NSS326 SFTP and SSH Key
Hi,
anyone have idea how to configure SFTP with SSH public/private key (without promt password) for non admin accounts on NAS NSS326 ?
I have tried to generate with Putty and Puttygen a key but works only for admin user. Pls help me.
Thanks
Rudi
Nodoby has a idea about this problem?
Thanks
Rudi
Similar Messages
-
Please add SSH, SFTP and SCP in CMD and File Explorer.
Also, allow us to copy to FTP in File Explorer.
Would be nice to have the SSH credentials managed by Windows Credentials Manager.Even with the RHEL firewall completely disabled, it has the same upper limit. SCP between the Solaris systems, with ipfilter running on both systems and both systems on completely different networks, is not a problem. Between Solaris and RHEL, same network but different subnet, RHEL with no firewall running (only while troubleshooting this, don't panic), still a problem. Using PuTTY SFTP from/to any of the systems is fine, even though on different networks. The mtu on the RHEL was the same as the Solaris systems (1500) - changing values on the RHEL increased the upper limit but still hit a ceiling. Only have one RHEL system so I can't see whether RHEL-RHEL transfers are affected, only those between Solaris, PuTTY on Windows, and the one RHEL system.
-
Hi All,
I have a small doubt regarding Sender sFTP Adapter. This is what we have done to connect with one of Vendor
1. Basis created a SSH key in NWA for Vendor and sent to them.
2. They linked the SSH key with user name and asked me to use the same.
3. We got the firewalls openepd b/w PI and Vendor
4. I provided the same detail in sFTP adapter, but I am not able to connect,
I am getting below error:
Error: Cannot connect to SFTP server. Host=########, port=22, username=#####. Private key store=########, private key alias=piPKCS12. Timeout=300000 msecs. Absolute home directory=.: KeyStoreException in Method: getPrivateKey( KeyStore, String, String ). The requested keystore type is not available in the default provider package or any of the other provider packages that were searched. (Software version: 3.0.14.2)
Please provide your inputs.
Regards,
Sachin DhingraHi,
The first thing you have to do is use the same userid and the pwd and try to connect to the vendor system from your application layer and see if this is connecting or not. If there is a problem in connection then there are few steps that you have to follow. Below are the steps you need to follow:
1. Open the port from your Vendor side as well as open the port from your XI system(there might be two ports)
2. Generate the key of your vendor system and one you started login to the system then it will ask to instal the key , so acept it.
the IS people can help you out over here.
3. Try to push the one dummy file in that location manually using the command in application layer.
4. check the authorization in the target directory and try to provide the proper authorization,, 777 is used for full authorization.
5. use the same useid and the pwd and then try from your xi system processign a dummy file.
hope this helps.
cheers,
jay -
[SOLVED] a problem with gpg-agent and ssh keys
I'm baffled by a strangle problem:
My setup is as follows: I use gpg-agent with --enable-ssh-support, so that my ssh keys are handled by it. All was fine (when I ssh'ed to another machine, a pinentry window popped up, asked for a password, and if I entered the correct one, gpg-agent would decrypt its copy of my private ssh key and use it for identification). But: I needed to change my ssh key, and so I generated a new one. Next, I ssh-add'ed it to gpg-agent (one password to decrypt the private key, then twice another password for gpg-agent). I uploaded the public key to a server. The setup should be complete.
The problem is that when I ssh to a machine, a pinentry window comes up, but it does not accept my password (the one that I entered twice when ssh-add'ing the key). I tried adding with various different passwords (always deleting ~/.gnupg/private-keys-v1.d/*, since 'ssh-add -d ~/.ssh/id_rsa.pub' would not work for some reason - it would not make gpg-agent forget the key), different pinentry programs ( -qt4, -gtk-2, -curses), and still the same problems. Pinentry itself seems to work fine, since if I enter two different things when it asks for a new passphrase for the key, it detects that there's a problem.
So, can anyone help? What could I try (please don't post just to say that I could/should use ssh-agent, or keychain, or anything else. I have used various things, and I like this setup the most. It worked before, and I would like to find out why it stopped working and how to get it back to speed.)
Thanks.
Last edited by bender02 (2010-02-15 09:52:54)Thats a known bug with the new gpg version.
http://lists.gnupg.org/pipermail/gnupg- … 38045.html
You could use an older version of gpg or use a development version. -
Backup CUCM 10.5 via SFTP using ssh-key
Hey guys,
I would like to backup my CUCM 10.5 using SSH pre-shared key. Is it possible?Hi,
the question is not clear. can you give more info ?
normal backup is done through SFTP network location from disaster recovery page
HTH
Anas
don't forget to rate the helpful posts -
Currently I have a headless OS X Client running Crush FTP over SSH (SFTP) for our work SFTP server this is separate from our main OS X G5 server box.
I can't seem to SSH into the SFTP server via the terminal in order to manage it an poke around like I do with our server.
I am about to setup a little OS X server at home and want SFTP access from it, as I can't justify a seperate box, but I also want to be able to SSH into the box from the outside world too.
I am firstly wondering what the issue is with my Crush FTP server as to wether I will experience the same problem at home.
The 2nd question is can OS X run FTP over SSH (SFTP) with the built in server admin tools and if so is it as easy as Crush FTP to manage?
I will be using ACL's so I guess I could restrict access down that way.
Thoughts, comments, suggestions and explanations very much welcome as I can't find much to answer the above.Hi: Port 115 is generally used for SimpleFTP. SecureFTP or FTPS uses port 989 and 990. This might help.
Tony -
Are "Back to My Mac" FTP and SSH services visible to "everyone"?
With the MobileMe "Back to my Mac" service, I can establish SSH terminal and SFTP connections from my Mac Mini at home to my Mac Pro at my work. The SSH (Remote Login) and SFTP (File Sharing) services are enabled under System Preferences --> Sharing.
Does this make the SFTP and SSH services on my Mac visible/accessible to anyone else? I like using "Back to my Mac" because it is simple and it uses key exchange for authentication when connecting. However, I'm concerned that by enabling the SFTP and SSH services under Sharing, I'm also opening these services up to anyone who can see them. Is this true, and if so, how can I maintain the security of my computers?
Thanks in advance,
jjwOK, besides putting me to sleep, the BTMM description seems to indicate that it is your MobileMe password that is important when making BTMM connections through a home NAT router.
BTMM does open a port through the router, but if I understand correctly, it does not listen for ssh, or vnc, or afp protocols, but rather for the BTMM IPsec secure tunnel to be established, and then all the BTMM supported servers travel over the IPsec secure tunnel. NOTE: the paper was putting me to sleep, so I could have this wrong.
Kerberos is used for authentication of the IPsec tunnel.
What I'm thinking is that if your Mac stays behind a home NAT router, or corporate firewall (that allows BTMM to work), then the important password is your MobileMe password. If the Mac goes out in public, then all your Mac OS X user account (and guest) passwords need to be strong (where longer is better).
A GRC Shields-UP probe will not check all possible ports. If BTMM is running and all the standard ports are marked as stealth, then BTMM is using a non-standard port (as in one GRC does not check by default). That makes it more difficult for someone to find your NAT router and then your Mac. While this is NOT security, it does add some difficulty to the intruder's attempts at finding you.
AGAIN, I did not fully understand the BTMM paper, so "Your Mileage May Vary" with respect to my analysis acccuracy. -
Hi there,
I am looking for step by step instrcutions on how to configure SFTP Codeplex adapter for both receive and send ports.
Out business partner with whom we push/poll the files from wants us to use SSH encryption/decryption etc.
Just wondering if the following functionality is supported in Codeplex SFTP adatper without having to write any code.
Appreciate if there is manaul to do this for SFTP. BTW I do have all the our public and private keys and business partners Public key for configuring.
For Send port: 1. we would need to encrypt the file with our business partners public key
2. sign the file with our private key.
3. Send the file through to SSH client which eventually transfers to Remote server.
Receive port: 1. Connect to SSH Server with SSH-2 key and receive the file
2. Verify the file's digital signature agaisnt the Business partners PGP public key
3. Decrypt the file using our PGP Public key
Thanks in advanceYes it is supported.
You can find its documentation in this link
You can find section X.509 Certificate Identity Keys
You can set public and private key in property SSH Identity thumbprint of send and receive port
I prefer to test it using client tool like
FileZilla or WinSCP then test it using sftp adapter
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer -
Tabulation and arrow keys don�t work through ssh
Hi!
I just got a solaris 10 on a v240. But I loggin through SSH, tabulation key and arroy keys don� t work. It � s quite nasty because I cannot just repeat a command for example, I�ve to type it allover again. I� m quite surprised because I have an old solaris where it does work without problem. Should I change something in the configuration?
ThanksIs your shell one that you want?
csh and sh don't support autocompletion or arrow histories. you'd need tcsh or bash or something.
Darren -
Java API that implements the SSH, SFTP and Telnet protocols
Hi,
I'm looking for a Java API that implements the SSH, SFTP and Telnet protocols. Does anyone have a suggestion?
Any Suggestions are really appreciated ?
Thanks,
AvinI believe SSH and telnet are used for interactive command line sessions, don't know how you want to use them in a program.
-
Setup advice for rsync, ssh keys and launchd - all for remote webserver backup
Hi There,
This is the first time I'm doing this and I have limited command line experience but I need to setup a automatic backup of our webservers.
rsync
I have 4x rsync commands that work when run from the command line manually - here is an example, they just pull files from a few directories:
sudo rsync -avzO -e ssh [email protected]:/backups/ /Volumes/ServerVolume/webserver-backups/DEV/mysql/
I had issues with writing the files locally when running the above so had to do it as root and also add -O (-avzO). But because I need to run these automaticlly, I'm worried that running them as root will require a password - is that correct?
Also, while I've setup ssh keys, I feel unsure this has been done correctly - how do I test this properly?
launchd
While I've set up cron jobs on the webserver (a mysql dump) I don't have any experience with launchd and feel a bit out of my depth after reading the pages here:
http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystem Startup/Chapters/ScheduledJobs.html
http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystem Startup/Chapters/CreatingLaunchdJobs.html#//apple_ref/doc/uid/TP40001762-104142
http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/ man8/launchd.8.html#//apple_ref/doc/man/8/launchd
I'm guessing I need to:
Somehow make the rsync command a file that wil execute in Terminal - do I just put it in a file and give it a .sh extension?
Create a launchd Property List File that will run the script at certain times
Somehow register the Property List File with launchd so it runs
Or maybe I should just use Automator and iCal?
I did try getting automator to run the rsync commands in terminal from iCal (I just pasted the commands straight in and set automator to pass them as arguments) but it doesn't seem to launch terminal so if there are errors, I can't see what they are. Because they started though, I think my SSH keys are setup.
Maybe it would just be better to figure out what is wrong with rsync commands and the permissions and just make these all run unattented from iCal?
Any help or suggestions would be much appreciated.
Cheers
BenHi There,
This is the first time I'm doing this and I have limited command line experience but I need to setup a automatic backup of our webservers.
rsync
I have 4x rsync commands that work when run from the command line manually - here is an example, they just pull files from a few directories:
sudo rsync -avzO -e ssh [email protected]:/backups/ /Volumes/ServerVolume/webserver-backups/DEV/mysql/
I had issues with writing the files locally when running the above so had to do it as root and also add -O (-avzO). But because I need to run these automaticlly, I'm worried that running them as root will require a password - is that correct?
Also, while I've setup ssh keys, I feel unsure this has been done correctly - how do I test this properly?
launchd
While I've set up cron jobs on the webserver (a mysql dump) I don't have any experience with launchd and feel a bit out of my depth after reading the pages here:
http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystem Startup/Chapters/ScheduledJobs.html
http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystem Startup/Chapters/CreatingLaunchdJobs.html#//apple_ref/doc/uid/TP40001762-104142
http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/ man8/launchd.8.html#//apple_ref/doc/man/8/launchd
I'm guessing I need to:
Somehow make the rsync command a file that wil execute in Terminal - do I just put it in a file and give it a .sh extension?
Create a launchd Property List File that will run the script at certain times
Somehow register the Property List File with launchd so it runs
Or maybe I should just use Automator and iCal?
I did try getting automator to run the rsync commands in terminal from iCal (I just pasted the commands straight in and set automator to pass them as arguments) but it doesn't seem to launch terminal so if there are errors, I can't see what they are. Because they started though, I think my SSH keys are setup.
Maybe it would just be better to figure out what is wrong with rsync commands and the permissions and just make these all run unattented from iCal?
Any help or suggestions would be much appreciated.
Cheers
Ben -
Ssh keys and gnupg keys from wiki instructions...
following first the gnupg instructions and then ssh keys I've managed to get several instances of gpg-agent running.
[root@frylock ~]# ps aux | grep agent
root 2764 0.0 0.0 4208 432 ? Ss 11:15 0:00 ssh-agent
xtian 2785 0.0 0.1 3500 972 ? Ss 11:18 0:00
gpg-agent -s --enable-ssh-support --daemon
--write-env-file /home/frylock/xtian/.gnupg/gpg-agent.env
root 2958 0.0 0.0 3168 688 ? Ss 11:39 0:00
gpg-agent -s --enable-ssh-support --daemon
--write-env-file /root/.gnupg/gpg-agent.env
root 3036 0.0 0.0 4740 392 ? Ss 11:43 0:00 gpg-agent --daemon
root 3186 0.0 0.0 4740 388 ? Ss 11:53 0:00 gpg-agent --daemon
root 3299 0.0 0.0 4740 388 ? Ss 11:58 0:00 gpg-agent --daemon
root 3549 0.0 0.0 4740 392 ? Ss 12:54 0:00 gpg-agent --daemon
This I can resolve by going back over the instructions--a fifth time. But what I don't understand, why my user account owner of a running process when I'm only logged in one tty as root?
//EDIT: Clarify the login scenario
// EDIT: the code block is cutting off line
Last edited by xtian (2013-09-07 14:20:00)xtian wrote:
cfr wrote:For example, I don't include the code in ~/.xinitrc or in /etc/profile.d precisely because I'm starting the agent somewhere else.
That's just it. I'm not starting it somewhere else. According to the wiki, its being called from .xinitrc and that's where the call is made to the script in profile.d, I think. Unless the script in /etc/profile.d is starting the script automatically?? I don't know.
Yes. The script you have in /etc/profile.d will start it automatically. I have a similar script in /etc/kde/env and that is all I use. I don't need anything in ~/.xinitrc (or kde's autostart stuff or whatever). At least, this is true provided those scripts are sourced. What you definitely do not want is the line you currently have in ~/.xinitrc which does not check to see if an instance of gpg-agent is already running.
This is what I use:
$ cat /etc/kde/env/gpg-agent-startup.sh
#!/bin/sh
# see https://wiki.archlinux.org/index.php/SSH_Keys
GPG_AGENT=/usr/bin/gpg-agent
## Run gpg-agent only if not already running, and available
if [ -x "${GPG_AGENT}" ] ; then
# check validity of GPG_SOCKET (in case of session crash)
GPG_AGENT_INFO_FILE=${HOME}/.gpg-agent-info
if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
GPG_AGENT_PID=`cat ${GPG_AGENT_INFO_FILE} | grep GPG_AGENT_INFO | cut -f2 -d:`
GPG_PID_NAME=`cat /proc/${GPG_AGENT_PID}/comm`
if [ ! "x${GPG_PID_NAME}" = "xgpg-agent" ]; then
rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
else
GPG_SOCKET=`cat "${GPG_AGENT_INFO_FILE}" | grep GPG_AGENT_INFO | cut -f1 -d: | cut -f2 -d=`
if ! test -S "${GPG_SOCKET}" -a -O "${GPG_SOCKET}" ; then
rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
fi
fi
unset GPG_AGENT_PID GPG_SOCKET GPG_PID_NAME SSH_AUTH_SOCK
fi
if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
eval "$(cat "${GPG_AGENT_INFO_FILE}")"
eval "$(cut -d= -f 1 "${GPG_AGENT_INFO_FILE}" | xargs echo export)"
export GPG_TTY=$(tty)
else
eval "$(${GPG_AGENT} -s --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-qt4 --write-env-file)"
fi
fi
In any case, your script should check for the environment file and only start an instance of the agent if it doesn't exist.
I'ts not my script. I'm not up on BASH scripts. This one is from the wiki page. Isn't this script checking just that in this IF clause:
if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
eval "$(cat "$envfile")"
Yes. But the line you have in ~/.xinitrc does NOT check this. It just starts an instance of gpg-agent as a daemon. -
How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]
I'm using a select few KDE programs (not the DE) such as Kontact (and with that KMail, Korganizer, Kaddressbook...) and Kwallet. I've got a GPG and an SSH key which I need in Git to sign commits and push. I'd like to have Kwallet manage ALL of these passwords/passphrases, (e-mail, SSH, GPG) and only be prompted for a password to unlock my wallet once per session - or better yet, have the wallet unlocked by logging in (like the keychain in OS X). I'm currently using SLiM (systemd, slim.service) as the login manager. I had a glance at this tutorial for inspiration but to no success...
This is my ~/.xinitrc:
#!/bin/sh
if [ -d /etc/X11/xinit/xinitrc.d ]; then
for f in /etc/X11/xinit/xinitrc.d/*; do
[ -x "$f" ] && . "$f"
done
unset f
fi
# Hide mouse cursor when idle
unclutter -idle 4 &
# Background image
hsetroot -fill $HOME/img/08.jpg &
# Window manager
xmonad
This is my ~/.zprofile (failed attempt, fake GPG-key name)
#!/bin/sh
# Load keychain to handle ssh and gpg keys
export SSH_ASKPASS=/usr/bin/ksshaskpass
eval `keychain --eval id_rsa 1234ABCD`
$HOME/.keychain/`hostname`-sh
$HOME/.keychain/`hostname`-sh-gpg
This is my ~/.gnupg/gpg.conf (commented lines not included)
no-greeting
require-cross-certification
charset utf-8
keyserver hkp://keys.gnupg.net
Last edited by totte (2012-10-25 10:49:52)No success so far, really, need more ideas.
Neither of /etc/kde/env/{gpg,ssh}-agent-startup.sh seem to be run by anything automatically on my system upon boot and logging in. I tried going back to the beginning and I got GPG working alright, when signing a commit I was automatically authenticated. SSH however still prompts me by CLI to enter my passphrase when I try to git-push or ssh into a server. I set an empty password for the wallet to have it "unlocked by logging in". I thought setting "export SSH_ASKPASS='/usr/bin/ksshaskpass'" in ~/.zprofile would have it prompt for the password in some manner of Qt window related to Kwallet, but apparently it doesn't. In top both ssh-agent and gpg-agent are displayed as running - but if I run gpg-agent in Konsole I get the output "gpg-agent: no gpg-agent running in this session", ssh-agent on the other hand outputs "SSH_AUTH_SOCK=/tmp/ssh-noaDS3C4AP8M/agent.1830; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1831; export SSH_AGENT_PID;
echo Agent pid 1831;".
Here's my ~/.zprofile, ~/.xinitrc, ~/.gnupg/gpg.conf, ~/.gnupg/gpg-agent.conf and ~/.zshrc (probably irrelevant but included anyway):
~/.zprofile
export EDITOR='vim'
export GIT_EDITOR='vim -fg'
export GPG_TTY=$(tty)
export GREP_COLOR='1;34'
export GREP_OPTIONS='--color=auto'
export LANG='en_GB.UTF-8'
export PAGER='less'
export PINENTRY='/usr/bin/pinentry-kwallet'
export SSH_ASKPASS='/usr/bin/ksshaskpass'
export VISUAL='vim'
~/.xinitrc
#!/bin/sh
if [ -d /etc/X11/xinit/xinitrc.d ]; then
for f in /etc/X11/xinit/xinitrc.d/*; do
[ -x "$f" ] && . "$f"
done
unset f
fi
# Kwallet
kwalletd &
# Keychain (SSH & GPG)
eval `keychain --eval id_rsa 1234ABCD` &
# Hide mouse cursor when idle
unclutter -idle 4 &
# Background image
hsetroot -fill $HOME/img/08.jpg &
# Akonadi
akonadictl start &
# Music Player Daemon
mpd &
# Window manager
xmonad
~/.gnupg/gpg.conf
no-greeting
require-cross-certification
charset utf-8
keyserver hkp://keys.gnupg.net
use-agent
~/.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-kwallet
no-grab
~/.zshrc (probably irrelevant)
# PATH
# System executables
PATH0="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin"
# My executables
PATH1="$HOME/bin"
export PATH="$PATH0:$PATH1"
# COLOURS
autoload colors; colors;
eval "`dircolors -b ~/.dircolorsrc`"
# GENERAL
HISTFILE=$HOME/.zsh_history
HISTSIZE=10000
SAVEHIST=10000
setopt append_history
setopt extended_history
setopt hist_expire_dups_first
setopt hist_ignore_dups
setopt hist_ignore_space
setopt hist_verify
setopt inc_append_history
setopt share_history
setopt prompt_subst
setopt correctall
setopt auto_menu
setopt complete_in_word
setopt always_to_end
setopt extendedglob
# ALIASES
alias rezsh='. ~/.zshrc'
alias _='sudo '
alias l='ls -lh --color'
alias la='ls -lAh --color'
alias -- -='cd -'
alias ..='cd ..'
alias df='df -h'
alias g='git'
alias tmux='tmux attach'
alias cp='cp -v'
alias mv='mv -v'
alias rm='rm -v'
alias rmdir='rmdir -v'
alias d='dirs -v'
bu(){cp -v $1 ${1}.backup}
cmds(){history | awk '{print $2}' | sort | uniq -c | sort -rn | head}
md(){mkdir -p $1; cd $1}
# OS-specific aliases
if [[ $(uname) == "Darwin" ]]; then
# Mac OS X
alias pkgs='port search' # Search
alias pkgi='sudo port install' # Install
alias pkgu='sudo port selfupdate && sudo port upgrade outdated' # Update & Upgrade
alias pkgr='sudo port uninstall --follow-dependencies' # Remove package and unused dependencies
alias pkgl='port installed' # List installed packages
alias python='/usr/local/bin/python3'
alias pip='pip-3.2'
alias pips='pip-3.2 search'
alias pipi='pip-3.2 install'
alias pipu='pip-3.2 install -U'
alias pipr='pip-3.2 uninstall'
alias pipl='pip-3.2 freeze'
alias v='mvim'
elif [[ $(uname) == "Linux" ]]; then
alias pips='pip search'
alias pipi='pip install'
alias pipu='pip install -U'
alias pipr='pip uninstall'
alias pipl='pip freeze'
alias v='vim'
case $(lsb_release -d | cut -f2 | cut -d " " -f1) in
(Arch) # Arch Linux
alias equa='alsamixer -D equal'
alias pkgs='pacman -Ss' # Search
alias pkgi='sudo pacman -S' # Install
alias pkgu='sudo pacman -Syu' # Update & Upgrade
alias pkgr='sudo pacman -Rns' # Remove package, configuration backups and unused dependencies
alias pkgl='pacman -Q' # List installed packages
alias pkgd='whoneeds' # List packages depending on specified package
alias poweroff='sudo systemctl poweroff'
alias reboot='sudo systemctl reboot'
alias nw='wicd-curses'
(Debian|Ubuntu) # Debian and Ubuntu
alias pkgs='aptitude search' # Search
alias pkgi='sudo aptitude install' # Install
alias pkgu='sudo aptitude update && sudo aptitude upgrade' # Update & Upgrade
alias pkgr='sudo aptitude purge' # Remove package, configuration files and unused dependencies
alias pkgl='aptitude search -F "%p" "~i"' # List installed packages
alias reboot='sudo shutdown -r now'
alias shutdown='sudo shutdown -h now'
esac
fi
# Host-specific aliases
if [[ ${HOST:r} == "betre" ]]; then
alias poff='sudo /sbin/write-magic 0xdeadbeef && sudo /sbin/reboot'
fi
# TAB COMPLETION
autoload compinit
compinit
# Case-insensitive (all),partial-word and then substring completion
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
zstyle ':completion:*:*:*:*:*' menu select
zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
cdpath=(.)
# Use /etc/hosts and known_hosts for hostname completion
[ -r /etc/ssh/ssh_known_hosts ] && _global_ssh_hosts=(${${${${(f)"$(</etc/ssh/ssh_known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
[ -r ~/.ssh/known_hosts ] && _ssh_hosts=(${${${${(f)"$(<$HOME/.ssh/known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
[ -r /etc/hosts ] && : ${(A)_etc_hosts:=${(s: :)${(ps:\t:)${${(f)~~"$(</etc/hosts)"}%%\#*}##[:blank:]#[^[:blank:]]#}}} || _etc_hosts=()
hosts=(
"$_global_ssh_hosts[@]"
"$_ssh_hosts[@]"
"$_etc_hosts[@]"
`hostname`
localhost
zstyle ':completion:*:hosts' hosts $hosts
# KEYBINDINGS
bindkey '^[[A' history-beginning-search-backward
bindkey '^[[B' history-beginning-search-forward
bindkey "^[[H" beginning-of-line
bindkey "^[[1~" beginning-of-line
bindkey "^[OH" beginning-of-line
bindkey "^[[F" end-of-line
bindkey "^[[4~" end-of-line
bindkey "^[OF" end-of-line
# Make the delete key (or Fn + Delete on the Mac) work instead of outputting a ~
bindkey '^?' backward-delete-char
bindkey "^[[3~" delete-char
bindkey "^[3;5~" delete-char
bindkey "\e[3~" delete-char
# TITLES
tmux_title="%16<..<%~%<<"
term_tab_title="%m"
term_title="Terminal"
function title(){
if [[ "$TERM" == screen* ]]; then
print -Pn "\ek$tmux_title:q\e\\"
elif [[ $TERM == rxvt* ]] || [[ "$TERM_PROGRAM" == "iTerm.app" ]]; then
print -Pn "\e]2;$term_title:q\a"
print -Pn "\e]1;$term_tab_title:q\a"
fi
function title_precmd(){
title $tmux_title $term_tab_title $term_title
function title_preexec(){
emulate -L zsh
setopt extended_glob
local tmux_title=${1[(wr)^(*=*|sudo|ssh|-*)]}
title $tmux_title $term_tab_title $term_title
# ZSH VCS_INFO MODULE
autoload -Uz vcs_info
#zstyle ':vcs_info:*+*:*' debug true
zstyle ':vcs_info:*' enable git
zstyle ':vcs_info:git*' formats '%fon $(rou)%b%f%c%u%m'
zstyle ':vcs_info:git*' actionformats '%fon $(rou)%b%f:$(rou)%a%f%c%u%m'
zstyle ':vcs_info:git*:*' stagedstr ' (staged)'
zstyle ':vcs_info:git*:*' unstagedstr ' (unstaged)'
zstyle ':vcs_info:git*:*' get-revision true
zstyle ':vcs_info:git*:*' check-for-changes true
zstyle ':vcs_info:git*+set-message:*' hooks git-stash git-untracked
# Display count of stashed changes
function +vi-git-stash(){
local -a stashes
if [[ -s ${hook_com[base]}/.git/refs/stash ]] ; then
stashes=$(git stash list 2>/dev/null | wc -l)
if [[ $stashes > 1 ]] ; then
hook_com[misc]+=" (${stashes} stashes)"
else
hook_com[misc]+=" (${stashes} stash)"
fi
fi
# Display message if untracked files are present
function +vi-git-untracked(){
if [[ $(git rev-parse --is-inside-work-tree 2> /dev/null) == 'true' ]] && \
git status --porcelain | grep '??' &> /dev/null ; then
hook_com[unstaged]+=" (untracked files present)"
fi
function prompt_precmd(){
vcs_info
# PROMPT
# Root or user?
function rou(){
if [[ $UID -eq 0 ]] ; then
echo "%{$fg[magenta]%}"
else
echo "%{$fg[blue]%}"
fi
# Display ± if we're in a git repository and » at all other times
function prompt_character(){
git branch >/dev/null 2>/dev/null && echo '%{$fg[white]%}±%{$reset_color%}' && return
echo '%{$fg[white]%}»%{$reset_color%}'
# Set the prompt
function set_prompt(){
PROMPT="$(rou)%n %{$reset_color%}at $(rou)%m %{$reset_color%}in $(rou)%~ ${vcs_info_msg_0_}
%{$reset_color%}$(prompt_character) "
# HOOKS
autoload -U add-zsh-hook
add-zsh-hook preexec title_preexec
add-zsh-hook precmd title_precmd
add-zsh-hook precmd prompt_precmd
add-zsh-hook precmd set_prompt -
DS 6.3 ssh key and password expiration warnings
I suspect this may be more of an ssh issue than a DS issue, but has anyone managed a configuration that will give users logging in with ssh keys, password expiration or reset warnings?
In my setup, using compat mode in nsswitch.conf, native ldap logins work as expected for users entering their password. - That is, they are forced to change the password after an admin reset, receive "your password will expire" warnings, based on the expiration period set in DS (password policies in DS 6 mode, migrated from DS 5.2), etc.
If a user has an ssh authorized_key entry, they can login without a password, as long as their password is not expired, or been reset by an admin. They are never shown the warning messages, but are allowed to connect, and then immediately logged off, if their password has expired, passed the number of grace logins, or been reset.
The user can only login if they start from a different username and bypass the ssh key check.
Hope this makes sense.After running various debug modes, I'm beginning to believe that the Directory Server may only issue the warning messages if a password has been typed, and validated in the directory. Since no password is enered when using an ssh key, the warnings aren't triggered.
-
Remote login via ssh and public keys
I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
1) How do I disable logins via user/password?
2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
ssh [email protected]
whereas john can be anyname or your choosing.
Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
2) According to that MacOS X Hints article:
"Leopard has now a built-in support for SSH authentication with public keys.
OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
I have not used this functionality as I don't use any passwords for ssh logins.
They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
I am sure this is the case.
Maybe you are looking for
-
IDOC to File, variable substitution on outbound message XML tag attributes
My scenario is IDOC to FILE using XSL mappings.The target format is 2 XML tags (header, line) with the data stored in the attributes of each tag. EG. <header attr1=one attr2=two attr3=three><line attr1=one attr2=two /></header> The name of the file i
-
Large document management question
I've worked with InDesign since it came out, and have pretty much left Word behind for anything other than simple word processing. I've used the Book feature many times to co-ordinate and synchronize long documents, and find it extremely helpful. How
-
Fetch Data through Caml Query using textboxes as parameters
Hi All, *I am very new to SharePoint and working on SharePoint dev.I have task to get the list items based on 2 conditions and I am passing parameters as texboxes to get the data dynamically . *I had written the below code(Code 1) for whi
-
Curious how to track stuff in Motion 3
I was just wondering how would I track a picture to a movie object? I know this is a broad statement but I can't figure it out. Thanks!
-
Fundamnental question on jdbc sender adapter
Hi , I have a scneario like DB System ³ JDBC Adapter ³ XI -³ RFC Adapter ³ SAP R/3 --³ True ³ response thru same RFC adapter ³ XI BPM will call JDBC Apdapter with Update statement