}} for italic, {{Codeline|<nowiki>weight=80</nowiki>}} to {{Codeline|<nowiki>weight=200</nowiki>}} for bold, or combine them for '''''bold italic''''':<br />
"dupree.ttf" 0 "Dupree:style=Bold Italic:slant=100:weight=200:width=100:foundry=unknown:index=0:outline=True:''etc...''<br />
<br />
Now add necessary modifications to {{Filename|~/.fonts.conf}}:<br />
<pre><br />
...<br />
<match target="font"><br />
<test name="family" qual="any"><br />
<string>Dupree</string><br />
&lt;!-- other fonts here .... --&gt;<br />
</test><br />
<test name="weight" compare="more_eq"><int>140</int></test><br />
<edit name="embolden" mode="assign"><bool>true</bool></edit><br />
</match><br />
<br />
<match target="font"><br />
<test name="family" qual="any"><br />
<string>Dupree</string><br />
&lt;!-- other fonts here .... --&gt;<br />
</test><br />
<test name="slant" compare="more_eq"><int>80</int></test><br />
<edit name="matrix" mode="assign"><br />
<times><br />
<name>matrix</name><br />
<matrix><br />
<double>1</double><double>0.2</double><br />
<double>0</double><double>1</double><br />
</matrix><br />
</times><br />
</edit><br />
</match><br />
...<br />
</pre><br />
{{Tip| Use the value 'embolden' for existing bold fonts in order to make them even bolder.}}<br />
<br />
===Change rule overriding===<br />
<br />
Fontconfig processes files in {{Filename|/etc/fonts/conf.d}} in reverse numerical order. This enables rules or files to override one another, but often confuses users about what file gets parsed last.<br />
<br />
To guarantee that personal settings take precedence over any other rules, change their ordering:<br />
# cd /etc/fonts/conf.d<br />
# mv 50-user.conf 00-user.conf<br />
<br />
This change seems however to be unnecessary for the most of the cases, because a user is given enough control by default to set up own font preferences, hinting and antialiasing properties, alias new fonts to generic font families, etc.<br />
<br />
=== Example fontconfig configurations ===<br />
<br />
Example fontconfig configurations can be found on this [[Font_Configuration/fontconfig_Examples|page]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Ubuntu-patched fonts ===<br />
<br />
Edits to improve Ubuntu lcd-patched fonts.<br />
<br />
==== Blurry fonts after install ====<br />
<br />
The Ubuntu fontconfig by default doesn't set sub-pixel rendering in it's global configuration. I'm not sure why exactly, I've noticed the same configurations in {{Filename|/etc/fonts/conf.d}} as when I've loaded and Ubuntu CD but my Ubuntu fonts have always looked blurry after the install. Perhaps it's because I'm using a different desktop environment than Gnome, but to fix this I've always had to set my sub-pixel rendering type on:<br />
<br />
ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d/<br />
<br />
Then logout and back in again.<br />
<br />
=== Distorted fonts ===<br />
''Main article: [[Xorg#Display size and DPI]]<br />
<br />
Fontconfig should be able to detect DPI parameters as discovered by the Xorg server and be able to display the fonts correctly. Those having problems can still fall back to setting it manually:<br />
<br />
...<br />
<!-- Setup for DPI=96 --><br />
<match target="pattern"><br />
<edit name="dpi" mode="assign"><double>96</double></edit><br />
</match><br />
...<br />
<br />
If fonts are still unexpectedly large or small, or are poorly proportioned, the Xorg server may be incorrectly detecting the DPI setting.<br />
<br />
=== Missing characters ===<br />
<br />
If using [[Emacs]], the {{Package Official|xorg-fonts-75dpi}} and {{Package Official|xorg-fonts-100dpi}} packages need to be installed.<br />
<br />
=== Older GTK and QT applications ===<br />
<br />
Modern GTK apps enable Xft by default but this was not the case before version 2.2. If it is not possible to update these applications, force Xft for old GNOME applications by adding to {{Filename|~/.bashrc}}:<br />
<br />
export GDK_USE_XFT=1<br />
<br />
For older QT applications:<br />
<br />
export QT_XFT=true<br />
<br />
== Resources ==<br />
<br />
*[http://www.x.org/X11R6.8.2/doc/fonts.html Fonts in X11R6.8.2] - Official Xorg font information<br />
*[http://freetype.sourceforge.net/freetype2/ FreeType 2 Overview]<br />
*[http://avi.alkalay.net/linux/docs/font-howto/Font.html Optimal Use of Fonts on Linux]<br />
*[http://www.linuxsir.org/bbs/showthread.php?t=266659 Advanced Font Configuration] Great resource but mostly in Simplified Chinese. Still has some good English examples.</div>Thayerhttps://wiki.archlinux.org/index.php?title=Font_configuration&diff=108120Font configuration2010-06-07T05:30:11Z<p>Thayer: autohinting does not make use of hintstyle</p>
<hr />
<div>[[Category:X Server (English)]]<br />
[[Category:Fonts (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n|Font Configuration}}<br />
{{Article summary start}}<br />
{{Article summary text|An overview of font configuration options and various techniques for improving the readability of fonts}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Fonts}}: Information on adding fonts and font recommendations<br />
{{Article summary wiki|Java Fonts - Sun JRE}}: Fonts specific to Sun's Java machine<br />
{{Article summary wiki|MS Fonts}}: Adding Microsoft fonts and mimicking Windows' font settings<br />
{{Article summary end}}<br />
<br />
== Font paths ==<br />
<br />
For fonts to be known to applications, they must be cataloged for easy and quick access. [[Wikipedia:Fontconfig|Fontconfig]] is a library designed to provide a list of available fonts to applications, and also for configuration for how fonts get rendered. Though fontconfig is the standard in today's Linux, some applications still rely on the original method of font categorization: the Xorg server configuration file ({{Filename|/etc/X11/xorg.conf}}).<br />
<br />
=== Fontconfig ===<br />
<br />
Fontconfig gathers all it's configurations in a central file ({{Filename|/etc/fonts/fonts.conf}}). Fontconfig-aware applications source this file to know available fonts and how they get rendered. This file is a conglomeration of rules from the various fontconfig configurations (the global configuration ({{Filename|/etc/fonts/local.conf}}), the configured presets in {{Filename|/etc/fonts/conf.d/}}, and the user configuration file ({{Filename|~/.fonts.conf}}).<br />
<br />
The font paths initially known to fontconfig are: {{Filename|/usr/share/fonts/}} and {{Filename|~/.fonts/}} (of which fontconfig will scan recursively). For ease of organization and installation, it is recommended to use these font paths when [[Fonts|installing new fonts]].<br />
<br />
To see a list of known fontconfig fonts in an easy to read format, type:<br />
<br />
fc-list | sed 's,:.*,,' | sort -u<br />
<br />
=== Xorg ===<br />
<br />
Check for Xorg's known font paths by reviewing its log:<br />
<br />
$ grep /fonts /var/log/Xorg.0.log<br />
<br />
Keep in mind that Xorg does not search recursively through the {{Filename|/usr/share/fonts}} directory like fontconfig does. To add a path, the full path must be used:<br />
<br />
<pre><br />
Section "Files"<br />
FontPath "/usr/share/fonts/example-font-directory"<br />
EndSection<br />
</pre><br />
<br />
To see a list of known Xorg fonts use {{Codeline|xlsfonts}}.<br />
<br />
== Fontconfig configuration ==<br />
<br />
The font rendering packages on Arch Linux includes support for ''freetype2'' with the bytecode interpreter (BCI) enabled. However, defining your own font configuration may at times be necessary. If you have an LCD monitor, consider additionally using the [[#LCD_filter_patched_packages|LCD filter packages]] for better readability. <br />
<br />
Configuration can be done either per-user through {{Filename|~/.fonts.conf}}, or globally with {{Filename|/etc/fonts/local.conf}}. The settings in the per-user configuration have precedence over the global configuration. Both these files use the same syntax. Remember not to edit the {{filename|/etc/fonts/fonts.conf}} file; it is a temporary file and shouldn't be edited since it's replaced during fontconfig updates.<br />
<br />
There are already a number of configured presets in the directory {{Filename|/etc/fonts/conf.avail}}. These presets can be linked to both per-user and globally for quicker configuration. Take note that these presets will override matching settings in their respective configuration files.<br />
<br />
For example, to enable sub-pixel RGB rendering globally:<br />
<br />
# cd /etc/fonts/conf.d<br />
# ln -s ../conf.avail/10-sub-pixel-rgb.conf<br />
<br />
To do the same but instead for a per-user configuration:<br />
<br />
$ mkdir ~/.fonts.conf.d<br />
$ ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf ~/.fonts.conf.d<br />
<br />
{{Note|For some desktop environments (such as [[Gnome]] and [[KDE]]) using the ''Font Control Panel'' will automatically create or overwrite the user font configuration file. For these desktop environments, it is best to match your already defined font configurations to get the expected behavior.}}<br />
<br />
=== Basic settings ===<br />
<br />
The configuration files will need informational headers before settings can be entered:<br />
<br />
<pre><br />
<?xml version="1.0"?><br />
<!DOCTYPE fontconfig SYSTEM "fonts.dtd"><br />
<fontconfig><br />
<br />
... <br />
<br />
</fontconfig><br />
</pre><br />
<br />
To avoid repetition, the rest of the configuration examples in this article will omit these tags.<br />
<br />
==== Anti-aliasing ====<br />
<br />
[[Wikipedia:Antialiased font|Anti-aliasing]] (aka font rasterization) converts vectors fonts to bitmap for display purposes and in doing so provides a font smoothing effect. Without anti-aliasing (even at higher DPIs) fonts will appear jagged so anti-aliasing is enabled by default.<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="antialias" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
</pre><br />
<br />
==== Hinting ====<br />
<br />
[[Wikipedia:Font hinting|Font hinting]] adjusts the spacing of fonts so that they line up with the pixel grid. Fonts will not line up correctly without hinted until displays have 300 [[Xorg#Display_size_and_DPI|DPI]] or greater. Two types of hinting are available<br />
<br />
* {{Codeline|hinting}} - Normal, preset hinting, with several types available.<br />
* {{Codeline|autohint}} - Auto discovery for hinting.<br />
<br />
To enable normal hinting:<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="hinting" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
</pre><br />
<br />
==== Auto-hinting ====<br />
<br />
To enable auto-hinting:<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="autohint" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
</pre><br />
<br />
===== Hint style =====<br />
<br />
Hint style is the amount of influence the '''auto-hinter''' has. Auto-hint can be set to: {{Codeline|hintfull}}, {{Codeline|hintmedium}}, {{Codeline|hintslight}} (recommended) and {{Codeline|hintnone}}.<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="hintstyle" mode="assign"><br />
<const>hintslight</const><br />
</edit><br />
</match><br />
</pre><br />
<br />
==== Subpixel rendering ====<br />
<br />
''RGB, BGR, V-RGB (vertical), or V-BGR''<br />
<br />
Most monitors manufactured today use the Red, Green, Blue (RGB) specification. Fontconfig will need to know your monitor type to be able to display your fonts correctly. If you notice unusual colors around font's borders, discover you monitor type [http://www.lagom.nl/lcd-test/subpixel.php here] and define it in your font configuration:<br />
<br />
<pre><br />
<match target="font"><br />
<edit name="rgba" mode="assign"><br />
<const>rgb</const><br />
</edit><br />
</match><br />
</pre><br />
<br />
Like the automatic settings most DE font control panels establish, it is recommended to disable subpixel rendering when using the auto hinter since the combination of the two may result in unsatisfactory rendering.<br />
<br />
== LCD filter patched packages ==<br />
<br />
Some distributions choose not to use the LCD filter patches for font rendering due to patent ambiguity. If you choose, you can add these patched packages on your own. These patched packages are available in the [[AUR]] and easily installable by using an [[AUR helper]]. A few considerations:<br />
<br />
* All of these methods are designed for LCD displays but some CRT users may see improvements using the ''ClearType'' packages.<br />
* Configuration is sometimes necessary.<br />
* The new font effects will not be displayed until the application restarts.<br />
<br />
=== Original LCD packages ===<br />
<br />
These are the vanilla LCD packages and have less pre-configured options and will not have any experimental patches applied.<br />
<br />
Remove the conflicting packages:<br />
<br />
pacman -Rd libxft cairo<br />
<br />
Install the patched packages from the AUR using the AUR helper of your choice. The package names are:<br />
<br />
fontconfig-lcd cairo-lcd<br />
<br />
Then install the patched packages from the repositories using pacman:<br />
<br />
pacman -S libxft-lcd<br />
<br />
=== Ubuntu patched packages ===<br />
<br />
Ubuntu uses the original LCD patched packages and adds extra configurations, and occasionally patches.<br />
<br />
First, the conflicting packages need to be removed:<br />
<br />
pacman -Rd libxft cairo fontconfig freetype2<br />
<br />
Then install the patched packages from the [[AUR]] using an AUR helper of your choice. The package names are:<br />
<br />
freetype2-ubuntu fontconfig-ubuntu libxft-ubuntu cairo-ubuntu<br />
<br />
=== ClearType packages ===<br />
<br />
Cleartype is a different type of font rendering that is used in Windows systems and is designed to work on both LCD and CRT monitors.<br />
<br />
Remove the conflicting packages:<br />
<br />
pacman -Rd cairo libxft freetype2<br />
<br />
And then install the patched packages from the AUR. Package names:<br />
<br />
freetype2-cleartype libxft-cleartype cairo-cleartype<br />
<br />
=== Reverting to original packages ===<br />
<br />
To restore the unpatched packages, first uninstall the patched versions then reinstall the originals:<br />
<br />
pacman -S freetype2 libxft cairo<br />
<br />
== Additional fontconfig configuration ==<br />
<br />
=== Disable auto-hinter for bold fonts ===<br />
<br />
The auto-hinter uses sophisticated methods for font rendering, but often makes bold fonts too wide. Fortunately, a solution can be turning off the auto-hinter for bold fonts while leaving it on for the rest:<br />
...<br />
<match target="font"><br />
<test name="weight" compare="more"><br />
<const>medium</const><br />
</test><br />
<edit name="autohint" mode="assign"><br />
<bool>false</bool><br />
</edit><br />
</match><br />
...<br />
<br />
=== Enable anti-aliasing only for bigger fonts ===<br />
<br />
''See also [http://sharpfonts.com/ sharpfonts.com] for related information''<br />
<br />
Some users prefer the sharper rendering that anti-aliasing doesn't offer:<br />
<br />
<pre><br />
...<br />
<match target="font"><br />
<edit name="antialias" mode="assign"><br />
<bool>false</bool><br />
</edit> <br />
</match><br />
<br />
<match target="font" ><br />
<test name="size" qual="any" compare="more"><br />
<double>12</double><br />
</test><br />
<edit name="antialias" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
<br />
<match target="font" ><br />
<test name="pixelsize" qual="any" compare="more"><br />
<double>17</double><br />
</test><br />
<edit name="antialias" mode="assign"><br />
<bool>true</bool><br />
</edit><br />
</match><br />
...<br />
</pre><br />
<br />
=== Replace fonts ===<br />
<br />
The most reliable way to do this is to add an XML fragment similar to the one below. This will cause Bitstream Vera Sans to be used in place of Helvetica:<br />
...<br />
<match target="pattern" name="family" ><br />
<test name="family" qual="any" ><br />
<string>Helvetica</string><br />
</test><br />
<edit name="family" mode="assign"><br />
<string>Bitstream Vera Sans</string><br />
</edit><br />
</match><br />
...<br />
An alternate approach is to set the "preferred" font, but ''this only works if the original font is not on the system'', in which case the one specified will be substituted:<br />
...<br />
< !-- Replace Helvetica with Bitstream Vera Sans Mono --><br />
< !-- Note, an alias for Helvetica should already exist in default conf files --><br />
<alias><br />
<family>Helvetica</family><br />
<prefer><family>Bitstream Vera Sans Mono</family></prefer><br />
<default><family>fixed</family></default><br />
</alias><br />
...<br />
<br />
=== LCD Type ===<br />
<br />
The fontconfig-lcd package by default uses the {{Codeline|lcddefault}} (very possible Ubuntu's does too) filter that will work for most users. Other filters are available that can be used in special situations: {{Codeline|lcdlight}}; a lighter filter ideal for fonts that look too bold or fuzzy, {{Codeline|lcdlegacy}}, the original Cairo filter; and {{Codeline|lcdnone}} to disable it entirely.<br />
<br />
<pre><br />
<match target="font"><br />
<edit mode="assign" name="lcdfilter"><br />
<const>lcddefault</const><br />
</edit><br />
</match><br />
</pre><br />
<br />
=== Disable bitmap fonts ===<br />
<br />
To disable bitmap fonts in fontconfig, use {{filename|70-no-bitmaps.conf}} (which is not placed by fontconfig by default):<br />
<br />
# rm /etc/fonts/conf.d/70-yes-bitmaps.conf <br />
# ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d<br />
<br />
Depending on the type of fontconfig you are using (default, or -lcd patched) you can choose which fonts to replace bitmaps fonts with (Helvetica, Courier and Times bitmap mapts to TTF fonts) by:<br />
<br />
# ln -s /etc/conf.avail/29-replace-bitmap-fonts.conf /etc/fonts/conf.d<br />
<br />
=== Create bold and italic styles for incomplete fonts ===<br />
<br />
Freetype has the ability to automatically create ''italic'' and '''bold''' styles for fonts that do not have them, but only if explicitly required by the application. Given programs rarely send these requests, this section covers manually forcing generation of missing styles.<br />
<br />
Start by editing {{Filename|/usr/share/fonts/fonts.cache-1}} as explained below. Store a copy of the modifications on another file, because a font update with {{Codeline|fc-cache}} will overwrite {{Filename|/usr/share/fonts/fonts.cache-1}}.<br />
<br />
Assuming the Dupree font is installed:<br />
"dupree.ttf" 0 "Dupree:style=Regular:slant=0:weight=80:width=100:foundry=unknown:index=0:outline=True:''etc...''<br />
<br />
Duplicate the line, change {{Codeline|<nowiki>style=Regular</nowiki>}} to {{Codeline|<nowiki>style=Bold</nowiki>}} or any other style. Also change {{Codeline|<nowiki>slant=0</nowiki>}} to {{Codeline|<nowiki>slant=100</nowiki>}} for italic, {{Codeline|<nowiki>weight=80</nowiki>}} to {{Codeline|<nowiki>weight=200</nowiki>}} for bold, or combine them for '''''bold italic''''':<br />
"dupree.ttf" 0 "Dupree:style=Bold Italic:slant=100:weight=200:width=100:foundry=unknown:index=0:outline=True:''etc...''<br />
<br />
Now add necessary modifications to {{Filename|~/.fonts.conf}}:<br />
<pre><br />
...<br />
<match target="font"><br />
<test name="family" qual="any"><br />
<string>Dupree</string><br />
&lt;!-- other fonts here .... --&gt;<br />
</test><br />
<test name="weight" compare="more_eq"><int>140</int></test><br />
<edit name="embolden" mode="assign"><bool>true</bool></edit><br />
</match><br />
<br />
<match target="font"><br />
<test name="family" qual="any"><br />
<string>Dupree</string><br />
&lt;!-- other fonts here .... --&gt;<br />
</test><br />
<test name="slant" compare="more_eq"><int>80</int></test><br />
<edit name="matrix" mode="assign"><br />
<times><br />
<name>matrix</name><br />
<matrix><br />
<double>1</double><double>0.2</double><br />
<double>0</double><double>1</double><br />
</matrix><br />
</times><br />
</edit><br />
</match><br />
...<br />
</pre><br />
{{Tip| Use the value 'embolden' for existing bold fonts in order to make them even bolder.}}<br />
<br />
===Change rule overriding===<br />
<br />
Fontconfig processes files in {{Filename|/etc/fonts/conf.d}} in reverse numerical order. This enables rules or files to override one another, but often confuses users about what file gets parsed last.<br />
<br />
To guarantee that personal settings take precedence over any other rules, change their ordering:<br />
# cd /etc/fonts/conf.d<br />
# mv 50-user.conf 00-user.conf<br />
<br />
This change seems however to be unnecessary for the most of the cases, because a user is given enough control by default to set up own font preferences, hinting and antialiasing properties, alias new fonts to generic font families, etc.<br />
<br />
=== Example fontconfig configurations ===<br />
<br />
Example fontconfig configurations can be found on this [[Font_Configuration/fontconfig_Examples|page]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Ubuntu-patched fonts ===<br />
<br />
Edits to improve Ubuntu lcd-patched fonts.<br />
<br />
==== Blurry fonts after install ====<br />
<br />
The Ubuntu fontconfig by default doesn't set sub-pixel rendering in it's global configuration. I'm not sure why exactly, I've noticed the same configurations in {{Filename|/etc/fonts/conf.d}} as when I've loaded and Ubuntu CD but my Ubuntu fonts have always looked blurry after the install. Perhaps it's because I'm using a different desktop environment than Gnome, but to fix this I've always had to set my sub-pixel rendering type on:<br />
<br />
ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d/<br />
<br />
Then logout and back in again.<br />
<br />
=== Distorted fonts ===<br />
''Main article: [[Xorg#Display size and DPI]]<br />
<br />
Fontconfig should be able to detect DPI parameters as discovered by the Xorg server and be able to display the fonts correctly. Those having problems can still fall back to setting it manually:<br />
<br />
...<br />
<!-- Setup for DPI=96 --><br />
<match target="pattern"><br />
<edit name="dpi" mode="assign"><double>96</double></edit><br />
</match><br />
...<br />
<br />
If fonts are still unexpectedly large or small, or are poorly proportioned, the Xorg server may be incorrectly detecting the DPI setting.<br />
<br />
=== Missing characters ===<br />
<br />
If using [[Emacs]], the {{Package Official|xorg-fonts-75dpi}} and {{Package Official|xorg-fonts-100dpi}} packages need to be installed.<br />
<br />
=== Older GTK and QT applications ===<br />
<br />
Modern GTK apps enable Xft by default but this was not the case before version 2.2. If it is not possible to update these applications, force Xft for old GNOME applications by adding to {{Filename|~/.bashrc}}:<br />
<br />
export GDK_USE_XFT=1<br />
<br />
For older QT applications:<br />
<br />
export QT_XFT=true<br />
<br />
== Resources ==<br />
<br />
*[http://www.x.org/X11R6.8.2/doc/fonts.html Fonts in X11R6.8.2] - Official Xorg font information<br />
*[http://freetype.sourceforge.net/freetype2/ FreeType 2 Overview]<br />
*[http://avi.alkalay.net/linux/docs/font-howto/Font.html Optimal Use of Fonts on Linux]<br />
*[http://www.linuxsir.org/bbs/showthread.php?t=266659 Advanced Font Configuration] Great resource but mostly in Simplified Chinese. Still has some good English examples.</div>Thayerhttps://wiki.archlinux.org/index.php?title=DeveloperWiki_talk:Articles_Linked_from_Website&diff=107378DeveloperWiki talk:Articles Linked from Website2010-05-27T02:34:04Z<p>Thayer: </p>
<hr />
<div>I don't like this category. We already have http://wiki.archlinux.org/index.php/Category:About_Arch_(English) The "funny" thing is http://wiki.archlinux.org/index.php/ArchLinux:About is not there.<br />
Can sb point me to the rationale for this category? To me it's like filing Joker, Penguin, Darth Maul and Skeletor under 'V' for 'villain'. They belong to separate worlds / stories and so do the articles from 'Website Resources' category.<br />
<br />
[[User:Karol|Karol]] 19:22, 26 May 2010 (EDT)<br />
<br />
:The rationale was that all of these articles are accessed from the official Arch Linux homepage. It was simply to keep an eye on our ''official'' documentation so to speak. --[[User:Thayer|thayer]] 22:34, 26 May 2010 (EDT)</div>Thayerhttps://wiki.archlinux.org/index.php?title=Udev&diff=105765Udev2010-05-05T23:47:31Z<p>Thayer: /* Mount under {{Filename|/media}}; use partition label if present; ntfs-3g */</p>
<hr />
<div>[[Category:Hardware detection and troubleshooting (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Auto-mounting (English)]]<br />
{{i18n|Udev}}<br />
<br />
== Introduction ==<br />
''"udev is the device manager for the Linux 2.6 kernel series. Primarily, it manages device nodes in {{Filename|/dev}}. It is the successor of devfs and hotplug, which means that it handles the {{Filename|/dev}} directory and all user space actions when adding/removing devices, including firmware load."'' Source: [http://en.wikipedia.org/wiki/Udev Wikipedia]<br />
<br />
udev replaces the functionality of both {{Codeline|hotplug}} and {{Codeline|hwdetect}}.<br />
<br />
udev loads kernel modules simultaneously, which can provide a speed increase during bootup. However, the downside is that it doesn't always load modules in the same order each time, which can cause problems with things like sound cards and network cards (if you have more than one of them). See below for more info on this.<br />
<br />
==About modules auto-loading==<br />
udev will not do ''any'' module loading for you unless {{Codeline|MOD_AUTOLOAD}} is enabled in {{Filename|/etc/rc.conf}}. If you disable auto-loading you must manually load the modules you want/need by putting the list in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}, you can generate this list with the {{Codeline|hwdetect --modules}} command.<br />
<br />
==About udev rules==<br />
udev rules go in {{Filename|/etc/udev/rules.d/}}, their file name has to end with {{Filename|.rules}}.<br />
<br />
If you want to learn how to write udev rules see [http://www.reactivated.net/writing_udev_rules.html Writing udev rules].<br />
<br />
To get a list of all the attributes of a device you can use to write rules:<br />
# udevadm info -a -p $(udevadm info -q path -n [device name])<br />
<br />
Replace [device name] with the device present in the system, such as '/dev/sda' or '/dev/ttyUSB0'.<br />
<br />
To restart the udev system once you create or modify udev rules, run the following command. Hotpluggable devices, such as USB devices, will probably have to be reconnected for the new rules to take effect.<br />
# udevadm control restart<br />
<br />
== Tips & Tricks ==<br />
=== Auto mounting USB devices ===<br />
{{Note|In the following rules the mount options are defined as {{Codeline|<nowiki>ENV{mount_options}="relatime"</nowiki>}}, see {{Codeline|man mount}} (and possibly {{Codeline|man ntfs-3g}}) for all available options and [[Maximizing Performance#Mount options]] for performance-related options.}}<br />
{{Note|The {{Codeline|users}} mount option will '''not''' allow users to unmount the filesystem.}}<br />
{{Tip|The {{Codeline|noexec}} mount option prevents execution of binaries on the mounted filesystem.}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present ====<br />
The following udev rule set automatically mounts devices/partitions that are represented by /dev/sd* (USB drives, external hard drives and sometimes SD cards). If a partition label is available, it mounts the device to /media/<label> and otherwise to /media/usbhd-sd* (ex: /media/usbhd-sdb1):<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise specify one<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support LUKS encryption ====<br />
Similar to the above rule set, but if the device is a LUKS-encrypted partition it will open an xterm window to ask for the passphrase (provided that xterm is installed). Also see [http://bbs.archlinux.org/viewtopic.php?pid=696239#p696239 this post] and the follow-ups.<br />
<br />
{{Note|You may need to modify the path to cryptsetup, depending on the version installed (e.g., < 1.1.1_rc2-1).}}<br />
<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Do not mount devices on boot because otherwise fsck may fail<br />
ACTION=="add", PROGRAM!="/bin/grep ' / / rw[, ]' /proc/self/mountinfo", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Open LUKS partition if necessary<br />
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"<br />
ENV{crypto}=="", ENV{device}="%N"<br />
ACTION=="add", ENV{crypto}!="", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /sbin/cryptsetup luksOpen %N %k'"<br />
ACTION=="add", ENV{crypto}!="", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="noatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Get label if present, otherwise assign one<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"<br />
# Use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Mount the device<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'"<br />
ACTION=="remove", ENV{crypto}!="", RUN+="/sbin/cryptsetup luksClose %k"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support user un-mounting ====<br />
This is a variation on the above rule set. It uses pmount (which will need to be installed) instead of mount, allowing a non-root user to unmount udev-mounted devices. The required username must be hard-coded in the RUN command, so this rule set may not be suitable for multi-user systems. LUKS support has also been removed from the example, but can be easily reinstated as above.<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-with-pmount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Get label<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %N", ENV{dir_name}="%c"<br />
# use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pmount %N %E{dir_name}'"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pumount /media/%E{dir_name}'"<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/mnt}}; create symbolic link under {{Filename|/media}} ====<br />
The following rule set does not make use of partition labels; instead it mounts devices as usbhd-sdXY under the /mnt directory (ex: /mnt/usbhd-sdb1) and creates a symbolic link under /media.<br />
{{File|name=/etc/udev/rules.d/11-mnt-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="mnt_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount under /mnt and create the symbolic link in /media <br />
ACTION=="add", RUN+="/bin/mount -o $env{mount_options} /dev/%k /mnt/usbhd-%k", RUN+="/bin/ln -s /mnt/usbhd-%k /media/usbhd-%k"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", RUN+="/bin/rm -f /media/usbhd-%k", RUN+="/bin/umount -l /mnt/usbhd-%k", RUN+="/bin/rmdir /mnt/usbhd-%k"<br />
<br />
# Exit<br />
LABEL="mnt_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}} ''only'' if the partition has a label ====<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-only-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ENV{ID_FS_LABEL}=="", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/$env{ID_FS_LABEL}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/$env{ID_FS_LABEL}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{ID_FS_LABEL}!="", RUN+="/bin/umount -l /media/$env{ID_FS_LABEL}", RUN+="/bin/rmdir /media/$env{ID_FS_LABEL}"<br />
<br />
# Exit<br />
LABEL="media_by_label_only_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; ntfs-3g ====<br />
Yet another example, this time making use of ntfs-3g read/write drivers for NTFS filesystems:<br />
<br />
{{File|name=/etc/udev/rules.d/10-my-media-automount.rules|content=<nowiki><br />
# vim:enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=udevrules:<br />
#<br />
# /etc/udev/rules.d/10-my-media-automount.rules<br />
<br />
# start at sdb to ignore the system hard drive<br />
KERNEL!="sd[b-z]*", GOTO="my_media_automount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="my_media_automount_end"<br />
<br />
# import some useful filesystem info as variables<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# get the label if present, otherwise assign one based on device/partition<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# create the dir in /media and symlink it to /mnt<br />
ACTION=="add", RUN+="/bin/mkdir -p '/media/%E{dir_name}'"<br />
<br />
# global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat) <br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"<br />
<br />
# automount ntfs filesystems using ntfs-3g driver<br />
ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"<br />
# automount all other filesystems<br />
ACTION=="add", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"<br />
<br />
# clean up after device removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# exit<br />
LABEL="my_media_automount_end"<br />
<br />
</nowiki>}}<br />
<br />
==== Mount SD cards ====<br />
The same rules as above can be used to auto-mount SD cards, you just need to replace {{Codeline|sd[a-z][0-9]}} by {{Codeline|mmcblk[0-9]p[0-9]}}:<br />
{{File|name=/etc/udev/rules.d/11-sd-cards-auto-mount.rules|content=<nowiki><br />
KERNEL!="mmcblk[0-9]p[0-9]", GOTO="sd_cards_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/ln -s /media/sd-%k /mnt/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"<br />
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"<br />
LABEL="sd_cards_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Accessing Firmware Programmers and USB Virtual Comm Devices ====<br />
The following ruleset will allow normal users (within the "users" group) the ability to access the [http://www.ladyada.net/make/usbtinyisp/ USBtinyISP] USB programmer for AVR microcontrollers and a generic (SiLabs [http://www.silabs.com/products/interface/usbtouart CP2102]) USB to UART adapter. Adjust the permissions accordingly. Verified as of 2010-02-11.<br />
<br />
{{File|name=/etc/udev/rules.d/50-embedded_devices.rules|content=<nowiki><br />
# USBtinyISP Programmer rules<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="users", MODE="0666"<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0479", GROUP="users", MODE="0666"<br />
<br />
# Mdfly.com Generic (SiLabs CP2102) 3.3v/5v USB VComm adapter<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", GROUP="users", MODE="0666"<br />
</nowiki>}}<br />
<br />
==Troubleshooting==<br />
=== Disabling modules auto-loading with the load_modules boot parameter ===<br />
If you pass {{Codeline|<nowiki>load_modules=off</nowiki>}} on your kernel boot line, then udev will skip all the auto-loading business. This is to provide you with a big ripcord to pull if something goes wrong. If udev loads a problematic module that hangs your system or something equally awful, then you can bypass auto-loading with this parameter, then go in and blacklist the offensive module(s).<br />
<br />
=== Blacklisting Modules ===<br />
In rare cases, Udev can make mistakes and load the wrong modules. To prevent it from doing this, you can blacklist modules. Once blacklisted, udev will never load that module. Not at boot-time ''or'' later on when a hotplug event is received (ie, you plug in your USB flash drive).<br />
<br />
To blacklist a module, just prefix it with a bang (!) in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}:<br />
MODULES=(!moduleA !moduleB)<br />
<br />
=== Known Problems with Hardware ===<br />
====BusLogic devices can be broken and will cause a freeze during startup====<br />
This is a kernel bug and no fix has been provided yet.<br />
====PCMCIA Card readers are not treated as removable devices====<br />
To get access to them with hal's pmount backend add them to {{Filename|/etc/pmount.allow}}<br />
<br />
=== Known Problems with Auto-Loading ===<br />
==== CPU frequency modules ====<br />
The current detection method for the various CPU frequency controllers is inadequate, so this has been omitted from the auto-loading process for the time being. To use CPU frequency scaling, load the proper module explicitly in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}.<br />
<br />
==== Sound Problems or Some Modules Not Loaded Automatically ====<br />
Some users have traced this problem to old entries in {{Codeline|/etc/modprobe.conf}}. Try cleaning that file out and trying again.<br />
<br />
==== Mixed Up Devices, Sound/Network Cards Changing Order Each Boot ====<br />
Because udev loads all modules asynchronously, they are initialized in a different order. This can result in devices randomly switching names. For example, with two network cards, you may notice a switching of designations between {{Codeline|eth0}} and {{Codeline|eth1}}.<br />
<br />
Arch Linux provides the advantage of specifying the module load order by listing the modules in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}. Modules in this array are loaded before udev begins auto-loading, so you have full control over the load order.<br />
<br />
# Always load 8139too before e100<br />
MODULES=(8139too e100)<br />
<br />
Another method for network card ordering is to use the udev-sanctioned method of statically-naming each interface. Create the following file to bind the MAC address of each of your cards to a certain interface name:<br />
{{File|name=/etc/udev/rules.d/10-network.rules|content=<nowiki><br />
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="wlan0"<br />
</nowiki>}}<br />
<br />
A couple things to note:<br />
* To get the MAC address of each card, use this command: {{Codeline|udevadm info -a -p /sys/class/net/<yourdevice> | grep address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
* Some people have problems naming their interfaces after the old style: eth0, eth1, etc. Try something like "lan" or "wlan" if you experience this problem.<br />
<br />
Don't forget to update your {{Filename|/etc/rc.conf}} and other configuration files using the old ethX notation!<br />
<br />
=== Known Problems for Custom Kernel Users ===<br />
==== Udev doesn't start at all ====<br />
Make sure you have a kernel version later than or equal to 2.6.15. Earlier kernels do not have the necessary uevent stuff that udev needs for auto-loading.<br />
<br />
==== CD/DVD symlinks and permissions are broken ====<br />
If you're using a 2.6.15 kernel, you'll need the uevent patch from ABS (which backports certain uevent functionality from 2.6.16). Just sync up your ABS tree with the {{Codeline|abs}} command, then you'll find the patch in {{Codeline|/var/abs/kernels/kernel26/}}.<br />
<br />
==Other Resources==<br />
* [http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Udev Homepage]<br />
* [http://www.linux.com/news/hardware/peripherals/180950-udev An Introduction to Udev]<br />
* [http://vger.kernel.org/vger-lists.html#linux-hotplug Udev mailing list information]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Udev&diff=105764Udev2010-05-05T23:46:17Z<p>Thayer: /* Auto mounting USB devices */</p>
<hr />
<div>[[Category:Hardware detection and troubleshooting (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Auto-mounting (English)]]<br />
{{i18n|Udev}}<br />
<br />
== Introduction ==<br />
''"udev is the device manager for the Linux 2.6 kernel series. Primarily, it manages device nodes in {{Filename|/dev}}. It is the successor of devfs and hotplug, which means that it handles the {{Filename|/dev}} directory and all user space actions when adding/removing devices, including firmware load."'' Source: [http://en.wikipedia.org/wiki/Udev Wikipedia]<br />
<br />
udev replaces the functionality of both {{Codeline|hotplug}} and {{Codeline|hwdetect}}.<br />
<br />
udev loads kernel modules simultaneously, which can provide a speed increase during bootup. However, the downside is that it doesn't always load modules in the same order each time, which can cause problems with things like sound cards and network cards (if you have more than one of them). See below for more info on this.<br />
<br />
==About modules auto-loading==<br />
udev will not do ''any'' module loading for you unless {{Codeline|MOD_AUTOLOAD}} is enabled in {{Filename|/etc/rc.conf}}. If you disable auto-loading you must manually load the modules you want/need by putting the list in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}, you can generate this list with the {{Codeline|hwdetect --modules}} command.<br />
<br />
==About udev rules==<br />
udev rules go in {{Filename|/etc/udev/rules.d/}}, their file name has to end with {{Filename|.rules}}.<br />
<br />
If you want to learn how to write udev rules see [http://www.reactivated.net/writing_udev_rules.html Writing udev rules].<br />
<br />
To get a list of all the attributes of a device you can use to write rules:<br />
# udevadm info -a -p $(udevadm info -q path -n [device name])<br />
<br />
Replace [device name] with the device present in the system, such as '/dev/sda' or '/dev/ttyUSB0'.<br />
<br />
To restart the udev system once you create or modify udev rules, run the following command. Hotpluggable devices, such as USB devices, will probably have to be reconnected for the new rules to take effect.<br />
# udevadm control restart<br />
<br />
== Tips & Tricks ==<br />
=== Auto mounting USB devices ===<br />
{{Note|In the following rules the mount options are defined as {{Codeline|<nowiki>ENV{mount_options}="relatime"</nowiki>}}, see {{Codeline|man mount}} (and possibly {{Codeline|man ntfs-3g}}) for all available options and [[Maximizing Performance#Mount options]] for performance-related options.}}<br />
{{Note|The {{Codeline|users}} mount option will '''not''' allow users to unmount the filesystem.}}<br />
{{Tip|The {{Codeline|noexec}} mount option prevents execution of binaries on the mounted filesystem.}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present ====<br />
The following udev rule set automatically mounts devices/partitions that are represented by /dev/sd* (USB drives, external hard drives and sometimes SD cards). If a partition label is available, it mounts the device to /media/<label> and otherwise to /media/usbhd-sd* (ex: /media/usbhd-sdb1):<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise specify one<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support LUKS encryption ====<br />
Similar to the above rule set, but if the device is a LUKS-encrypted partition it will open an xterm window to ask for the passphrase (provided that xterm is installed). Also see [http://bbs.archlinux.org/viewtopic.php?pid=696239#p696239 this post] and the follow-ups.<br />
<br />
{{Note|You may need to modify the path to cryptsetup, depending on the version installed (e.g., < 1.1.1_rc2-1).}}<br />
<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Do not mount devices on boot because otherwise fsck may fail<br />
ACTION=="add", PROGRAM!="/bin/grep ' / / rw[, ]' /proc/self/mountinfo", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Open LUKS partition if necessary<br />
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"<br />
ENV{crypto}=="", ENV{device}="%N"<br />
ACTION=="add", ENV{crypto}!="", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /sbin/cryptsetup luksOpen %N %k'"<br />
ACTION=="add", ENV{crypto}!="", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="noatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Get label if present, otherwise assign one<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"<br />
# Use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Mount the device<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'"<br />
ACTION=="remove", ENV{crypto}!="", RUN+="/sbin/cryptsetup luksClose %k"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support user un-mounting ====<br />
This is a variation on the above rule set. It uses pmount (which will need to be installed) instead of mount, allowing a non-root user to unmount udev-mounted devices. The required username must be hard-coded in the RUN command, so this rule set may not be suitable for multi-user systems. LUKS support has also been removed from the example, but can be easily reinstated as above.<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-with-pmount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Get label<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %N", ENV{dir_name}="%c"<br />
# use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pmount %N %E{dir_name}'"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pumount /media/%E{dir_name}'"<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/mnt}}; create symbolic link under {{Filename|/media}} ====<br />
The following rule set does not make use of partition labels; instead it mounts devices as usbhd-sdXY under the /mnt directory (ex: /mnt/usbhd-sdb1) and creates a symbolic link under /media.<br />
{{File|name=/etc/udev/rules.d/11-mnt-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="mnt_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount under /mnt and create the symbolic link in /media <br />
ACTION=="add", RUN+="/bin/mount -o $env{mount_options} /dev/%k /mnt/usbhd-%k", RUN+="/bin/ln -s /mnt/usbhd-%k /media/usbhd-%k"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", RUN+="/bin/rm -f /media/usbhd-%k", RUN+="/bin/umount -l /mnt/usbhd-%k", RUN+="/bin/rmdir /mnt/usbhd-%k"<br />
<br />
# Exit<br />
LABEL="mnt_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}} ''only'' if the partition has a label ====<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-only-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ENV{ID_FS_LABEL}=="", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/$env{ID_FS_LABEL}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/$env{ID_FS_LABEL}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{ID_FS_LABEL}!="", RUN+="/bin/umount -l /media/$env{ID_FS_LABEL}", RUN+="/bin/rmdir /media/$env{ID_FS_LABEL}"<br />
<br />
# Exit<br />
LABEL="media_by_label_only_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; ntfs-3g ====<br />
Yet another example, this time making use of ntfs-3g read/write drivers for NTFS filesystems:<br />
<br />
{{File|name=/etc/udev/rules.d/10-my-media-automount.rules|content=<nowiki><br />
# vim:enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=udevrules:<br />
#<br />
# /etc/udev/rules.d/10-my-media-automount.rules<br />
<br />
# start at sdb to ignore the system hard drive<br />
KERNEL!="sd[b-z]*", GOTO="my_media_automount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="my_media_automount_end"<br />
<br />
# import some useful filesystem info as variables<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise assign one based on device/partition num<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# create the dir in /media and symlink it to /mnt<br />
ACTION=="add", RUN+="/bin/mkdir -p '/media/%E{dir_name}'"<br />
<br />
# global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat) <br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"<br />
<br />
# automount ntfs filesystems using ntfs-3g driver<br />
ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"<br />
# automount all other filesystems<br />
ACTION=="add", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"<br />
<br />
# clean up after device removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# exit<br />
LABEL="my_media_automount_end"<br />
<br />
</nowiki>}}<br />
<br />
==== Mount SD cards ====<br />
The same rules as above can be used to auto-mount SD cards, you just need to replace {{Codeline|sd[a-z][0-9]}} by {{Codeline|mmcblk[0-9]p[0-9]}}:<br />
{{File|name=/etc/udev/rules.d/11-sd-cards-auto-mount.rules|content=<nowiki><br />
KERNEL!="mmcblk[0-9]p[0-9]", GOTO="sd_cards_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/ln -s /media/sd-%k /mnt/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"<br />
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"<br />
LABEL="sd_cards_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Accessing Firmware Programmers and USB Virtual Comm Devices ====<br />
The following ruleset will allow normal users (within the "users" group) the ability to access the [http://www.ladyada.net/make/usbtinyisp/ USBtinyISP] USB programmer for AVR microcontrollers and a generic (SiLabs [http://www.silabs.com/products/interface/usbtouart CP2102]) USB to UART adapter. Adjust the permissions accordingly. Verified as of 2010-02-11.<br />
<br />
{{File|name=/etc/udev/rules.d/50-embedded_devices.rules|content=<nowiki><br />
# USBtinyISP Programmer rules<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="users", MODE="0666"<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0479", GROUP="users", MODE="0666"<br />
<br />
# Mdfly.com Generic (SiLabs CP2102) 3.3v/5v USB VComm adapter<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", GROUP="users", MODE="0666"<br />
</nowiki>}}<br />
<br />
==Troubleshooting==<br />
=== Disabling modules auto-loading with the load_modules boot parameter ===<br />
If you pass {{Codeline|<nowiki>load_modules=off</nowiki>}} on your kernel boot line, then udev will skip all the auto-loading business. This is to provide you with a big ripcord to pull if something goes wrong. If udev loads a problematic module that hangs your system or something equally awful, then you can bypass auto-loading with this parameter, then go in and blacklist the offensive module(s).<br />
<br />
=== Blacklisting Modules ===<br />
In rare cases, Udev can make mistakes and load the wrong modules. To prevent it from doing this, you can blacklist modules. Once blacklisted, udev will never load that module. Not at boot-time ''or'' later on when a hotplug event is received (ie, you plug in your USB flash drive).<br />
<br />
To blacklist a module, just prefix it with a bang (!) in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}:<br />
MODULES=(!moduleA !moduleB)<br />
<br />
=== Known Problems with Hardware ===<br />
====BusLogic devices can be broken and will cause a freeze during startup====<br />
This is a kernel bug and no fix has been provided yet.<br />
====PCMCIA Card readers are not treated as removable devices====<br />
To get access to them with hal's pmount backend add them to {{Filename|/etc/pmount.allow}}<br />
<br />
=== Known Problems with Auto-Loading ===<br />
==== CPU frequency modules ====<br />
The current detection method for the various CPU frequency controllers is inadequate, so this has been omitted from the auto-loading process for the time being. To use CPU frequency scaling, load the proper module explicitly in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}.<br />
<br />
==== Sound Problems or Some Modules Not Loaded Automatically ====<br />
Some users have traced this problem to old entries in {{Codeline|/etc/modprobe.conf}}. Try cleaning that file out and trying again.<br />
<br />
==== Mixed Up Devices, Sound/Network Cards Changing Order Each Boot ====<br />
Because udev loads all modules asynchronously, they are initialized in a different order. This can result in devices randomly switching names. For example, with two network cards, you may notice a switching of designations between {{Codeline|eth0}} and {{Codeline|eth1}}.<br />
<br />
Arch Linux provides the advantage of specifying the module load order by listing the modules in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}. Modules in this array are loaded before udev begins auto-loading, so you have full control over the load order.<br />
<br />
# Always load 8139too before e100<br />
MODULES=(8139too e100)<br />
<br />
Another method for network card ordering is to use the udev-sanctioned method of statically-naming each interface. Create the following file to bind the MAC address of each of your cards to a certain interface name:<br />
{{File|name=/etc/udev/rules.d/10-network.rules|content=<nowiki><br />
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="wlan0"<br />
</nowiki>}}<br />
<br />
A couple things to note:<br />
* To get the MAC address of each card, use this command: {{Codeline|udevadm info -a -p /sys/class/net/<yourdevice> | grep address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
* Some people have problems naming their interfaces after the old style: eth0, eth1, etc. Try something like "lan" or "wlan" if you experience this problem.<br />
<br />
Don't forget to update your {{Filename|/etc/rc.conf}} and other configuration files using the old ethX notation!<br />
<br />
=== Known Problems for Custom Kernel Users ===<br />
==== Udev doesn't start at all ====<br />
Make sure you have a kernel version later than or equal to 2.6.15. Earlier kernels do not have the necessary uevent stuff that udev needs for auto-loading.<br />
<br />
==== CD/DVD symlinks and permissions are broken ====<br />
If you're using a 2.6.15 kernel, you'll need the uevent patch from ABS (which backports certain uevent functionality from 2.6.16). Just sync up your ABS tree with the {{Codeline|abs}} command, then you'll find the patch in {{Codeline|/var/abs/kernels/kernel26/}}.<br />
<br />
==Other Resources==<br />
* [http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Udev Homepage]<br />
* [http://www.linux.com/news/hardware/peripherals/180950-udev An Introduction to Udev]<br />
* [http://vger.kernel.org/vger-lists.html#linux-hotplug Udev mailing list information]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Udev&diff=105762Udev2010-05-05T23:28:15Z<p>Thayer: /* Mount under {{Filename|/media}}; use partition label if present */</p>
<hr />
<div>[[Category:Hardware detection and troubleshooting (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Auto-mounting (English)]]<br />
{{i18n|Udev}}<br />
<br />
== Introduction ==<br />
''"udev is the device manager for the Linux 2.6 kernel series. Primarily, it manages device nodes in {{Filename|/dev}}. It is the successor of devfs and hotplug, which means that it handles the {{Filename|/dev}} directory and all user space actions when adding/removing devices, including firmware load."'' Source: [http://en.wikipedia.org/wiki/Udev Wikipedia]<br />
<br />
udev replaces the functionality of both {{Codeline|hotplug}} and {{Codeline|hwdetect}}.<br />
<br />
udev loads kernel modules simultaneously, which can provide a speed increase during bootup. However, the downside is that it doesn't always load modules in the same order each time, which can cause problems with things like sound cards and network cards (if you have more than one of them). See below for more info on this.<br />
<br />
==About modules auto-loading==<br />
udev will not do ''any'' module loading for you unless {{Codeline|MOD_AUTOLOAD}} is enabled in {{Filename|/etc/rc.conf}}. If you disable auto-loading you must manually load the modules you want/need by putting the list in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}, you can generate this list with the {{Codeline|hwdetect --modules}} command.<br />
<br />
==About udev rules==<br />
udev rules go in {{Filename|/etc/udev/rules.d/}}, their file name has to end with {{Filename|.rules}}.<br />
<br />
If you want to learn how to write udev rules see [http://www.reactivated.net/writing_udev_rules.html Writing udev rules].<br />
<br />
To get a list of all the attributes of a device you can use to write rules:<br />
# udevadm info -a -p $(udevadm info -q path -n [device name])<br />
<br />
Replace [device name] with the device present in the system, such as '/dev/sda' or '/dev/ttyUSB0'.<br />
<br />
To restart the udev system once you create or modify udev rules, run the following command. Hotpluggable devices, such as USB devices, will probably have to be reconnected for the new rules to take effect.<br />
# udevadm control restart<br />
<br />
== Tips & Tricks ==<br />
=== Auto mounting USB devices ===<br />
{{Note|In the following rules the mount options are defined as {{Codeline|<nowiki>ENV{mount_options}="relatime"</nowiki>}}, see {{Codeline|man mount}} (and possibly {{Codeline|man ntfs-3g}}) for all available options and [[Maximizing Performance#Mount options]] for performance-related options.}}<br />
{{Note|The {{Codeline|users}} mount option will '''not''' allow users to unmount the filesystem.}}<br />
{{Tip|The {{Codeline|noexec}} mount option prevents execution of binaries on the mounted filesystem.}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present ====<br />
The following udev rule set automatically mounts devices/partitions that are represented by /dev/sd* (USB drives, external hard drives and sometimes SD cards). If a partition label is available, it mounts the device to /media/<label> and otherwise to /media/usbhd-sd* (ex: /media/usbhd-sdb1):<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise specify one<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support LUKS encryption ====<br />
Similar to the above rule set, but if the device is a LUKS-encrypted partition it will open an xterm window to ask for the passphrase (provided that xterm is installed). Also see [http://bbs.archlinux.org/viewtopic.php?pid=696239#p696239 this post] and the follow-ups.<br />
<br />
{{Note|You may need to modify the path to cryptsetup, depending on the version installed (e.g., < 1.1.1_rc2-1).}}<br />
<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Do not mount devices on boot because otherwise fsck may fail<br />
ACTION=="add", PROGRAM!="/bin/grep ' / / rw[, ]' /proc/self/mountinfo", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Open LUKS partition if necessary<br />
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"<br />
ENV{crypto}=="", ENV{device}="%N"<br />
ACTION=="add", ENV{crypto}!="", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /sbin/cryptsetup luksOpen %N %k'"<br />
ACTION=="add", ENV{crypto}!="", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="noatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Get label if present, otherwise assign one<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"<br />
# Use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Mount the device<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'"<br />
ACTION=="remove", ENV{crypto}!="", RUN+="/sbin/cryptsetup luksClose %k"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support user un-mounting ====<br />
This is a variation on the above rule set. It uses pmount (which will need to be installed) instead of mount, allowing a non-root user to unmount udev-mounted devices. The required username must be hard-coded in the RUN command, so this rule set may not be suitable for multi-user systems. LUKS support has also been removed from the example, but can be easily reinstated as above.<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-with-pmount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Get label<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %N", ENV{dir_name}="%c"<br />
# use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pmount %N %E{dir_name}'"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pumount /media/%E{dir_name}'"<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/mnt}}; create symbolic link under {{Filename|/media}} ====<br />
The following rule set does not make use of partition labels; instead it mounts devices as usbhd-sdXY under the /mnt directory (ex: /mnt/usbhd-sdb1) and creates a symbolic link under /media.<br />
{{File|name=/etc/udev/rules.d/11-mnt-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="mnt_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount under /mnt and create the symbolic link in /media <br />
ACTION=="add", RUN+="/bin/mount -o $env{mount_options} /dev/%k /mnt/usbhd-%k", RUN+="/bin/ln -s /mnt/usbhd-%k /media/usbhd-%k"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", RUN+="/bin/rm -f /media/usbhd-%k", RUN+="/bin/umount -l /mnt/usbhd-%k", RUN+="/bin/rmdir /mnt/usbhd-%k"<br />
<br />
# Exit<br />
LABEL="mnt_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}} ''only'' if the partition has a label ====<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-only-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ENV{ID_FS_LABEL}=="", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/$env{ID_FS_LABEL}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/$env{ID_FS_LABEL}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{ID_FS_LABEL}!="", RUN+="/bin/umount -l /media/$env{ID_FS_LABEL}", RUN+="/bin/rmdir /media/$env{ID_FS_LABEL}"<br />
<br />
# Exit<br />
LABEL="media_by_label_only_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount SD cards ====<br />
The same rules as above can be used to auto-mount SD cards, you just need to replace {{Codeline|sd[a-z][0-9]}} by {{Codeline|mmcblk[0-9]p[0-9]}}:<br />
{{File|name=/etc/udev/rules.d/11-sd-cards-auto-mount.rules|content=<nowiki><br />
KERNEL!="mmcblk[0-9]p[0-9]", GOTO="sd_cards_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/ln -s /media/sd-%k /mnt/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"<br />
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"<br />
LABEL="sd_cards_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Accessing Firmware Programmers and USB Virtual Comm Devices ====<br />
The following ruleset will allow normal users (within the "users" group) the ability to access the [http://www.ladyada.net/make/usbtinyisp/ USBtinyISP] USB programmer for AVR microcontrollers and a generic (SiLabs [http://www.silabs.com/products/interface/usbtouart CP2102]) USB to UART adapter. Adjust the permissions accordingly. Verified as of 2010-02-11.<br />
<br />
{{File|name=/etc/udev/rules.d/50-embedded_devices.rules|content=<nowiki><br />
# USBtinyISP Programmer rules<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="users", MODE="0666"<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0479", GROUP="users", MODE="0666"<br />
<br />
# Mdfly.com Generic (SiLabs CP2102) 3.3v/5v USB VComm adapter<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", GROUP="users", MODE="0666"<br />
</nowiki>}}<br />
<br />
==Troubleshooting==<br />
=== Disabling modules auto-loading with the load_modules boot parameter ===<br />
If you pass {{Codeline|<nowiki>load_modules=off</nowiki>}} on your kernel boot line, then udev will skip all the auto-loading business. This is to provide you with a big ripcord to pull if something goes wrong. If udev loads a problematic module that hangs your system or something equally awful, then you can bypass auto-loading with this parameter, then go in and blacklist the offensive module(s).<br />
<br />
=== Blacklisting Modules ===<br />
In rare cases, Udev can make mistakes and load the wrong modules. To prevent it from doing this, you can blacklist modules. Once blacklisted, udev will never load that module. Not at boot-time ''or'' later on when a hotplug event is received (ie, you plug in your USB flash drive).<br />
<br />
To blacklist a module, just prefix it with a bang (!) in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}:<br />
MODULES=(!moduleA !moduleB)<br />
<br />
=== Known Problems with Hardware ===<br />
====BusLogic devices can be broken and will cause a freeze during startup====<br />
This is a kernel bug and no fix has been provided yet.<br />
====PCMCIA Card readers are not treated as removable devices====<br />
To get access to them with hal's pmount backend add them to {{Filename|/etc/pmount.allow}}<br />
<br />
=== Known Problems with Auto-Loading ===<br />
==== CPU frequency modules ====<br />
The current detection method for the various CPU frequency controllers is inadequate, so this has been omitted from the auto-loading process for the time being. To use CPU frequency scaling, load the proper module explicitly in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}.<br />
<br />
==== Sound Problems or Some Modules Not Loaded Automatically ====<br />
Some users have traced this problem to old entries in {{Codeline|/etc/modprobe.conf}}. Try cleaning that file out and trying again.<br />
<br />
==== Mixed Up Devices, Sound/Network Cards Changing Order Each Boot ====<br />
Because udev loads all modules asynchronously, they are initialized in a different order. This can result in devices randomly switching names. For example, with two network cards, you may notice a switching of designations between {{Codeline|eth0}} and {{Codeline|eth1}}.<br />
<br />
Arch Linux provides the advantage of specifying the module load order by listing the modules in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}. Modules in this array are loaded before udev begins auto-loading, so you have full control over the load order.<br />
<br />
# Always load 8139too before e100<br />
MODULES=(8139too e100)<br />
<br />
Another method for network card ordering is to use the udev-sanctioned method of statically-naming each interface. Create the following file to bind the MAC address of each of your cards to a certain interface name:<br />
{{File|name=/etc/udev/rules.d/10-network.rules|content=<nowiki><br />
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="wlan0"<br />
</nowiki>}}<br />
<br />
A couple things to note:<br />
* To get the MAC address of each card, use this command: {{Codeline|udevadm info -a -p /sys/class/net/<yourdevice> | grep address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
* Some people have problems naming their interfaces after the old style: eth0, eth1, etc. Try something like "lan" or "wlan" if you experience this problem.<br />
<br />
Don't forget to update your {{Filename|/etc/rc.conf}} and other configuration files using the old ethX notation!<br />
<br />
=== Known Problems for Custom Kernel Users ===<br />
==== Udev doesn't start at all ====<br />
Make sure you have a kernel version later than or equal to 2.6.15. Earlier kernels do not have the necessary uevent stuff that udev needs for auto-loading.<br />
<br />
==== CD/DVD symlinks and permissions are broken ====<br />
If you're using a 2.6.15 kernel, you'll need the uevent patch from ABS (which backports certain uevent functionality from 2.6.16). Just sync up your ABS tree with the {{Codeline|abs}} command, then you'll find the patch in {{Codeline|/var/abs/kernels/kernel26/}}.<br />
<br />
==Other Resources==<br />
* [http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Udev Homepage]<br />
* [http://www.linux.com/news/hardware/peripherals/180950-udev An Introduction to Udev]<br />
* [http://vger.kernel.org/vger-lists.html#linux-hotplug Udev mailing list information]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Udev&diff=105761Udev2010-05-05T23:27:48Z<p>Thayer: /* Auto mounting USB devices */</p>
<hr />
<div>[[Category:Hardware detection and troubleshooting (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Auto-mounting (English)]]<br />
{{i18n|Udev}}<br />
<br />
== Introduction ==<br />
''"udev is the device manager for the Linux 2.6 kernel series. Primarily, it manages device nodes in {{Filename|/dev}}. It is the successor of devfs and hotplug, which means that it handles the {{Filename|/dev}} directory and all user space actions when adding/removing devices, including firmware load."'' Source: [http://en.wikipedia.org/wiki/Udev Wikipedia]<br />
<br />
udev replaces the functionality of both {{Codeline|hotplug}} and {{Codeline|hwdetect}}.<br />
<br />
udev loads kernel modules simultaneously, which can provide a speed increase during bootup. However, the downside is that it doesn't always load modules in the same order each time, which can cause problems with things like sound cards and network cards (if you have more than one of them). See below for more info on this.<br />
<br />
==About modules auto-loading==<br />
udev will not do ''any'' module loading for you unless {{Codeline|MOD_AUTOLOAD}} is enabled in {{Filename|/etc/rc.conf}}. If you disable auto-loading you must manually load the modules you want/need by putting the list in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}, you can generate this list with the {{Codeline|hwdetect --modules}} command.<br />
<br />
==About udev rules==<br />
udev rules go in {{Filename|/etc/udev/rules.d/}}, their file name has to end with {{Filename|.rules}}.<br />
<br />
If you want to learn how to write udev rules see [http://www.reactivated.net/writing_udev_rules.html Writing udev rules].<br />
<br />
To get a list of all the attributes of a device you can use to write rules:<br />
# udevadm info -a -p $(udevadm info -q path -n [device name])<br />
<br />
Replace [device name] with the device present in the system, such as '/dev/sda' or '/dev/ttyUSB0'.<br />
<br />
To restart the udev system once you create or modify udev rules, run the following command. Hotpluggable devices, such as USB devices, will probably have to be reconnected for the new rules to take effect.<br />
# udevadm control restart<br />
<br />
== Tips & Tricks ==<br />
=== Auto mounting USB devices ===<br />
{{Note|In the following rules the mount options are defined as {{Codeline|<nowiki>ENV{mount_options}="relatime"</nowiki>}}, see {{Codeline|man mount}} (and possibly {{Codeline|man ntfs-3g}}) for all available options and [[Maximizing Performance#Mount options]] for performance-related options.}}<br />
{{Note|The {{Codeline|users}} mount option will '''not''' allow users to unmount the filesystem.}}<br />
{{Tip|The {{Codeline|noexec}} mount option prevents execution of binaries on the mounted filesystem.}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present ====<br />
The following udev rule set automatically mounts devices/partitions that are represented by /dev/sd* (USB drives, external hard drives and sometimes SD cards). If a partition label is available, it mounts the device to /media/<label> and otherwise to /media/usbhd-sd* (ex: /media/usbhd-sdb1):<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise specify one<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support LUKS encryption ====<br />
Similar to the above rule set, but if the device is a LUKS-encrypted partition it will open an xterm window to ask for the passphrase (provided that xterm is installed). Also see [http://bbs.archlinux.org/viewtopic.php?pid=696239#p696239 this post] and the follow-ups.<br />
<br />
{{Note|You may need to modify the path to cryptsetup, depending on the version installed (e.g., < 1.1.1_rc2-1).}}<br />
<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Do not mount devices on boot because otherwise fsck may fail<br />
ACTION=="add", PROGRAM!="/bin/grep ' / / rw[, ]' /proc/self/mountinfo", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Open LUKS partition if necessary<br />
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"<br />
ENV{crypto}=="", ENV{device}="%N"<br />
ACTION=="add", ENV{crypto}!="", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /sbin/cryptsetup luksOpen %N %k'"<br />
ACTION=="add", ENV{crypto}!="", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="noatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Get label if present, otherwise assign one<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"<br />
# Use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Mount the device<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'"<br />
ACTION=="remove", ENV{crypto}!="", RUN+="/sbin/cryptsetup luksClose %k"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support user un-mounting ====<br />
This is a variation on the above rule set. It uses pmount (which will need to be installed) instead of mount, allowing a non-root user to unmount udev-mounted devices. The required username must be hard-coded in the RUN command, so this rule set may not be suitable for multi-user systems. LUKS support has also been removed from the example, but can be easily reinstated as above.<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-with-pmount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Get label<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %N", ENV{dir_name}="%c"<br />
# use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pmount %N %E{dir_name}'"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pumount /media/%E{dir_name}'"<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/mnt}}; create symbolic link under {{Filename|/media}} ====<br />
The following rule set does not make use of partition labels; instead it mounts devices as usbhd-sdXY under the /mnt directory (ex: /mnt/usbhd-sdb1) and creates a symbolic link under /media.<br />
{{File|name=/etc/udev/rules.d/11-mnt-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="mnt_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount under /mnt and create the symbolic link in /media <br />
ACTION=="add", RUN+="/bin/mount -o $env{mount_options} /dev/%k /mnt/usbhd-%k", RUN+="/bin/ln -s /mnt/usbhd-%k /media/usbhd-%k"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", RUN+="/bin/rm -f /media/usbhd-%k", RUN+="/bin/umount -l /mnt/usbhd-%k", RUN+="/bin/rmdir /mnt/usbhd-%k"<br />
<br />
# Exit<br />
LABEL="mnt_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}} ''only'' if the partition has a label ====<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-only-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ENV{ID_FS_LABEL}=="", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/$env{ID_FS_LABEL}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/$env{ID_FS_LABEL}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{ID_FS_LABEL}!="", RUN+="/bin/umount -l /media/$env{ID_FS_LABEL}", RUN+="/bin/rmdir /media/$env{ID_FS_LABEL}"<br />
<br />
# Exit<br />
LABEL="media_by_label_only_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount SD cards ====<br />
The same rules as above can be used to auto-mount SD cards, you just need to replace {{Codeline|sd[a-z][0-9]}} by {{Codeline|mmcblk[0-9]p[0-9]}}:<br />
{{File|name=/etc/udev/rules.d/11-sd-cards-auto-mount.rules|content=<nowiki><br />
KERNEL!="mmcblk[0-9]p[0-9]", GOTO="sd_cards_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/ln -s /media/sd-%k /mnt/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"<br />
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"<br />
LABEL="sd_cards_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Accessing Firmware Programmers and USB Virtual Comm Devices ====<br />
The following ruleset will allow normal users (within the "users" group) the ability to access the [http://www.ladyada.net/make/usbtinyisp/ USBtinyISP] USB programmer for AVR microcontrollers and a generic (SiLabs [http://www.silabs.com/products/interface/usbtouart CP2102]) USB to UART adapter. Adjust the permissions accordingly. Verified as of 2010-02-11.<br />
<br />
{{File|name=/etc/udev/rules.d/50-embedded_devices.rules|content=<nowiki><br />
# USBtinyISP Programmer rules<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="users", MODE="0666"<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0479", GROUP="users", MODE="0666"<br />
<br />
# Mdfly.com Generic (SiLabs CP2102) 3.3v/5v USB VComm adapter<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", GROUP="users", MODE="0666"<br />
</nowiki>}}<br />
<br />
==Troubleshooting==<br />
=== Disabling modules auto-loading with the load_modules boot parameter ===<br />
If you pass {{Codeline|<nowiki>load_modules=off</nowiki>}} on your kernel boot line, then udev will skip all the auto-loading business. This is to provide you with a big ripcord to pull if something goes wrong. If udev loads a problematic module that hangs your system or something equally awful, then you can bypass auto-loading with this parameter, then go in and blacklist the offensive module(s).<br />
<br />
=== Blacklisting Modules ===<br />
In rare cases, Udev can make mistakes and load the wrong modules. To prevent it from doing this, you can blacklist modules. Once blacklisted, udev will never load that module. Not at boot-time ''or'' later on when a hotplug event is received (ie, you plug in your USB flash drive).<br />
<br />
To blacklist a module, just prefix it with a bang (!) in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}:<br />
MODULES=(!moduleA !moduleB)<br />
<br />
=== Known Problems with Hardware ===<br />
====BusLogic devices can be broken and will cause a freeze during startup====<br />
This is a kernel bug and no fix has been provided yet.<br />
====PCMCIA Card readers are not treated as removable devices====<br />
To get access to them with hal's pmount backend add them to {{Filename|/etc/pmount.allow}}<br />
<br />
=== Known Problems with Auto-Loading ===<br />
==== CPU frequency modules ====<br />
The current detection method for the various CPU frequency controllers is inadequate, so this has been omitted from the auto-loading process for the time being. To use CPU frequency scaling, load the proper module explicitly in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}.<br />
<br />
==== Sound Problems or Some Modules Not Loaded Automatically ====<br />
Some users have traced this problem to old entries in {{Codeline|/etc/modprobe.conf}}. Try cleaning that file out and trying again.<br />
<br />
==== Mixed Up Devices, Sound/Network Cards Changing Order Each Boot ====<br />
Because udev loads all modules asynchronously, they are initialized in a different order. This can result in devices randomly switching names. For example, with two network cards, you may notice a switching of designations between {{Codeline|eth0}} and {{Codeline|eth1}}.<br />
<br />
Arch Linux provides the advantage of specifying the module load order by listing the modules in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}. Modules in this array are loaded before udev begins auto-loading, so you have full control over the load order.<br />
<br />
# Always load 8139too before e100<br />
MODULES=(8139too e100)<br />
<br />
Another method for network card ordering is to use the udev-sanctioned method of statically-naming each interface. Create the following file to bind the MAC address of each of your cards to a certain interface name:<br />
{{File|name=/etc/udev/rules.d/10-network.rules|content=<nowiki><br />
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="wlan0"<br />
</nowiki>}}<br />
<br />
A couple things to note:<br />
* To get the MAC address of each card, use this command: {{Codeline|udevadm info -a -p /sys/class/net/<yourdevice> | grep address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
* Some people have problems naming their interfaces after the old style: eth0, eth1, etc. Try something like "lan" or "wlan" if you experience this problem.<br />
<br />
Don't forget to update your {{Filename|/etc/rc.conf}} and other configuration files using the old ethX notation!<br />
<br />
=== Known Problems for Custom Kernel Users ===<br />
==== Udev doesn't start at all ====<br />
Make sure you have a kernel version later than or equal to 2.6.15. Earlier kernels do not have the necessary uevent stuff that udev needs for auto-loading.<br />
<br />
==== CD/DVD symlinks and permissions are broken ====<br />
If you're using a 2.6.15 kernel, you'll need the uevent patch from ABS (which backports certain uevent functionality from 2.6.16). Just sync up your ABS tree with the {{Codeline|abs}} command, then you'll find the patch in {{Codeline|/var/abs/kernels/kernel26/}}.<br />
<br />
==Other Resources==<br />
* [http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Udev Homepage]<br />
* [http://www.linux.com/news/hardware/peripherals/180950-udev An Introduction to Udev]<br />
* [http://vger.kernel.org/vger-lists.html#linux-hotplug Udev mailing list information]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Udev&diff=105759Udev2010-05-05T23:21:12Z<p>Thayer: /* Mounting SD cards */</p>
<hr />
<div>[[Category:Hardware detection and troubleshooting (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Auto-mounting (English)]]<br />
{{i18n|Udev}}<br />
<br />
== Introduction ==<br />
''"udev is the device manager for the Linux 2.6 kernel series. Primarily, it manages device nodes in {{Filename|/dev}}. It is the successor of devfs and hotplug, which means that it handles the {{Filename|/dev}} directory and all user space actions when adding/removing devices, including firmware load."'' Source: [http://en.wikipedia.org/wiki/Udev Wikipedia]<br />
<br />
udev replaces the functionality of both {{Codeline|hotplug}} and {{Codeline|hwdetect}}.<br />
<br />
udev loads kernel modules simultaneously, which can provide a speed increase during bootup. However, the downside is that it doesn't always load modules in the same order each time, which can cause problems with things like sound cards and network cards (if you have more than one of them). See below for more info on this.<br />
<br />
==About modules auto-loading==<br />
udev will not do ''any'' module loading for you unless {{Codeline|MOD_AUTOLOAD}} is enabled in {{Filename|/etc/rc.conf}}. If you disable auto-loading you must manually load the modules you want/need by putting the list in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}, you can generate this list with the {{Codeline|hwdetect --modules}} command.<br />
<br />
==About udev rules==<br />
udev rules go in {{Filename|/etc/udev/rules.d/}}, their file name has to end with {{Filename|.rules}}.<br />
<br />
If you want to learn how to write udev rules see [http://www.reactivated.net/writing_udev_rules.html Writing udev rules].<br />
<br />
To get a list of all the attributes of a device you can use to write rules:<br />
# udevadm info -a -p $(udevadm info -q path -n [device name])<br />
<br />
Replace [device name] with the device present in the system, such as '/dev/sda' or '/dev/ttyUSB0'.<br />
<br />
To restart the udev system once you create or modify udev rules, run the following command. Hotpluggable devices, such as USB devices, will probably have to be reconnected for the new rules to take effect.<br />
# udevadm control restart<br />
<br />
== Tips & Tricks ==<br />
=== Auto mounting USB devices ===<br />
{{Note|In the following rules the mount options are defined as {{Codeline|<nowiki>ENV{mount_options}="relatime"</nowiki>}}, see {{Codeline|man mount}} (and possibly {{Codeline|man ntfs-3g}}) for all available options and [[Maximizing Performance#Mount options]] for performance-related options.}}<br />
{{Note|The {{Codeline|users}} mount option will '''not''' allow users to unmount the filesystem.}}<br />
{{Tip|The {{Codeline|noexec}} mount option prevents execution of binaries on the mounted filesystem.}}<br />
==== Mount under {{Filename|/media}}; use partition label if present; support LUKS encryption ====<br />
This udev rule set automatically mounts devices/partitions that are represented by /dev/sd* (USB drives, external hard drives and sometimes SD cards). If a partition label is available, it mounts the device to /media/<label> and otherwise to /media/usbhd-sd*, e.g. /media/usbhd-sdb1. If the plugged in device is a LUKS-encrypted partition, it will open a xterm window to ask for the passphrase (provided that xterm is installed). Also see [http://bbs.archlinux.org/viewtopic.php?pid=696239#p696239 this post] and the follow-ups.<br />
<br />
{{Note|You may need to modify the path to cryptsetup, depending on the version installed (e.g., < 1.1.1_rc2-1).}}<br />
<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Do not mount devices on boot because otherwise fsck may fail<br />
ACTION=="add", PROGRAM!="/bin/grep ' / / rw[, ]' /proc/self/mountinfo", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Open LUKS partition if necessary<br />
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"<br />
ENV{crypto}=="", ENV{device}="%N"<br />
ACTION=="add", ENV{crypto}!="", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /sbin/cryptsetup luksOpen %N %k'"<br />
ACTION=="add", ENV{crypto}!="", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="noatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Get label if present, otherwise assign one<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"<br />
# Use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Mount the device<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'"<br />
ACTION=="remove", ENV{crypto}!="", RUN+="/sbin/cryptsetup luksClose %k"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support user un-mounting ====<br />
This is a variation on the above rule set. It uses pmount (which will need to be installed) instead of mount, allowing a non-root user to unmount udev-mounted devices. The required username must be hard-coded in the RUN command, so this rule set may not be suitable for multi-user systems. LUKS support has also been removed from the example, but can be easily reinstated as above.<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-with-pmount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Get label<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %N", ENV{dir_name}="%c"<br />
# use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pmount %N %E{dir_name}'"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pumount /media/%E{dir_name}'"<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/mnt}}; create symbolic link under {{Filename|/media}} ====<br />
The following rule set does not make use of partition labels; instead it mounts devices as usbhd-sdXY under the /mnt directory (ex: /mnt/usbhd-sdb1) and creates a symbolic link under /media.<br />
{{File|name=/etc/udev/rules.d/11-mnt-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="mnt_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount under /mnt and create the symbolic link in /media <br />
ACTION=="add", RUN+="/bin/mount -o $env{mount_options} /dev/%k /mnt/usbhd-%k", RUN+="/bin/ln -s /mnt/usbhd-%k /media/usbhd-%k"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", RUN+="/bin/rm -f /media/usbhd-%k", RUN+="/bin/umount -l /mnt/usbhd-%k", RUN+="/bin/rmdir /mnt/usbhd-%k"<br />
<br />
# Exit<br />
LABEL="mnt_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present ====<br />
The following rule set mounts under /media, using the partition label if present. If no label exists, the device is mounted as usbhd-sdXY (ex: /media/usbhd-sdb2):<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise specify one<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}} ''only'' if the partition has a label ====<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-only-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ENV{ID_FS_LABEL}=="", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/$env{ID_FS_LABEL}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/$env{ID_FS_LABEL}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{ID_FS_LABEL}!="", RUN+="/bin/umount -l /media/$env{ID_FS_LABEL}", RUN+="/bin/rmdir /media/$env{ID_FS_LABEL}"<br />
<br />
# Exit<br />
LABEL="media_by_label_only_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount SD cards ====<br />
The same rules as above can be used to auto-mount SD cards, you just need to replace {{Codeline|sd[a-z][0-9]}} by {{Codeline|mmcblk[0-9]p[0-9]}}:<br />
{{File|name=/etc/udev/rules.d/11-sd-cards-auto-mount.rules|content=<nowiki><br />
KERNEL!="mmcblk[0-9]p[0-9]", GOTO="sd_cards_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/ln -s /media/sd-%k /mnt/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"<br />
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"<br />
LABEL="sd_cards_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Accessing Firmware Programmers and USB Virtual Comm Devices ====<br />
The following ruleset will allow normal users (within the "users" group) the ability to access the [http://www.ladyada.net/make/usbtinyisp/ USBtinyISP] USB programmer for AVR microcontrollers and a generic (SiLabs [http://www.silabs.com/products/interface/usbtouart CP2102]) USB to UART adapter. Adjust the permissions accordingly. Verified as of 2010-02-11.<br />
<br />
{{File|name=/etc/udev/rules.d/50-embedded_devices.rules|content=<nowiki><br />
# USBtinyISP Programmer rules<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="users", MODE="0666"<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0479", GROUP="users", MODE="0666"<br />
<br />
# Mdfly.com Generic (SiLabs CP2102) 3.3v/5v USB VComm adapter<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", GROUP="users", MODE="0666"<br />
</nowiki>}}<br />
<br />
==Troubleshooting==<br />
=== Disabling modules auto-loading with the load_modules boot parameter ===<br />
If you pass {{Codeline|<nowiki>load_modules=off</nowiki>}} on your kernel boot line, then udev will skip all the auto-loading business. This is to provide you with a big ripcord to pull if something goes wrong. If udev loads a problematic module that hangs your system or something equally awful, then you can bypass auto-loading with this parameter, then go in and blacklist the offensive module(s).<br />
<br />
=== Blacklisting Modules ===<br />
In rare cases, Udev can make mistakes and load the wrong modules. To prevent it from doing this, you can blacklist modules. Once blacklisted, udev will never load that module. Not at boot-time ''or'' later on when a hotplug event is received (ie, you plug in your USB flash drive).<br />
<br />
To blacklist a module, just prefix it with a bang (!) in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}:<br />
MODULES=(!moduleA !moduleB)<br />
<br />
=== Known Problems with Hardware ===<br />
====BusLogic devices can be broken and will cause a freeze during startup====<br />
This is a kernel bug and no fix has been provided yet.<br />
====PCMCIA Card readers are not treated as removable devices====<br />
To get access to them with hal's pmount backend add them to {{Filename|/etc/pmount.allow}}<br />
<br />
=== Known Problems with Auto-Loading ===<br />
==== CPU frequency modules ====<br />
The current detection method for the various CPU frequency controllers is inadequate, so this has been omitted from the auto-loading process for the time being. To use CPU frequency scaling, load the proper module explicitly in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}.<br />
<br />
==== Sound Problems or Some Modules Not Loaded Automatically ====<br />
Some users have traced this problem to old entries in {{Codeline|/etc/modprobe.conf}}. Try cleaning that file out and trying again.<br />
<br />
==== Mixed Up Devices, Sound/Network Cards Changing Order Each Boot ====<br />
Because udev loads all modules asynchronously, they are initialized in a different order. This can result in devices randomly switching names. For example, with two network cards, you may notice a switching of designations between {{Codeline|eth0}} and {{Codeline|eth1}}.<br />
<br />
Arch Linux provides the advantage of specifying the module load order by listing the modules in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}. Modules in this array are loaded before udev begins auto-loading, so you have full control over the load order.<br />
<br />
# Always load 8139too before e100<br />
MODULES=(8139too e100)<br />
<br />
Another method for network card ordering is to use the udev-sanctioned method of statically-naming each interface. Create the following file to bind the MAC address of each of your cards to a certain interface name:<br />
{{File|name=/etc/udev/rules.d/10-network.rules|content=<nowiki><br />
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="wlan0"<br />
</nowiki>}}<br />
<br />
A couple things to note:<br />
* To get the MAC address of each card, use this command: {{Codeline|udevadm info -a -p /sys/class/net/<yourdevice> | grep address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
* Some people have problems naming their interfaces after the old style: eth0, eth1, etc. Try something like "lan" or "wlan" if you experience this problem.<br />
<br />
Don't forget to update your {{Filename|/etc/rc.conf}} and other configuration files using the old ethX notation!<br />
<br />
=== Known Problems for Custom Kernel Users ===<br />
==== Udev doesn't start at all ====<br />
Make sure you have a kernel version later than or equal to 2.6.15. Earlier kernels do not have the necessary uevent stuff that udev needs for auto-loading.<br />
<br />
==== CD/DVD symlinks and permissions are broken ====<br />
If you're using a 2.6.15 kernel, you'll need the uevent patch from ABS (which backports certain uevent functionality from 2.6.16). Just sync up your ABS tree with the {{Codeline|abs}} command, then you'll find the patch in {{Codeline|/var/abs/kernels/kernel26/}}.<br />
<br />
==Other Resources==<br />
* [http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Udev Homepage]<br />
* [http://www.linux.com/news/hardware/peripherals/180950-udev An Introduction to Udev]<br />
* [http://vger.kernel.org/vger-lists.html#linux-hotplug Udev mailing list information]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Udev&diff=105758Udev2010-05-05T23:20:07Z<p>Thayer: /* Mounting to {{Filename|/media}} only if the partition has a label */</p>
<hr />
<div>[[Category:Hardware detection and troubleshooting (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Auto-mounting (English)]]<br />
{{i18n|Udev}}<br />
<br />
== Introduction ==<br />
''"udev is the device manager for the Linux 2.6 kernel series. Primarily, it manages device nodes in {{Filename|/dev}}. It is the successor of devfs and hotplug, which means that it handles the {{Filename|/dev}} directory and all user space actions when adding/removing devices, including firmware load."'' Source: [http://en.wikipedia.org/wiki/Udev Wikipedia]<br />
<br />
udev replaces the functionality of both {{Codeline|hotplug}} and {{Codeline|hwdetect}}.<br />
<br />
udev loads kernel modules simultaneously, which can provide a speed increase during bootup. However, the downside is that it doesn't always load modules in the same order each time, which can cause problems with things like sound cards and network cards (if you have more than one of them). See below for more info on this.<br />
<br />
==About modules auto-loading==<br />
udev will not do ''any'' module loading for you unless {{Codeline|MOD_AUTOLOAD}} is enabled in {{Filename|/etc/rc.conf}}. If you disable auto-loading you must manually load the modules you want/need by putting the list in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}, you can generate this list with the {{Codeline|hwdetect --modules}} command.<br />
<br />
==About udev rules==<br />
udev rules go in {{Filename|/etc/udev/rules.d/}}, their file name has to end with {{Filename|.rules}}.<br />
<br />
If you want to learn how to write udev rules see [http://www.reactivated.net/writing_udev_rules.html Writing udev rules].<br />
<br />
To get a list of all the attributes of a device you can use to write rules:<br />
# udevadm info -a -p $(udevadm info -q path -n [device name])<br />
<br />
Replace [device name] with the device present in the system, such as '/dev/sda' or '/dev/ttyUSB0'.<br />
<br />
To restart the udev system once you create or modify udev rules, run the following command. Hotpluggable devices, such as USB devices, will probably have to be reconnected for the new rules to take effect.<br />
# udevadm control restart<br />
<br />
== Tips & Tricks ==<br />
=== Auto mounting USB devices ===<br />
{{Note|In the following rules the mount options are defined as {{Codeline|<nowiki>ENV{mount_options}="relatime"</nowiki>}}, see {{Codeline|man mount}} (and possibly {{Codeline|man ntfs-3g}}) for all available options and [[Maximizing Performance#Mount options]] for performance-related options.}}<br />
{{Note|The {{Codeline|users}} mount option will '''not''' allow users to unmount the filesystem.}}<br />
{{Tip|The {{Codeline|noexec}} mount option prevents execution of binaries on the mounted filesystem.}}<br />
==== Mount under {{Filename|/media}}; use partition label if present; support LUKS encryption ====<br />
This udev rule set automatically mounts devices/partitions that are represented by /dev/sd* (USB drives, external hard drives and sometimes SD cards). If a partition label is available, it mounts the device to /media/<label> and otherwise to /media/usbhd-sd*, e.g. /media/usbhd-sdb1. If the plugged in device is a LUKS-encrypted partition, it will open a xterm window to ask for the passphrase (provided that xterm is installed). Also see [http://bbs.archlinux.org/viewtopic.php?pid=696239#p696239 this post] and the follow-ups.<br />
<br />
{{Note|You may need to modify the path to cryptsetup, depending on the version installed (e.g., < 1.1.1_rc2-1).}}<br />
<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Do not mount devices on boot because otherwise fsck may fail<br />
ACTION=="add", PROGRAM!="/bin/grep ' / / rw[, ]' /proc/self/mountinfo", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Open LUKS partition if necessary<br />
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"<br />
ENV{crypto}=="", ENV{device}="%N"<br />
ACTION=="add", ENV{crypto}!="", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /sbin/cryptsetup luksOpen %N %k'"<br />
ACTION=="add", ENV{crypto}!="", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="noatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Get label if present, otherwise assign one<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"<br />
# Use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Mount the device<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'"<br />
ACTION=="remove", ENV{crypto}!="", RUN+="/sbin/cryptsetup luksClose %k"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support user un-mounting ====<br />
This is a variation on the above rule set. It uses pmount (which will need to be installed) instead of mount, allowing a non-root user to unmount udev-mounted devices. The required username must be hard-coded in the RUN command, so this rule set may not be suitable for multi-user systems. LUKS support has also been removed from the example, but can be easily reinstated as above.<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-with-pmount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Get label<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %N", ENV{dir_name}="%c"<br />
# use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pmount %N %E{dir_name}'"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pumount /media/%E{dir_name}'"<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/mnt}}; create symbolic link under {{Filename|/media}} ====<br />
The following rule set does not make use of partition labels; instead it mounts devices as usbhd-sdXY under the /mnt directory (ex: /mnt/usbhd-sdb1) and creates a symbolic link under /media.<br />
{{File|name=/etc/udev/rules.d/11-mnt-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="mnt_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount under /mnt and create the symbolic link in /media <br />
ACTION=="add", RUN+="/bin/mount -o $env{mount_options} /dev/%k /mnt/usbhd-%k", RUN+="/bin/ln -s /mnt/usbhd-%k /media/usbhd-%k"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", RUN+="/bin/rm -f /media/usbhd-%k", RUN+="/bin/umount -l /mnt/usbhd-%k", RUN+="/bin/rmdir /mnt/usbhd-%k"<br />
<br />
# Exit<br />
LABEL="mnt_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present ====<br />
The following rule set mounts under /media, using the partition label if present. If no label exists, the device is mounted as usbhd-sdXY (ex: /media/usbhd-sdb2):<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise specify one<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}} ''only'' if the partition has a label ====<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-only-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ENV{ID_FS_LABEL}=="", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/$env{ID_FS_LABEL}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/$env{ID_FS_LABEL}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{ID_FS_LABEL}!="", RUN+="/bin/umount -l /media/$env{ID_FS_LABEL}", RUN+="/bin/rmdir /media/$env{ID_FS_LABEL}"<br />
<br />
# Exit<br />
LABEL="media_by_label_only_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mounting SD cards ====<br />
The same rules as above can be used to auto-mount SD cards, you just need to replace {{Codeline|sd[a-z][0-9]}} by {{Codeline|mmcblk[0-9]p[0-9]}}:<br />
{{File|name=/etc/udev/rules.d/11-sd-cards-auto-mount.rules|content=<nowiki><br />
KERNEL!="mmcblk[0-9]p[0-9]", GOTO="sd_cards_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/ln -s /media/sd-%k /mnt/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"<br />
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"<br />
LABEL="sd_cards_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Accessing Firmware Programmers and USB Virtual Comm Devices ====<br />
The following ruleset will allow normal users (within the "users" group) the ability to access the [http://www.ladyada.net/make/usbtinyisp/ USBtinyISP] USB programmer for AVR microcontrollers and a generic (SiLabs [http://www.silabs.com/products/interface/usbtouart CP2102]) USB to UART adapter. Adjust the permissions accordingly. Verified as of 2010-02-11.<br />
<br />
{{File|name=/etc/udev/rules.d/50-embedded_devices.rules|content=<nowiki><br />
# USBtinyISP Programmer rules<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="users", MODE="0666"<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0479", GROUP="users", MODE="0666"<br />
<br />
# Mdfly.com Generic (SiLabs CP2102) 3.3v/5v USB VComm adapter<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", GROUP="users", MODE="0666"<br />
</nowiki>}}<br />
<br />
==Troubleshooting==<br />
=== Disabling modules auto-loading with the load_modules boot parameter ===<br />
If you pass {{Codeline|<nowiki>load_modules=off</nowiki>}} on your kernel boot line, then udev will skip all the auto-loading business. This is to provide you with a big ripcord to pull if something goes wrong. If udev loads a problematic module that hangs your system or something equally awful, then you can bypass auto-loading with this parameter, then go in and blacklist the offensive module(s).<br />
<br />
=== Blacklisting Modules ===<br />
In rare cases, Udev can make mistakes and load the wrong modules. To prevent it from doing this, you can blacklist modules. Once blacklisted, udev will never load that module. Not at boot-time ''or'' later on when a hotplug event is received (ie, you plug in your USB flash drive).<br />
<br />
To blacklist a module, just prefix it with a bang (!) in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}:<br />
MODULES=(!moduleA !moduleB)<br />
<br />
=== Known Problems with Hardware ===<br />
====BusLogic devices can be broken and will cause a freeze during startup====<br />
This is a kernel bug and no fix has been provided yet.<br />
====PCMCIA Card readers are not treated as removable devices====<br />
To get access to them with hal's pmount backend add them to {{Filename|/etc/pmount.allow}}<br />
<br />
=== Known Problems with Auto-Loading ===<br />
==== CPU frequency modules ====<br />
The current detection method for the various CPU frequency controllers is inadequate, so this has been omitted from the auto-loading process for the time being. To use CPU frequency scaling, load the proper module explicitly in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}.<br />
<br />
==== Sound Problems or Some Modules Not Loaded Automatically ====<br />
Some users have traced this problem to old entries in {{Codeline|/etc/modprobe.conf}}. Try cleaning that file out and trying again.<br />
<br />
==== Mixed Up Devices, Sound/Network Cards Changing Order Each Boot ====<br />
Because udev loads all modules asynchronously, they are initialized in a different order. This can result in devices randomly switching names. For example, with two network cards, you may notice a switching of designations between {{Codeline|eth0}} and {{Codeline|eth1}}.<br />
<br />
Arch Linux provides the advantage of specifying the module load order by listing the modules in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}. Modules in this array are loaded before udev begins auto-loading, so you have full control over the load order.<br />
<br />
# Always load 8139too before e100<br />
MODULES=(8139too e100)<br />
<br />
Another method for network card ordering is to use the udev-sanctioned method of statically-naming each interface. Create the following file to bind the MAC address of each of your cards to a certain interface name:<br />
{{File|name=/etc/udev/rules.d/10-network.rules|content=<nowiki><br />
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="wlan0"<br />
</nowiki>}}<br />
<br />
A couple things to note:<br />
* To get the MAC address of each card, use this command: {{Codeline|udevadm info -a -p /sys/class/net/<yourdevice> | grep address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
* Some people have problems naming their interfaces after the old style: eth0, eth1, etc. Try something like "lan" or "wlan" if you experience this problem.<br />
<br />
Don't forget to update your {{Filename|/etc/rc.conf}} and other configuration files using the old ethX notation!<br />
<br />
=== Known Problems for Custom Kernel Users ===<br />
==== Udev doesn't start at all ====<br />
Make sure you have a kernel version later than or equal to 2.6.15. Earlier kernels do not have the necessary uevent stuff that udev needs for auto-loading.<br />
<br />
==== CD/DVD symlinks and permissions are broken ====<br />
If you're using a 2.6.15 kernel, you'll need the uevent patch from ABS (which backports certain uevent functionality from 2.6.16). Just sync up your ABS tree with the {{Codeline|abs}} command, then you'll find the patch in {{Codeline|/var/abs/kernels/kernel26/}}.<br />
<br />
==Other Resources==<br />
* [http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Udev Homepage]<br />
* [http://www.linux.com/news/hardware/peripherals/180950-udev An Introduction to Udev]<br />
* [http://vger.kernel.org/vger-lists.html#linux-hotplug Udev mailing list information]</div>Thayerhttps://wiki.archlinux.org/index.php?title=Udev&diff=105757Udev2010-05-05T22:55:14Z<p>Thayer: damnit, line breaks don't work after commas!</p>
<hr />
<div>[[Category:Hardware detection and troubleshooting (English)]]<br />
[[Category:HOWTOs (English)]]<br />
[[Category:Auto-mounting (English)]]<br />
{{i18n|Udev}}<br />
<br />
== Introduction ==<br />
''"udev is the device manager for the Linux 2.6 kernel series. Primarily, it manages device nodes in {{Filename|/dev}}. It is the successor of devfs and hotplug, which means that it handles the {{Filename|/dev}} directory and all user space actions when adding/removing devices, including firmware load."'' Source: [http://en.wikipedia.org/wiki/Udev Wikipedia]<br />
<br />
udev replaces the functionality of both {{Codeline|hotplug}} and {{Codeline|hwdetect}}.<br />
<br />
udev loads kernel modules simultaneously, which can provide a speed increase during bootup. However, the downside is that it doesn't always load modules in the same order each time, which can cause problems with things like sound cards and network cards (if you have more than one of them). See below for more info on this.<br />
<br />
==About modules auto-loading==<br />
udev will not do ''any'' module loading for you unless {{Codeline|MOD_AUTOLOAD}} is enabled in {{Filename|/etc/rc.conf}}. If you disable auto-loading you must manually load the modules you want/need by putting the list in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}, you can generate this list with the {{Codeline|hwdetect --modules}} command.<br />
<br />
==About udev rules==<br />
udev rules go in {{Filename|/etc/udev/rules.d/}}, their file name has to end with {{Filename|.rules}}.<br />
<br />
If you want to learn how to write udev rules see [http://www.reactivated.net/writing_udev_rules.html Writing udev rules].<br />
<br />
To get a list of all the attributes of a device you can use to write rules:<br />
# udevadm info -a -p $(udevadm info -q path -n [device name])<br />
<br />
Replace [device name] with the device present in the system, such as '/dev/sda' or '/dev/ttyUSB0'.<br />
<br />
To restart the udev system once you create or modify udev rules, run the following command. Hotpluggable devices, such as USB devices, will probably have to be reconnected for the new rules to take effect.<br />
# udevadm control restart<br />
<br />
== Tips & Tricks ==<br />
=== Auto mounting USB devices ===<br />
{{Note|In the following rules the mount options are defined as {{Codeline|<nowiki>ENV{mount_options}="relatime"</nowiki>}}, see {{Codeline|man mount}} (and possibly {{Codeline|man ntfs-3g}}) for all available options and [[Maximizing Performance#Mount options]] for performance-related options.}}<br />
{{Note|The {{Codeline|users}} mount option will '''not''' allow users to unmount the filesystem.}}<br />
{{Tip|The {{Codeline|noexec}} mount option prevents execution of binaries on the mounted filesystem.}}<br />
==== Mount under {{Filename|/media}}; use partition label if present; support LUKS encryption ====<br />
This udev rule set automatically mounts devices/partitions that are represented by /dev/sd* (USB drives, external hard drives and sometimes SD cards). If a partition label is available, it mounts the device to /media/<label> and otherwise to /media/usbhd-sd*, e.g. /media/usbhd-sdb1. If the plugged in device is a LUKS-encrypted partition, it will open a xterm window to ask for the passphrase (provided that xterm is installed). Also see [http://bbs.archlinux.org/viewtopic.php?pid=696239#p696239 this post] and the follow-ups.<br />
<br />
{{Note|You may need to modify the path to cryptsetup, depending on the version installed (e.g., < 1.1.1_rc2-1).}}<br />
<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Do not mount devices on boot because otherwise fsck may fail<br />
ACTION=="add", PROGRAM!="/bin/grep ' / / rw[, ]' /proc/self/mountinfo", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Open LUKS partition if necessary<br />
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"<br />
ENV{crypto}=="", ENV{device}="%N"<br />
ACTION=="add", ENV{crypto}!="", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /sbin/cryptsetup luksOpen %N %k'"<br />
ACTION=="add", ENV{crypto}!="", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="noatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Get label if present, otherwise assign one<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"<br />
# Use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Mount the device<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'"<br />
ACTION=="remove", ENV{crypto}!="", RUN+="/sbin/cryptsetup luksClose %k"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/rmdir '/media/%E{dir_name}'"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present; support user un-mounting ====<br />
This is a variation on the above rule set. It uses pmount (which will need to be installed) instead of mount, allowing a non-root user to unmount udev-mounted devices. The required username must be hard-coded in the RUN command, so this rule set may not be suitable for multi-user systems. LUKS support has also been removed from the example, but can be easily reinstated as above.<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-with-pmount.rules|content=<nowiki><br />
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"<br />
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Get label<br />
PROGRAM=="/sbin/blkid -o value -s LABEL %N", ENV{dir_name}="%c"<br />
# use basename to correctly handle labels such as ../mnt/foo<br />
PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"<br />
ENV{dir_name}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
ACTION=="add", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pmount %N %E{dir_name}'"<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/su tomk -c '/usr/bin/pumount /media/%E{dir_name}'"<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/mnt}}; create symbolic link under {{Filename|/media}} ====<br />
The following rule set does not make use of partition labels; instead it mounts devices as usbhd-sdXY under the /mnt directory (ex: /mnt/usbhd-sdb1) and creates a symbolic link under /media.<br />
{{File|name=/etc/udev/rules.d/11-mnt-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="mnt_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem-specific mount options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount under /mnt and create the symbolic link in /media <br />
ACTION=="add", RUN+="/bin/mount -o $env{mount_options} /dev/%k /mnt/usbhd-%k", RUN+="/bin/ln -s /mnt/usbhd-%k /media/usbhd-%k"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", RUN+="/bin/rm -f /media/usbhd-%k", RUN+="/bin/umount -l /mnt/usbhd-%k", RUN+="/bin/rmdir /mnt/usbhd-%k"<br />
<br />
# Exit<br />
LABEL="mnt_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mount under {{Filename|/media}}; use partition label if present ====<br />
The following rule set mounts under /media, using the partition label if present. If no label exists, the device is mounted as usbhd-sdXY (ex: /media/usbhd-sdb2):<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
<br />
# Get a label if present, otherwise specify one<br />
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"<br />
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
# Mount the device<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"<br />
<br />
# Clean up after removal<br />
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"<br />
<br />
# Exit<br />
LABEL="media_by_label_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mounting to {{Filename|/media}} only if the partition has a label ====<br />
{{File|name=/etc/udev/rules.d/11-media-by-label-only-auto-mount.rules|content=<nowiki><br />
KERNEL!="sd[a-z][0-9]", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Import FS infos<br />
IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ENV{ID_FS_LABEL}=="", GOTO="media_by_label_only_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/$env{ID_FS_LABEL}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/$env{ID_FS_LABEL}"<br />
ACTION=="remove", ENV{ID_FS_LABEL}!="", RUN+="/bin/umount -l /media/$env{ID_FS_LABEL}", RUN+="/bin/rmdir /media/$env{ID_FS_LABEL}"<br />
LABEL="media_by_label_only_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Mounting SD cards ====<br />
The same rules as above can be used to auto-mount SD cards, you just need to replace {{Codeline|sd[a-z][0-9]}} by {{Codeline|mmcblk[0-9]p[0-9]}}:<br />
{{File|name=/etc/udev/rules.d/11-sd-cards-auto-mount.rules|content=<nowiki><br />
KERNEL!="mmcblk[0-9]p[0-9]", GOTO="sd_cards_auto_mount_end"<br />
<br />
# Global mount options<br />
ACTION=="add", ENV{mount_options}="relatime"<br />
# Filesystem specific options<br />
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"<br />
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,gid=100,umask=002"<br />
<br />
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/ln -s /media/sd-%k /mnt/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"<br />
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"<br />
LABEL="sd_cards_auto_mount_end"<br />
</nowiki>}}<br />
<br />
==== Accessing Firmware Programmers and USB Virtual Comm Devices ====<br />
The following ruleset will allow normal users (within the "users" group) the ability to access the [http://www.ladyada.net/make/usbtinyisp/ USBtinyISP] USB programmer for AVR microcontrollers and a generic (SiLabs [http://www.silabs.com/products/interface/usbtouart CP2102]) USB to UART adapter. Adjust the permissions accordingly. Verified as of 2010-02-11.<br />
<br />
{{File|name=/etc/udev/rules.d/50-embedded_devices.rules|content=<nowiki><br />
# USBtinyISP Programmer rules<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="users", MODE="0666"<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="0479", GROUP="users", MODE="0666"<br />
<br />
# Mdfly.com Generic (SiLabs CP2102) 3.3v/5v USB VComm adapter<br />
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", GROUP="users", MODE="0666"<br />
</nowiki>}}<br />
<br />
==Troubleshooting==<br />
=== Disabling modules auto-loading with the load_modules boot parameter ===<br />
If you pass {{Codeline|<nowiki>load_modules=off</nowiki>}} on your kernel boot line, then udev will skip all the auto-loading business. This is to provide you with a big ripcord to pull if something goes wrong. If udev loads a problematic module that hangs your system or something equally awful, then you can bypass auto-loading with this parameter, then go in and blacklist the offensive module(s).<br />
<br />
=== Blacklisting Modules ===<br />
In rare cases, Udev can make mistakes and load the wrong modules. To prevent it from doing this, you can blacklist modules. Once blacklisted, udev will never load that module. Not at boot-time ''or'' later on when a hotplug event is received (ie, you plug in your USB flash drive).<br />
<br />
To blacklist a module, just prefix it with a bang (!) in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}:<br />
MODULES=(!moduleA !moduleB)<br />
<br />
=== Known Problems with Hardware ===<br />
====BusLogic devices can be broken and will cause a freeze during startup====<br />
This is a kernel bug and no fix has been provided yet.<br />
====PCMCIA Card readers are not treated as removable devices====<br />
To get access to them with hal's pmount backend add them to {{Filename|/etc/pmount.allow}}<br />
<br />
=== Known Problems with Auto-Loading ===<br />
==== CPU frequency modules ====<br />
The current detection method for the various CPU frequency controllers is inadequate, so this has been omitted from the auto-loading process for the time being. To use CPU frequency scaling, load the proper module explicitly in your {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}.<br />
<br />
==== Sound Problems or Some Modules Not Loaded Automatically ====<br />
Some users have traced this problem to old entries in {{Codeline|/etc/modprobe.conf}}. Try cleaning that file out and trying again.<br />
<br />
==== Mixed Up Devices, Sound/Network Cards Changing Order Each Boot ====<br />
Because udev loads all modules asynchronously, they are initialized in a different order. This can result in devices randomly switching names. For example, with two network cards, you may notice a switching of designations between {{Codeline|eth0}} and {{Codeline|eth1}}.<br />
<br />
Arch Linux provides the advantage of specifying the module load order by listing the modules in the {{Codeline|MODULES}} array in {{Filename|[[rc.conf]]}}. Modules in this array are loaded before udev begins auto-loading, so you have full control over the load order.<br />
<br />
# Always load 8139too before e100<br />
MODULES=(8139too e100)<br />
<br />
Another method for network card ordering is to use the udev-sanctioned method of statically-naming each interface. Create the following file to bind the MAC address of each of your cards to a certain interface name:<br />
{{File|name=/etc/udev/rules.d/10-network.rules|content=<nowiki><br />
SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="lan0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="wlan0"<br />
</nowiki>}}<br />
<br />
A couple things to note:<br />
* To get the MAC address of each card, use this command: {{Codeline|udevadm info -a -p /sys/class/net/<yourdevice> | grep address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
* Some people have problems naming their interfaces after the old style: eth0, eth1, etc. Try something like "lan" or "wlan" if you experience this problem.<br />
<br />
Don't forget to update your {{Filename|/etc/rc.conf}} and other configuration files using the old ethX notation!<br />
<br />
=== Known Problems for Custom Kernel Users ===<br />
==== Udev doesn't start at all ====<br />
Make sure you have a kernel version later than or equal to 2.6.15. Earlier kernels do not have the necessary uevent stuff that udev needs for auto-loading.<br />
<br />
==== CD/DVD symlinks and permissions are broken ====<br />
If you're using a 2.6.15 kernel, you'll need the uevent patch from ABS (which backports certain uevent functionality from 2.6.16). Just sync up your ABS tree with the {{Codeline|abs}} command, then you'll find the patch in {{Codeline|/var/abs/kernels/kernel26/}}.<br />
<br />
==Other Resources==<br />
* [http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Udev Homepage]<br />
* [http://www.linux.com/news/hardware/peripherals/180950-udev An Introduction to Udev]<br />
* [http://vger.kernel.org/vger-lists.html#linux-hotplug Udev mailing list information]</div>Thayer