Run Secure Shell (ssh) on FreeBSD

Here goes another tutorial by user , this time we are shown how to get Secure Shell (ssh) running on FreeBSD.


trustyteenieBottom Line: connecting to other computers over the network can be a risky proposition. In the “days of yore,” *NIX systems would use a program called telnet. One glaring security problem with this command was the user’s password was sent unencrypted over the network.

Secure Shell (ssh) was developed to overcome this deficiency.

This Instructable will show you how to get ssh and its corresponding daemon sshd running on your FreeBSD system.

Step 1: Configure the Secure Shell daemon (sshd)

Picture of Configure the Secure Shell daemon (sshd)
etc ssh.jpg

Your FreeBSD system should be using a version of OpenSSH, a group of network connectivity tools to connect securely to remote machines. OpenSSH encrypts all traffic across connections to minimize exploitation through eavesdropping, spoofing and man-in-the-middle attacks.

First step: See if you have SSH keys already installed:

[Read more…]

Keep your FreeBSD system up-to-date

This short tutorial by user will show you how to keep your FreeBSD system up to date, ensuring you are secure and protected from the latest bugs.

powerTo keep your system working smoothly, OS manufacturers release patches and upgrades on a regular basis. The FreeBSD OS is no different; its benefactor, the FreeBSD Foundation ensures that OS updates are on a regular, scheduled basis. Additional installed software also may require updates to ensure smooth running code. These ports and packages are maintained in central repository to ensure easy dissemination to the widest audience.

What does this mean for you? A very easy and rapid way to keep your system up-to-date and in tip-top shape!

Step 1: Verify a few things.

Picture of Verify a few things.

Know which version of FreeBSD you are running. For this example, I am running FreeBSD 10.1 (as of this writing, this is the most current version). So I can expect only minor updates to the 10.1 code. If you were running 8.x or 9x, you would have to make minor OS updates (e.g. 9.1 to 9.2 or 8.2. to 8.3), before a major version update (e.g. 8.x to 9.x)

Ensure you have a steady internet connection. Updates are downloaded from the ‘net, so if your connection is spotty, the software will Time-Out, and you will have to accomplish the updates at a later time.

[Read more…]

How (and why) to Add User(s) to FreeBSD

This tutorial by user shows us how to add more users to an existing FreeBSD installation.

2015-05-20_14-44-34While most system administrators and power users will roll their eyes at this Instructable, I present it simply to present another way of administering your FreeBSD system. Any novice sysadmin (if they are worth their salt) has done something stupid while logged into the “superuser” root account. I am not discouraging the use of root (when applicable), but allowing you a thin safety-net between any mistakes you might make.

Step 1: Decide on your (new) username and purpose

I have created user accounts that were compartmentalized. For example, one account was to solely update a webpage and associated database. Another was for my music server. While seemingly cumbersome, the less privileges you give a user account, the less problem you will have if someone breaks into the account and attempts to do harm.

For this Instructable, I am creating an account that will be equal to root (for all intents and purposes), but provide “safeguards” to make you think twice before executing a command. For these examples, I am naming the account knight… as in “protector of the realm.”

Step 2: Use adduser to…Add User

Being logged in as root (initially), type in:

[Read more…]

[FreeBSD-Announce] Updates regarding svn mirrors

This FreeBSD announcement is regarding mirror changes on As noted, the update serves to improve security and will not interrupt any activities.



There have been some updates to the project-operated svn mirrors.  The current 
status is here:
The changes should improve robustness and security and are not intended to be 

Of note:
* "" is now geo-dns routed to a mirror, with failover.
* "" is now the recommended location for general use.
* now has a real certificate and use of https is 
* The old mirror names are deprecated and no longer documented but are 
expected to continue to be usable for the foreseeable future.

For future checkouts, you should use rather than the 
deprecated mirror names.

Before using the https method, you should ensure that you have the 
'security/ca_root_nss' package installed, for example:
# pkg install ca_root_nss

[Read more…]

Replacing MySQL with MariaDB in FreeBSD

In this tutorial, user iceflatline shows us how to replace MySQL with MariaDB in FreeBSD.



In my post on how to install and configure Apache, MySQL, PHP and phpMyAdmin on FreeBSD (FAMP) for basic local web development activities, one of the components is the MySQL database server. But what if you prefer to use MariaDB?

MariaDB is an open source alternative to MySQL, and available under the terms of the GPL v2 license. It is developed by the MariaDB community with oversight by the MariaDB Foundation. For all practical purposes MariaDB is a drop-in replacement for the same MySQL version. All commands, interfaces, libraries and APIs that exist in MySQL also exist in MariaDB. For example, MySQL 5.1 and MariaDB 5.1 are compatible, as are MySQL 5.5 and MariaDB 5.5. MariaDB 10.0 is the drop-in replacement for MySQL 5.6, and can also replace MySQL 5.5.

This post will use the aforementioned post on how to install and configure Apache, MySQL, PHP and phpMyAdmin on FreeBSD as an example implementation and demonstrate how to install and configure MariaDB as a replacement for MySQL. I strongly encourage you to test these steps first before using them on your development or production environment. At the very least you should backup your database(s).

The versions of software discussed in this post are as follows:

  • FreeBSD 10.1-RELEASE (running as a guest OS under VMWare ESXi hypervisor 6.0.0
  • apache24 2.4.12
  • mysql56-server 5.6.24
  • mariadb55-server 5.5.43
  • mariadb100-server 10.0.17
  • mod_php56 5.6.11
  • php56 5.6.10
  • php56-extensions 1.0 [Read more…]

Linux, Solaris, and FreeBSD driver 352.30

NVIDIA Linux Graphics developer aplattner has released the latest update to their NVIDIA driver. For those using the Tesla K80 or GeForce 910M GPUs, support has been added for FreeBSD. Follow the link below to download for your distribution.



Release highlights since 352.21:

  • Added support for the following GPU:
    • Tesla K80
    • GeForce 910M
  • Fixed a bug that caused poor video post-processing performance in VDPAU when operating on a large number of video streams simultaneously.
  • Updated nvidia-installer to use modprobe(8) when leaving the NVIDIA kernel module loaded after installation, instead of insmod(8) or libkmod. This allows the kernel module to honor any configuration directives that apply to it in /etc/modprobe.d when it is loaded.
  • Fixed a bug that allowed console messages from the Linux kernel to be drawn over the user interface of nvidia-installer.

[README | Linux x86 | Linux x86_64 | Linux ARM | Solaris | FreeBSD x86 | FreeBSD x86_64]

Aaron Plattner
NVIDIA Linux Graphics

FreeBSD now has NUMA? Why’d it take so long?

Adrian Chadd, known for his extensive WiFI work, writes about his findings of NUMA (non-uniform memory access) in FreeBSD.


I just committed “NUMA” to FreeBSD. Well, no, I didn’t. I did almost no actual NUMA-y work in FreeBSD. I just exposed the existing NUMA stuff in FreeBSD out and re-enabled it.

FreeBSD-9 introduced basic NUMA awareness in the physical allocator (sys/vm/vm_phys.c.) It implemented first-touch page allocation, and then fell back to searching through the domains, round-robin style. It wasn’t perfect, for some workloads it was apparently okay. But it had some shortcomings – it wasn’t configurable, UMA and other subsystems didn’t know about NUMA domains, and the scheduler really didn’t know about NUMA domains. So I’m sure there are plenty of workloads which it didn’t work for.

That was all ripped out before FreeBSD-10. FreeBSD-10 NUMA just implements round-robin physical page allocation. It still tracks the per-domain physical memory regions, but it doesn’t do any kind of NUMA aware allocation. From what I can gather, it was removed until something ‘better’ would land.

However, nothing (yet) has landed. So I decided I’d take a look into it. I found that for a lot of simple workloads (ie, where you’re doing lots of anonymous memory allocation – eg, you’re doing math crunching) the FreeBSD-9 model works fine. It’s also a perfectly good starting point for experimenting.

So all my NUMA work in -HEAD does is provide an API to exactly the above. It doesn’t teach the kernel APIs about domain aware allocations – there’s currently no way to ask for memory from a specific domain when calling UMA, or contigmalloc, etc. The scheduler doesn’t know about NUMA, so threads/processes will migrate off-socket very quickly unless you explicitly limit things. Devices don’t yet do NUMA local work – the ACPI code is in there to enumerate which NUMA domain they’re in, but it’s not used anywhere just yet.

Then what is it good for?

[Read more…]

Ethereum on Different Operating Systems (self.ethereum)

FreeBSD user /u/aedigix shows us how to get Ethereum set up on FreeBSD. Ethereum is a virtualized platform for decentralized applications.



For go-ethereum If you install go 1.4 you can just do the following:

git clone
cd go-ethereum && git checkout tags/<latest stable> && make geth 

For cpp-ethereum/solidity compiler This is a little bit more involved but I am able to build on FreeBSD 10 and 11 using the following steps:

Dependencies which should be available in Fedora’s yum repo, FreeBSD/Gentoo ports, etc….

llvm35 gcc48 cmake boost-all-1.55.0 ncurses automake libtool unzip gmp leveldb yasm miniupnpc readline curl cryptopp libmicrohttpd libjson++ argtable opencl ode npm doxygen gmake cmake

On FreeBSD I have to build jsoncpp and libjson-rpc-cpp manually with the following steps:


git clone
cd jsoncpp && git checkout tags/1.6.2
mkdir build && cd build
cmake -DCMAKE_CXX_FLAGS="-fPIC" ..
gmake install


cd libjson-rpc-cpp
git checkout tags/v0.5.0
mkdir build && cd build
cmake -DCMAKE_CXX_FLAGS="-fPIC" ..
gmake install

Then build cpp-ethereum:

git clone
cd cpp-ethereum && git checkout develop
mkdir build && cd build
cmake -DFATDB=1 -DUSENPM=1 -DETHASHCL=1 -DEVMJIT=1 -DLLVM_DIR=/usr/local/lib/llvm-3.5/share/llvm/cmake ..
gmake -j8