====================
== $13 sandwiches ==
====================
fun things are fun

2025 01 16

networking

    Got up to something slightly different today. I decided to try configuring an ssh host on raspi. Configuring ssh was easy enough, so I had to make things secure. I tried to jail the user using jailkit, but it wasn’t playing too nicely given that everytime I try to su to the jailed user, nothing actually happens. I then followed a manual guide I found online. Create directory, secure directory, create user appropriately, & tune ssh. It seemed deceptively easy & worked wonderfully, until I tried importing other commands. I could ssh into the jailed user perfectly fine. The scope seemed fine. But anything other than the basic pwd,history,echo, etc did not work. The terminal kept nagging can't find username for uid 1000. Wtf. I am honsetly quite out of breadth in tackling these fine details. Nevertheless, googling led me to pinpoint I was missing the libnss_sss shared library, which seemed to be a uid enumerator daemon of sorts. Problem was, the github thread that answered in question was using x86 libraries, whereas the raspi was on aarch64. I ran outta luck seeing the library did not appear in the /lib/aarch64-linux-gnu/ folder, but the presence of other libnss libraries gave a sliver of hope. There were ~20 libraries, & my lazy ass was not about to import em all. Googling also ran dry seeing as the only problem seen was for NixOS, where their fix was simply the library being in another folder, or downloading an external application (safety first, definitely not an option here). Still couldn’t find it. In retrospect, I wonder why I was too lazy to just search the file system. However, I had the idea to use ltrace. Who thought my rev experience would come in handy at a time like this? Anyways, raspi couldn’t resolve ltrace, likely due to it somehow not being in the raspbian apt repo. Fortunately, strace was still available. With strace whoami, the latter being the prime candidate to single out our mythical library, I managed to tease out a libnss shared library. Given that syscalls are pretty elementary, libraries would have to be loaded as params to a syscall when invoked. Thus we got libnss_file.so.2. & what do you know, it was all sunshine & rainbows afterwards… (For some reason, backspace registered in the visible terminal as a space, & any advanced ssh options such as jumping gives errors even google hasn’t seen before).
    Also, this laptop I’ve been using has been randomly getting BSODs. It’s really annoying, & I’m nervous about it happening at a crucial time. Should probably get it checked soon.