I'm trying to use a winrm connection with Ansible but it doesn't work with the hash of my admin's password.
My file with my variables for winrm connection :
ansible_user: administrator
ansible_password: $5$3Q6y9t99hrJhXisv$CnNhma8CjVLJr5Noz9066v3YFsx3lGVqiGyMSZ0CP73
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: ntlm
ansible_winrm_port: 5985
I would like to know what I need to do for resolve it.
I replace my hash by my plain-text password and after I use ansible-vault for encrypt my file with the following command
ansible-vault encrypt group_vars/win.yaml
Vault ask me a new password for use this file and after I just need to add --ask-vault-pass at the end of my playbook command
Related
I am trying to deploy the PostgreSQL with CA Signed SSL Certificate and Keys (With passphrase).
When I try to start pgsql service, it is expecting the PEM password but it will not work in the interactive way.
Do we have any non-interactive way to provide the SSL passphrase ? (Automatic restart or stop will not work otherwise)
I found this article How to enable SSL in PostgreSQL/PPAS referring to use pg_ctl start -w so that the service will ask for the SSL key passphrase.
I also found this article PostgreSQL with passphrase-protected SSL keys under systemd saying about the use of ssl_passphrase_command but which also in turn asking the PEM passphrase interactively.
Thanks
You can set the following PostgreSQL parameters:
ssl = on
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
ssl_passphrase_command = 'echo "mypassword"'
ssl_passphrase_command_supports_reload = on
Here, echo is an operating system command that just echos the argument. You will have to escape special characters like ' or " in the password.
I am using vscode to connect to a remote host. I use Remote-SSH (ms-vscode-remote.remote-ssh) extension to do so. Every time I want to connect to the remote host, I need to enter the password.
Is there a way to save the ssh password to vscode?
To setup password-less authentication for ssh on Visual Studio Code, perform the following steps.
These examples assume the following (replace with your actual details)
Host: myhost
Local User: localuser
Remote User: remoteuser
Remote User Home Dir: remoteuserhome
SSH Port: 22
I'm using a Mac so Windows will be a bit different but the basics are the same
Tell VS Code and your machine in general how you will be connecting to myhost
Edit:
/Users/<localuser>/.ssh/config
Add:
Host <myhost>
HostName <myhost>
User <remoteuser>
Port 22
PreferredAuthentications publickey
IdentityFile "/Users/<localuser>/.ssh/<myhost>_rsa"
Next generate a public and a private key with something like OpenSSL
ssh-keygen -q -b 2048 -P "" -f /Users/<localuser>/.ssh/keys/<myhost>_rsa -t rsa
This should make two files:
<myhost>_rsa (private key)
<myhost>_rsa.pub (public key)
The private key (<myhost>_rsa) can stay in the local .ssh folder
The public key (<myhost>_rsa.pub) needs to be copied to the server (<myhost>)
I did it with FTP but you can do it however you wish but it needs to end up in a similar directory on the server.
ON THE SERVER
There is a file on the server which has a list of public keys inside it.
<remoteuserhome>/.ssh/authorized_keys
If it exists already, you need to add the contents of <myhost>_rsa.pub to the end of the file.
If it does not exist you can use the <myhost>_rsa.pub and rename it to authorized_keys with permissions of 600.
If everything goes according to plan you should now be able to go into terminal and type
ssh <remoteuser>#<myhost>
and you should be in without a password. The same will now apply in Visual Studio Code.
Let's answer the OP's question first:
How to 'save ssh password'?
Since there is no such thing as "ssh password", the answer to "how to save the remote user password" is:
This is not supported by VSCode.
VSCode proposes to setup an SSH Agent in order to cache the passphrase (in case you are using an encrypted key)
But if the public key was not properly registered to the remote account ~/.ssh/authorized_key, SSH daemon will default to the remote user credentials (username/password).
It is called PasswordAuthentication, often the remote user password.
And caching that password is not supported for SSH sessions.
It is only supported by a Git credential helper, when using HTTPS URLs.
(it defers to the OS underlying credential manager)
But I don't know of a remote user password cache when SSH is used.
As Chagai Friedlander comments, the answer to the original question is therefore:
No, but you can use SSH keys and that is better.
Speaking of SSH keys:
"ssh password": Assuming you are referring to a ssh passphrase, meaning you have created an encrypted private key, then "saving the ssh password" would mean caching that passphrase in order to avoid entering it every time you want to access the remote host.
Check first if you can setup the ssh-agent, in order to cache the passphrase protecting your private key.
See "VSCode: Setting up the SSH Agent"
This assumes you are using an SSH key, as described in "VSCode: Connect to a remote host", and you are not using directly the remote user password.
Using an SSH key means its public key would have been registered to the remote account ~/.ssh/authorized_keys file.
This section is the workaround the OP ended up accepting: registering the public key on the remote user account, and caching the local private key passphrase worked.
For those trying to connect through Vscode Remote SSH Extension steps provided at https://code.visualstudio.com/docs/remote/troubleshooting#_ssh-tips)
For Windows(Host) --> Linux(Remote)
Create an SSH .pub key in your windows ssh-keygen -t rsa -b 4096
Copy the contents of the .pub key (default path C:\Users\username/.ssh/id_rsa.pub)
SSH into Remote machine and append the contents of the pub key in authorized keys echo "pub-key" >> ~/.ssh/authorized_keys
I'm getting the following message when trying to connect to an SFTP server from PowerShell using psftp:
Error:
psftp.exe : The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:ssh-rsa 2048 41289438190410491
Connection abandoned.
PowerShell script:
$Username = "Username"
$Password = "Password"
psftp.exe sftpserver -l $Username -pw $Password -batch -bc -b C:\batch\download.bat
(psftp.exe is stored in c:\windows\system32)
I've SSH into this server from this server before via PuTTY and WinSCP without issue. However, it won't connect when running via PowerShell.
That message is not an error.
Every SSH/SFTP client needs to verify a host key of a server.
Even PuTTY and WinSCP asked you for sure on your first connection to the server to verify a host key.
Though PuTTY and psftp share a host key cache. Are you sure you used PuTTY on the same machine with the same local Windows account?
Anyway, either:
Run psftp once without the -batch switch. Check the host key and confirm if you trust it. psftp will cache the host key and will work from now on.
Or add -hostkey switch with a fingerprint of trusted hostkey to your psftp command in PowerShell script.
See also Respond y(es) to psftp host key prompt (though the highest-scored answer by #vmitchell85 is wrong, see the answer by #GerriePretorius).
I am trying to connect by FTP to an Azure Web App. I downloaded the publish profile and copied the login to my FTP client and can connect successfully. But when i use ftp.exe from Windows then i am not able to connect to the same host with the same credentials.
I have read Connecting to Azure website via FTP but those solutions do not fix my problem.
This is the output:
C:\Projects>ftp
ftp> open waws-prod-am2-201.ftp.azurewebsites.windows.net
Connected to waws-prod-am2-201.drip.azurewebsites.windows.net.
220 Microsoft FTP
Service 200 OPTS UTF8 command successful - UTF8 encoding now ON.
User (waws-prod-am2-201.drip.azurewebsites.windows.net:(none)): firstserver\$firstserver
331 Password required
Password:
530 User cannot log in.
Login failed.
Invalid command.
Also tried with username firstserver from the Windows command prompt, no difference. Do not forget: when logging in via commercial FTP client software I CAN login successfully.
I tried backslashing the backslash and/or the dollar sign, but nothing helps. What is going wrong, how do i login from the command prompt using the Windows default ftp.exe?
If you run ftp in debug mode (-d switch), you will see that it truncates the password to 32 characters. That's why the connection fails.
Try using a shorter password. Otherwise you will have to use another command-line FTP client.
I have Perl script which is doing ssh and sftp on remote server,i am getting error while running the script. Error says You are trying to access a restricted zone. Only Authorized users allowed.
How is it possible to ignore these messages while doing ssh or sftp from Perl program?
my $ssh = Net::SSH::Perl ->new($remote_host,options ==> ["BatchMode yes"], protocol ==>2);
$ssh->login($remote_user, $remote_password)
$sftp = Net::SFTP::Foreign->new($remote_host, user=>$remote_user,password =>$remote_password)
./HcSGSN.pl You are trying to access a restricted zone. Only Authorized Users allowed.
Manually ssh and sftp
$ ssh pocsoc#<ip> You are trying to access a restricted zone. Only Authorized Users allowed. pocsoc#<ip> password:
sftp pocsoc#<ip> Connecting to 10.210.9.17... You are trying to access a restricted zone. Only Authorized Users allowed. pocsoc#<ip> password
You cannot just ignore these messages. These messages means that you need to provide username and password while doing ssh or sftp and also those username and password which are authorized to access the server. When you start providing them you will get access otherwise no access.