Linux-Server-Configuration | Linux distribution on a virtual machine | SSH library
kandi X-RAY | Linux-Server-Configuration Summary
kandi X-RAY | Linux-Server-Configuration Summary
Installation of a Linux distribution on a virtual machine and prepare it to host your web application(Item Catalog). It includes installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of Linux-Server-Configuration
Linux-Server-Configuration Key Features
Linux-Server-Configuration Examples and Code Snippets
Community Discussions
Trending Discussions on SSH
QUESTION
I want to copy data with scp in GitLab pipeline using PRIVATE_KEY
error is :
ANSWER
Answered 2021-Sep-30 at 19:40kex_exchange_identification: read: Connection reset by peer
QUESTION
Today I got the following message when I used Git + BitBucket on MacOS while pushing a new branch to BitBucket.
You are using an account password for Git over HTTPS.
Beginning March 1, 2022, users are required to use app passwords remote: for Git over HTTPS. To avoid any disruptions, change the password used in your Git client remote: to an app password. Note, these credentials may have been automatically stored in your Git client and/or a credential manager such as Git Credential Manager (GCM).'
...ANSWER
Answered 2022-Jan-31 at 09:00In my case, I used BitBucket via HTTPS and not via SSH. Therefore I had to change it.
- Follow this guide to create and add a new SSH key.
- Follow this guide to switch from HTTPS to SSH.
Unrelated and optional:
While you are at this security related task, activate 2FA in your BitBucket security settings.
QUESTION
we are currently working with a cloud product that uses JSCH internally to connect to external sftp sources. Im investigating an connection reset exception that we are getting when trying to connect to azure sftp.
Using wireshark i determined that the problem occurs after we send the Client: Key Exchange Init. Establishing the same connection with filezilla we dont have this issue.
comparing the packages from jsch and filezilla i didn't see an obivious issue, but im not an expert on the ssh protocol. im gonna post both requests below if somebody could give me any pointers it would be greatly appreciated.
Request with JSCH (not working)
Request with Filezilla (working)
Response with Filezilla (working)
See below for the log output:
...ANSWER
Answered 2022-Feb-03 at 08:09i wanted to post a quick update for anybody that is having the same issue, i opened a similiar question on the microsoft q&a site and looks like it's an issue on the azure side that they are working on fixing for GA Microsoft Q&A
QUESTION
I have a Python 3 application running on CentOS Linux 7.7 executing SSH commands against remote hosts. It works properly but today I encountered an odd error executing a command against a "new" remote server (server based on RHEL 6.10):
encountered RSA key, expected OPENSSH key
Executing the same command from the system shell (using the same private key of course) works perfectly fine.
On the remote server I discovered in /var/log/secure that when SSH connection and commands are issued from the source server with Python (using Paramiko) sshd complains about unsupported public key algorithm:
userauth_pubkey: unsupported public key algorithm: rsa-sha2-512
Note that target servers with higher RHEL/CentOS like 7.x don't encounter the issue.
It seems like Paramiko picks/offers the wrong algorithm when negotiating with the remote server when on the contrary SSH shell performs the negotiation properly in the context of this "old" target server. How to get the Python program to work as expected?
Python code
...ANSWER
Answered 2022-Jan-13 at 14:49Imo, it's a bug in Paramiko. It does not handle correctly absence of server-sig-algs extension on the server side.
Try disabling rsa-sha2-* on Paramiko side altogether:
QUESTION
We've had a working Ansible AWX instance running on v5.0.0 for over a year, and suddenly all jobs stop working -- no output is rendered. They will start "running" but hang indefinitely without printing out any logging.
The AWX instance is running in a docker compose container setup as defined here: https://github.com/ansible/awx/blob/5.0.0/INSTALL.md#docker-compose
ObservationsStandard troubleshooting such as restarting of containers, host OS, etc. hasn't helped. No configuration changes in either environment.
Upon debugging an actual playbook command, we observe that the command to run a playbook from the UI is like the below:
ssh-agent sh -c ssh-add /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_data && rm -f /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_data && ansible-playbook -vvvvv -u ubuntu --become --ask-vault-pass -i /tmp/awx_11021_0fmwm5uz/tmppo7rcdqn -e @/tmp/awx_11021_0fmwm5uz/env/extravars playbook.yml
That's broken down into three commands in sequence:
ssh-agent sh -c ssh-add /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_datarm -f /tmp/awx_11021_0fmwm5uz/artifacts/11021/ssh_key_dataansible-playbook -vvvvv -u ubuntu --become --ask-vault-pass -i /tmp/awx_11021_0fmwm5uz/tmppo7rcdqn -e @/tmp/awx_11021_0fmwm5uz/env/extravars playbook.yml
You can see in part 3, the -vvvvv is the debugging argument -- however, the hang is happening on command #1. Which has nothing to do with ansible or AWX specifically, but it's not going to get us much debugging info.
I tried doing an strace to see what is going on, but for reasons given below, it is pretty difficult to follow what it is actually hanging on. I can provide this output if it might help.
So one natural question with command #1 -- what is 'ssh_key_data'?
Well it's what we set up to be the Machine credential in AWX (an SSH key) -- it hasn't changed in a while and it works just fine when used in a direct SSH command. It's also apparently being set up by AWX as a file pipe:
prw------- 1 root root 0 Dec 10 08:29 ssh_key_data
Which starts to explain why it could be potentially hanging (if nothing is being read in from the other side of the pipe).
Running a normal ansible-playbook from command line (and supplying the SSH key in a more normal way) works just fine, so we can still deploy, but only via CLI right now -- it's just AWX that is broken.
ConclusionsSo the question then becomes "why now"? And "how to debug"? I have checked the health of awx_postgres, and verified that indeed the Machine credential is present in an expected format (in the main_credential table). I have also verified that can use ssh-agent on the awx_task container without the use of that pipe keyfile. So it really seems to be this piped file that is the problem -- but I haven't been able to glean from any logs where the other side of the pipe (sender) is supposed to be or why they aren't sending the data.
ANSWER
Answered 2021-Dec-13 at 04:21Had the same issue starting this Friday in the same timeframe as you. Turned out that Crowdstrike (falcon sensor) Agent was the culprit. I'm guessing they pushed a definition update that is breaking or blocking fifo pipes. When we stopped the CS agent, AWX started working correctly again, with no issues. See if you are running a similar security product.
QUESTION
I'm trying to generate ECDSA Key Pair for SSH with Go, but I find that the private key format is different from ssh-keygen and can't be accepted by GitHub.
Here's the 256-bit key pair generated via ssh-keygen -t ecdsa -b 256:
ANSWER
Answered 2021-Dec-15 at 18:14OpenSSH uses different formats for private EC keys, the SEC1 (as generated by your Go code), the PKCS#8 or the newer OpenSSH format (as generated with the ssh-keygen command). This is described here, which also contains a more detailed explanation of the OpenSSH format. The SEC1 format is explained e.g. in this post.
The current Go code generates a SEC1 key with wrong header and footer. This turned out to be the cause of the problem! To fix the bug, ECDSA must be replaced by EC in header and footer:
QUESTION
I have 2 different github accounts, 1 for work and 1 for personal projects. On my laptop, I created 2 different directories to clone my Github repositories:
Perso: /Users/pierre-alexandre/Documents/perso
Work: /Users/pierre-alexandre/Documents/work
Then, I generated 2 different SSH keys on /Users/pierre-alexandre/.ssh and added each .pub key on their respective Github repository. At the end this is what my /Users/pierre-alexandre/.ssh folder looks like:
ANSWER
Answered 2021-Nov-20 at 09:48Git just runs ssh to connect to a host. Once connected, Git has that ssh run an appropriate Git command on their end, to handle the fetch or push operation. But the entire authentication process—determining who you are and deciding whether you have access—is wholly up to ssh and Git plays no real part in this process.
Your ssh -Tv is therefore the crucial debug output here. We see that your connection to github fails to authenticate as you, after trying these keys:
QUESTION
I've got a local Swift Package Manager package that uses a private Github repo as a dependency. When I open the local package with Xcode, it fails to “Resolve Packages” with this error:
Error while fetching remote repository: git@github.com:mayoff/Preamble.git
Server SSH Fingerprint Failed to Verify
However, if I use the command line swift program, it can clone the private repo. For example, I can run swift package show-dependencies in the local package's directory without complaint. I can also successfully clone the remote package repo with git clone. So it's not a problem with my .known_hosts file or my SSH key.
How do I fix Xcode's complaint?
...ANSWER
Answered 2021-Oct-28 at 22:30So it turns out the “Server SSH Fingerprint Failed to Verify” error message in Xcode's log navigator is double-clickable. Who'd have guessed?
Anyway, double-clicking the error message brought up a dialog box that let me tell Xcode to trust the Github server:
After I clicked the Trust button, Xcode was able to clone the remote repo.
QUESTION
when connecting to a git repository using SSH for the first time, it is asked to confirm the authenticity of the host according to its fingerprint:
...ANSWER
Answered 2021-Oct-22 at 12:43each ssh server have host ssh keys, which are used for
- auth host and later check that you are connecting to the same host
- to establish secure connection (exchange credentials in secure way)
So first time you are connecting to any ssh server, you will get public key and fingerprint of this key, and proposition to store fingerprint in "known hosts" file.
fingerprint is a new option just in addition to "yes", so you can provide fingerprint manually if you have received it in other way. https://github.com/openssh/openssh-portable/commit/05b9a466700b44d49492edc2aa415fc2e8913dfe
seems manpages is not updated yet.
QUESTION
I have a problem with my gitea version 1.15.5 running on my raspberry pi. I appears that the built in ssh server is not starting:
...ANSWER
Answered 2021-Oct-23 at 13:00After some more googling, I found the solution myself:
If there is an sshd server running, gitea does not automatically start its built-in ssh server. Instead, you have to force it by adding this line under [server] in the app.ini configuration:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install Linux-Server-Configuration
install apache using sudo apt-get install apache2 .
type 35.165.147.241 (public IP address) on URL . You will see the apache ubuntu default page .
Install mod_wsgi using sudo apt-get install libapache2-mod-wsgi .
You then need to configure Apache to handle requests using the WSGI module. You’ll do this by editing the /etc/apache2/sites-enabled/000-default.conf file. This file tells Apache how to respond to requests, where to find the files for a particular site and much more.
add the following line at the end of the <VirtualHost *:80> block, right before the closing line: WSGIScriptAlias / /var/www/html/myapp.wsgi
You might get following error when you restart the apache:
sudo nano /etc/apache2/conf-available/fqdn.conf
add this line : Servername ip-10-20-63-124
sudo a2enconf fqdn and save the file.
restart Apache with the sudo service apache2 restart command.
To test if you have your Apache configuration correct you’ll write a very basic WSGI application.Create the /var/www/html/myapp.wsgi file using the command sudo nano /var/www/html/myapp.wsgi. Within this file, write the following application:
This application will simply print return Hello World! along with the required HTTP response headers. After saving this file you can reload http://35.165.147.241/ to see your application run in all its glory!
Resources - install git , install git on ubuntu.
Install git using sudo apt-get install git
set up git using :
check the configurations items using git config --list
sudo apt-get install python-pip
source venv/bin/activate
pip install httplib2
pip install requests
sudo pip install --upgrade oauth2client
sudo pip install sqlalchemy
pip install Flask-SQLAlchemy
sudo pip install flask-seasurf
If you want to see what packages have been installed with your installer tools : pip freeze
Resources - Install postgresql , engine configuration.
Install the Python PostgreSQL adapter psycopg: sudo apt-get install python-psycopg2
Install PostgreSQL: sudo apt-get install postgresql postgresql-contrib
To check, no remote connections are allowed : sudo vim /etc/postgresql/9.3/main/pg_hba.conf
open database_setup.py using : sudo nano database_setup.py
update the create_engine line: python engine = create_engine('postgresql://catalog:catalog-pw@localhost/catalog')
Update the create_engine line in project.py and lotsofmenus.py too.
move the project.py file to init.py file : mv application.py init.py
Change to default user postgres: sudo su - postgre
Connect to the system: psql
Create user catalog: CREATE USER catalog WITH PASSWORD 'catalog-pw';
check lists of roles using \du
Allow the user to create database : ALTER USER catalog CREATEDB; and check the roles and attributes using \du.
Create database using : CREATE DATABASE catalog WITH OWNER catalog;
Connect to database using : \c catalog
Revoke all the rights : REVOKE ALL ON SCHEMA public FROM public;
Grant the access to catalog: GRANT ALL ON SCHEMA public TO catalog;
Once you execute database_setup.py , again you can login as psql and check all the tables with following commands: connect to database using : \c catalog To see the tables in schema : \dt to see particular table: \d [tablename] to see the entries/data in table :select * from [tablename]; to drop the table:drop table [tablename];
exit from Postgresql : \q then exit from postgresql user.
restart postgresql: sudo service postgresql restart
and save it .
Install it using sudo apt-get install fail2ban
open the jail.local file using sudo vim /etc/fail2ban/jail.local. change the settings :
Install sendmail for email notice - sudo apt-get install sendmail iptables-persistent
stop the service - sudo service fail2ban stop
start the service - sudo service fail2ban start
you can check the new rules by typing: sudo iptables -S.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
