We Keep Coding

my github ssh behavior didn't match the config

I want to use 443 port to connect to github.
So I add blow code into ~/.ssh/config
Host github.com
HostName ssh.github.com
User git
IdentityFile ~/.ssh/id_rsa.github
Port 443
But It didn't work.
some try:
first, I try ssh -v git#ssh.github.com
OpenSSH_9.2p1, OpenSSL 3.0.8 7 Feb 2023
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to ssh.github.com [20.205.243.160] port 22.
It show that, connection still use port 22.
and then I try ssh -v git#ssh.github.com -p 443
OpenSSH_9.2p1, OpenSSL 3.0.8 7 Feb 2023
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to ssh.github.com [20.205.243.160] port 443.
...
debug1: No more authentication methods to try.
git#ssh.github.com: Permission denied (publickey).
It show that, connection didn't find my publickey.
So finally I try ssh -v git#ssh.github.com -p 443 -i ~/.ssh/id_rsa.github
...
Connection to ssh.github.com closed.
Transferred: sent 3460, received 2724 bytes, in 0.8 seconds
Bytes per second: sent 4383.9, received 3451.4
debug1: Exit status 1
The connection is correct.
Besides, others config in my ~/.ssh/config work.

To use your Host config setting, you need to use your Host section name
ssh -Tv github.com
(no need for git#, since you have a User git in your config file Host github.com section)
Then you can check it uses the right port and private key.

How to get Outlook smtp certificate?

I am trying to get smtp certificate from outlook, so I can import it into my weblogic server but I have problems with getting the certificate.
For the imap certificate I didn´t have any problem with getting the certificate.
In my linux terminal I use the next command.
openssl s_client -connect outlook.office365.com:993
openssl s_client -connect smtp.office365.com:587
The outlook port and server list

ESMTP uses a delayed-start TLS session (via the STARTTLS verb).
You need to add -starttls smtp to your command.
$ openssl s_client -connect smtp.office365.com:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify return:1
depth=0 C = US, ST = WASHINGTON, L = Redmond, O = Microsoft Corporation, CN = outlook.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=WASHINGTON/L=Redmond/O=Microsoft Corporation/CN=outlook.com
i:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
1 s:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGZTCCBU2gAwIBAgIQAwR02adRep0z9LQcAP1P5zANBgkqhkiG9w0BAQsFADBL
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxE
aWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTE2MTIxMjAwMDAwMFoXDTE3
MTIxMjEyMDAwMFowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldBU0hJTkdUT04x
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
bjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDH6/5crqaQKLccqDtM5kIsyksPsfsjeTkefQaRzSC9xvmUJS6osy6/
E5xohSvyaOBRu2PwafpP2ERoTEGOa4iKY8QDD8NoZiLmwbqC2s5sU26qcgo9zhGV
oQ4XRu/OFXaRfsHs6QQ4Q3GktnQFRlxNLmodle/DqCq1SFDKq+oPLkFvrAdv0LRQ
C817LzyN8/rRPvffCAgz7pcKXWPbJ0Nqodtnq3EjQSNYuTNSjYa5ehNZ2LqeGuF0
FrtS2Pli4zpFxgaLxOx0VNWWx5UmBA6I2FFoQsss3pHBLurS2mPJMomf1l2UD+AP
dY0OO0XSXL+7iDY4yx/av4SA1nr1Xz2tAgMBAAGjggMkMIIDIDAfBgNVHSMEGDAW
gBTdUdCiMXOpc66PtAF+XYxXy5/w9zAdBgNVHQ4EFgQUg6//TInu7Qp+2D4v7VX4
nJ+F3xYwggFDBgNVHREEggE6MIIBNoIdY2NzLmxvZ2luLm1pY3Jvc29mdG9ubGlu
ZS5jb22CIWNjcy1zZGYubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbYILb3V0bG9v
ay5jb22CDSoub3V0bG9vay5jb22CDW9mZmljZTM2NS5jb22CDyoub2ZmaWNlMzY1
LmNvbYIKKi5saXZlLmNvbYIWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYIXKi5vdXRs
b29rLm9mZmljZTM2NS5jb22CEm91dGxvb2sub2ZmaWNlLmNvbYIdYXR0YWNobWVu
dC5vdXRsb29rLm9mZmljZS5uZXSCIGF0dGFjaG1lbnQub3V0bG9vay5vZmZpY2Vw
cGUubmV0ghYqLmNsby5mb290cHJpbnRkbnMuY29tggwqLm9mZmljZS5jb20wDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYD
VR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl
cnRDbG91ZFNlcnZpY2VzQ0EtMS1nMS5jcmwwP6A9oDuGOWh0dHA6Ly9jcmw0LmRp
Z2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0xLWcxLmNybDBMBgNV
HSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5k
aWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJQYIKwYB
BQUHMAGGGWh0dHA6Ly9vY3NweC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0
dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXND
QS0xLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB/rAdq8HgN
H6bxwklntH0f4CCuh4g/XmpemDYx4Ffcwo+eWboyOM2cPUT0YtkqTRx1OFYDF7FL
V3FIP0Gp/wLl+d7B/Y2aweXMzngAKrhT1/5CUAqDVQN2nERwFDi8bwrwGo6Y2ey3
gXtvIKox2vZR9XyTOit0z5AMsNHdJXLyUMotGMnJTiVxhKEOZzSFotvIfrYFldep
os4Hw8FjiHERvR23FUqaInM+9/Dz2rG0ikWdskUoboynm3iTPwczaHe7TYA30o7w
Uc+2QXkhHeUDL0TApOSgo++CILBEcOegpaiDlqkXBaRDNnTZyoQhl3vnJ/uVQ87l
emTkXreuX/Sd
-----END CERTIFICATE-----
subject=/C=US/ST=WASHINGTON/L=Redmond/O=Microsoft Corporation/CN=outlook.com
issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1
Peer signing digest: SHA1
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 3765 bytes and written 566 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
...
---
250 SMTPUTF8
DONE

Mongo Gandi SSL certificate not trusted

I have a problem on MongoDB for using the SSL mode.
When I trying to connect on my database, I have this error.
mongo --ssl --sslCAFile /etc/ssl/certs/GandiStandardSSLCA2.pem --host plip.plop.com
MongoDB shell version: 3.0.6
connecting to: plip.plop.com:27017/test
2015-10-16T10:24:23.122+0000 E NETWORK SSL peer certificate validation failed:certificate not trusted
2015-10-16T10:24:23.126+0000 E QUERY Error: socket exception [CONNECT_ERROR] for
at connect (src/mongo/shell/mongo.js:181:14)
at (connect):1:6 at src/mongo/shell/mongo.js:181
my server respond:
2015-10-16T10:26:53.034+0000 I NETWORK [initandlisten] connection accepted from 172.17.0.227:48786 #1 (1 connection now open)
2015-10-16T10:26:53.046+0000 W NETWORK [conn1] no SSL certificate provided by peer
2015-10-16T10:26:53.046+0000 I NETWORK [conn1] end connection 172.17.0.227:48786 (0 connections now open)
( In can connect to my db if I use the flag --sslAllowInvalidCertificates )
So now, how I do that:
I have added SSL cert with this code:
cp wildcart.plop.com.crt /etc/ssl/certs/wildcart.plop.com.crt
cp wildcart.plop.com.key /etc/ssl/private/wildcart.plop.com.key
cp GandiStandardSSLCA2.pem /usr/local/share/ca-certificates/gandi.net /GandiStandardSSLCA2.crt # come from https://wiki.gandi.net/en/ssl/intermediate
cat /etc/ssl/private/wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt > /etc/ssl/certs/mongodb.pem
rm /etc/ssl/private/wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt
update-ca-certificates
c_rehash
and my mongodb is start with this line mongod --replSet plop --config /etc/mongodb/mongod
/etc/mongodb/mongod content:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/certs/mongodb.pem
CAFile: /etc/ssl/certs/GandiStandardSSLCA2.pem
allowConnectionsWithoutCertificates: true
So can you help me on this problem ? I don't understand why my certificate isn't trusted.
Do you have any idea on that ?
Thanks in advance for your help.
PS: Sorry for my english, I'm not totally fluent in english :D

Mongodb doesn't use the system's global trust store.
The sslCAFile must contains all intermediary certificates of the verification chain.
In my case the certificate chain is like that:
Certificate chain
0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.plop.com
i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
So you need to concat Gandi intermediary certificates with AddTrust External CA Root intermediary certificates.
cat /etc/ssl/certs/GandiStandardSSLCA2.pem /ets/ssl/certs/AddTrust_External_Root.pem > /ets/ssl/certs/GandiStandardSSLCA2_full.pem
mongo --ssl --sslCAFile /ets/ssl/certs/GandiStandardSSLCA2_full.pem --host plip.plop.com
Enjoy

Mongo SSL certificate error

This is what I did exactly for establishing SSL connection.
1 Use openssl to generate a client and a server key (c.pem, s.pem)
2 Use openssl to generate a client key request and server key request
3 Get CA to sign both req and get the certs: c.cer , s.cer
4 concatenate c.pem and c.cer and get client.pem, similarly, get server.pem
Now start the server:
mongod --sslMode requireSSL --sslPEMKeyFile server.pem -sslCAFile caroot.cer
start the client:
mongo --ssl --sslCAFile caroot.cer --sslPEMKeyFile client.pem
And now I am getting the error:
E NETWORK SSL peer certificate validation failed:certificate not trusted
Any thoughts on why this doesn't work?

Setting up Postfix/SMTP Auth service using ldap

How to configure the server to allow users to authenticate against the postfix and to send mail from any client software.  I think I am missing something small but I need HELP.  I have been working on this on and off for about 8 weeks now and cannot figure out my issue.
Telnet test from remote machine (My Laptop)
imac:~ jtolson $ echo -ne '\0sogo1\0sogo' | openssl enc -base64
AHNvZ28xAHNvZ28=
imac:~ jtolson $ telnet 10.1.2.130 25
Trying 10.1.2.130...
Connected to 10.1.2.130.
Escape character is '^]'.
220 *********************************
EHLO tcusit.com
250-tcusit.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
250-AUTH=DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AHNvZ28xAHNvZ28=
535 5.7.8 Error: authentication failed: authentication failure
From the /var/log/syslog on the server 10.1.2.130
Oct 17 11:21:41 sogo postfix/smtpd[14957]: connect from unknown[172.16.1.8]
Oct 17 11:21:59 sogo postfix/smtpd[14957]: warning: SASL authentication failure: Password verification failed
Oct 17 11:21:59 sogo postfix/smtpd[14957]: warning: unknown[172.16.1.8]: SASL PLAIN authentication failed: authentication failure
From the mail server file /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1:3389/
ldap_version: 3
ldap_auth_method: bind
ldap_search_base: dc=tcusit,dc=com
ldap_filter: (|(uid=%U)(cn=%U))
ldap_scope: sub
From the 10.1.2.130 mail server
root#sogo:~# testsaslauthd -u sogo1 -p sogo
0: OK "Success."
Given the testsaslauthd comes back with a "0: OK "Success." tells me that the ldap and saslauthd is working properly.  I know that the POSTFIX/SMTP is using SASL authentication and is failing on the password from the log file.  Postfix/SMTPD is configured with the SASL Authentication and the SASL Authentication through ldap is working given my testsaslauthd test.  What am I missing?  I am just trying to setup a simple mail server that I can use with remote clients from mobile, macs and windows. 
 Any guidance is appreciated.

It´s the solution
service saslauthd stop
rm -rf /var/spool/postfix/var/run/saslauthd
Edit /etc/default/saslauthdenter code hereSTART=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-r -V -c -m /var/spool/postfix/var/run/saslauthd"
dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/
service saslauthd start