steamdeck openssh run successfully!

[licoded]

事情起因是找到了一个B站教程

一开始的虚假需求：学习版资源？
我的最终需求：只狼学习版+开挂(可选)+替换存档 --> 能够一直刷对应BOSS
也可以正常学习版+一直替换存档。。。

steamdeck安装archlinuxcn源+scp传文件

简介信息

添加archlinuxcn源
编辑/etc/pacman.conf
命令：sudo vim /etc/pacman.conf
在视频位置添加内容：
[archlinuxcn]
Server = https://mirrors.tuna.tsinghua.edu.cn/archlinuxcn/$arch
先按esc，然后输入:wq保存
如果用不惯vim就用nano吧
sudo pacman -Syy 同步源
安装archlinuxcn-keyring
sudo paceman -S archlinuxcn-keyring
完成后可通过archlinuxcn源安装喜欢的应用，如网易云音乐，wine微信（虽然没什么用 >.<）
安装openSSH
终端执行 sudo pacman -S openssh
开启ssh服务：sudo systemctl enable sshd
查看服务是否正常开启：systemctl status sshd
查看22端口是否正常监听：netstat -an|grep 22
看到0.0.0.0:22 说明steamdeck已经正常本地监听22端口
通过ssh远程登录steamdeck，或用scp远程拷贝文件，也可以迁移已安装的游戏。
scp /本地文件 用户名@ip:/远程/保存的目录
如果说拷贝文件夹可用 -r，如ssh端口不是默认22端口，可用 -P 端口号 指定端口。

评论回复及截图

1.这里你可以看到我的源都改成了 xxx-rel，我们Syy失败的原因就是因为源上 叫xxx的文件夹改名了。。。

2.具体修改方法就是直接编辑pacman.conf，把绿色的字，在原来的名字后加个 -rel

3. 这里是直接浏览器访问steamOS的官方源，看到文件夹有各种名称，带版本号的，原始配置中不带后缀的文件夹已经没有了，之前网上流传一种解决方式是后面加 -3，但也是有的有效，有的不行，原因还是因为源里没有 xxx-3的文件夹。

那这么多同前缀的文件夹，我为什么选的rel后缀的呢，其实我也是蒙的，哈哈哈，经验上，感觉rel应该代表 release，也就是正式版，但这也只是我个人猜测，并不一定对，你改成xxx-3.3 xxx-3.5也都能Syy。具体是选-rel 还是3.3 3.5 还是别的什么，感觉只能找到steamOS的发型文档看看才能知道这些文件夹到底是做什么用的，就目前来说的话，我改成rel暂时没有遇到任何问题，而且看起来这个文件夹也不会随版本更替改变。

在线查看，发现steam做了修改，所以不能用清华源了

tsinghua archlinux mirror config help: https://mirrors.tuna.tsinghua.edu.cn/help/archlinux/

配置文件记录

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
DBPath = /usr/lib/holo/pacmandb/
#CacheDir    = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
#HookDir     = /etc/pacman.d/hooks/
HoldPkg     = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
Color
#TotalDownload
# We cannot check disk space from within a chroot environment
CheckSpace
#VerbosePkgLists
ParallelDownloads = 10

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

#[testing]
#Include = /etc/pacman.d/mirrorlist

[jupiter-3.5]
Include = /etc/pacman.d/mirrorlist
SigLevel = Never

[holo-3.5]
Include = /etc/pacman.d/mirrorlist
SigLevel = Never

[core-3.5]
Include = /etc/pacman.d/mirrorlist
SigLevel = Never

[extra-3.5]
Include = /etc/pacman.d/mirrorlist

#[community-testing]
#Include = /etc/pacman.d/mirrorlist

[community-3.5]
Include = /etc/pacman.d/mirrorlist

[multilib-3.5]
Include = /etc/pacman.d/mirrorlist

[archlinuxcn]
Server = https://mirrors.tuna.tsinghua.edu.cn/archlinuxcn/$arch

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

# Server = https://mirrors.tuna.tsinghua.edu.cn/archlinux/community/os/$arch
# cannot use tsinghua mirror here!!!!!!!
# steam modify a lot
Server = https://steamdeck-packages.steamos.cloud/archlinux-mirror/$repo/os/$arch

(deck@steamdeck ~)$ openssl version
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
(deck@steamdeck ~)$ sudo pacman -S openssl-1.1
[sudo] password for deck:
warning: openssl-1.1-1.1.1.u-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) openssl-1.1-1.1.1.u-1

Total Installed Size:  5.50 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] n
(1)(deck@steamdeck ~)$ sshd -h
option requires an argument -- h
OpenSSH_9.3p1, OpenSSL 3.1.1 30 May 2023
usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]
            [-E log_file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-o option] [-p port] [-u len]
(1)(deck@steamdeck ~)$ lsb_release -a
LSB Version:	n/a
Distributor ID:	SteamOS
Description:	SteamOS Holo
Release:	rolling
Codename:	Holo
# 实际版本是3.5.7
(deck@steamdeck ~)$ pacman -V

 .--.                  Pacman v6.0.2 - libalpm v13.0.2
/ _.-' .-.  .-.  .-.   Copyright (C) 2006-2021 Pacman Development Team
\  '-. '-'  '-'  '-'   Copyright (C) 2002-2006 Judd Vinet
 '--'
                       This program may be freely redistributed under
                       the terms of the GNU General Public License.

总结

1. up说让在/etc/pacman.conf中加上-rel
2. 我二话不说直接把/etc/pacman.conf中的-3.5改成了-rel，把自己坑的死死的
3. 报错：sshd error while loading shared libraries libcrypt.so.1.1
4. ldd /usr/lib/sshd确实这个库找不到
5. 搜了半天解决方法，一个一个尝试都不行
6. 最后自己对比了下tsinghua和steam mirror仓库，发现确实不一样；注意下面的改变不是因为这句其实。。。
7. 这里给了我灵感，思考了一会儿知道要换回来（-rel改回到-3.5）
8. 实际上两个的openssh版本不一样，新版9.3（-3.5）和老版9.1（-rel），新版9.3（-3.5）的不直接依赖libcrypt.so.1.1
9. 但从/usr/lib/systemd/system/sshd.service中看，它的前置动作/脚本依赖ssh-keygen -A还是会依赖libcrypt.so.1.1
10. 这是我直接手动执行sudo sshd的反馈知道的，实际上之前通过这种方式发现了缺少libcrypt.so.1.1，并且通过搜索发现libcrypt.so.1.1包含于openssl包中，即只能通过安装openssl来提供这个支持
11. 结果openssl-1.1能搜到了但ssl校验不通过，我只能添加SigLevel = Never去跳过检查了
12. 这里还有一个小技巧，就是可以通过搜索命令sudo pacman -Ss openssl-1.1来看该包是属于哪个$arch里的，这样可以针对性地放开ssl检查，稍微安全点。。。

TODO

ssl检查的处理

现在的做法(添加SigLevel = Never去跳过检查了)太不安全了；
有没有类似archlinuxcn-keyring的包装一下就能正常检查了。。

貌似这样就解决了？