Generating crypto keys for SSH support
Hi,
I'm having no problems getting SSH to work using the CLI crypto key command but I've noticed one thing. The crypto key command does not show up in the config...is it hidden somehow? The reason I ask is when I take an AP(1121 in this case) right out of the box and copy an existing config into it (where this config had the RSA keys already config'd)....it works with SSH? How do the keys get generated on this new AP when there is no crypto key command in the config I just loaded into it?
.....thanks.........J
you need to use a K9 image that supports crypto features
For ssh dont copy and paste the config.
Create a domain name and generate a key.
Similar Messages
-
Solution Manager can't generate installation key for Netweaver 2004s
I am trying to generate installation key for a new installation of
Netweaver 2004s or 7.0 and the Solution Manager only display SAP ECC
5.0 or 6.0 in the field production version, when i am trying do create
a new system landscape. My Solution Manager is 4.0 release and support
package 10. The keys generated by ECC 5.0 or 6.0 doesn't work.That is because SAP has not released an ECC 7.0
NW2004s is also refered to as 7.0. It appears that you are confusing this with ECC 5.0 and ECC 6.0
A NW2004s installation can contain an ECC5.0 or ECC 6.0, just like it can contain a CRM 5.0 or SRM, or EP, et cetera
The generated keys probably do not work because you have wrong hostname or instance number entered. -
Exact Steps to Generate Installation keys for other systems In SolMgr4.0
Hi friends,
Please provide me exact Steps to Generate Installation keys for other systems In SolMgr 4.0 SR1.
I have steps to make this thing in solmgr 3.2 as please change as it in solmgr4.0 sr1
txn SMSY
Expand Landscape components -> Systems
Right click on Systems ->New System
Type SAPID, & Installation No. (S44 , 0040099252) & sAVE
Expand Newly Added system
Right Click & Create
Now we can use the key provided by the system.
Please make required changes as applicable in solmgr4.0 So that I can proceed.
Also clear vat is the difference between ECC & ERP as solmgr4.0 mention both as two systems.
Thanks & regards
Jaswant
+91 9949676055
Cheers 'N' JoyceHi Jaswant,
to generate a Solution Manager Key you can process a little bit easier.
Call transaction SMSY, press shift+F5 (you get the "other objects" popup).
As System enter the SID of your Solution Manager.
->select gen.Installation/Upgrade Key (shiftctrlF10))
then you get a new popup. In this popup you DELETE all values, enter SID of the new system, the message server of the new system and the system number of the new system. Then press generate key.
With this procedure you do not have to add the system to SMSY to generate the key.
Later you should add it to SMSY, maybe you have added an SLD to SMSY then the system will be added automatically. If not you have to add it manually.
Second question ERP <> ECC
Good question, ECC is part (a main instance) of ERP, so it is up to you if you classify your system as an ERP or ECC.
Regards,
Udo Lang -
Using Solution Manager 7.0 to Generate Solution Key for SAP Netweaver 7.3 ?
Hi, SDN Gurus.
We are running Solution Manager 7.0.
I am trying to generate solution key for SAP Netweaver 7.3 system. When I was creating a new system (in TCode SMSY); I only see Newtweaver 7.1 is the latest version available in the SAP Netweaver product version drop down list.
Is that true that I always need to upgrade the latest/compatible version (SP & patches) of SAP Solution Manager to generate solution key for the latest released of SAP products?
If this is the case, what version of SAP Solution Manager I need to create new system and generate solution key for SAP Netweaver 7.3?
Thanks for advices,
KCHi,
Please follow the note [Note 1274430 - Installation of Solution Manager 7.0 Stack 18 and higher|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1274430]
and the discussions here [Direct Upgrade from Solution Manager SP16 to SP26|Direct Upgrade from Solution Manager SP16 to SP26]
Thanks,
Jansi -
ASA 8.4+ RSA Public Key for SSH user authentication
I have seen in the configuration guide and a separate post in the support community that RSA Public Key authentication is support for SSH sessions in 8.4 and after. I have tried implementing this on both an 8.4 ASA and a 9.1 ASA and I get the same error on both. I have tried specifying SSH version 2 to see if that is the issue but I still get the error. Is there a step I am missing?
Here is the output of the configuration commands:
ciscoasa(config)#username test nopassword privilege 15
ciscoasa(config)#username test attributes
ciscoasa(config-username)# ssh authentication publickey
^
ERROR: % Invalid Hostname
The links referenced above:
https://supportforums.cisco.com/thread/2150480
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_aaa.html#wp1053558
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/aaa_servers.html#wp1176050
Thanks!That would be great if the resolution was that simple. I am using a public key I generated using the putty key generator. Below is the key I would use if I got that far. However I get an error on the "ssh authentication publickey" attribute so I never get the chance to enter a public key. What code version and hardware version are you running that this worked on?
AAAAB3NzaC1yc2EAAAABJQAAAIEA2h00RCKBbpbrTWSe/3TYAvRpkJz7tLwQDCf9
4fDJUWUGrmxXHeomuBhNGZh7tyfFjRL2CKY6nWmFyKN/eDm0PF4IWhhCArzOPVDu
q7Nu2y/pD8wWH8dH4a3zRpkLSekNJtH6lzuqmY0zqz9TnZlpS6g4LI1a+lOGSmhU
/HySw9s=
ciscoasa(config)#username test nopassword privilege 15
ciscoasa(config)#username test attributes
ciscoasa(config-username)#ssh ?
configure mode commands/options:
Hostname or A.B.C.D The IP address of the host and/or network authorized to
login to the system
X:X:X:X::X/<0-128> IPv6 address/prefix authorized to login to the system
scopy Secure Copy mode
timeout Configure ssh idle timeout
version Specify protocol version to be supported
exec mode commands/options:
disconnect Specify SSH session id to be disconnected after this keyword
ciscoasa(config-username)# ssh
ciscoasa(config-username)# sh ver | in Ver
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(1)52
ciscoasa(config-username)# -
How to Generate a key (for SecretKeySpec) out of a string literal.
Hi,
I have a string literal representation of a HEX value key which I use to send encrypted data from C++ to Java (on Sockets).
I haven't managed to convert the string representation to a value that I can use with SecretKeySpec() constructor to create a working AES 128b key.
The last attempt was this:
String strKey = new String("E5E6E7E9EA392A2B2D256489012145E5");
byte[] byteKey = new BigInteger(strKey,16).toByteArray();
SecretKey skey = new SecretKeySpec(byteKey, "AES");It didn't work because the byte array was of size 17 byte. (java.security.InvalidKeyException: Invalid AES key length: 17 bytes)
Is there an obvious straight forward way to this which I'm missing? (How would you transfer a key in HEX representation?)
Thank you.Because of the way negative BigIntegers are represented, when the high-order bit of the high-order byte of a positive BigInteger is 1, the toByteArray() emits an "extra" high order byte of zero hence your length of 17. Another problem is that, if your Hex string happens to begin "00X..." where X is less than 8, then toByteArray() will not emit the superflous leading zero byte and the size will be 15 or less.
java.math.BigInteger b = new java.math.BigInteger("ECBA1127878", 16);
byte [] keyBytes = new byte[16];
byte [] bigBytes = b.toByteArray();
System.arraycopy(bigBytes, 0, keyBytes, 0, Math.min(keyBytes.length, bigBytes.length));as an example is only a 4 lines of code. -
Central location for ssh authorized public keys?
Hi guys,
I have been studying how to use ssh, but this has been bothering me and I will really appreciate any help.
When you generate public keys for users, they go to the ~/.ssh/authorized_keys . If you as root, want to take control of all users public keys, say you want to have a central location for all public keys. You want sshd to read all keys from a different location rather than ~/.ssh/authorized_keys.
How will you go about doing this?
Thanks for your help this.
ArreyYou're welcome and enjoy your 'practice' ;-)
however, I forgot to mention that if you modify the /etc/ssh/sshd_config file, you should restart the sshd daemon.
$0.01: Restart the SSH daemon FROM ANOTHER SHELL to keep an active/running shell on the system, to recover, just in case.
$0.02: I suggest a two-steps approach to be sure that the sshd daemon is correctly restarted and the new ssh session is not picking up a thread that hasn't properly re-read the configuration
# svcadm disable ssh; sleep 5; svcadm enable ssh
HTH,
Marco -
How can I generate SSL Keys from a Oracle 9iAS server version 1.0.2.2.0
How can I generate SSL Keys for use on Oracle 9iAS server
version 1.0.2.2.0. I have tried using the open_ssl method but
was unsuccessful.<?xml version="1.0" encoding="UTF-8" ?>
<nodes>
<node>
<category_id>3</category_id>
<parent_id>2</parent_id>
<name>Mobile</name>
<is_active>1</is_active>
<position>1</position>
<level>2</level>
<children>
<node name="Nokia" category_id="6" parent_id="3" is_active="1" position="1" level="3">
<node name="Nokia N79" category_id="7" parent_id="3" is_active="1" position="2" level="3" />
<node name="Nokia N95" category_id="7" parent_id="3" is_active="1" position="2" level="3" />
<node name="Nokia N97" category_id="7" parent_id="3" is_active="1" position="2" level="3" />
</node>
<node name="Samsung" category_id="7" parent_id="3" is_active="1" position="2" level="3">
</node>
</children>
</node>
<node>
<category_id>4</category_id>
<parent_id>2</parent_id>
<name>Laptop</name>
<is_active>1</is_active>
<position>2</position>
<level>2</level>
<children></children>
</node>
<node>
<category_id>5</category_id>
<parent_id>2</parent_id>
<name>Monitor</name>
<is_active>1</is_active>
<position>3</position>
<level>2</level>
<children></children>
</node>
<node>
<category_id>8</category_id>
<parent_id>2</parent_id>
<name>Camera</name>
<is_active>1</is_active>
<position>4</position>
<level>2</level>
<children></children>
</node>
</nodes>
Is this correct format to create dynamic menu? -
Installing CRM question and SOLMAN Generate Required Key
Hi everyone,
I have been trying to install the sap crm 5.0 , but there is a section where the installer asks for some Solutions Manager Key that i need to generate on the SAP SOLMAN. The thing is that i dont have any sap solman running.
I have been reading several posts where basically its says that is a req. that sap established for the crm systems.
Anyways, i have 2 questions.
1. Installing the SAP SOLMAN is just the same process as installing r/3 or crm, that i need to update the OS, install the dbms (upgrade it and patch it), get the kernel, export, installation master cd's and well follow the inst guide?
Or there is something else i need to have, like an r/3 system running ?
2. It's possible if i give to you guys the SAP SID, Instance Number, Hostname, of the crm environment i want to install, that somebody with solman generates the key for me?
Thanx in advance.> 1. Installing the SAP SOLMAN is just the same process
> as installing r/3 or crm, that i need to update the
> OS, install the dbms (upgrade it and patch it), get
> the kernel, export, installation master cd's and well
> follow the inst guide?
> Or there is something else i need to have, like an
> r/3 system running ?
SolMan is a complete separate system with separate database, combined ABAP + Java instance, so to say an "R/3 system running" (to speak with your words).
>
> 2. It's possible if i give to you guys the SAP SID,
> Instance Number, Hostname, of the crm environment i
> want to install, that somebody with solman generates
> the key for me?
that is possible - but you won't be able to get patches and updates after April 2nd of this year, SolMan and Maintenance Optimizer is mandatory till then.
Markus -
Hi,
I want generated md5 key for a set of file which contains a lot of data.
Big file implies long computation time... so, how can I improving this ?
For now, I have a really simple algorithms :
public byte[] createMD5(File file) throws NoSuchAlgorithmException, IOException {
InputStream fis = new FileInputStream(file);
byte[] buffer = new byte[1024];
MessageDigest complete = MessageDigest.getInstance("SHA");
int numRead;
do {
numRead = fis.read(buffer);
if (numRead > 0) {
complete.update(buffer, 0, numRead);
} while (numRead != -1);
fis.close();
return complete.digest();
}I have no found benchmark about algorithm SHA, MD5 ...
Thanks you,
Edited by: phpvik on May 20, 2009 1:19 PMphpvik wrote:
sabre150 wrote:
phpvik wrote:
sabre150 wrote:
What speed are you looking for?I expect 4Go (10.000 files) in 10 min I can do 5,600 files totalling 4,3 GBytes in 48 seconds.Ok, that's good .. Do you have any piece of code ?Yep. Plenty.
>
>>
(I'm working with cluster).I'm not sure I understand the relevance. If you mean that you have N machines working on the problem then you should be able to do it in 1/N th the time.I've just want to say that I can distributed MD5 encrypt thread over computing farm.
My algorithms have to be safe because my java application will be loaded in 64bits JVM (Linux, Windows, Mac..).I definitely do not understand this since one jar will work on 32 or 64 bit Linux, Windows, Mac and uncle tom cobbley and
and allMy bytes code have to be compliant. I'm not sure that MD5 algorithm don't take care of OS architecture. But I'm okay with you : compile one time, use everywhere...I don't understand. Compliant with what? What in the MD5 specification makes it OS architecture dependent?
>
>
>>>
Did MD5 encryption work fine ?Of course. What makes you think the Java MD5 is wrong or in any way inferior to other MD5 ?No, but I remembers someone who say that MD5's implementation can be wrong.. But I trust in Java !Then ask the 'someone' for information about the faulty implementation. -
1809: An error has occured while generating a seccion key for encryption
Hi
I am trying to perform a remote control operation using Console One
1.3.6c, but evry thime getting the following error message
"1809: An error has occured while generating a seccion key for
encryption." I had looked for it in Novell site & found that the fix is
to upgrade to ZDF 6.5 SP1, but I am looking for a diffrent work around
for it. Please let me know is there any work around for this problem.
Regard
Kallol
kallolkallol,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
GPG-AGENT "ignoring" pinentry program? wrong pinentry app for ssh-keys
Hi!
I am using gpg-agent to handle my gpg keys and wanted it to handle my ssh keys too, since it is running anyway.
it works perfectly fine with gpg keys, my pinentry program is pinentry-qt4 , upon request that window pops up for me to enter my passphrase.
as window manager i use awesome wm.
however, when i try to use my ssh key, e.g. for github, no pinentry program pops up and in xterm it looks like:
[me@mybox dotfiles]$ git push origin master
it seems that is is waiting for my passphrase input but it isnt asking for it. neither does it accept it.
when i quit my WM, i see that it executed the pinentry program directly in my tty1, to which i do not have access while running my WM.
my gpg-agent.conf:
me@mybox ~/.gnupg> cat gpg-agent.conf
default-cache-ttl 300
max-cache-ttl 7200
pinentry-program /usr/bin/pinentry-qt4
how do i get gpg-agent to respect my pinentry choice for my ssh keys as well?
thanks for your time !I use this
$ cat /etc/kde/env/gpg-agent-startup.sh
#!/bin/sh
# see https://wiki.archlinux.org/index.php/SSH_Keys
GPG_AGENT=/usr/bin/gpg-agent
## Run gpg-agent only if not already running, and available
if [ -x "${GPG_AGENT}" ] ; then
# check validity of GPG_SOCKET (in case of session crash)
GPG_AGENT_INFO_FILE=${HOME}/.gpg-agent-info
if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
GPG_AGENT_PID=`cat ${GPG_AGENT_INFO_FILE} | grep GPG_AGENT_INFO | cut -f2 -d:`
GPG_PID_NAME=`cat /proc/${GPG_AGENT_PID}/comm`
if [ ! "x${GPG_PID_NAME}" = "xgpg-agent" ]; then
rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
else
GPG_SOCKET=`cat "${GPG_AGENT_INFO_FILE}" | grep GPG_AGENT_INFO | cut -f1 -d: | cut -f2 -d=`
if ! test -S "${GPG_SOCKET}" -a -O "${GPG_SOCKET}" ; then
rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
fi
fi
unset GPG_AGENT_PID GPG_SOCKET GPG_PID_NAME SSH_AUTH_SOCK
fi
if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
eval "$(cat "${GPG_AGENT_INFO_FILE}")"
eval "$(cut -d= -f 1 "${GPG_AGENT_INFO_FILE}" | xargs echo export)"
export GPG_TTY=$(tty)
else
eval "$(${GPG_AGENT} -s --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-qt4 --write-env-file)"
fi
fi
I think I could probably use the /etc/profile.d location but when I first set it up, kde was already running gpg-agent so I adapted its file. Later, I uninstalled the thing which does that in kde and just kept my own customised version.
Are you sure that your xinitrc isn't starting a second gpg-agent? -
4507R+E with "k9" type IOS cannot use "crypto key generate rsa" command
Hi all,
We just upgraded the IOS on our SUP7L-E supervisor in a 4507R+E from a non-k9 (crypto) image to a k9 (crypto) image so we could use SSH to manage it. The specific image we are using is: cat4500e-universalk9.SPA.03.04.04.SG.151-2.SG4.bin. We also have a pair of 2960CG-8TS-L's that are running on: c2960c405ex-universalk9-mz.152-2.E.bin. We have given the devices new hostnames and specified a domain according to instructions.
Our problem seems to be that we cannot use the "crypto key generate rsa" command to generate the keys we need to use SSH. We use this command all the time on our other 2960 and 4510 switches with no problems. We can issue other "crypto" commands but just cant generate the keys. Has anyone else experienced/fixed this problem? <!--break-->Switch#crypto key generate rsa modulus ?
<360-4096> size of the key modulus [360-4096]
I am running IOS version 3.5.3E and I can regenerate the key using the command "crypto key generate rsa modulus" command. -
Any easy way to generate unique primary key for database table?
I'm currently playing with the J2EE reference implementation from Sun which comes with the IBM Cloudscape database. This Cloudscape database supports the use of an AutoIncrement field.
First question: Can I use CMP and assume that the database will generate a proper key for me? Anyone tried it out successfully before?
Also, based on what I've heard so far, it seems that generating database primary key is not really well-supported by J2EE using CMP in that a lot of J2EE developers have to resort to workarounds like using a session bean, JDBC and (1) some seed numbers for ID implanted in the database itself (as in the J2EE tutorial DukesBankApp example) or (2) using the SQL MAX aggregation command + 1. Usign seed number is contradictory to good database design and using MAX is dangerous for heavy traffic application if 2 beans try to insert themselves into the database at the same time (synchronizarion problem).
Anyway I find it dumb that we still have to go back to JDBC and SQL which was the reason why the concept Entity Bean was introduced; to make database persistence transparent! Now it seems that J2EE makes it worse and more troublesome than before.
Second Question: Is there any easy (hopefully transparent/automatic) way of generating primary key ID?if you want to rely on your container or database then go hard, will probably be faster.
to make a cross container/db soln I used a CMP Entity bean called Sequence with one field for uid
I use one instance and increment the field each time.
To do the logic, I have a utils class with static method, no need for session bean overhead
I reckon this approach is OK considering all things -
I tried installing UFT 12.5 version. While launching UFT, it was asking me to generate License Key file. In the License portal->Activation->Certificates tab, when I put Locking ID and searched, it was throwing "No activation certificates were found for the search criteria you entered. Please search again." error message. Please help.
I am not able to post any queries in this site: http://h30499.www3.hp.com/t5/Functional-Testing-QTP-Support/tkb-p/sws-Fun_TEST_SF%40tkb Please help.
Maybe you are looking for
-
How to set waveform chart to start data since beginning of run
Solved! Go to Solution. Attachments: TCs.vi 106 KB
-
PLD layout template cannot change or modify layout contents..
Dear Experts, I have duplicated a PLD layout template, but then when I wish to change either a picture or texts in the template, I was not able to save the template thereafter. On a closer look at the DB, I realized the RDOC.CanChange field is set to
-
How do I make the answer boxes not print out solid black?
Does anyone know how to change the settings on the Form so that the boxes do not print out solid black?
-
Frm-92101 when try to run the test form
dear all, i have just install OAS 10g rel 2 on windows 2003 server when i try to call http://apps10 - where apps10 is the server name - welocme sreen get ok when i try to access a test form http://apps10/forms/frmservlet?form=test.fmx i got frm error
-
I am about to give up iphone because of IOS8
I have an iPhone 5, and it was fine until I updated to iOS 8... now the screen freezes about every 10 minutes, no matter what app I'm using (or even on the home screen) specially when the phone is ringing although i am not using any ringtone, i stil