Not able to ssh to the server [closed] - ssh

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 5 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
not able to login into server through ssh. so logged in with rsh and when trying to ssh host itself getting error :
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1', server 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g=='
I found this log in /var/svc/log/network-ssh:default.log
[ May 14 21:23:13 Rereading configuration. ]
[ May 14 21:23:13 Executing refresh method ("/lib/svc/method/sshd restart") ]
[ May 14 21:23:13 Method "refresh" exited with status 0 ]
[ May 14 21:30:25 Stopping because service disabled. ]
[ May 14 21:30:25 Executing stop method (:kill) ]
[ May 14 21:33:08 Enabled. ]
[ May 14 21:33:08 Executing start method ("/lib/svc/method/sshd start") ]
Could not load host key: /.ssh/id_dsa
Could not load host key: /.ssh/identity
Disabling protocol version 1. Could not load host key
[ May 14 21:33:08 Method "start" exited with status 0 ]
thanks in advance.

Looks like the server and client don’t find a common authentication method.
I just got that with a sun cluster here: It only supports diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1, but my Gentoo GNU/Linux ssh server seems to have dropped the group1 algo.
Fixed by changing /etc/ssh/sshd_config on the ssh server to include
KexAlgorithms curve25519-sha256#libssh.org,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
I fear, though, that there was a reason for removing the group1 algorithm from the default. I would not do this on a publicly accessible box.
For reference also see https://security.stackexchange.com/questions/25662/openssh-default-preferred-ciphers-hash-etc-for-ssh2

Turn on verbose ssh which will hopefully show where the issue is.
E.g.
ssh -v host
If that doesn't give enough info, you can try
ssh -vv host
or even
ssh -vvv host
Look for the first error in the output which will hopefully give you clues as to where the issue lies.

Related

Is there a way to capture dump of an ASP.NET Core process only when an exception with a particular signature occurs

I'm trying to diagnose a request failure scenario caused by a possible concurrent access to HttpContext. The thing is that the issue is reproducible only on a server and that too when put under load.
A simple dotnet-dump collect output will not help because that only gives the state of process at a particular point in time. What I'm trying to find out is if a dump can be triggered when a particular condition is met. The intent is to collect detailed stack trace at the point of the exception.
For example, take dump when a null ref exception is thrown when a particular property on a particular type is accessed.
As of now, I've tried to make the app code as lean as possible. Got rid of unnecessary middleware in request pipeline. But the stack trace I see I get of exception is hardly of any use.
Well, based on your comment, It seems you are looking for tool like debug-diag for linux machine. You could consider ProcDump for linux version which similar to debug-diag tool but for linux as no other suitable tool available. However, it has few fature limitaions. Please follow the below insturctions if that meet your requirement.
Installation guideline:
Please check here for details instruction
Minimum Requirements:
Ubuntu 16.04 LTS
Minimum OS:
Red Hat Enterprise Linux / CentOS 7
Fedora 29
Note:
Please note that, Curreent version does not have full feature parity with Windows version of ProcDump, specifically, stay alive functionality, and custom performance counters.
For more details, you could visit our official document as well.

Upgrade cert-manager to v1.8.2 [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 10 days ago.
Improve this question
I removing other versions from cert-manager. After that i install the new version with helm using.
Installation works fine.
but when i use the command:
$ kubectl get orders,challenges,clusterissuers
Error from server: request to convert CR from an invalid group/version: acme.cert-manager.io/v1alpha2
Error from server: request to convert CR from an invalid group/version: acme.cert-manager.io/v1alpha2
Error from server: request to convert CR from an invalid group/version: cert-manager.io/v1alpha2
The CRDs:
Name: orders.acme.cert-manager.io
Namespace:
Labels: app=cert-manager
app.kubernetes.io/instance=cert-manager
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=cert-manager
app.kubernetes.io/version=v1.8.2
helm.sh/chart=cert-manager-v1.8.2
Annotations: cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
meta.helm.sh/release-name: cert-manager
meta.helm.sh/release-namespace: cert-manager
API Version: apiextensions.k8s.io/v1
Kind: CustomResourceDefinition
....
Last Transition Time: 2022-06-24T15:25:23Z
Message: no conflicts found
Reason: NoConflicts
Status: True
Type: NamesAccepted
Last Transition Time: 2022-06-24T15:25:23Z
Message: the initial names have been accepted
Reason: InitialNamesAccepted
Status: True
Type: Established
Stored Versions:
v1
i dont found the CR where still using cert-manager.io/v1alpha2 and acme.cert-manager.io/v1alpha2
First of all, suggest to backup all your objects (certs, orders, issuer, clusterissuer, etc. with velero for example) !
Cert-manger documentation suggests using the cert-manager cli as:
cmctl upgrade migrate-api-version
You may need --skip-stored-version-check if you already tried to fix CRD api manually (like described in this issue):
cmctl upgrade migrate-api-version --skip-stored-version-check
Finally, if it's failing with the same message, install the 1.6.3 (if CRD is manually installed, upgrade CRD with 1.6.3) and repeat the command cmctl upgrade migrate-api-version. At last, you can upgrade minor version one by one (1.7, 1.8, etc.) as recommended

How can I define proxy settings in karate-config.js file? [duplicate]

This question already has an answer here:
Karate DSL: Getting connection timeout error
(1 answer)
Closed 1 year ago.
I'm trying with Karate behind my office network which is using proxy. But the configure statement didn't work. In home network. it works perfectly fine.
The configure statement : didn't work for our proxy. karate.configure('proxy', 'https:/my.proxy.host:8080');
As you can see from these issues #502 and this other Stack Overflow question, this works for others. So you will have to figure this out and it will help everyone if you debug this on the Java side if possible. Maybe you are missing authentication for your environment.
You can try switching to karate-jersey from karate-apache or vice-versa and see if that changes anything. Else unless you provide a way to replicate, we can't help - but this is indeed difficult for a proxy: https://github.com/intuit/karate/wiki/How-to-Submit-an-Issue

LDAP Configuration in Openfire Issue : NullPointerException [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
Below is my OpenLDAP structure :
+--> dc=test,dc=com (3)
---> cn=admin
+--> ou=groups (3) | ---> cn=admin | ---> cn=irc | ---> cn=users | ---> Create new entry here
+--> ou=users (4) | ---> cn=user1 | ---> cn=user2 | ---> cn=user3 | ---> cn=user4
The setttings in Openfire :
Step 1 :
Port : 389
Base DN : ou=users,dc=test,dc=com
Administrator DN: cn=admin,dc=test,dc=com
Step 2 :User Mapping :
Username Field:uid
Step 3: Group Mapping
Group Field:cn
Member Field:uniqueMember
Description Field: description
For the next window when I am clicking on Save and Continue, I get following exception :
HTTP ERROR 500
Problem accessing /setup/setup-admin-settings.jsp. Reason:
Server Error
Caused by:
java.lang.NullPointerException
at org.jivesoftware.openfire.admin.setup.setup_002dadmin_002dsettings_jsp._jspService(setup_002dadmin_002dsettings_jsp.java:99)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:547)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1359)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:74)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:50)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:78)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1330)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:478)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:520)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:941)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:409)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:875)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:919)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:582)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
at java.lang.Thread.run(Thread.java:701)
Also I did some changes and I was able to see the Add Administrator screen but I was not able to add any of my existing LDAP users here. It was throws following error :
"No username was provided or the specified username was not found."
I restarted the server and since then NullPointerException started coming back again.- (well that deserves another discussion, once I get through this)
Where am I going wrong?
FYI, both the servers, openfire and OpenLdap, are running on same virtual machines.
Thanks in adv.
I could proceed to the next screen by changing advanced settings in user mapping section. My changes are : Posix Mode: No Group Filter : (objectClass=Group)
Surprisingly, once I reached to the Add Administrator screen, after coming back I reset these fields and it was still working fine. I wonder if after restarting the server it will work or not.
Also in the Step 1, make sure in the hostname you provide the ip address of your machine. With localhost it dint work for me.
Thanks,
Hope it helps anyways!
For the other query I had, I could add administrators by modifying my Base DN to "Base DN : dc=test,dc=com"
With specifying ou, it seems I was restricting the users. :)
If you have that problem even all the test were successfull (by clicking the "Test" buttons you have next to the "Save and continue" button), it is because it took you too long to finalize the setup and the session somehow expired.
Restart the openfire service, reload the web page and go through the setup process again, in one go.

FIP Error during file installation [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
We get the below error during FIP installation, any idea why?
InstallerUtil v1.2, incorporating fip v1.3 launchpad=ITStagingLaunchpad, type=test
Indexing destination...
ERROR: tooltwist.fip.FipException Unknown response from FIP server: 500
Exception: tooltwist.fip.FipException: tooltwist.fip.FipException: Unknown response from FIP server: 500
The '500' is an HTTP status code. Looking at wikipedia...
500 Internal Server Error A generic error message, given when no more
specific message is suitable.[2]
FIP doesn't return any error information that might help someone hack or crack it's operation, so you'll need to look at the output of fipserver on the destination machine.
If you started fipserver using nohup so it wouldn't hang up when you log off, using
nohup ./fipserver 39393 &
then the output will be in a file named nohup.out, in the same directory.