Puffy Spezial

Page content

Some OpenBSD Tipps and Trick. You may also check the Blogs directly …

Supported Hardware (Wlan)

wlan and openbsd is a somewhat tiresome topic … neverless, lot of chipset are supported. you just have to buy the right hardware

AR9280+AR7010 2GHz/5GHz 2x2:2 USB 2.0
AR9271        2GHz      1x1:1 USB 2.0
AR9287+AR7010 2GHz      2x2:2 USB 2.0

PF Rule Expander

# ipv4
echo "pass log inet proto tcp from any to self port 22" |pfctl -nvf - |sort

# ipv6
echo "pass log inet proto tcp from any to self port 22" |pfctl -nvf - |sort

# dualstack
echo "pass log proto tcp from any to self port 22" |pfctl -nvf - |sort

remove File based on Inode

you have files with strange name which you can’t delete. try this.

ls -il -> grab nr
find . -inum $mynr -exec ls -i {} \;
find . -inum $mynr -exec rm -i {} \;

Read Env from File

env $( </some/file ) [command]

boot from usb stick

if you attach your usb stick, you will get an additional drive, here hd1+. you can boot from this stick and do a fresh install, upgrade, autoinstall as you want :)

Using drive 0, partition 3.
probing: pc0 com0 com1 mem[638K 1918M a20=on]
disk: hd0+ hd1+
>> OpenBSD/amd64 BOOT 3.33
boot> boot hd1d:/bsd.rd

Backup File

simple backup a file with shell expanding

doas cp /etc/hosts{,.bak}

Test SSH Config and Failback

need to test a config and failback if you locked out yourself ? -> you’ve got two minutes to reattach tmux and stop the command or your sshd_config will fail back :)

cd /etc/ssh
cp sshd_config{,.bak}
update your sshd_config with your dirty hack
rcctl restart sshd && sleep 120 && mv sshd_config{.bak,} && rcctl restart sshd

Count Open File Descriptors for Process ID

# fstat -np 43704 |echo $(($(wc -l)-1))

8 Port USB/Serial Box, how to activate Port 5-8

cd /dev; ./MAKEDEV ttyU4 ttyU5 ttyU6 ttyU7

OpenBSD Crontab

Run once, at startup
@yearly   Every January 1 (0 0 1 1 *)
@monthly  Run the first day of every month (0 0 1 * *)
@weekly   Run every Sunday (0 0 * * 0)
@daily    Run every (0 0 * * *)
@hourly   Every hour (0 * * * *)

ASCII to binary

$ echo ASCII to binary | xxd -b -c1 | cut -d\  -f2

OpenBSD hier — layout of filesystems

hier manpage

Default Mail Forwarder

echo gott@world.net > $HOME/.forward

is your host ready for virtualization ?

dmesg |egrep '(VMX/EPT|SVM/RVI)' || echo "NOT READY for virtualization"

README from the OpenBSD packages


combine cat & echo

$ echo "hallo hosts" | { cat; head -1 /etc/hosts; echo "bye hosts"; } 
hallo hosts	localhost
bye hosts

Multiline Regex

find # MyStuff

$ pcregrep -M '#\n# My.*\n#' /etc/acme-client.conf 
# My Stuff

Multiline Regex2



# bla bla bla
in /etc/*
pcregrep -M '^$\n#.*\n#.*\n#.*\n^$\n' /etc/*

Sort File

hint: “cat somefile |sort > somefile” will not work as the file “somefile” will be erased before sending it’s content to the sort programm

sort -o file file

or (shorter)

sort -o file{,}

Fix /dev/null

if you ever broke your /dev/null, fix it like:

mknod -m 666 /dev/null c 2 2

$ ls -la /dev/null
crw-rw-rw-  1 root  wheel    2,   2 Sep 20 01:30 /dev/null

Firmware for APU


or local mirror (v4.13.0.6)

Firmware for APU2, APU3, APU4

Rate Limiting

You may wanna ratelimiting some script, BorgBackup for Example …

doas pkg_add pv

cat << 'EOF' > /usr/local/bin/pv-wrapper

    ## -q, --quiet              do not output any transfer information at all
    ## -L, --rate-limit RATE    limit transfer to RATE bytes per second

# 10 MBit/s -> 1'250'000 Byte/s
pv -q -L $RATE  | "$@"

chmod 755 /usr/local/bin/pv-wrapper

Modify Backup Script

export BORG_RSH='/usr/local/bin/pv-wrapper ssh'

and you can tune the Backup Process while running:

pv -R $(pgrep pv) -L 1250000
pv -R $(pgrep pv) -L 2500000
pv -R $(pgrep pv) -L 5000000

Boot Stuff

let’s reboot bsd.rd next time (-> be sure you have a console to this server!)

echo "bsd.rd" > /etc/boot.conf"

boot from disk

boot> boot hd0a:/bsd


if you have ‘stucked’ mails … you can remove them all or push them again

mailq -> ?
smtpctl flush all -> kill all
smtpctl schedule all -> try again

non-breaking space


vim -b file
set encoding=latin1
set isprint=
set display+=uhex

Updatedb and Move *~to archiv

updatedb && locate *~ |xargs -I '{}' mv '{}' /etc/zzz_archiv/

Run Bulk Commands on remote Hosts

./scripts/getversions.sh |awk '/CHANGED/{ print $1 }' |xargs -I '{}' ssh -A root@'{}' "cd bin; git pull;"

VIM File on Remote host

edit /etc/hosts on remote

vim scp://user@remotehost//etc/hosts

SSH without Pubkey

if you wanna explicitly disable public key authentication for a certain connection. (Remote Host does not support and block you because auf failed Pubkey Auth try …)

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no -l root remote-host

### tcpdump

tcpdump -nettt vio0
tcpdump -netolv vio0
-n    disable name resolution
-e    print link layer
-t    no timestamp
-tt   print timestamp as unix time
-ttt  print time delta with microseconds
-o    unknown
-l    Make stdout line buffered
-v    slightly more verbose output

Install Kernel Sources (45 MB)

ftp -o /tmp/sys.tar.gz https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/sys.tar.gz
cd /usr/src
tar xfz /tmp/sys.tar.gz

Install Userland Soures (190 MB)

ftp -o /tmp/src.tar.gz https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/src.tar.gz
cd /usr/src
tar xfz /tmp/src.tar.gz

Install Ports

ftp -o /tmp/ports.tar.gz https://cdn.openbsd.org/pub/OpenBSD/$(uname -f)/ports.tar.gz
cd /usr
tar xfz /tmp/ports.tar.gz

Install Xenocara

ftp -o /tmp/xenocara.tar.gz https://cdn.openbsd.org/pub/OpenBSD/$(uname -f)/xenocara.tar.gz
cd /usr/xenocara
tar xfz /tmp/xenocara.tar.gz

Compile Kernel with Multiple CPU

if you have multiple (virtual) CPU’s installed (sysctl kern.version -> MP), you wanna use all of them for Compiling a Kernel …

time make -j $(sysctl hw.ncpufound |cut -d= -f 2)

-> 8m05.66s real 24m31.08s user 5m17.71s system

vs single Core …

time make

-> 36m06.84s real 29m06.81s user 5m48.20s system


sha256: 5b9ba4f787f82b36a62f4605171c91978ae2c1d6b3e740355dc0e3e94d417ba9