I have an IIS site running in Docker (mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016) that for the first 5 minutes of it running, I get a 403.16 - Forbidden Error. Then, the site works fine. The relevant lines from my setup script are:
# Install and Configure US DoD InstallRoot, IIS ARR and HTTP Tracing
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install installroot -y
choco install iis-arr -y
Set-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' -Filter 'system.webServer/proxy' -Name 'enabled' -Value 'True'
Add-WindowsFeature Web-Http-Tracing
#Create and Configure IIS Site
Remove-Website -Name 'Default Web Site'
$iisTheBridgePath = 'C:\inetpub\the-bridge'
New-Item -ItemType Directory -Force -Path $iisTheBridgePath
New-Website -Name 'TheBridge' -PhysicalPath $iisTheBridgePath
# https://github.com/microsoft/iis-docker/issues/67
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.enabled:True" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.maxLogFiles:50" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.directory:C:\inetpub\logs\FailedReqLogFiles" /commit:apphost
New-WebBinding -Name 'TheBridge' -IPAddress * -Port 443 -Protocol https
$cert = New-SelfSignedCertificate -DnsName 'localhost' -CertStoreLocation cert:\LocalMachine\My
Get-Item "Cert:\LocalMachine\My\$($cert.Thumbprint)" | New-Item 'IIS:\SSLBindings\0.0.0.0!443' # Attach the certificate to the SSL binding
Import-Module IISAdministration
$configSection = Get-IISConfigSection -SectionPath 'system.webServer/security/access' -Location 'TheBridge'
Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue 'Ssl, SslNegotiateCert, SslRequireCert' -ConfigElement $configSection
Any ideas?
Related
I'm trying to connect to my Jetsonnano from Windows 10 via ssh. If i use my Ubuntu Pc everything works fine, but if i use my Windows 10 Laptop I see this Error:
Permission denied, please try again.
After I type in the correct Password.
Thank you all for your Time and Help
Check for the pwsh executable path first:
Get-Command pwsh | select Source
this will give you the path of powershell core path
Get-Command powershell | select Source
this command on the other hand will return the path of earlier version of powershell
i.e. powershell version 5 etc.
I was also having the same issue. After I blindly copied a command from a blog post and executed it:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell
-Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force
I scratched my head for more than 10 hours.
then I did debug run of sshd with this command on Windows 10 host:
sshd -d
and tried to connect from my Linux machine as usual:
ssh james#192.168.1.123
I saw this line in my Windows debug prompt:
User james not allowed because shell c:\\program files\\powershell\\7\\pwsh.exe does not exist
so I executed this command again with modified path to Powershell 7 executable:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell
-Value "C:\Program Files\WindowsApps\Microsoft.PowerShell_7.2.1.0_x64__8wekyb3d8bbwe\pwsh.exe"
-PropertyType String -Force
and it fixed my problem.
Open the terminal
start ssh-agent eval$(ssh-agent -s)
add a key to the ssh-agent (if prompted, enter the password)
ssh-add ~/.ssh/id_rsa
test connection ssh -T git#github.com
Clone the repo git clone git#github.com:antonykidis/Setup-ssh-for-github.git
Enjoy
Important:
Every time you start a new Terminal instance:
You will have to call ssh-agent.
Add RSA key to the ssh-agent.
Loop through these steps every time you close/open the terminal.
Because the terminal “loses” ssh-agent with its keys on every session.
Check this information:
Open C:\Program Files\Git\etc\ssh\ssh_config (if that’s where you installed Git)
Add lines
Host github.com or ubuntu host machine
IdentityFile ~/.ssh/
I'am trying to export certificates from my personal store to c:drive location using certmgr in script
Does someone know what the command is, or can send me to some website. Thanks alot..
CertMgr /s /r CurrentUser my /put cert1.cer /s /r C:\
The following command saves a certificate with the common name myCert in the my system store to a file called newCert.cer. (certmgr command is certmgr.exe instead of certmgr.msc)
certmgr /add /c /n myCert /s my newCert.cer
Please refer to the below link.
https://learn.microsoft.com/en-us/dotnet/framework/tools/certmgr-exe-certificate-manager-tool
Besides, we could refer to the below Powershell cmdlet, which can export a certificate to a file, the difference between these commands is whether the private key and some other extended properties are exported.
https://learn.microsoft.com/en-us/powershell/module/pkiclient/export-certificate?view=win10-ps
https://learn.microsoft.com/en-us/powershell/module/pkiclient/export-pfxcertificate?view=win10-ps
Here is an example of exporting a certificate to a PFX file.
$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path cert:\localMachine\my\5F98EBBFE735CDDAE00E33E0FD69050EF9220254 | Export-PfxCertificate -FilePath C:\mypfx.pfx -Password $mypwd
I'm trying to set up a password free ssh path from a linux server to a windows machine. I currently have MobaSSH running on the windows machine. I can ssh from the linux server to the windows machine fine and execute commands just fine but I have to enter a password.
I create a public RSA key on the linux system and using WinSCP I copied the file over to the C:\Users\MyUserName\.ssh folder and restarted the MobaSSh service on the windows machine.
It still won't let me ssh in without a password. What am I missing here? Any help vastly appreciated.
OpenSSH is available for Windows 10 and has worked very reliably for me. I can consistently connect from a Linux machine without a password. Here is how to set it up.
upgrade to Windows 10 version 1809 or higher
check via: powershell -c "(Get-Item 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion').GetValue('ReleaseID')"; see also systeminfo | findstr /B /C:"OS Name" /C:"OS Version" for Pro vs. Home, build number
upgrade via Windows Update settings or Download Windows 10 (the latter works around an issue where some systems are stuck at 1803)
install SSH client and server (as administrator; source) - in Windows PowerShell:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd # remote login should be possible following this command
Set-Service -Name sshd -StartupType 'Automatic'
Get-NetFirewallRule -Name *ssh* # there should be a firewall rule named "OpenSSH-Server-In-TCP" # optional
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 # optional
enabling public key login for administrators (source) - from Linux command-line:
scp ~/.ssh/id_rsa.pub administrator#remote_computer_name:'C:\ProgramData\ssh\administrators_authorized_keys' # if using an alternate method, ensure file is not UTF-16 encoded
icacls C:\ProgramData\ssh\administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
get-acl C:\ProgramData\ssh\ssh_host_dsa_key | set-acl C:\ProgramData\ssh\administrators_authorized_keys
enabling public key login for non-administrators - in Windows PowerShell:
Install-Module -Force OpenSSHUtils -Scope AllUsers # for: Repair-AuthorizedKeyPermission
cd C:\Users\...
ssh-keygen # create ~/.ssh
# add key(s) to ~/.ssh/authorized_keys
$ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission -FilePath .ssh\authorized_keys
# if above fails, try ''%%Set-ExecutionPolicy Unrestricted -Scope CurrentUser%%''; see also https://github.com/PowerShell/Win32-OpenSSH/issues/1245#issuecomment-440388604
I am using following PowerShell script to enable BitLocker on C drive,
$SecureString = ConvertTo-SecureString "ABC123" -AsPlainText -Force
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -Password $SecureString
And getting the output,
cmdlet Enable-BitLocker at command pipeline position 1
Supply values for the following parameters:
PasswordProtector:
I tried to pass parameters
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 Add-BitLockerKeyProtector -Password $SecureString -RecoveryKeyPath "\fileserver\keys" -RecoveryKeyProtector
but still, it's showing errors.
Can anyone have a running script to enable BitLocker?
Find the solution for my question, script to configure BitLocker with password,
$SecureString = ConvertTo-SecureString "123456789" -AsPlainText -Force
Enable-BitLocker -MountPoint "D:" -EncryptionMethod Aes256 -PasswordProtector -Password $SecureString
I want to deploy war/ear file from command line using wslt command into weblogic server. Will any one help on this issue. I need command to do this issue.
set CLASSPATH=D:\Weblogic\Middleware\wlserver_10.3\server\lib\weblogic.jar
//From remote
java weblogic.Deployer -adminurl t3://localhost:8001 -user weblogic -password password123 -deploy C:\Users\User\Documents\sample\dist\sample.war -remote -upload
//From normal
java weblogic.Deployer -adminurl t3://localhost:8001 -username weblogic -password password123 -deploy -name warfilename -targets AdminServer -source C:\apps\sample.war
by using above stuff it is resolved.
Just wanted to add for deploying artifacts as shared-library you can use the following:
java weblogic.Deployer -adminurl t3://localhost:7001 -username [Your username] -password [Your password] -upload -library -targets AdminServer -deploy -source [path to your war file]
import re
warPath = raw_input('enter warpath:')
appPath = raw_input('enter appname:')
weblogicUrl = raw_input('enter weblogicurl:')
userName = raw_input('enter username:')
password = raw_input('enter password')
connect(userName,password,weblogicUrl)
appList = re.findall(appName, ls('/AppDeployments'))
print(len(appList))
if len(appList) > 0:
undeploy(appName, timeout=60000)
deploy(appName,warPath,targets='AdminServer')
exit()