Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have wamp server installed on windows OS
my .htpasswd looks like
username:encryptedpassword
john:gugyjfy6786hgfhfh
but the problem is to make-up encrypted password is never possible by hand so can i create it in text/plain format
Apache provides a command line tool for this. Search for htpasswd file in the bin directory. Passing --help parameter gives you:
Usage:
htpasswd [-cimBdpsDv] [-C cost] passwordfile username
htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd -n[imBdps] [-C cost] username
htpasswd -nb[mBdps] [-C cost] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-b Use the password from the command line rather than prompting for it.
-i Read password from stdin without verification (for script usage).
-m Force MD5 encryption of the password (default).
-B Force bcrypt encryption of the password (very secure).
-C Set the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 31).
-d Force CRYPT encryption of the password (8 chars max, insecure).
-s Force SHA encryption of the password (insecure).
-p Do not encrypt the password (plaintext, insecure).
-D Delete the specified user.
-v Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
From what I understand, you'd need to execute the command as follows:
htpasswd -bp john
When you press enter after the above command, it'll ask you to type a password which will be stored as text in the htpasswd file.
step 1- go to encrypted password generator
step 2-copy that generated encrypted password from website
step 3-create .htpasswd file in root folder under your domain
step 4-write here your username:encypted password pair
/*for eg- john:paste your encrypted password here (after colon)
john:djfj223dv98vufhhy */
Related
From the docs I got this config that works but use a salt,
password-hash {CRYPT}
password-crypt-salt-format "$6$%.16s"
and I need to store passwords in the LDAP directory that have been generated without salt encryption.
You had better to use another password storage scheme that does not do salting like {SHA} or {MD5} instead of {CRYPT} :
password-hash {SHA}
If using {CRYPT} is a requirement :
You can still provide a static salt (! bad, unsecure, nearly as if no salt !), just comply with the given format:
password-crypt-salt-format "$6$%.16s"
$6$ is the crypt identifier for the SHA512 schema, and we provide a 16-chars long salt :
~$ mkpasswd -m sha-512 --salt 'verybadseasoning' secret1
$6$verybadseasoning$Q2kceqwB2uYT2tU./QF.qRCIWjMQdObEAZ71Ni5Ko1zJOnxUwpu3oMeyjtgiR3hSVHIT20Ay9V1.pXaNhkHYk/
~$ mkpasswd -m sha-512 --salt 'verybadseasoning' secret2
$6$verybadseasoning$SHof1u2BCPJhYoVOk.LkWax7n5g28rzMkNCRAC5NmlT29GSeWLAlv2AoSkOS4rYfMUXsmTcyIxKDUU8aL7TlP0
Note that mkpasswd won't allow using an empty salt :
~$ mkpasswd -m sha-512 --salt '' secret
Wrong salt length: 0 bytes when 8 <= n <= 16 expected.
Or you can try to make crypt ignore the given/generated salt string whatever it is (by taking zero character from it) :
password-crypt-salt-format "$6$%.0s"
It tells crypt() to use a SHA512 algorithm, the %s being substituted with a string of zero characters of salt (%.0s). I can't tell if slapd makes the %s conversion mandatory or not, but setting just "$6$" without any substitution for salting may do the trick as it means the same (no salt), i.e :
~$ php -r 'print(crypt("secret", "$6$"));'
$6$$2M9DchxW4txWyTYoZrH9D3VvAAQxBpEezYsLY6Cao.jwzEXpyL9xwip9hiUZX7GqTqe/E/z6iKvZqXUuqniQH.
See slapd.conf(5)
Note that a lack of salt exposes your system to dictionary attacks.
You can simply import user entries with existing userPassword values without salt. The password verification will work provided the hash scheme is one supported by your local OpenLDAP installation.
The config directives password-hash and password-crypt-salt-format when setting new passwords.
Do we have option on PuTTY command line to send RSA hostkey as an argument similar to WinSCP -hostkey.?
PuTTY command currently used:
putty.exe -ssh -l username -pw password -m command.txt RemoteServerIP
Is there a option like WinSCP where RSA hostkey can be passed just like below:
open sftp://username :password#RemoteServerIP/ -hostkey="ssh-rsa 2048 11:2c:5d:f5:22:22:ab:12:3a:be:37:1c:cd:f6:13:d1"
Also let me know, if my option of using PuTTY for this task is a bad option.
Detailed explanation for those who are interested to know entire background:
I have developed a Django application to kick off some remote scripts
and get the task done. This uses putty ssh to run commands at the
background using subprocess module, parameters are passed from the
Djangofront end.
Problem I am facing is, There are multiple users who will use this
application to kick off their scripts. Only requirement is they have
to store IP address and RSA key of the server on a config file on
Django Server.
Since all of the servers use RSA key, for the first login it asks to
confirm the RSA fingerprint storage prompt.
Usually when we kick off this manually from our local machine we give
Yes, for the first time. and subsequent runs it won't ask for the
confirmation.
Since these scripts will be running from a DjangoServer where users
won't have access, is there a way I can still be able to run the
remote scripts using putty?
Please note I am aware of kicking off script using WinSCP but
unfortunately in our environment I cannot kickoff Scripts from
WinSCP, but I can FTP using WinSCP and I use hostkey option so it
does not prompt for confirmation
There are several ways of dealing with SSH/SCP/SFTP host key verification.
One way is described in this answer to a similar question on ServerFault. Echo y or n depending on whether you do or don't want the key added to the cache in the registry. Redirect the error output stream to suppress the notification messages.
echo 'y' | plink -l USERNAME HOSTNAME 'COMMANDLINE' 2>$null # cache host key
echo 'n' | plink -l USERNAME HOSTNAME 'COMMANDLINE' 2>$null # do not cache host key
Note, however, that this will fail if you don't want to cache the key and use batch mode:
echo 'n' | plink -batch -l USERNAME HOSTNAME 'COMMANDLINE' # this won't work!
Note, however, that this approach essentially disables the host key verification, which was put in place to protect from man-in-the-middle attacks. Which is to say that automatically accepting host keys from arbitrary remote hosts is NOT RECOMMENDED.
Better alternatives to automatically accepting arbitrary host keys would be:
Saving a PuTTY session for which you already validated the host key, so you can re-use it from plink like this:
plink -load SESSION_NAME 'COMMANDLINE'
Pre-caching the host key in the registry prior to running plink. There is a Python script that can convert a key in OpenSSH known_hosts format to a registry file that you can import on Windows if you don't want to manually open a session and verify the fingerprint.
Providing the fingerprint of the server's host key when running plink:
$user = 'USERNAME'
$server = 'HOSTNAME'
$cmd = 'COMMANDLINE'
$fpr = 'fa:38:b6:f2:a3:...'
plink -batch -hostkey $fpr -l $user $server $cmd
All of these assume that you obtained the relevant information via a secure channel and properly verified it, of course.
PuTTY also has -hostkey switch, just with a slightly different syntax:
-hostkey 11:2c:5d:f5:22:22:ab:12:3a:be:37:1c:cd:f6:13:d1
And indeed, PuTTY is not the right tool to automate command execution.
Instead, use Plink (PuTTY command-line connection tool):
plink.exe -ssh -l username -pw password -hostkey aa:bb:cc:... hostname command
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I want to generate a set of keys for a home server that I would like to SSH into, so I do ssh-keygen -t rsa, but then I get a message: id_rsa already exists. Overwrite (y/n)?
Well, I don't want to overwrite because the keys I have now I use to SSH into my university's servers, and it would be a pain to have to do all that junk again every time I wanted to switch. Is there an easy way to append the keys?
I tried following a tutorial (which I cannot find) that suggesting something about using the cat command, but I am pretty lost. It seems like the solution is something very simple that I'm just not seeing.
You can achieve this by using a config file in your home directory under the .ssh directory:
Generate your key as usual:
ssh-keygen -t rsa
Don't overwrite the default (usually id_rsa). Instead, create a new name. This will create a separate file with your key.
In ~/.ssh create a config file with the following content:
Host * (asterisk for all hosts or add specific host)
AddKeysToAgent yes
UseKeychain yes
IdentityFile <key> (e.g. ~/.ssh/yourKey)
The key is now added to the keychain and can be used!
--
You can use multiple IdentityFiles in your config (Mac example):
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa_private_server
IdentityFile ~/.ssh/id_rsa_github
IdentityFile ~/.ssh/id_rsa_work_server
You can use the same public key on both servers. If you don’t want to do that, just specify a different location than ~/.ssh/id_rsa when ssh-keygen prompts you before that, and use it with an agent:
% ssh-agent sh # Replace with your favourite shell.
$ ssh-add ~/.ssh/id_rsa_2
$ ssh somewhere
$ exit
%
ssh-agent can also be used without starting a new shell as eval $(ssh-agent).
I had the same problem as you and I solved it.
In the terminal is:
"Enter file in which to save the key (/home/you/.ssh/id_rsa): "
Instead of hitting Enter or writing /home/you/.ssh/id_rsa, you write /home/you/.ssh/id_rsa1.
If I remember correctly, I fixed this problem by uninstalling Cygwin and using the command line instead.
You could do as minitech suggested and use the same SSH public key on both servers. To do so, open the file ~/.ssh/id_rsa.pub in your text editor, copy the contents of the file exactly without adding any new spaces or newlines, and add this to the server you want to connect to. If your user name on the server is "user" at IP address 123.45.56.78, use the command "ssh-copy-id user#123.45.56.78", or you can use:
cat ~/.ssh/id_rsa.pub | ssh user#123.45.56.78 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
The community reviewed whether to reopen this question 1 year ago and left it closed:
Original close reason(s) were not resolved
Improve this question
To use sftp in a script without user interaction (non-interactive). For example to login to an anonymous ftp server and not have to manually.
On your computer
cd ~/.ssh
ssh-keygen -t dsa
press the enter key at every prompt
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
ad:98:43:13:c9:ea:66:8e:d0:d9:66:59:d8:3a:f7:29
The key's randomart image is:
+--[ DSA 1024]----+
| |
| . . |
| + |
| + . . |
| o = S . |
| . + = + . |
|. o # = . |
| . B oEo . |
| . . .o |
+-----------------+
you will get 2 files id_dsa and id_dsa.pub use scp or other utility to copy file to your server
scp ~/.ssh/id_dsa.pub user#host:~/.ssh/
On your server
Add the new key to the file ~/.ssh/authorized_keys.
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Finally change the access modes;
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
Verify that access mode is correct for ~
ls -ld ~
if not, you can use
chmod 700 ~
to correct your home access.
Logout and login again
Type the following commands
ssh-keygen
Press Enter key till you get the prompt
ssh-copy-id -i root#ip_address
(It will once ask for the password of the host system)
ssh root#ip_address
Now you should be able to login without any password
To allow ssh login without entering a password at each login, append your public ssh key to the ~/.ssh/authorized_keys file on your target server. You can find your public key in ~/.ssh/id_rsa.pub or, if it doesn't exist, you may need to generate one.
See detailed answer here
May be if you want to turn off SFTP asking you YES/NO questions for each transfer of file when doing ftp using a ftp script file you can use -n -i command line arguments.
ftpscript.in
-----------------
user username pwd
get sourcefile targetfileonlocal
bye
Then you can run this script using ftp -n -i servername<ftpscript.in to avoid getting "Do you want to transfer the sourcefile?y/n" kind of questions. For logging into ftp server without user name, password then the server ftp needs to allow anonymous logins as mentioned by Wesley.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I would like to automate the rsync task as a cron job. Since it needs the passphrase I am not able to do the cronjob. I need to specify the passphrase along with the rsync command or I will store the passphrase in a file and I will read from it. My command will look like this:
rsync -aPe "ssh -i ' . $server->{'ssh_key'} . '" ' . $server_lock_dir;
So where do I put the password ?
You don't need to do that - just need to set up a pair of ssh keys and put the public key in the remote system's .ssh directory.
Then you just do this:
rsync -a -e ssh /local/path/ server:/remote/path/
(Note that -e ssh has been the default for quite a few years now, so you can probably omit it, unless you're using a very old version.)
There's a "how to" guide on setting up the keys here.
If you want this to work from cron, you have several possibilities:
setup password-less ssh keys - not very secure
setup password-less ssh keys, but combine them with ssh ForceCommand in the authorized_keys file to limit the commands that can be run with that ssh key. See man sshd, google on "ssh ForceCommand"
setup passworded ssh keys, but combine them with keychain to keep the key in memory between sessions. I've written a blog post on this: ssh, ssh-agent, keychain and cron notes
If you want to copy files remotely:
Make sure you have a public key on your local machine that can log into the remote machine.(in this case the my ssh-key is "/home/myaccount/.ssh/id_rsa"
Specify local folder you want to sync with the remote, in my case "/home/myaccount/mysourcefolder"
Specify the destination folder full path in the remote server, in my case remoteaccount#remoteserver:"/home/remoteaccount/mydestinationfolder/"
Note:
--progress is to show progress for each file being copied
-a to transfer recusively all files in the mysourcefolder
-v for verbosity
-z to compress data portions for small files
My command will look like below:
rsync -avz --progress -e "ssh -i /home/myaccount/.ssh/id_rsa"
/home/myaccount/mysourcefolder
remoteaccount#remoteserver:"/home/remoteaccount/mydestinationfolder/"