I have downloaded latest Hub (2018.4) and Upsource (2018.2) from jetbrains website.
I have successfully configured both a gentoo machine with https access and Upsource accessing the external Hub.
I have followed the same steps to replicate the installation on Ubuntu 16.04 (with all updates) and have both software start without issues. I am able to access Hub on the configure port (8443) but when i try to access Upsource i get a connection error from browsers (ffox 65, chrome 72, safari) stating SSL_ERROR_NO_CYPHER_OVERLAP
I have analyzed the connection with wireshark and both TLS Client Hello offer the cypher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) but in the case of Upsource there's no Server Hello but a simple Handshake Failure.
In both cases (gentoo and ubuntu) the certificates used are the same for Hub and Upsource and generated as per jetbrains instructions
The only difference i can think of is the distribution but then, why i am able to access Hub but not Upsource?
Related
I'm running Grafana 9.3.6 installed via apt-get on Ubuntu 20.04.5
I have a HiveMQ cloud broker I'm trying to connect to.
Previously I succeeded to connect via mosquitto command line tool and mosquittopp C++ interface. These required me to provide a certificate or certificate path.
I used the .pem file provided by HiveMQ with the command line tool.
I provided the /etc/ssl/certs/ path for the C++ interface (the 1st option did not work out)
Now I'm trying to connect via the Grafana MQTT plugin. I installed it using
grafana-cli plugins install grafana-mqtt-datasource.
When trying to add it in the web gui, I get the following error:
error connecting to MQTT broker: network Error : EOF
I can see some messages going back and forth in Wireshark so I assume the problem is with the certificates.
I tried editing the grafana.ini file without success. It's not completely clear which file/path should I add where and what other options I need to set.
Edit: the grafana.ini file had nothing to do with this.
As #hardillb pointed out, I had to pay attention to the URL scheme. After putting tls:// in front of the broker URL as described in grafana-mqtt-datasource, everything worked.
My SSH configuration for Azure pipeline worked fine until I upgraded ubuntu from Ubuntu20 to Ubuntu 22. Now I get this message:
##[error]Failed to connect to the remote machine. Verify the SSH service connection details. Error: Error: All configured authentication methods failed.
How can I debug this? I can ssh to my server using my ssh key without any issues.
Is there a way for me to know more about the issue and debug it?
Also, there is this announcement on Azure pipeline that says:
Azure DevOps proceeds in rollout of changes to permanently disable communication over TLS 1.0, TLS 1.1 and weak cipher suites of TLS 1.2. If your tools are dependent on legacy TLS for communication with Azure DevOps, please take necessary actions to enable TLS 1.2, as detailed in the blog.
Could this be related?
All help is highly appreciated.
This solution work for me.
key type ssh-rsa not in PubkeyAcceptedAlgorithms
which lead to a solution by adding,
PubkeyAcceptedKeyTypes=+ssh-rsa
in /etc/ssh/sshd_config and restarting sshd.
Seems newer Ubuntu 22.04 has changed default accepted key types and this plugin no longer worked despite SSH command working fine.
I have recently installed an OpenVPN service on my Google Cloud Platform (Debian 10 Server) in order to test connecting to internet on this VPN protocol. The config file that is created by the server, however, fails to connect to internet when I import it in Windows 10 OpenVPN Client that I currently use to connect to internet using other config files. During set up, I installed ufw firewall and chose a password-less user and UDP connection according to a search in Google. Anyways, the config files that I have created this way all fail to connect from Windows returning a "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" as noted in the log.
Does this TLS error mean my Windows client can't reach the server due to some wrong permission/firewall settings on the server side (I have already allowed OpenVPN Client for Windows on my firewall on my Windows client)?
What changes should I make to the OpenVPN set up during installation on the server to make it work? Any suggestions?
Thanks in advance.
My Azure VM (Win 2008 R2 Datacenter) runs IIS 7.5 and hosts a half-dozen Web sites. I obtained and installed a certificate to enable SSL on one site. I tested the certificate with the downloaded SSL Diagnostics tool, and all appears great. The tool sent a sample SSL handshake with perfect results (diagnostic info along with the contents of the tiny test web page).
However, the web page is unobtainable using https://... from a browser on either the server or client. Localhost:443 or the server IP address:443 in a browser on the server also fails. No error messages are received, the browser just waits and waits.
What could it be?
If I use a browser on the server and input https://ip address without 443, I get this error in the browser: ERR_CERT_COMMON_NAME_INVALID. "Your connection is not private. Attackers might be trying to steal your information..." and it shows the info from the certificate, like the issuer etc. What's the deal?
Ugh. I needed to open port 443 in the Azure Portal, in my Network Security Group. Another question on StackOverflow steered me to that solution!
I have a windows 8.1 machine running ubuntu 14.x on a virtualbox. I'm running meteor inside that virtualbox. I've bridged the connection and turned off the firewall on both machines. I'm able to connect to the internet from the virtual box, and I can telnet from the windows host into the ubuntu machine.
I can also connect to meteor apps that are not using the force-ssl package; however, I CANNOT connect to meteor apps that are using force-ssl!
If I run "meteor remove force-ssl" I can connect to the app. Any thoughts? Thanks.
EDIT - by connect to the app, I mean "http://[ip_address_of_guest]:3000/" in a browser on the host machine. I've tried both http and https.
I'm new to Meteor but, from this documentation, it looks to me like you are seeing the intended behaviour ...
"This package, part of Webapp, causes Meteor to redirect insecure
connections (HTTP) to a secure URL (HTTPS). Use this package to ensure
that communication to the server is always encrypted to protect users
from active spoofing attacks.
To simplify development, unencrypted connections from localhost are
always accepted over HTTP.
Application bundles (meteor bundle) do not include an HTTPS server or
certificate. A proxy server that terminates SSL in front of a Meteor
bundle must set the standard x-forwarded-proto header for the
force-ssl package to work.
Applications deployed to meteor.com subdomains with meteor deploy are
automatically served via HTTPS using Meteor's certificate."
This answer clarifies.
I am about to try the Digital Ocean guide, "How To Deploy a Meteor.js Application on Ubuntu 14.04 with Nginx", myself to see if it correctly documents the required set up steps. I'll update with my results.