Context: I have CSV files I'm outputting from SQL Server through BCP. I'm trying to securely transfer the files to a remote SFTP folder using WinSCP.
Details: When I execute the batch file below through powershell I raise an error 'Unknown command 'ssh-rsa' with the log file showing an exit code = 1 which is failure.
Here is what my synchronization file looks like...
option batch abort
option confirm off
open sftp://username:password#sftp.redacted.com -hostkey="ssh-rsa 2048 redacted=ssh-rsa 2048 redacted"
synchronize remote D:\redactedDaily_Reports\redacted_Catalog_New_Item /upload/redacted_catalog
exit
and & my batch file...
winscp.com /script=SyncTo_redacted_catalog.txt /log=D:\redacted_Daily_Reports\winscp_log_catalog.txt
pause
Here is a snippet of my powershell output and log file...
powershell output
. 2019-03-06 23:39:28.379 Access granted
. 2019-03-06 23:39:28.379 Opening session as main channel
. 2019-03-06 23:39:28.447 Opened main channel
. 2019-03-06 23:39:28.583 Started a shell/command
. 2019-03-06 23:39:28.583 --------------------------------------------------------------------------
. 2019-03-06 23:39:28.584 Using SFTP protocol.
. 2019-03-06 23:39:28.584 Doing startup conversation with host.
> 2019-03-06 23:39:28.584 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2019-03-06 23:39:28.769 Type: SSH_FXP_VERSION, Size: 95, Number: -1
. 2019-03-06 23:39:28.769 SFTP version 3 negotiated.
. 2019-03-06 23:39:28.769 Unknown server extension posix-rename#openssh.com="1"
. 2019-03-06 23:39:28.769 Supports statvfs#openssh.com extension version "2"
. 2019-03-06 23:39:28.769 Unknown server extension fstatvfs#openssh.com="2"
. 2019-03-06 23:39:28.769 We believe the server has signed timestamps bug
. 2019-03-06 23:39:28.769 We will use UTF-8 strings until server sends an invalid UTF-8 string as with SFTP version 3 and older UTF-8 strings are not mandatory
. 2019-03-06 23:39:28.769 Limiting packet size to OpenSSH sftp-server limit of 262148 bytes
. 2019-03-06 23:39:28.769 Getting current directory name.
. 2019-03-06 23:39:28.769 Getting real path for '.'
> 2019-03-06 23:39:28.769 Type: SSH_FXP_REALPATH, Size: 10, Number: 16
< 2019-03-06 23:39:28.837 Type: SSH_FXP_NAME, Size: 23, Number: 16
. 2019-03-06 23:39:28.837 Real path is '/'
. 2019-03-06 23:39:28.837 Startup conversation with host finished.
< 2019-03-06 23:39:28.837 Script: Active session: [1] redacted#sftp.redacted.com
> 2019-03-06 23:39:28.838 Script: ssh-rsa 2048 redacted
< 2019-03-06 23:39:28.838 Script: Unknown command 'ssh-rsa'.
. 2019-03-06 23:39:28.838 Script: Failed
. 2019-03-06 23:39:28.838 Script: Exit code: 1
. 2019-03-06 23:39:28.838 Closing connection.
. 2019-03-06 23:39:28.838 Sending special code: 12
. 2019-03-06 23:39:28.838 Sent EOF message
Questions:
Why am I raising this error & how do I fix it?
Is this error trying to tell me that I'm using an incorrect key-fingerprint -- If so, why is that the case when a) I obtained this key directly from the server when I connected successfully the first time and b) the log file appears to show the initial connection was successful?
Please help Any tips or recommendations greatly appreciated -- responses will probably reach a decent sized audience given that winscp is a pretty popular utility. I've done my research here, here, here, here, here, here and here & haven't found a suitable solution.
This is nonsense:
-hostkey="ssh-rsa 2048 redacted=ssh-rsa 2048 redacted"
(where have you seen such a strange syntax?)
It should be like:
-hostkey="ssh-rsa 2048 xxxxxxxxxxx...="
Though it does not really explain the error message you are getting – unless there are some special characters (like double quotes) in the redacted part.
In general, the easiest way is to have WinSCP GUI generate correct script template for you.
Or, if you want to go a manual way, see:
Where do I get SSH host key fingerprint to authorize the server?
Particularly the section "Automatic host key verification" (though you will want to read the article from the beginning).
I'm aware that you refer to this article yourself. But then I do not understand how you could have arrived to your strange syntax.
Related
i just installed mini-httpd on linux mint.
but can'n connect to localhost / 127.0.0.1 on browser
server is working
● mini-httpd.service - LSB: mini-httpd start script
Loaded: loaded (/etc/init.d/mini-httpd; generated)
Active: active (exited) since Sat 2022-02-05 14:33:10 EET; 6min ago
Docs: man:systemd-sysv-generator(8)
Process: 6236 ExecStart=/etc/init.d/mini-httpd start (code=exited, status=0/SUCCESS)
and this is the config file
# Example config for mini_httpd.
# Author: Marvin Stark <marv#der-marv.de>
# Author-Update: 2015 Jose dos Santos Junior <j.s.junior#live.com>
# Description Update: Changed the default document root (data_dir)/var/www/html
# Last-Update: 2015-09-05
# Uncomment this line for turning on ssl support.
#ssl
# On which host mini_httpd should bind?
host=localhost
# On which port mini_httpd should listen?
port=80
# Which user mini_httpd should use?
user=nobody
# Run in chroot mode?
#chroot # yes
nochroot # no
# Working directory of mini_httpd.
#dir=<work_dir>
# We are the web files stored?
# Please change this to your needs.
data_dir=/var/www/html
# CGI path
cgipat=cgi-bin/*
# Which certificate to use?
#certfile=<certfile>
# Which logfile to use?
logfile=/var/log/mini_httpd.log
# Which pidfile to use?
pidfile=/var/run/mini_httpd.pid
# Which charset to use?
charset=iso-8859-1
Use
apk add curl
curl http://localhost
to test the web server.
see this Wiki
Make following changes in config file
# On which host mini_httpd should bind?
# host=localhost
# Which user mini_httpd should use?
# user=nobody
# Run in chroot mode?
chroot # yes
# nochroot # no
In etc/default/mini-httpd make
START=1
I want to run rdiff-backup and then switch of the raspberrypi it was running on.
I use the following script:
#!/bin/sh
date > /home/mik/rdiff-backup.log
echo "rsync start" >> /home/mik/rdiff-backup.log
rdiff-backup -v5 --print-statistics offlinebackup#server::/srv/backup /srv/datenserverBackup/backup >> /home/mik/rdiff-backup.log 2>&1
sync
date >> /home/mik/rdiff-backup.log
echo "rdiff-backup end" >> /home/mik/rdiff-backup.log
df -h >> /home/mik/rdiff-backup.log
sync
halt
The log file looks good (for the rdiff-backup part):
Sat 12 Aug 08:20:59 UTC 2017
rsync start
Unable to import win32security module. Windows ACLs
not supported by filesystem at /srv/backup
escape_dos_devices not required by filesystem at /srv/backup
Warning: name offlinebackup not found on system, dropping ACL entry.
Further ACL entries dropped with this name will not trigger further warnings
Using rdiff-backup version 1.2.8
Executing ssh -C offlinebackup#server rdiff-backup --server
-----------------------------------------------------------------
Detected abilities for source (read only) file system:
Access control lists On
Extended attributes On
Windows access control lists Off
Case sensitivity On
Escape DOS devices Off
Escape trailing spaces Off
Mac OS X style resource forks Off
Mac OS X Finder information Off
-----------------------------------------------------------------
Unable to import win32security module. Windows ACLs
not supported by filesystem at /srv/datenserverBackup/backup/rdiff-backup-data/rdiff-backup.tmp.0
escape_dos_devices not required by filesystem at /srv/datenserverBackup/backup/rdiff-backup-data/rdiff-backup.tmp.0
-----------------------------------------------------------------
Detected abilities for destination (read/write) file system:
Ownership changing On
Hard linking On
fsync() directories On
Directory inc permissions On
High-bit permissions On
Symlink permissions Off
Extended filenames On
Windows reserved filenames Off
Access control lists On
Extended attributes On
Windows access control lists Off
Case sensitivity On
Escape DOS devices Off
Escape trailing spaces Off
Mac OS X style resource forks Off
Mac OS X Finder information Off
-----------------------------------------------------------------
Backup: must_escape_dos_devices = 0
Starting increment operation /srv/backup to /srv/datenserverBackup/backup
Processing changed file .
Incrementing mirror file /srv/datenserverBackup/backup
Processing changed file abc
Incrementing mirror file /srv/datenserverBackup/backup/abc
Processing changed file abc/def
Incrementing mirror file /srv/datenserverBackup/backup/abc/def
Processing changed file abc/def/testfile.dxf
Incrementing mirror file /srv/datenserverBackup/backup/abc/def/testfile.dxf
--------------[ Session statistics ]--------------
StartTime 1502526061.00 (Sat Aug 12 08:21:01 2017)
EndTime 1502527913.72 (Sat Aug 12 08:51:53 2017)
ElapsedTime 1852.72 (30 minutes 52.72 seconds)
SourceFiles 151099
SourceFileSize 386321558216 (360 GB)
MirrorFiles 151097
MirrorFileSize 386321447731 (360 GB)
NewFiles 2
NewFileSize 110485 (108 KB)
DeletedFiles 0
DeletedFileSize 0 (0 bytes)
ChangedFiles 1
ChangedSourceSize 0 (0 bytes)
ChangedMirrorSize 0 (0 bytes)
IncrementFiles 4
IncrementFileSize 0 (0 bytes)
TotalDestinationSizeChange 110485 (108 KB)
Errors 0
--------------------------------------------------
The backup is working, but then the script ends right there.
rdiff-backup.log contains the full report of rdiff-backup. But neither the line "rdiff-backup end", nor the output of "df -h".
How can I make it ran to the end?
Thanks for your answers
I finally found a workaround, that solves my problem.
My sciprt which is called after booting from /etc/init.d is calling the other script which does the actual work (i.e. backup my data, and write the log file) as a background task.
/etc/init.d/CallAfterBoot.sh
#!/bin/sh
sleep 30
/home/me/DoBackup.sh & # '&' starts the script in background
/home/me/DoBackup.sh is the script I posted above which is now runing correctly.
Same script running as the same user now behaves differently. There's got to be some bug somewhere, however, it works for me now.
So I followed [the guide][1] on how to set up a simple mail filter with Postfix, so that I can do a find-replace in the body of outgoing emails. I created a script at /tmp/mailfilter.sh, and changed the /etc/postfix/master.cf file as instructed
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=filter:dummy
filter unix - n n - 10 pipe
flags=Rq user=filter null_sender=
argv=/tmp/mailfilter.sh -f ${sender} -- ${recipient}
I created a user called filter and made it the owner of the script. But when I tried sending an email, I get the following error:
Jun 7 03:01:53 localhost postfix/qmgr[31288]: 134D944A0673: from=<sender#gmail.com>, size=894, nrcpt=1 (queue active)
Jun 7 03:01:53 localhost pipe[31603]: fatal: pipe_command: execvp /tmp/mailfilter.sh: Permission denied
Jun 7 03:01:53 localhost postfix/pipe[31562]: 134D944A0673: to=<receiver#gmail.com>, relay=filter, delay=8974, delays=8974/0/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /tmp/mailfilter.sh: Permission denied )
Specifically what I'm assuming is relevant is
(temporary failure. Command output: pipe: fatal: pipe_command: execvp /tmp/mailfilter.sh: Permission denied )
/tmp/mailfilter.sh has chmod a+x and is owned by filter. I tried removing everything in it so it's just an empty file, and I still get the permission denied error.
I can't figure out what I'm missing. I've set every permission I can find, but Postfix is doing something arcane that I don't understand.
CentOS uses SELinux as a MAC framework, so maybe you need to set properly the type of your executable. You can check in /var/log/audit/audit.log for any security violation. If SELinux is denying you, you can try this command as root:
chcon -t postfix_pipe_exec_t /tmp/mailfilter.sh
That manual is a good reference: http://linux.die.net/man/8/postfix_selinux
I want to do ssh to remote machine using Net::SSH::Perl module.I can remotely login to the machine from command line using ssh command but not from the perl script.Can anyone help me with this
My code is:
$user = 'smetest';$pass = 'smetest';
print "user is ".$user." password is ".$pass."\n";
print "Connecting to the Relay host " . $relayteaddress . ".\n";
$sshrelay = Net::SSH::Perl->new($relayteaddress, protocol => '2,1', debug => 1);
print "logging in to Relay $relayteaddress ...\n";
$sshrelay->login($user, $pass) || die "ssh login didn't work\n";
print "logged into relay\n";
Output and debug messages:
user is smetest password is smetest
Connecting to the Relay host 192.168.2.175.
W10: Reading configuration data /home/systest/.ssh/config
W10: Reading configuration data /etc/ssh_config
W10: Connecting to 192.168.2.175, port 22.
W10: Remote protocol version 2.0, remote software version OpenSSH_6.4
W10: Net::SSH::Perl Version 1.34, protocol version 2.0.
.10: No compat match: OpenSSH_6.4
W10: Connection established.
logging in to Relay 192.168.2.175 ...
W10: Sent key-exchange init (KEXINIT), wait response.
W10: Algorithms, c->s: 3des-cbc hmac-sha1 none
W10: Algorithms, s->c: 3des-cbc hmac-sha1 none
W10: Entering Diffie-Hellman Group 1 key exchange.
W10: Sent DH public key, waiting for reply.
Key class 'Net::SSH::Perl::Key::RSA' is unsupported: Cannot find current script 'CONDOR_PERF_BAND_ISM2450_80211BGN_CHANNEL_11_ACTIVE_UDP_TX_LGI_AP20' at /usr/share/perl5/FindBin.pm line 205
BEGIN failed--compilation aborted at /usr/share/perl5/FindBin.pm line 205, <GEN26> line 1.
Compilation failed in require at /usr/share/perl5/vendor_perl/Crypt/RSA.pm line 13, <GEN26> line 1.
BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Crypt/RSA.pm line 13, <GEN26> line 1.
Compilation failed in require at /usr/share/perl5/vendor_perl/Net/SSH/Perl/Key/RSA.pm line 14, <GEN26> line 1.
BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Net/SSH/Perl/Key/RSA.pm line 14, <GEN26> line 1.
Compilation failed in require at (eval 45) line 1, <GEN26> line 1.
BEGIN failed--compilation aborted at (eval 45) line 1, <GEN26> line 1.
I am currently having issues getting ssh to work using Net::SSH::Perl but I created this script as simple work around for the moment. Hope it helps anyone in a similar situation. Obviously the commands are more or less just demo of issuing multiple commands once connected.
use strict;
use warnings;
use Expect;
$exp= Expect->spawn("ssh $host -l $user");
$exp->expect($timeout,"Password:");
$exp->send("$pass\r");
$exp->expect($timeout,-re,'>');
$exp->send("ls -l\r");
$exp->expect($timeout,-re,'>');
$exp->send("mkdir aDir\r");
$exp->expect($timeout,-re,'>');
$exp->send("chmod 777 aDir\r");
$exp->expect($timeout,-re,'>');
$exp->send("exit\r");
I am trying to learn Selinux. With a sandbox and using VSFTPD to experiment with, I have a vsfptd server running in Centos. I have annonmous users to place files in /var/ftp/incoming. On a remote machine I can have the user successfully log in but could not place the file on the remove vsftpd server:
$ftp mysql_server
Connected to mysql_server (192.168.1.31).
220 Welcome to blah FTP service.
Name (mysql_server:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer ftp> put atd
local: atd remote: atd
227 Entering Passive Mode (192,168,1,31,19,161).
553 Could not create file.
ftp>
On the VSFTPD server, aureport -a report shows:
[root#mysql_server ftp]# aureport -a
AVC Report
========================================================
# date time comm subj syscall class permission obj event
========================================================
4. 04/08/2013 13:30:36 vsftpd unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 21 dir write system_u:object_r:public_content_t:s0 denied 28
5. 04/08/2013 13:34:57 vsftpd unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 2 dir write system_u:object_r:public_content_t:s0 denied 47
I checked the directory and the file contexts look good, so I don't understand why Selinux won't allow vsftpd to write to the incoming directory:
[root#mysql_server ftp]# ls -Z
drwx-wx---. root ftp system_u:object_r:public_content_t:s0 incoming
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 pub
[root#mysql_server ftp]#
You need to run the following commands to allow in SELinux upload and edit files:
setsebool -P allow_ftpd_full_access on
setsebool -P ftp_home_dir on
Your SELinux type is not correct. Use 'public_content_rw_t' instead of 'public_content_t'. Read more on http://beginlinux.com/blog/2008/11/vsftpd-and-selinux-on-centos/