I'm using the Debian image for the BBB from here: Debian (BeagleBone Black - 2GB eMMC) 2014-05-14
This image has the Cloud9 IDE built-in. It works quite nicely for my purposes, but I can't figure out how to add a password. Anyone on the network can go to 11.22.33.44:3000 (not the actual IP address) and the IDE will automatically log them in as "John Doe" (No password requested).
Is there a way to request a user name and password when logging into Cloud9? I'm ok if the browser saves the password, but it should ask at least once.
I just found out the solution.
To set a default username and password:
Open the file /opt/cloud9/build/standalonebuild/configs/standalone.js.
Locate the following code block. (Should be at the top of the file)
if (!optimist.local) {
optimist
.boolean("t")
.describe("t", "Start in test mode")
.describe("k", "Kill tmux server in test mode")
.default("b", false)
.describe("b", "Start the bridge server - to receive commands from the cli")
.default("w", config.workspaceDir)
.describe("w", "Workspace directory")
.alias("p", "port")
.default("port", process.env.PORT || config.port)
.describe("port", "Port")
.alias("d", "debug")
.default("debug", false)
.describe("debug", "Turn debugging on")
.alias("l", "listen")
.default("listen", process.env.IP || config.host)
.describe("listen", "IP address of the server")
.boolean("help")
.describe("workspacetype")
.alias("ws", "workspacetype")
.describe("readonly", "Run in read only mode")
.alias("ro", "readonly")
.describe("packed", "Whether to use the packed version.")
.boolean("packed")
.default("packed", config.packed)
.alias("a", "auth")
.describe("auth", "Basic Auth username:password")
.default("auth", ":")
.describe("collab", "Whether to enable collab.")
.default("collab", config.collab)
// #lennartcl this should be moved
.describe("lb.fileserver", "LogicBlox file server Url")
.default("lb.fileserver", config.logicblox && config.logicblox.fileServerURL);
}
At the line .default("auth", ":"), type in the username and password you'd like to use in the format of username:password, e.g. .default("auth", "user:pass")
You should be all set! Try accessing 11.22.33.44:3000, and there should be a pop-up prompting for username and password.
On a side note, if you wish to change the profile name (the default "John Doe"):
Open the file /opt/cloud9/build/standalonebuild/settings/standalone.js.
Locate the following code block.
user: {
uid: 1,
name: "johndoe",
fullname: "John Doe",
email: "johndoe#example.org",
pubkey: null
},
Change the the value of fullname to the username you want.
Reboot BeagleBone Black and go to 11.22.33.44:3000, and you shall see updated profile name on your Cloud9 IDE.
When starting Cloud9 from the command line (at least with the latest version) you can use the:
-a user:pass
where "user" is the user name it will permit and "pass" is the password for that user. It uses basic web authentication.
Other parameters for Cloud9 are:
-l [ip addresses to accept] Use 0.0.0.0 to accept all IP addresses.
-w path/to/project/to/edit
-p port on which to operate
As for the particular script/service that is used to start Cloud9 in which to tweak the startup parameters, I'm not sure. You might try this information for where to start looking:
https://dcinglis.wordpress.com/2014/09/08/running-a-startup-script-on-a-beaglebone-black/
Related
I'm starting to learn Ansible but the documentation is not too helpful.
I have installed the control machine on RHEL and created the necessary hosts file and windows.yml.
But when trying to connect to the remote Windows server to get a pong back I get the following error:
[root#myd666 ansible_test]# ansible windows -i hosts -m win_ping
hostname | UNREACHABLE! => {
"changed": false,
"msg": "ssl: the specified credentials were rejected by the server",
"unreachable": true
}
After Installing python-kerberos dependencies,
I now get this Error:
hostname | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: KDC reply did not match expectations while getting initial credentials",
"unreachable": true
}
My windows.yml file contains:
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml
ansible_ssh_user: user#MYDOMAIN.NET
ansible_ssh_pass: password
ansible_ssh_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Am I doing anything wrong with the syntax of Domain\user? Maybe I forgot to install something on the Windows machine? I only ran the ConfigureRemotingForAnsible.ps1 script, and Python is not installed there.
This is my krb5.conf file:
[libdefaults]
default_realm = MYDOMAIN.NET
#dns_lookup_realm = true
#dns_lookup_kdc = true
[realms]
MYDOMAIN.NET = {
kdc = dc1.mydomain.net
default_domain = hpeswlab.net
}
[domain_realm]
.mydomain.net = MYDOMAIN.NET
mydomain.net = MYDOMAIN.NET
And I do get a token using Kinit:
kinit -C user#MYDOMAIN.NET
klist
Klist output:
Valid starting Expires Service principal
01/31/2017 11:25:33 01/31/2017 21:25:33 krbtgt/MYDOMAIN.NET#MYDOMAIN.NET
renew until 02/01/2017 11:25:29
In windows.yml, please double-check and ensure that the ansible_ssh_user: user#MYDOMAIN.NET line does indeed have the realm MYDOMAIN.NET in upper case. Somewhere, the realm request to the KDC is being sent in lower case instead of upper case causing the 'KDC reply did not match expectations..' error.
In krb5.conf, case-sensitivity is also important. First I'll note that since the KDC name is the name of an IP host, so it needs to be specified as a fully-qualified host name, like in the example shown below. It assumes your KDC is named "dc1.mydomain.net". Next, the domain name should only be in lower case. On the other hand, Kerberos Realm names need be in upper case - if the realm name is incorrectly specified in lower case in this file that is another reason you may get this error message. Please modify your entire krb5.conf to look like that shown below (changing only "dc1" to the actual name) and it should work. Side note: You do not necessarily need the two dns_lookup_ lines in your krb5.conf, so please comment them out per the below. Those are fallback mechanisms only as per the MIT Kerberos Documentation and may actually cause issues in your simple use case. After modifying either configuration file, make sure to restart the Ansible engine before testing again.
[libdefaults]
default_realm = MYDOMAIN.NET
#dns_lookup_realm = true
#dns_lookup_kdc = true
[realms]
MYDOMAIN.NET = {
kdc = dc1.mydomain.net
default_domain = mydomain.net
}
[domain_realm]
.mydomain.net = MYDOMAIN.NET
mydomain.net = MYDOMAIN.NET
Please refer to this MIT reference for how to properly set up the krb5.conf: Sample krb5.conf File
In the Hosts file, check to ensure your IP to name mappings are correct. Per the RFCs, Kerberos requires a properly functioning DNS, and you are at risk of shortchanging that if your Hosts file has outdated entries in it.
Finally, though I wasn't able to tell which version of Ansible you were using, I did some research and found that "Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port." This could certainly be part of the problem. See: Ansible on Windows Documentation
I was wondering if it is possible to use an asked password for the ssh login, the interaction_handler doesn't seem to work for this task. So far I have:
ask :ip, 'Enter the ip of the server: '
fetch(:ip)
ask :pw, 'Enter user password: ', echo: false
fetch(:pw)
on "user#" + fetch(:ip) do
execute "echo 'Hi.'", interaction_handler: {"user##{fetch(:ip)}'s password" => "#{fetch(:pw)}\n"}
end
On that execute line, it tries to log into the server and the server prompts for the password. How can I supply it with the one stored in :pw?
Answer turned out to be in https://github.com/capistrano/sshkit/blob/master/EXAMPLES.md
host = SSHKit::Host.new('user#example.com')
host.password = "hackme"
on host do |host|
puts capture(:echo, "I don't care about security!")
end
Unfortunately I forgot what my username and password is to login to CouchDB.
Here is a similar question.
I have looked within the local.ini file at C:\Program Files (x86)\Apache Software Foundation\CouchDB\etc\couchdb
password = somepassword
username = password
However I am unable to login through lclhst :5984/_utils/index.html login.
I have also tried the config.dat file at /opt/couchbase/var/lib/couchbase/config/config.dat
Are there other places where the username or password could be? It seems there is a hierarchy of files that take precedence over each other, though I could not find this in the docs.
Thanks
Your server credentials are in the local.ini whose full path can be found using couchdb -c, in the [admins] section, but the password is hashed. It looks like this:
[admins]
username = -pbkdf2-70349775b6e7674de7fd45ff08675550046535c9,f18db0cd9fd933c0c610532e965ef1de,10
If you forgot the password, just replace the hash with your new password and restart CouchDB. It will be rehashed immediately. Example:
[admins]
username = newPassw0rd
relay from: http://silviud.blogspot.com/2012/10/couchbase-recover-web-console-password.html
(Note: top 4 lines only)
/opt/couchbase/bin/erl \
-noinput -eval \
'case file:read_file("/opt/couchbase/var/lib/couchbase/config/config.dat") of {ok, B} -> io:format("~p~n", [binary_to_term(B)]) end.' \
-run init stop | grep cred
I have kinda ssh slave build jenkins setup.
Jenkins server connect to Mac slave thru ssh. build ios apps there. two remote nodes are configured in Jenkins connected to the Mac.
The Mac has dhcp.
Every time my mac starts I want to run a script that tell the Jenkin server to configure the node's IP address pointing to the dhcp address that the mac receives. Since its dhcp it changes always.
Is possible to configure such? using shell script or perl ...
e.g. http://jenkins-server:8080/computer/mac-slave-enterprise/configure
is the node config url. If its possible to setup by sending host=10.1.2.100 & Submit=Save or something like this?
I found it is possible run Groovy script at
http://jenkins/script
or from mac command line or sh script,
$ curl -d "script=<your_script_here>" http://jenkins/script
I tried to get some info with this code but no luck, seems I have create SSLLauncher, but lost in how to grab a launcher things. There is no direct setHost or setLauncher thing.
following the tutorial at,
https://wiki.jenkins-ci.org/display/JENKINS/Display+Information+About+Nodes
but cannot set the host address.
println("node desc launcher = " + aSlave.getComputer().getLauncher());
//println("node desc launcher = " + aSlave.getComputer().getLauncher().setHost("10.11.51.70"));
println("node launcher host = " + aSlave.getComputer().getLauncher().getHost());
hudson.plugins.sshslaves.SSHLauncher ssl = aSlave.getComputer().getLauncher();
int port = ssl.getPort();
String userName, password, privateKey;
userName = ssl.getUsername();
password = ssl.getPassword();
privateKey = ssl.getPrivatekey();
println("user: "+userName + ", pwd: "+password + ", key: "+privateKey);
// all these values returns null.
Another way would be to just delete the node and recreate it.
Here is some groovy on how to delete it from here:
for (aSlave in hudson.model.Hudson.instance.slaves) {
if (aSlave.name == "MySlaveToDelete") {
println('====================');
println('Name: ' + aSlave.name);
println('Shutting down node!!!!');
aSlave.getComputer().setTemporarilyOffline(true,null);
aSlave.getComputer().doDoDelete();
}
And here is how to create one (source):
import jenkins.model.*
import hudson.model.*
import hudson.slaves.*
Jenkins.instance.addNode(new DumbSlave("test-script","test slave description","C:\\Jenkins","1",Node.Mode.NORMAL,"test-slave-label",new JNLPLauncher(),new RetentionStrategy.Always(),new LinkedList()))
I have been doing a lot of research on ssh (openssh) and radius.
What I want to do:
SSH in to equipment with credentials (username and password) stored in either on a radius server or ldap store. I have been reading online and some people point to having an ldap server running in the background of your radius server. This will work, but will only work if the user is found in the local machine.
The problem:
Is there a way for me to ssh (or telnet) in to my equipment by logging in via a radius server that contains the credentials? if not is there a way for the client (the machine I am trying to connect to) get an updated list of credentials and store it locally from a central location (whether it be a radius server or an sql database etc).
I have been able to connect via Radius but only on accounts that are local, but for example if I try to connect with an account that does not exist locally (client-wise) I get "incorrect"
Here is the radius output:
Code:
rad_recv: Access-Request packet from host 192.168.4.1 port 5058, id=219, length=85 User-Name = "klopez"
User-Password = "\010\n\r\177INCORRECT"
NAS-Identifier = "sshd"
NAS-Port = 4033
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "192.168.4.200"
Code:
[ldap] performing user authorization for klopez[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> klopez
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=klopez)
[ldap] expand: dc=lab,dc=local -> dc=lab,dc=local
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=lab,dc=local, with filter (uid=klopez)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Cleartext-Password == "somepass"
[ldap] userPassword -> Password-With-Header == "somepass"
[ldap] looking for reply items in directory...
[ldap] user klopez authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring Password-With-Header
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "? INCORRECT"
[pap] Using clear text password "somepass"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> klopez
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
I also have pam_radius installed, and its working (can log in on a account that exists locally). Although I read this and do not know if this is 100% accurate:
http://freeradius.1045715.n5.nabble.com/SSH-authendication-with-radius-server-fails-if-the-user-does-not-exist-in-radius-client-td2784316.html
and
http://fhf.org/archives/713
tl:dr:
I need to ssh into a machine that does not have a user/pass locally and that combination will be stored remotely, such as a radius server or ldap.
please advise
P.S.
The solution is preferable using radius server or ldap but not necessary. If there is an alternate please advise.
Thanks,
Kevin
You can configure SSH to authenticate directly against an LDAP server using PAM LDAP.
I've set it up myself on Debian Systems:
https://wiki.debian.org/LDAP/PAM
https://wiki.debian.org/LDAP/NSS
You need to have both PAM and NSS to get SSH working. You also need to enable PAM in your SSH configuration. Install the libnss-ldapd libpam-ldapd and nslcd packages on Debian (or Ubuntu) system.