Could you, please, let me know if it is possible to connect to a password protected KDB instance with capability?
I seem to be able to either connect with capability to a KDB instance without password protection or to connect without capability to a password protected KDB instance, but I can not do both.
Here is what I do:
Create file users.txt with the following content user:202cb962ac59075b964b07152d234b70 (the hash corresponds to password 123: echo -n '123' | md5sum)
Start KDB server q -p 11111 -u users.txt
Attempt to connect to the server from another KDB instance:
q)h: hopen `$(":localhost:11111:user:123"); / works
q)h: hopen `$(":localhost:11111:user:123\\6");
'access
[0] h: hopen `$(":localhost:11111:user:123\\6");
^
On the other hand, if the server is started without password protection (q -p 11111), then connecting to it with capability works fine:
q)h: hopen `$(":localhost:11111:user:123\\6"); / works
q)h: hopen `$(":localhost:11111::\\6"); / works
How can I do both, i.e. have a password protected KDB server and be able to connect to it with a capability?
Thank you very much for your help!
Related
I Cannot connect to AWS rds Postgresql using master password and username but pgAdmin connection with the certificate works perfectly.
My website, when it tries to connect to the database, says:
net::ERR_CONNECTION_TIMED_OUT
I ssh into my ec2 instance of the Elastic Beanstalk and it gives me the following error when I am trying to connect to the rds:
psql: error: FATAL: PAM authentication failed for user "user"
FATAL: pg_hba.conf rejects connection for host "111.11.1.11", user "user", database "database", SSL off
The command I use to connect is this:
psql --host=rds_endpoint --port=5432 --username=user --password --dbname=database
I changed the master password and still, it does not work.
Again, If I use pgAdming with ssl certificate and that token that it generates, the connection is successful and I have full access to the database.
Also, the command
nc -zv rds_endpoint 5432
gives the successfull result:
Ncat: Connected to 111.11.11.11:5432.
The master username is and password does not contain any special character.
Master username: user
I have had this issue when the password contained special characters. I need to escape them in the connection URL used in psql
Percent-encoding may be used to include symbols with special meaning in any of the URI parts, e.g., replace = with %3D.
https://www.postgresql.org/docs/11/libpq-connect.html#id-1.7.3.8.3.6
I have a large number of devices around 300
I have different creds to them
SSH CREDS, API CREDS
So as I cannot manually SSH to all those devices and check the creds are working or not
I am thinking of writing a script and pass the device IP's to the script and which gives me as yes as a result if the SSH creds are working and NO if not working.
I am new to all this stuff! details will be appreciated!
I will run this script on a server from where I can ssh to all the devices.
Your question isn't clear as to what sort of credentials you use for connecting to each host: do all hosts have the same connection method, for instance?
Let's assume that you use ssh's authorised keys method to log in to each host (i.e. you have a public key on each host within the ~/.ssh/authorized_keys file). You can run ssh with a do nothing command against each host and look at the exit code to see if the connection was successful.
HOST=1.2.3.4
ssh -i /path/to/my/private.key user#${HOST} true > /dev/null 2>&1
if [ $? -ne 0]; then echo "Error, could not connect to ${HOST}"; fi
Now it's just a case of wrapping this in some form of loop where you cycle through each host (and choose the right key for each host, perhaps you could name each private key after the name or IP address of the target host). The script will go out all those hosts for which a connection was not possible. Note that this script assumes that true is available on the target host, otherwise you could use ls or similar. We pipe all output to /dev/null/ as we're only interested in the ability to connect.
EDIT IN RESPONSE TO OP CLARIFICATION:
I'd strongly recommend not using username/password for login, as the username and password will likely be held in your script somewhere, or even in your shell history, if you run the command from the command line. If you must do this, then you could use expect or sshpass, as detailed here: https://srvfail.com/how-to-provide-ssh-password-inside-a-script-or-oneliner/
The ssh command shown does not spawn a shell, it literally logs in to the remote server, executes the command true (or ls, etc), then exits. You can use the return code ($? in bash) to check whether the command executed correctly. My example shows it printing out an error message for non-zero return codes, but to print out YES on successful connection, you could do this:
if [ $? -eq 0]; then echo "${HOST}: YES"; fi
I am trying to SSH into the server as part of the deployment job in CircleCI
ssh -oStrictHostKeyChecking=no $DEV_DROPLET_USER#$DEV_DROPLET_IP
I have my SSH private key for the user on this server loaded into CircleCI but everytime I run the job, I get this output
Warning: Permanently added '$host' (ECDSA) to the list of known hosts.
<$user>#<$host>'s password:
How can I stop it prompting me for the password?
I have added the SSH key for this user to the SSH Agent on the server (these instructions)
For a passwordless ssh connection, you must:
put the private ssh key into a file in the directory $HOME/.ssh/ on the client computer connecting to the server (example : $HOME/.ssh/MyServer)
copy the public ssh key into the file $HOME/.ssh/authorized_keys on the server
have writing permission on the file $HOME/.ssh/known_hosts on the client computer
The sshd service is normally already configured to accept key based authentication.
From the client computer, you can now do a passwordless connection ssh -i $HOME/.ssh/MyServer $DEV_DROPLET_USER#$DEV_DROPLET_IP
Of course, on the client computer your $DEV_DROPLET_USER must have appropriate permissions for accessing the ssh related files.
You don’t need to do anything with the ssh agent, on the client or on the server.
Late reply, but I hope it helps somebody else in the future.
Assuming you followed these instructions in the CircleCI docs, then the private key will automatically be copied to the machine being used by CircleCI when the add_ssh_keys step is run.
Make sure one the server you are trying to SSH into, the public key generated (in ~/.ssh/id_rsa.pub or something similar) is copied to the ~/.ssh/authorized_hosts file on the same server. This crucial step is what allows anybody with the private key (CircleCI) to be allowed into the server.
This is the first time I'm doing this. I generated a key on my Mac and I have id_dsa, id_dsa.pub. I imported public key into my cPanel. After reading a few tutorials and blogs I'm still lost. How can I connect to my server from this point?
To connect, you would do this: ssh -l yourusername the.server.address from Terminal.
For instance, your username is kira, and your server is my.server.net:
ssh -l kira my.server.net
You will be prompted for your password, and the you're in (provided you enter a correct password of course)
It will be helpful if somebody could tell me how to connect to a unix server using username and password as arguments.my username and password is "anitha".
How can i create a shell script which automatically connect to my unix server with this username and password?
I guess you want to remotely connect to your *nix server from network. Base on my guess, to:
connect to remote *nix server, everybody is using SSH
ssh anitha#anitha ip-to-unix-server
automatically connect, write simple bash shell wrap around your ssh connect command and do something, not suggested, you should use ssh password less login (aka public/private key)
#!/usr/bin/env bash
ip=172.16.0.1 #replace 172.16.0.1 with your unix server's ip
username=anitha #your ssh username
password=anitha #your ssh password
command=who #what do you want to do with remote server
arguments= #arguments for your command
expect -c 'spawn ssh $username#$ip ; expect password ; send "$password\n" ; interact'
connect without typing password, you may need to use SSH password less login
Use sshpass if you really need to use non-interactive keyboard-interactive authentication (pun intended) or better switch to using pubkey-based authentication.
Note that passing the password in clear to the ssh client is very lame as the password gets exposed in the publicly-readable process list where it can be read by anyone. sshpass works around this problem by creating a pseudo-terminal and communicating with the ssh client using it, so at least the password is not exposed at runtime.
Step 1:
jsmith#local-host$ [Note: You are on local-host here]
jsmith#local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith#local-host
Step 2:
From Local-host, run this One liner for password less ssh connectivity.
cat ~/.ssh/id_dsa.pub | ssh useronanotherserver#anotherservername 'cat >> ~/.ssh/authorized_keys'
You should use expect, which is an extension of tcl that was made specifically for automating login tasks.
Basic ssh login question: could not able to spawn(ssh) using expect
How to interact with the server programattically after you have established the session: Expect Script to Send Different String Outputs