It looks like the SSH / SCP code for phpseclib does not support binding to a source IP. Unfortunately, this breaks our use case.
Is there a way to add this support?
phpseclib uses fsockopen to do SSH, which doesn't support binding. You could probably rewrite it to do socket_create / socket_bind. I guess I could do it if you paypal me some money!
Related
Is it possible with Apptainer/Singularity to restrict which network interfaces can be used from within a container?
In my specific use-case I want to allow access to the internet but block access to some SocketCAN interfaces that are available on the host system. Is this possible?
I saw the --net/--network options but the documentation on this option not very detailed so I'm not sure how to use it (or if it can solve my problem at all).
I got the answer from the Apptainer Slack channel (thanks to Cedric Clerget!):
In my specific case (allowing normal network access but hiding the SocketCAN interfaces), it is actually enough to add
--dns <IP of DNS server> --net --network=bridge # or --network=ptp
Specifying the DNS server is needed when using systemd resolved. In other cases it may work without.
I'm using authlib in my project. I have a local IDP setup using http atm.
For testing, this code is blocking me because my dev environment is http.
https://github.com/lepture/authlib/blob/master/authlib/client/oauth2.py#L155
I can carry on by commenting out the line. But, i think having a way to turn of https check is neater.
So, dose anyway know a way to turn off https check in Authlib ?
It can be solved by setting an environment:
AUTHLIB_INSECURE_TRANSPORT=true
This is not documented on client sections, it is documented on the server parts like https://docs.authlib.org/en/latest/flask/oauth2.html
Since libssh2 doesn't read the SSH config file I'm trying to implement my own support for aliases like this:
Host github
HostName github.com
and the remote URL uses the host alias like this: git#github:path/to/repo.git.
Is there any way to hook into the host name or URL used by git_remote_connect or the SSH transport so that I can transform github into github.com? I was thinking about adding a new callback but I don't want to reinvent the wheel if there's already a way to do this.
I eventually added a new callback to look up the URL for a remote. It's not in upstream libgit2 but it probably could be if it's useful to anybody else.
How do we by pass this issue with SonarQube server v5.1 and firefox? Chrome & IE are working fine but firefox is not allowing to access the server in https mode. I looked at https://weakdh.org/sysadmin.html but I am not sure what server SonarQube uses and how to implement fix for this problem. Any help is appreciated. Thanks.
When a user wants to enable (or restrict) access to a SonarQube instance over HTTPS, the recommended way is to put it behind another WebServer she configures at will.
So, the way to go here, is to add an Apache, Nginx or whatever in front of the SQ instance and configure it according to the recommendations in the link you provided and generate a "safe" server certificate.
I fixed it by setting the following property in sonar.properties file.
sonar.web.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
I get a failure when trying to authenticate using the bq tool. The reason is because it can't reach out to the googleapis.com domain. I needs to go through a proxy, but I am unsure of where that needs to be setup.
thanks for the help.
I don't think the BigQuery tool currently has support for proxy servers. The underlying httplib2 library does have support, but you'd need to modify the code of the bq client to use it.
ie, here:
http://code.google.com/p/google-bigquery-tools/source/browse/bq/bigquery_client.py#321
You should be able to pass parameters like this:
httplib2.Http(proxy_info = httplib2.ProxyInfo(socks.PROXY_TYPE_SOCKS5, 'localhost', 1080))
More info here:
http://code.google.com/p/httplib2/wiki/Examples
I'm looking into whether we (Google) can add proxy support natively. Ideally the httplib2 library would also look for an environment variable or similar to determine proxy settings. I've pinged the author on that.