I have some issue running VM Ware Workstation Player 12 on Ubuntu 16.04 LTS.
first I Download and install "VMware-Player-12.1.1-3770994.x86_64.bundle" using this command :
chmod +x ./VMware-Player-version/build_number.bundle
gksudo bash ./VMware-Player-version/build_number.bundle
the installation finished successfully but when i tried to Create a Windows 7 Virtual Machine i got these errors :
Could not open /dev/vmmon: No such file or directory. Please make
sure that the kernel module `vmmon' is loaded.
Failed to initialize monitor device.
and after i run this command :
vmware-modconfig --console --install-all
just figured out some of the services failed running :
Starting VMware services:
Virtual machine monitor
failed
Virtual machine communication interface
done
VM communication interface socket family
done
Blocking file system
done
Virtual ethernet
failed
VMware Authentication Daemon
done
Unable to start services
how can i fix these issue. thanks
I Found the Answer,
it's all about Secure Boot that should be disabled while creating new virtual machines in VMWare Player or Oracle VirtualBOX.
Alternatively, you could also sign the drivers with your own key and keep the Secure Boot.
You can find a description of how to do it here https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146460.
The required steps are the following:
Generate a key pair:
$openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VMware/"
sign the modules:
$sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmmon)
$sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmnet)
import the key to your MOK (Module owned Key) and select a password (you will to need this password on reboot, so it will be enrolled.
$mokutil --import MOK.der
reboot - this will automatically start the "key enrollment" and will ask for the prior selected password
Note, that this will only be required doing once! The key you have created will be trusted, so make sure, you properly secure the key (it could be a security risk, as anything could be signed with this key and would be trusted by the system).
You could e.g. add a password for the key like this:
openssl rsa -des3 -in MOK.priv -out MOK.priv
Removing the password is also very easy:
openssl rsa -in MOK.priv -out MOK.priv
I myself have always problems with the loading of the vmmon module (I think it is not working after any system update).
If anyone has suggestions what this problem may cause, it would be appreciated!
For now, I just redo the signing procedure (e.g. just signing the modules with the key), and then manually load the required modules:
sudo modprobe vmnet
sudo modprobe vmmon
Signing the driver modules should also work for Virtualbox, here is a description: http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux-2016-update/
Try disabling UEFI secure boot on Ubuntu. To disable secure boot, go to BIOS(by pressing F2 key), go to secure boot option and disable it.
After that run the following command:
sudo vmware-modconfig --console --install-all
This fixed the issue for me.
Related
Is there a PAM module that can authenticate a user with an SSH challenge-response?
I'm trying to write a PAM aware application that essentially has the same authentication process as an SSH connection. I have been unable to find a PAM module that already does this (the pam_ssh module is still password-based), so I have been attempting to write my own.
However, I cannot find an API that will allow me to access SSH in this way. Even with a PAM module for sshd, there doesn't seem to be a clean way of verifying an SSH public key.
To be more explicit, if I am given an SSH public key for a given user on a machine (consider localhost for simplicity), I want to send a challenge to that user on that machine to test if they own that SSH key. Does anyone know a way of doing this?
Thank you!
You could encrypt some random data using the public key, send it to the user, and assert that they are able to decrypt it with the private key. If you're using RSA keys, you can perform the encryption/decryption with OpenSSL. For example,
# server
$ ssh-keygen -e -m PKCS8 -f ~/.ssh/id_rsa.pub >pub.pem
$ openssl rsautl -pubin -inkey pub.pem -encrypt -pkcs -in random -out encrypted
# client
$ openssl rsautl -inkey ~/.ssh/id_rsa -decrypt -in encrypted -out random
and verify that the client is able to reply with the correct contents of random.
These commands are inspired by jass, which you could use instead of ssh-keygen+openssl.
Unfortunately, this doesn't work with Ed25519 keys; OpenSSH has its own custom format and doesn't have a way to convert them.
I just started to learn programming and tried to install SSL on my site.
I used a 90-day free trial SSL from Comodo and it worked well.
I purchased a new SSL from Comodo and generated CSR on the server (on my putty terminal)
My site is a Wordpress run by Bitnami and AWS.
Error message is that my site name is mismatched.
https://www.ssllabs.com/ssltest/analyze.html?d=www.cheeselab.co.kr#whyNotTrusted
How could I solve this problem? I tried to re-install it from the scratch but I don't know what I have to do.
Below codes are what I did
sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 204
sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
sudo nano /opt/bitnami/apache2/conf/cert.csr
sudo nano /opt/bitnami/apache2/conf/cert2.crt
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
renamed the file from server.crt to cert2.crt
(above codes worked well)
sudo /opt/bitnami/ctlscript.sh restart apache
but error message with above code as below
Invalid command 'sudo', perhaps misspelled or defined by a module not included in the server configuration apache config test fails, aborting Monitored apache
I have set up a docker registry using harbor.
I have copied the appropriate certificates in /usr/share/local/ca-certificates and run sudo update-ca-certificates with success. (indicated the number of newly certs added).
When trying to login to the specific registry:
ubuntu#master1:/home/vagrant$ docker login my.registry.url
Username: pkaramol
Password:
Error response from daemon: Get https://my.registry.url/v2/: x509: certificate signed by unknown authority
However the following test succeeds:
openssl s_client -connect my.registry.url:443 -CApath /etc/ssl/certs/
...coming back with a lot of verbose output, the certificate itself and ending in :
Verify return code: 0 (ok)
curl also succeeds to the above https link (it fails when the site is not trusted).
Any suggestions?
If you read the documentation
Use self-signed certificates
Warning: Using this along with basic authentication requires to also trust the certificate into the OS cert store for some versions of docker (see below)
This is more secure than the insecure registry solution.
Generate your own certificate:
$ mkdir -p certs
$ openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
Be sure to use the name myregistrydomain.com as a CN.
Use the result to start your registry with TLS enabled.
Instruct every Docker daemon to trust that certificate. The way to do this depends on your OS.
Linux: Copy the domain.crt file to /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt on every Docker host. You do not need to restart Docker.
See below link for more details
https://docs.docker.com/registry/insecure/#use-self-signed-certificates
I'm going to install SSL using OpenSSL on WAMPServer. The processes which I've been through are as follows:
I have installed apache, configured it and activated ssl module,
Added a new system variable OPENSSL_CONF:
Variable name: OPENSSL_CONF
Variable value: A:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf
Restarted windows and made sure I saw the following line among the environment variables using command-line set | more command:
OPENSSL_CONF=A:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf
Installed openSSL1.01Light(x64) on A:\OpenSSL and in its bin folder I have generated a key using command line command:
openssl req -new > webserver.csr
(Note that openSSL installation directory by default ain't have webserver.csr and I had to copy it from A:\wamp\bin\apache\apache2.4.9\bin directory)
The command ran and prompted me to enter a PEM pass phrase and verify it. I entered a pass phrase and verified it.
I entered information that would be incorporated into my certificate request.
I ran the following command:
openssl rsa -in privkey.pem -out webserver.key
I was prompted for the pass phrase from the previous step. The RSA key was written and the file webserver.key was then available in the folder.
Now I was going to covert the certificate into a signed one using the following command:
openssl x509 -in webserver.csr -out webserver.cert -req -signkey webserver.key -days 365
I got stock in this level that error occured with the following message:
5336:error:0906D06C:PEM routiness:PEM read bin:no start line:.\crypto\pem\pem_lib.c:703:Expecting: CERTIFICATE REQUEST
error in x509
How do I overcome this issue? Any idea? Thanks...
Hello I want to learn more about WampServer an HTTPS.
I have this website.
But if i give the command:
openssl genrsa -des3 -out server.key 1024
it will give me an error called:
he ordinal 3807 could not be located in the dynamic link libary
LIBEAY32.dll
I have Look on my directory:
wamp\bin\apache\Apache2.4.4\bin
there was a file called libeay.dll.
What coud be the problem?
The openssl executable that is distributed with Apache for Windows and therefore WAMPServer does not seem to work very well. I have never had the time to work out exactly why!
My solution was to download OpenSSL from Shining Light Products They are linked to from the Openssl Binaries page so I assume it is a stable and unhacked distribution of a windows binary etc that does the job for windows users.