Im trying to run a mass insertion in Redis instance (5.0.8) with tls enabled
I am running this command
cat import.txt | redis-cli -h <my_host> -p <port> --tls --cert my.crt --key my.key --cacert proxy.pem -a <password> --pipe
Reply I get is below:
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
All data transferred. Waiting for the last reply...
No replies for 30 seconds: exiting.
errors: 1, replies: 0
If I run monitor command from redis-cli it only shows that the above command only authenticates and does not send any more command
Contents of import.txt
*5
$3
SET
$4
KEY1
$27
{"key":"value","foo":"bar"}
$2
EX
$2
60
*5
$3
SET
$4
KEY2
$27
{"key":"value","foo":"bar"}
$2
EX
$2
60
*
The TLS support for redis-cli with --pipe introduced in Redis 6.0.6
Related
Redis monitor cmd is not working with authentication:
Cmd: redis-cli -h <redis_endpoint> -p <port> -n <database> -a <password> monitor
error: (error) ERR wrong number of arguments for 'MONITOR' command
But the same works with Redis without authentication:
redis-cli -h <redis_endpoint> -p 6379 monitor
Can someone help with correct redis-cli monitor cmd that works with database and password.
When no password is set, we can issue for instance;
>> redis-cli keys *
or
>> redis-cli config set requirepass "aaaaaa"
However, after we have have issued the latter, the first no longer works and results in:
>> redis-cli keys *
(error) NOAUTH Authentication required.
We need to authenticate. Sure.
>> redis-cli AUTH aaaaaa
OK
>> redis-cli keys *
(error) NOAUTH Authentication required.
How do we authenticate and then able to execute a command?
Is this not possible? Heredocs only?
I've tried:
>> redis-cli AUTH aaaaaa && config set requirepass "aaaaaa"
But did not work. Also semicolon after aaaaaa. Not work.
How?
You can pass the -a argument for authenticating the redis-cli command like this:
redis-cli -h 127.0.0.1 -p 6379 -a mypassword keys *
The AUTH commands only last for the duration of the tcp connection. Each new invocation of redis-cli creates a new connection, thus you have to authenticate at each invocation.
It is possible to execute several redis commands on one invocation of redis-cli: they must be separated by \n
Thus this would work:
echo -e 'AUTH aaaaaa\nkeys *' | redis-cli
Note: The other answer also provides a way to pass arguments separated by \n to redis-cli
This seems to work:
redis-cli <<- 'EOF'
AUTH aaaaaa
config set requirepass aaaaaa
EOF
The answer from #aureliar is great. I prefer to use environment variables and ( since Redis 6 ) the default user:
▶ echo -e "AUTH default ${REDIS_PASSWORD}\nkeys *" | redis-cli
OK
1) "foo:superkey:13-June-2022"
Using a user instead of a global password is much better as you can restrict the commands and keys of a user. More details here.
In my redis database, I'm trying to delete a series of keys that start with:
EPOCH_vgsOwnedVehs_
I have tried the following:
redis-cli -h 127.0.0.1 -p myport -a mypassword --scan --pattern EPOCH_vgsOwnedVehs_* | xargs redis-cli unlink
and
redis-cli -h 127.0.0.1 -p myport -a mypassword --scan --pattern EPOCH_vgsOwnedVehs_* | xargs redis-cli -h 127.0.0.1 -p myport -a mypassword unlink
But, I get the following error message:
'xargs' is not recognized as an internal or external command, operable program or batch file.
Could anyone help as to why xargs won't work in this case? I see that same syntax above being mentioned quite a few times here and seems to work for others...
EDIT: I forgot to mention that when I run the first half of the line before the pipe, it does return all the keys that match the criteria.
The following should do the work; (added an example print-out)
redis-cli -h 127.0.0.1 -p 6379 -a mypass --scan --pattern EPOCH_vgsOwnedVehs_* | xargs redis-cli -h 127.0.0.1 -p 6379 -a mypass unlink
127.0.0.1:6379> config set requirepass mypass
OK
127.0.0.1:6379> auth mypass
OK
127.0.0.1:6379> set EPOCH_vgsOwnedVehs_a a
OK
127.0.0.1:6379> set EPOCH_vgsOwnedVehs_b a
OK
127.0.0.1:6379> set EPOCH_vgsOwnedVehs_c a
OK
127.0.0.1:6379> set EPOCH_vgsOwnedVehs_d a
OK
127.0.0.1:6379>
redis-cli -h 127.0.0.1 -p 6379 -a mypass --scan --pattern EPOCH_vgsOwnedVehs_* | xargs redis-cli -h 127.0.0.1 -p 6379 -a mypass unlink
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
(integer) 4
127.0.0.1:6379> auth mypass
OK
127.0.0.1:6379> exists EPOCH_vgsOwnedVehs_a
(integer) 0
xargs is a common Linux utility and the message you are seeing indicates you are using Windows. You have a couple of choices here to get this working - you can find a Windows alternative of xargs, use Cygwin, use Powershell, etc.
How to delete keys with pattern having redis-cli password?
Records i needs to remove:
redis-cli -p 6379 -a password KEYS "/st_files/281/*" | wc -l
9
I want to remove the values under /st_files/281/* Which has count 9.
My redis setup has password.
Redis version is 3.2.3
I tried:
redis-cli -p 6379 -a pssword KEYS "/st_files/281/*" | xargs redis-cli DEL
Result is:
(error) NOAUTH Authentication required.
Password i entered is the correct one.
Try:
redis-cli -a pssword KEYS "/st_files/281/*" | xargs redis-cli -a pssword DEL
is there any way to use .ssh/authorized_keys to get the corresponding login user's email when the linux system is connected through id_rsa.pub?
I try to use the content in /var/log/auth.log while I can't find the direct relationship between the records and .ssh/authorized_keys.
Thanks in advance.
May be someone needs it. Next command prints information about the ssh key that was used for a current session. The key is taken from a standard comment block from ~/.ssh/authorized_keys.
For instance, somebody#test.com will be printed for a key that looks this way: cyb5OrLRv0VR6gZev8...KdECf7Q== somebody#test.com
Command:
export CURRENT_SSH_USER=$(grep $(grep $(grep '#'$(who -m | awk '{print $2}') <(ps -ef) | head -1 | awk '{print $3}')']: Accepted publickey for' /var/log/auth.log | head -1 | awk '{print $16}') <(cat ~/.ssh/authorized_keys | xargs -n1 -I% bash -c 'ssh-keygen -l -f /dev/stdin <<<"%"') | tail -1 | awk '{print $3}')
The command above does these steps:
who -m Only hostname and user associated with stdin.
Taking pseudo terminal slave e.g. pts/2 for a current user from the prev. command.
Searching for pts/2 in a list of processes ps -ef and extracting its pid.
Looking for the pid, e.g. 21996 in /var/log/auth.log in lines like this one:
Jul 22 01:50:39 whatever-i-12345 sshd[21996]: Accepted publickey for ubuntu from 10.10.10.10 port 40411 ssh2: RSA SHA256:V4DD10NklAAAAAHNgxaurm1qaq/TOTejNjXMQABABAB. Be sure you have proper logging enabled.
Once fingerprint SHA256:V4DD10NklAAAAAHNgxaurm1qaq/TOTejNjXMQABABAB is found, it matches it with the line from /.ssh/authorized_keys retrieves info about a name from a comment block.
Notes:
Tested only on Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-62-generic x86_64)
The last column of ssh public key is just a comment field and it is not present in the private key used to log in nor in the public key send to the server during the authentication attempt.
The comment in the server authorized keys can be completely different than the comment in the clients public key.
You can find the connection between the keys in authorized_keys and in the logs, but you need to convert the keys to fingerprints first using
ssh-keygen -lf ~/.ssh/authorized_keys