Cdot with ssh keys for domain accounts
Has anyone on this board got ssh working with domain keys for cdot??
I use multiple keys; it is easy enough to manage them using keyring, and it means that I am able to compartmentalize them according to use case: work (which I obviously have a professional interest as well as personal in protecting) home (one for each box), and then keys for specific tasks (eg., automated backups, acess to particular services like github, mercurial etc).
This means that if one key is compromised, the others are unaffected and I can revoke the compromised key and, after cleaning up the mess as best I can, generate another and move on.
The only system I employ is to give each key a meaningful name (having multiple keys named id_{d,r}sa doesn't scale at all) and a policy of only adding the minimum necessary keys to each box's keyring; again, entering all the passphrases with any frequency helps manage this tendency.
I am also very careful about the key on my android as I see this as the most obvious risk: losing your phone is a pain; losing your phone and potentially relinquishing the key on it would be catastrophically asinine...
Similar Messages
-
Yoga 2 Pro - Win 8.1 x64 Pro - VeriFace doesn't work for Domain accounts
First - Lenovo's own tech support team seems completely unprepared for this product. There are no install packages online for anything but core drivers and the support teams really don't know much about the custom Lenovo software like VeriFace. Not bashing, just a disappointing reality. I'm hearing Lenovo does this all the time and that in a few months, stuff will appear. Great.
REAL issue: VeriFace won't work for Domain accounts. Pure and simple. I'm a geek, so I know the right account name shows up at the lock screen. When I type in the password, it says Incorrect. If I use a local account, bingo, works perfectly. I Googled some notes back in 2008/2009 where some people found a work-around by creating a local account with the same login name (obviously without the "domain\" part) to trick VeriFace. I tried it and it didn't work.
Can anyone else confirm this?
p.s. I tried uninstalling / reinstalling and you DON'T want to do that. See my first point. You can't re-install b/c the software ONLY exists in the hidden reset partition in OneKey Recovery. You have to completely reset your PC in order to get it back.Confirmed. I even tried this trick, but this did not work for me
http://forums.lenovo.com/t5/IdeaPad-Y-U-V-Z-and-P-series/VeriFace-with-XP-Domain-Accounts-Upside-dow... -
OEM12C BP1 Default preferred credentials with SSH key credentials ?
Is it possible to configure Host Default Preferred Credentials to use a named credential created with SSH Key credentials ?
The drop down list only lists credentials configured with host credential types.host target type has 2 out of the box credential set HostCredsNormal and HostCredsPriv
And both these are of type HostCreds (Username and password)
And there's code which assumes these to be of type HostCreds and process password.
Hence these are left as is.
What customers can do is, create additional credential set (emcli create_credential_set) and use HostSSHCreds type for it. -
Sync settings for Domain accounts
Hello
We have a close & secured environment and we want to migrate to Windows 8.1.
one of the nice benefits Windows 8.1 has is the sync settings feature. I would love it if my users inside my corp will be able to login anywhere and get their Desktop, Tiles, Settings etc. no matter where they login from.
It is somehow overlaps with folder redirection and roaming profiles are there any new policy settings or other settings that use the same sync mechanism as the Microsoft Account+OneDrive on Windows 8.1 for domain accounts only?
like defining a network share for those settings and force the clients to sync the
If there isn't, obviously the OneDrive client which is a built-in feature on 8.1 is only a noise in the background
Thanks
Tamir LevyHi,
When you sync your settings with a connected account, the settings are stored in the cloud. So if you want to take the control of everything, Roaming profile and Folder Redirection would still be your choice.
Alex Zhao
TechNet Community Support -
Problems with fuction keys for brightness
i have laptop hp 15 r006tx Product number: G8D30PA#ACJ
i have problems with functions keys for brightness , actually it does't works i can't actually adjust brightness, please help me.....................OK...
I was right. You have no graphics driver installed for the Intel HD graphics adapter.
I am very surprised you were able to install the nVidia driver because usually you get an error that states you need to install the Intel graphics driver first.
Once you install this driver, the Microsoft Basic Display adapter should be replaced by an Intel HD graphics adapter and you should be able to adjust the screen brightness.
Make sure you have installed this Intel chipset driver first and reboot. If you have done this already, you can skip this step.
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-130504-1&cc=us&dlc=en&lc=en...
Next, install the Intel HD graphics driver and reboot. This driver is for W8.1. If you installed W8, you need a different graphics driver.
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-130257-1&cc=in&dlc=en&lc=en... -
I am trying to run Sample 1 in the Azure ML studio. I have created a Standard workspace and it is linked to a Storage account. When I run the experiment, I get the error
Experiment submission failed. Request ID: <ID>. Please resync the access keys for storage account <mystorageaccount>
I'm not sure how to resync the access keys. I've regenerated my access keys and workspace auth tokens but that did not work.I figured it out. Needed to go to the Azure Portal, choose the Machine Learning service, then click Manage Keys at the bottom.
-
Help needed with SSH key exchange
I'm trying to write an SFTP client, but I'm having problems with the Key Exchange. Verify is always bringing me back false. Here's the code, any ideas (I have my own helper class called Packet which reads in the data from the server) - the algorithm being used is ssh-rsa:
code = response.getInt();
code = response.getByte();
code = response.getByte();
if ( code != FtpClient.SSH_MSG_KEXDH_REPLY )
throw new FtpException("Invalid response code received (should be " + FtpClient.SSH_MSG_KEXDH_REPLY + ") - " + code);
this.serverKey = response.getString();
byte f[] = response.getString();
byte h[] = response.getString();
this.bf = new BigInteger(f);
if ( this.K == null )
DHPublicKeySpec spec = new DHPublicKeySpec(this.bf, new BigInteger(DiffieHellmanGroup.p), new BigInteger(DiffieHellmanGroup.g));
PublicKey pb = this.factory.generatePublic(spec);
this.agree.doPhase(pb, true);
byte secret[] = this.agree.generateSecret();
BigInteger bK = new BigInteger(secret);
this.K = bK.toByteArray();
this.K = secret;
Packet hash = new Packet();
hash.reset(0);
hash.add(this.clientVersion);
hash.add(this.serverVersion);
hash.add(this.clientMessage);
hash.add(this.serverMessage);
hash.add(this.serverKey);
hash.addMPInt(this.e);
hash.addMPInt(f);
hash.addMPInt(this.K);
byte foo[] = new byte[hash.length() - hash.current()];
foo = hash.get(hash.current());
//this.sha1.update(hash.get(), 0, hash.length());
this.sha1.update(foo, 0, foo.length);
this.H = this.sha1.digest();
int start = 0, end = 0;
end = ((this.serverKey[start++]<<24)&0xff000000)|((this.serverKey[start++]<<16)&0x00ff0000)|((this.serverKey[start++]<<8)&0x0000ff00)|((this.serverKey[start++])&0x000000ff);
String algorithm = new String(this.serverKey, start, end);
start += end;
boolean result = false;
if ( algorithm.equals("ssh-rsa") )
byte temp[], ee[], n[];
this.type = KeyExchange.RSA;
end = ((this.serverKey[start++]<<24)&0xff000000)|((this.serverKey[start++]<<16)&0x00ff0000)|((this.serverKey[start++]<<8)&0x0000ff00)|((this.serverKey[start++])&0x000000ff);
temp = new byte[end];
System.arraycopy(this.serverKey, start, temp, 0, end);
start += end;
ee = temp;
end = ((this.serverKey[start++]<<24)&0xff000000)|((this.serverKey[start++]<<16)&0x00ff0000)|((this.serverKey[start++]<<8)&0x0000ff00)|((this.serverKey[start++])&0x000000ff);
temp = new byte[end];
System.arraycopy(this.serverKey, start, temp, 0, end);
start += end;
n = temp;
this.signature = Signature.getInstance("SHA1withRSA");
BigInteger bn = new BigInteger(n);
BigInteger be = new BigInteger(e);
RSAPublicKeySpec spec = new RSAPublicKeySpec(bn, be);
KeyFactory fact = KeyFactory.getInstance("RSA");
RSAPublicKey pb = (RSAPublicKey)fact.generatePublic(spec);
this.signature.initVerify(pb);
this.signature.update(this.H);
byte hcopy[] = new byte[h.length];
System.arraycopy(h, 0, hcopy, 0, h.length);
if ( h[0] == 0 && h[1] == 0 && h[2] == 0 )
start = 0;
end = 0;
end = ((h[start++]<<24)&0xff000000)|((h[start++]<<16)&0x00ff0000)|((h[start++]<<8)&0x0000ff00)|((h[start++])&0x000000ff);
start += end;
end = ((h[start++]<<24)&0xff000000)|((h[start++]<<16)&0x00ff0000)|((h[start++]<<8)&0x0000ff00)|((h[start++])&0x000000ff);
temp = new byte[end];
System.arraycopy(h, start, temp, 0, end);
hcopy = temp;
result = this.signature.verify(hcopy);
else if ( algorithm.equals("ssh-dss") )
byte temp[], q[], p[], g[];
this.type = KeyExchange.DSS;
end = ((this.serverKey[start++]<<24)&0xff000000)|((this.serverKey[start++]<<16)&0x00ff0000)|((this.serverKey[start++]<<8)&0x0000ff00)|((this.serverKey[start++])&0x000000ff);
temp = new byte[end];
System.arraycopy(this.serverKey, start, temp, 0, end);
start += end;
p = temp;
end = ((this.serverKey[start++]<<24)&0xff000000)|((this.serverKey[start++]<<16)&0x00ff0000)|((this.serverKey[start++]<<8)&0x0000ff00)|((this.serverKey[start++])&0x000000ff);
temp = new byte[end];
System.arraycopy(this.serverKey, start, temp, 0, end);
start += end;
q = temp;
end = ((this.serverKey[start++]<<24)&0xff000000)|((this.serverKey[start++]<<16)&0x00ff0000)|((this.serverKey[start++]<<8)&0x0000ff00)|((this.serverKey[start++])&0x000000ff);
temp = new byte[end];
System.arraycopy(this.serverKey, start, temp, 0, end);
start += end;
g = temp;
end = ((this.serverKey[start++]<<24)&0xff000000)|((this.serverKey[start++]<<16)&0x00ff0000)|((this.serverKey[start++]<<8)&0x0000ff00)|((this.serverKey[start++])&0x000000ff);
temp = new byte[end];
System.arraycopy(this.serverKey, start, temp, 0, end);
start += end;
this.bf = new BigInteger(temp);
this.signature = Signature.getInstance("SH1withDSA");
KeyFactory factory = KeyFactory.getInstance("DSA");
DSAPublicKeySpec spec = new DSAPublicKeySpec(this.bf, new BigInteger(p), new BigInteger(q), new BigInteger(g));
PublicKey pb = factory.generatePublic(spec);
this.signature.initVerify(pb);
this.signature.update(this.H);
result = this.signature.verify(h);
else
throw new FtpException("Unknown algorithm used for key exchange - " + algorithm);
Thanks in advanceI think I'm having the same problem. My exchange email has been working since I got the phone back in August, yesterday I had to change my password because it was expiring so I went to enter the new password into my phone and it wouldn't connect. I deleted the account and tried to set it up again and I keep getting the error "Exchange account verification failed". Nothing I do seems to work. Its very strange everything worked fine and now all of a sudden I can't get it to work.
-
Best Practice loading Dimension Table with Surrogate Keys for Levels
Hi Experts,
how would you load an Oracle dimension table with a hierarchy of at least 5 levels with surrogate keys in each level and a unique dimension key for the dimension table.
With OWB it is an integrated feature to use surrogate keys in every level of a hierarchy. You don't have to care about
the parent child relation. The load process of the mapping generates the right keys and cares about the relation between the parent and child inside the dimension key.
I tried to use one interface per Level and created a surrogate key with a native Oracle sequence.
After that I put all the interfaces in to one big Interface with a union data set per level and added look ups for the right parent child relation.
I think it is a bit too complicated making the interface like that.
I will be more than happy for any suggestions? Thank you in advance!
negib
Edited by: nmarhoul on Jun 14, 2012 2:26 AMHi,
I do like the level keys feature of OWB - It makes aggregate tables very easy to implement if your sticking with a star schema.
Sadly there is nothing off the shelf with the built in knowledge modules with ODI , It doesnt support creating dimension objects in the database by default but there is nothing stopping you coding up your own knowledge module (use flex fields maybe on the datastore to tag column attributes as needed)
Your approach is what I would have done, possibly use a view (if you dont mind having it external to ODI) to make the interface simpler. -
Ip sla operations with different keys for the same destination
Hi all,
the customer wants to use different ip sla operations for the same destination (ip sla responder). From the first source router he uses key key1 and from the second source router he uses key key2. The ip sla responder responds only for the first router which uses the key key1.:-( Is it a normal behaviour? Can I use different keys for different ip sla operations for the same ip sla responder?
See the configuration on the responder:
key chain test
key 1
key-string 7 *key1*
key 2
key-string 7 *key2*
ip sla key-chain test
ip sla responder
He tried to use ip sla responders on:
Ciscu 2911
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
Cisco 881
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Thank you.
RomanThomas,
Have a look at:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-share-ipsec-w-tun-protect.html#GUID-2B448241-FD10-4F3B-BFF8-DFD44982D235
If you're using one tunnel source you need to use one ipsec profile, unless you're running (a) p2p tunnel which you're not in this case.
While you MAY have some luck with sharing/unsharing among different interface I'm afarid it will not be ever mentioned as supported.
The situation will change with upcomfing 3.10 and 3.11 IOS XE releases (and corresponding IOS releases).
M. -
Transaction Key for Purchase Account
Hi Dear All,
I want ti define another Purchase account key for frieght like FRE.
How to creat it?
Regards
GiteshHi Gitesh,
We won't assign Purchase A/C keys in Pricing Procedure.
Normally we activate Purchase A/C posting @ company code level under the following settings.
SPRO - MM - Valuation and Account Assignment - Account Determination - Account Determination Without Wizard - Purchase Account Management.
As I have already mentioned above system uses the Standard transaction key EIN & EKG for Purchase A/C postings.
I dont think we have the option to change this standard one.
Now if your requirement is to use a different transaction key instead of FRE then create a new trans.key & assign the same to the freight condition type in Pricing Procedure.
Hope its clear.
Thanks & Regards, -
Can OpsCenter act as configuration managment? (keep server ssh keys for rebuild)
I'm very new to OpsCentre. Can it act as a sort of configuration managment tool, eg keeping ssh keys (or other host-particular config files) of a server, so in case the server is (or has to be - Disaster Recovery) be rebuilt, the old ssh keys can be restored on it by OpsCentre as is it is re-built (re-provisioned, I guess is how they call it).
Very grateful for advice!Enterprise Manager (EM) Ops Center (OC) is not a Configuration Management(CM) tool. Ops Center is a "end-to-end" infrastructural System Management tool (not restore a previous configuration). It's covered all task of management infrastructure (Oracle) stack. Read a welcome message of EM OC Doc Library.
IHMO: A good Configuration Management and Change Management tool is CFengine 3 or Puppet.
HTH
Michele V.
If you want, mark the reply as “Helpful Answer“ or “Correct Answer”. By marking replies correct or helpful, you make it easier for community members to find replies that might help them in a similar situation -
Override "crtl + tab" key behaviour with "tab" key for JtextArea .
I am trying to override the "crtl + tab" key behaviour for JTextArea with "tab" key plus add my own action. I am doing the following.
1. Setting Tab as forward traversal key for the JTextArea (the default traversal key from JTexArea is "crtl + Tab").
2. Supplementing the "crtl + Tab" key behaviour with my custom behaviour.
For the point 2 above, I need to get hold of the Action represented by the "crtl + Tab" key so that I could use that and then follow with my own custom action. But the problem is that there is no InputMap entry for "crtl + tab". I dont know how the "crtl + tab" key Action is mapped for JTextArea. I used the following code to search the InputMap.
System.out.println("Searching Input Map");
for (int i = 0; i < 3; i++) {
InputMap iMap = comp.getInputMap(i);
if (iMap != null) {
KeyStroke [] ks = iMap.allKeys();
if (ks != null) {
for (int j = 0;j < ks.length ;j++) {
System.out.println("Key Stroke: " + ks[j]);
System.out.println("Searching Parent Input Map");
for (int i = 0; i < 3; i++) {
InputMap iMap = comp.getInputMap(i).getParent();
if (iMap != null) {
KeyStroke [] ks = iMap.allKeys();
if (ks != null) {
for (int j = 0;j < ks.length ;j++) {
System.out.println("Key Stroke: " + ks[j]);
}In short, I need to get the Action associated with the "crtl + tab" for JTextArea.
regards,
nirvan.There is no Action for Ctrl+TAB. Its a focus traversal key.
-
Error when creating ssh keys for Oracle RAC on Solaris 10
I'm in the process of configuring 2 node oracle cluster running on Sun cluster 3.2 /solaris 10 OS.
I have followed this oracle guide to when creating keys (oracle document No =B14205-01)
But im having problem when executing this step
bash-3.00$ scp authorized_keys tsavo-east:/oracle/.ssh/
ssh: connect to host tsavo-east port 22: Connection timed out
lost connection
bash-3.00$
Please advise
Thanks
Francis MwangiRobert Thanks alot for your reply. have a look of what i found out
ps -ef | grep sshd
root 4270 4267 0 16:22:46 ? 0:00 /usr/lib/ssh/sshd
root 759 1 0 Nov 09 ? 0:00 /usr/lib/ssh/sshd
root 4267 759 0 16:22:41 ? 0:00 /usr/lib/ssh/sshd
root 4372 4311 0 18:56:52 pts/3 0:00 grep sshd
===================================
netstat -a | grep ssh
*.ssh *.* 0 0 49152 0 LISTEN
tsavo-west.ssh 10.30.210.213.2241 63668 51 49640 0 ESTABLISHED
*.ssh *.* 49152 0 LISTEN
6002b4aec88 stream-ord 6002b5a0740 00000000 /tmp/ssh-mgPl3398/agent.3398
==============================
telnet tsavo-west 22
Trying 10.20.3.151...
Connected to tsavo-west.
Escape character is '^]'.
SSH-2.0-Sun_SSH_1.1.1
#has hanged here for the last 10 minutes
Thanks please what can you conclude from above; also from the console monitoring both nodes
i saw messages that end with
LINK-3-UPDOWN: Interface Dot11Radio0 , Changed state to up
#another line here
LINK-3-UPDOWN: Interface Dot11Radio0 , Changed state to down
#another line here
LINK-3-UPDOWN: Interface Dot11Radio0 , Changed state to up
this happens on both nodes
Any idea
did i use the right document. have other steps that works (anyway not sure if this error are related to the stepsfor configuring ssh)
Please help if you can .... -
An user as part of the domain users tries to open an office file from a document library but he got an authentication prompt asking him to authenticate. Domain users has only access to this library and not to the whole site. This uses to work in SharePoint
2007 without any problem but not in SharePoint 2013, we didn't have a workflow on SP2007.
Domain users has read access to only this document library in the site, but he shouldn't get an authentication prompt since he is part of the domain users and he is not trying to modify the document, he can open the document but gets two prompts, he can't
also see the list using explorer view since nothings appears using the explorer view.
Now, when opening the file, we can see..Updating Workflow Status, but we don't have any workflow working on this site or library, event any feature related to workflow.
If we go to the event viewer in the server, we find this information,
I also checked this thread but I couldn't find this scenario.
https://social.technet.microsoft.com/Forums/sharepoint/en-US/91bc770b-bb70-4885-a4ad-a243edb88753/event-id-8026-workflow-soap-getworkflowdataforitem-failed-doc-library-no-workflow?forum=sharepointgeneralprevious
I also created another list with the same permissions and using other office files but got the same behavior.
Now, we have migrated this site from SP2007 to SP2013.
Any ideas?OK, I am going to throw out a lot of ideas here so hopefully they get you closer to a diagnosis. Hang on :)
Does it happen to work for some users but not others? If so, try logging in on the "good" computer with the "bad" username. This will tell you if the problem is related to the end-user's system. Also, once the user downloads a document
successfully can they open and work on it in Word? Also, does the document library have any custom content types associated with it or does it just use 'Document'?
I notice that there are other folks on the web that have run into this same problem and the similarity seems to be that they are either on SharePoint 2007 or have upgraded from 2007. Did this doc library start out as a 2007 library?
What you might want to do is this: Make a site collection from scratch in 2013 (or find one that you know was created in 2013). Choose team site (or whatever you want) for the root web and set up the security the same way you have it on the malfunctioning
library. Now, use windows explorer to copy and paste some of the documents to the new location. Be sure you recreate any needed content types. Now test it from the troubled user's computer.
I'm thinking there may be something that is different about the library since it was migrated through various versions and updates since 2007. I've sometimes found that there can be problems (especially with user profiles but that's a different story) with
things that go through this evolution. -
Please help with Posting Keys For Fast Entry (t.code OBXJ)
Dear experts,
Please help me to be more familiar with configurtation of Enjoy Transactions (t.code OBXJ). I want to configure fast entry transaction and change standard assignement of posting key. But there are no editing options in this transaction, just three transaction keys are predefined and posting keys are assigned to them (those are changable). But where to see what those transaction keys mean? And what could be your proposals, how to configure this IMG step?
Thanks!Hi,
t.code OBXJ is for automatccly postings, normal you never change the standard posting keys.
In the block line items you can select colums you need and place the one's you need to the begin of the screen and in the right top corner of posting line items you can click an save this as (default) variant.
When you want to use an other posting keys you use the option complex posting (F6)
Paul
Maybe you are looking for
-
Hi, While loading delta from 2LIS_11_VAHDR, some of the sales documents are not getting extracted to BW. These records are not present in PSA as well. However if we fill the setup tables for these documents and do a repair full to BW we are able to l
-
I upgraded from 1.5 (the patch) to to 1.6, and now get: Forbidden You don't have permission to access /pls/htmldb/htmldb on this server. What step did I miss? Please advise - Thanks, Karen
-
DAQ Assistant, Analog Signal to Analog Comparison Event for sample clock
I am using a PCI-6071E and DAQmx. I would like to use an analog signal on PFI0 to trigger Analog Comparison Event to be used as the sample clock in DAQ Assistant. Is this possible and if so, how?
-
Updated, now cant vnc/screen share but can ssh
Brand new snow leopard server install. Did some light updating of settings (modified hostname enabled services) and the initial system update to 10.6.4. Restarted and now I CAN SSH to the machine but i CANNOT vnc/screen share to it... it just times o
-
can same one toll wast there work flow with final cut pro and a Canon XHA1