I want to change a password on a remote UNIX server by a java program without user interaction. I had no problem doing this with JSch in my test environment using ChannelShell - this works perfectly. But the production target system doesn't allow to run the shell, so I have to do this using ChannelExec providing the passwords (old and new) by streams to the terminal.
Does anyone have a sample code for changing the password without user interaction using ChannelExec?
By the way, the target system has a special command for changing the password, not the usual passwd command - so I suppose, that I won't have the usual options (like --stdin) for this command, too.
Thanks, Robert
Related
I am a QA automation engineer and in the web app I test there's a feature that creates Active Directory users.
My tools are - Selenium (Java), RemoteWebDriver, Selenium Grid (Docker)
I was trying to find ways to validate this process and came to a stop - this field (AD) is new
to me and I need to find a way to make sure the user was created and can be logged into in the
network.
I was trying to find a way to do this and came up with 2 options, where the first one is the least
preferred way:
Make a request (API? 3rd side tool?) to get the relevant user(s).
The issue:
A user created and registered in the AD doesn't necessarily mean that the client can log into it (at least by the way I understood how AD works), and so it loses the most important consequence of the feature.
Use a VM, get the AD user information (username + password: possible) and try to log into the VM using those details.
The issue:
I haven't came across a tool that does it, the closest thing is Robot class or WinAppDriver.
WinAppDriver seems like the best solution as of now although I don't know how to make the login process work since it's the process starts before the desktop is open and I don't know how to locate the username and password field, so I figured using Robot class seems like the simplest solution, if it works on a VM that is, which as of now doesn't seem like it does.
So, before advancing on learning how to use WinAppDriver with my current automation, I'd like and appreciate your opinions about the matter or if you have simpler solutions.
Thank you very much for reading!
• We can check whether a user is created successfully or not and if that user can log in to the AD domain or not by executing a script as below. It is a powershell script that auto logs in through remote desktop protocol in the other domain joined VM from an Azure domain joined VM that checks whether the recently created user can login or not.
Powershell script : -
cmdkey /list | ForEach-Object{if($_ -like "*target=TERMSRV/*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}
echo "Connecting to 192.168.1.100"
$Server="192.168.1.100"
$User="Administrator"
$Password="AdminPassword"
cmdkey /generic:TERMSRV/$Server /user:$User /pass:$Password
mstsc /v:$Server
• In the above script, replace the ‘$user’ value by the user principal name of the newly created user, i.e., ‘$User=”testdemo#example.com”’ and the ‘$Password’ value by the password set for that user. Also, ensure that you replace and enter the correct IP address of the domain controller/AD server. Also, ensure that before executing the above powershell script, execute the below commands in an elevated (administrator privileges) powershell console.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Lastly, please ensure that while creating the user, the option ‘User must change password at next logon’, ‘Account is Disabled’, ‘Password never expires’ and ‘User cannot change password’ are unchecked and not selected.
• Also, you can use the below command line script for logging in to the domain joined Azure VM through RDP protocol. In the below command, replace the ‘username’ and ‘password’ with the username and password of the user created recently to log in to the Azure VM with this command line script. Also, replace the ‘TERMSRC’ with the hostname of the server system or the domain joined VM where the specified UNC path is located and replace the ‘some_unc_path’ with the actual path UNC path of the shared directory folder. Please execute the below command through elevated (administrator privileges) command prompt.
Command script: -
c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nolog -command cmdkey /generic:TERMSRC/some_unc_path /user:username /pass:pa$$word; mstsc /v:some_unc_path
I'm using Spring application and stack is like: Java 11, Spring Boot 2.2.1.RELEASE.
(technology versions may vary here)
When I try to connect to the database via Data Source using Intellij IDEA, I get always the issue like:
The specified database user/password combination is rejected:
[28P01] FATAL: password authentication failded for user 'postgres'
How can I fix it?
To be noticed: this answer is similar, but not related to:
Unable to connect from Intellij to mySql running in docker container - "specified database user/password combination is rejected"
To fix it:
you need to check your application.properties file and change the value of user password on line:
spring.datasource.password=your_password
The cause of issue is:
your value of the property spring.datasource.password in application.properties
does not match the user password what was selected by default during installing your database system.
E.g. more specifically on the step "Enter the password for the database superuser (postgres)":
To clarify: provided example is for PostgreSQL, but it can be another database system.
Edit: this assumes you run Linux
if the other answer provided by invzbl3 doesn't work, check out this solution, it worked for me. Make sure to restart afterwards.
https://docs.fedoraproject.org/en-US/quick-docs/postgresql/#_initial_configuration
If you’re getting ident errors from your app you’ll probably need to perform the accepted solution described at https://serverfault.com/questions/406606/postgres-error-message-fatal-ident-authentication-failed-for-user?newreg=a4fdc3e21349449985cc65b82399c5b4
(if you don't have nano, just use any other text editor)
sudo nano /var/lib/pgsql/data/pg_hba.conf
and edit host all all 127.0.0.1/32 ident to host all all 127.0.0.1/32 md5.
This should allow most applications to connect with username/password.
I'm using NixOS (unstable channel, at the moment) remotely, via SSH, so no graphical environment. I often push and pull Git repositories, and re-typing the passphrase for SSH keys gets old quick, so I'm trying to set up an agent to cache the passphrase.
With the latest releases, using GnuPG Agent with SSH support seems to be the recommended choice. I enabled the agent by uncommenting the following lines in configuration.nix:
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "gnome3";
};
Does the choice of pinentryFlavor matter here? I'm imagining that SSH asks the keys by its own prompt, and caches them using the agent, but a confirmation would be nice. As I said, I'm not using graphical interface.
The main question: it doesn't seem work by just by enabling agent from the configuration.nix. Something else clearly needs to be done, but I'm unable to find any documentation about how to properly enable the agent in NixOS.
The global configuration.nix sets up configuration at /etc/bashrc to call gpg-connect-agent when bash is started and /etc/set-environment to set the SSH_AUTH_SOCK environment variable. It also adds systemwide per-user systemd units at /etc/systemd/user/gpg-agent* that run per-user GnuPG key agents.
Finally, you must be sure to add the key to the agent using the ssh-add command; it isn't added automatically when SSH prompts the key passphrase.
This should be enough to make GnuPG agent work with SSH. The choice of pinentryFlavor shouldn't also have effect when used over terminal. Turns out you should set pinentryFlavor to curses when using over terminal. If you don't do that, the agent throws an error when re-authenticating.
(I'm not sure why I encountered various error conditions when I first enabled GnupPG. It works now with the default settings. It's possible that the systemd service wasn't properly started.)
I installed HANA Express in a VMware Workstation environment, and also Eclipse 4.6 with the HANA administrator plugin. Both VMWare and Eclipse run on Windows 10. I can start HANA with no issues, however when I try to connect from the Eclipse plugin the connection fails.
The tutorial to configure the HANA administrator plugin in Eclipse instructs to enter SYSTEM as user and then a password. The problem is that in the HANA Express tutorial the only user that seems to be set up is the "database master" (see text below). Therefore, I don't have the SYSTEM password and I don't know the "database master" user (even though I know the password). How to make this work?
Step 3: Startup: Configuration Script
A configuration script will run if this is the first login. When prompted
for HANA database master password, enter a strong password.
Tip: Make a note of this password, since you’ll need it later. You can enter
the same password you used earlier, or a new password. If you are entering a
new password, see the password rules earlier in this tutorial.
XSA_ADMIN
XSA_DEV
XSA_SHINE
TEL_ADMIN
When prompted to Confirm “HANA database master password”, enter the strong
password again.
This is the error I get in Eclipse log:
The SYSTEM password is the same as the master database password for HXE. If that does not work, try HXEHana1
Also, I see you are trying to connect to instance number 00. If the HXE VM is 2.0 sps00 or higher, the default instance number is 90.
You can rule out connectivity problems by running the following from the Virtual Machine's console:
hdbsql -n localhost -i 90 -d SYSTEMDB -u SYSTEM
This will connect to your instance and prompt for the password for user SYSTEM so you can confirm which one is right before configuring HANA Studio.
I had the same issue.
I used user : XSA_ADMIN and the HANA password chosen as part of the tutorial.
Its now connected.
Regards
I need to SSH a remote machine and get onto the developer mode. To be specific, I want to execute the command 'Ctrl+gog' upon which I will be prompted for a password. I know how to execute the normal commands, for example chan.send("enable\n"). Please provide me with an answer.
chan.send("\x07\x0F\x07")
Above command worked fine for me.Just concatenate the Hexa equivalent for Ctrl-g,Ctrl-o,Ctrl-g which is, x07x0Fx07.