Matlab authenticate FTP with private key file - matlab

We can use Matlab's built in ftp function to authenticate to the FTP server as follows:
HOST = 'a.b.c.d';
USER = 'hello';
PASS = 'world';
conn = ftp(HOST, USER, PASS);
However, I have now a FTP server where the authentication goes through a private key file (generated by PuTTY). How can I use this in this context to Authenticate? Using FileZilla you can select the Logon Type "Key File" (I tested and this worked).

After some research I found a file exchange package that allowed you to use a private key to authenticate to the SFTP.
See Secure FTP (SSH/SFTP/SCP).
However, I am open to hear about other solutions (e.g. by Matlab) if they exist.

Related

Unable to fetch data from T24(TAFJ R18) when working with design studio

I faced the below error when importing t24 applications in design studio. The T24 server (TAFJ R18) which I try to connect to is up (jboss is running), but still I face this issue:
Unable to fetch data from T24. Check your connection details and if T24 is up and running.
Subroutine:
Return Code: FAILURE
Response size: 1
Response 1 ->Response Code: EB-SECURITY.VIOLATION,Response Type: NON_FATAL_ERROR,Response Text: Please check your Login Credential and/or access rights,Response Info: 98748ebf-f73d-4e86-8506-950b2fd0b5d2,
Looks like the Username and Password you have provided in the t24-server/config/server.properties is not correct. Make sure you can login to T24 (Browser or Classic) with the T24 User provided in these settings:
#T24 User name used for introspection and deployment (TAFJ)
username=INPUTT
#T24 Encrypted password used for introspection and deployment (TAFJ)
password={encoded}gXhuXZkbBuL09T8WFlRR+w==
Other important settings in this file:
#T24 host name to connect to (IP address or Domain name)
host=localhost
#T24 Web service (TAFJ) port number to connect
ws.port=8080
#Protocol: ftp, sftp or local (TAFC & TAFJ: used for *.b and *.d file transfer)
protocol=ws
#context for web-service
context=axis2
We can check the connectivity and also if anyone restarting the jboss while importing.
We can check the server status is "active" in DS, or we can restart the server connectivity.
And make sure if you are using any VPN to connect the Database and still it is active.

How to deploy with Release Management to remote datacenter

We are running TFS and Release Management on premises, and i want to deploy my applications to a remote datacenter.
Access is over the internet, so there is no windows shares available.
I am using the vNext templates, and afaik RM seems to only support unc paths over windows shares.
How can i use Release Management to deploy software to this datacenter?
Im working on this solution:
Use WebDav on a IIS located inside the datacenter.
RM server and Target can use the WebDav client built into windows and access it by an unc path.
I haven't gotten this to work yet, as RM won't use the correct credentials to logon to the webdav server.
Updated with my solution
This is only a proof of concept, and is not production tested.
Setup a WebDav site accessible from both RM server and Target server
Install the feature "Desktop experience" on both servers
Make the following DLL
using System;
using System.ComponentModel.Composition;
using System.Diagnostics;
using System.IO;
using Microsoft.TeamFoundation.Release.Common.Helpers;
using Microsoft.TeamFoundation.Release.Composition.Definitions;
using Microsoft.TeamFoundation.Release.Composition.Services;
namespace DoTheNetUse
{
[PartCreationPolicy(CreationPolicy.Shared)]
[Export(typeof(IThreadSafeService))]
public class DoTheNetUse : BaseThreadSafeService
{
public DoTheNetUse() : base("DoTheNetUse")
{}
protected override void DoAction()
{
Logger.WriteInformation("DoAction: [DoTheNetUse]");
try
{
Logger.WriteInformation("# DoTheNetUse.Start #");
Logger.WriteInformation("{0}, {1}", Environment.UserDomainName, Environment.UserName);
{
Logger.WriteInformation("Net use std");
var si = new ProcessStartInfo("cmd.exe", #"/c ""net use \\sharedwebdavserver.somewhere\DavWWWRoot\ /user:webdavuser webdavuserpassword""");
si.UseShellExecute = false;
si.RedirectStandardOutput = true;
si.RedirectStandardError = true;
var p = Process.Start(si);
p.WaitForExit();
Logger.WriteInformation("Net use output std:" + p.StandardOutput.ReadToEnd());
Logger.WriteInformation("Net use output err:" + p.StandardError.ReadToEnd());
}
//##########################################################
Logger.WriteInformation("# Done #");
}
catch (Exception e)
{
Logger.WriteError(e);
}
}
}
}
Name it "ReleaseManagementMonitor2.dll"
Place it in the a subfolder to The service "ReleaseManagementMonitor"
Configure the shared path as the solution below states.
DO NOT OVERWITE THE EXISTING "ReleaseManagementMonitor2.dll"
The reason that this works is MEF.
The ReleaseManagementMonitor service tries to load the dll "ReleaseManagementMonitor2.dll" from all subfolders.
This dll implements a service interface that RM recognises.
It the runs "net use" to apply the credentials to the session that the service runs under, and thereby grants access to the otherwise inaccessible webdav server.
This solution is certified "Works on my machine"
RM does work only with UNC, you are right on that.
You can leverage that to make your scenario work -
In Theory
Create a boundary machine on the RM domain, where your drops can be copied.
The deploy action running on your datacenter can then copy bits from this boundary machine, using credentials that have access on that domain. (These credentials are provided by you in the WPF console)
How this works
1. Have a dedicated machine on the RM server domain (say D1) that will be used as a boundary machine.
2. Define this machine as a boundary machine in RM by specifying a shared path that will be used by your data centre. Go to settings tab in your WPF console, create a new variable - { Key = RMSharedUNCPath, Value = \\BoundaryMachine\DropsLocation }. RM now understands you want to use this machine as your boundary machine.
3. Make sure you take care of these permissions
RM Server should have write permissions on the \\BoundaryMachine\DropsLocation share.
Pass down credentials of domain D1 to the target machine in the data centre (Domain D2), that can be used to access the share.
4. Credentials can be passed down fron the WPF console, you will have to define the following two config variables in the settings tab again.
Key = RMSharedUNCPathUser ; Value = domain D1 user name
Key = RMSharedUNCPathPwd ; Value = password for the user defined above.
PS - Variable names are case sensitive.
Also, to let RM know that you want to use the SharedUNC mechanism, check the corresponding checkbox for the RM server and connect to it via IP and not DNS name as these must be in different domains, i.e.
Try to use Get-Content on local-server then Set-Content on the remote server passing the file contents over;
Could package everything into an archive of some kind.
The Release Management is copying VisualStudioRemoteDeployer.exe to C:\Windows\DtlDownloads\VisualStudioRemoteDeployer folder on the target server then is copying the scripts from the specified location to target server using robocopy.
So you have to give permissions from your target server to your scripts location.
Release Management update 4 supports "Build drops stored on TFS servers"
http://blogs.msdn.com/b/visualstudioalm/archive/2014/11/11/what-s-new-in-release-management-for-vs-2013-update-4.aspx

Error when listing print queues from network server as impersonated user

I have been trying to set up a simple endpoint service that sits on a server, accepts a web request and then prints a job to a specific print queue on a specific server as a user, whose credentials are passed into the service. This is for automated testing so the users that we are using have limited permissions so security is not a concern.
When I attempt this code without impersonation:
PrintServer ps = new PrintServer(#"\\" + serverName, PrintSystemDesiredAccess.EnumerateServer);
response = "Created PrintServer object";
foreach (PrintQueue pq in ps.GetPrintQueues())
{
response = response + "~#~" + pq.Name;
}
It works properly and gives me a list of printers on the remote server, e.g:
Created PrintServer object~#~Sc-4 Pull Port~#~Microsoft XPS Document Writer
When I try it with impersonation I get this instead:
System.Printing.PrintServerException: An exception occurred while creating the PrintServer object. Win32 error: The printer name is invalid.
at System.Printing.PrintServer.Initialize(String path, String[] propertiesFilter, PrinterDefaults printerDefaults)
at System.Printing.PrintServer..ctor(String path, PrintSystemDesiredAccess desiredAccess)
at PrintService.PrintService.ImpersonatedInstalledPrinterList(String serverName, String userName, String userPassword, String domain)
I have been unable to figure out, or find online, why it is throwing the above error. I am using a valid domain account, and have even given the user I am using to test full permissions to the print queue on the server. I get the same error when I attempt to print as an impersonated user, having no issue with sending a print job when I am not performing impersonation.
Thanks for any help you can offer,
Tsuki
I found the issue with the code I was using, the problem was that I was using when I was using Impersonation, I was using SECURITY_IMPERSONATION_LEVEL of Impersonation when I needed to be using Delegation. Once I change that the error disappeared.

Trouble installing certificate from .pfx file

I am trying to install a certificate on my local machine (Win Server 2003) with the X509Certificate2 class in a C# test console application. When I install the certificate with the following code, everything is fine:
var serviceRuntimeMachineCertificateStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
serviceRuntimeMachineCertificateStore.Open(OpenFlags.ReadWrite);
cert = new X509Certificate2(certificatePath);
serviceRuntimeMachineCertificateStore.Add(cert);
serviceRuntimeMachineCertificateStore.Close();
Problem is, that the private key of the certificate is not persisted, when installed without the X509KeyStorageFlags.PersistKeySet. So I tried to instanciate the certificate like this (the private key has no password, so I pass in an empty string):
var serviceRuntimeMachineCertificateStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
serviceRuntimeMachineCertificateStore.Open(OpenFlags.ReadWrite);
cert = new X509Certificate2(certificatePath, "", X509KeyStorageFlags.PersistKeySet);
serviceRuntimeMachineCertificateStore.Add(cert);
serviceRuntimeMachineCertificateStore.Close();
But trying to instanciate the certificate throws a System.Security.Cryptography.CryptographicException "Failed to load certificate: The specified network password is not correct.", even though the private key has no password.
If I import the certificate in the Microsoft Management Console without specifying a password it works great.
Does anybody know how to do this programmatically?
If you try to create an instance of X509Certificate2 with an empty password on Windows XP or Windows 2003, the "Failed to load certificate: The specified network password is not correct." exception will be thrown.
If you can, try to create a certificate with a password which is not empty. Then everything should be fine.
Hopefully this will help somebody (and to expand on uGeeen's answer:
User "S C" points out the following requirement for certificate passwords on Windows XP and Windows Server 2003.
0 < password.Length < 32
I have seen conflicting reports on whether 32 is allowed. I can confirm that I was using a 32 character password (an MD5 hash), and truncating it to 30 characters fixed the issue.
are you doing it from worker process or some other impersonated process? it may be just that the identity your process uses is initialized WITHOUT loading the identity user's profile, what seems to result with no access to the user's cerificate store.
i've had similar problem when loading a x509 cert with private keys from within ASP.Net/IIS proces, and turning on profile-loading for worker processed did the trick
In case anybody has a similar problem: I managed to install the certificate and persist the private key in another fashion. I found the WinHttpCertCfg command line tool that you can get from here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/winhttpcertcfg_exe__a_certificate_configuration_tool.asp
I then call this command line tool programmatically to install the certificate. This site gave me a hint on how to use it: weblogs.asp.net/hernandl/archive/2005/02/09/…
Cheers, Chris

BizTalk MSMQ userid and password in a bindings file

I'm setting up a solution to deploy, driven by a batch file so it's reproducible
- I've got a binding file that works but I've now added on my MSMQ adapters
- works on my local machine, but I've found I have to add a userid and password to get it to work on the actual server
- it's in the domain, my virtual dev machine is just workgroup
Is there someway to add the userid and password to the file ?
- seems unlikely as that'd have the password in clear text, but what's the solution
- I sort of think something w.r.t. SSO, but that is an area I've not been near
You can put the userid and password into any BizTalk binding that supports authentication, including MSMQ. For security, the password is not exported, you just get a mask.
The userName and password sections of the binding file are not exported unless they have been configured, so the simplest thing to do is configure a MSMQ send port with userName and password manually and export the bindings - this forces the elements containing userName and the masked password to be generated into the binding file.
What you are looking for in your binding file is the <TransportTypeData> element of your MSMQ send port. This contains all of your adapter config information as encoded data.
Within that element there is a userName and password section. The password will be masked out with asterisks. Put the password for the environment there and import the binding.
The part of the encoded data with username and password will look something like below:
&lt;userName&gt;YourUserName&lt;/userName&
amp;gt;&lt;password&gt;******&lt;/password&gt;
For security reasons, when you export
bindings, BizTalk Server removes the
passwords for the bindings from the
file. After importing the bindings,
you must reconfigure passwords for
send ports and receive locations
before they will function. You
configure passwords in the Transport
Properties dialog box of the BizTalk
Server Administration console for the
send port or receive location. For
instructions, see How to Create a Send
Port. See also How to Create a Receive
Location.
From http://msdn.microsoft.com/en-us/library/aa558708.aspx
If you however open the biding file and scroll down to the line with the properties for the MSMQ Adapter you'll find the empty nodes. All you then have to do is to fill these out and the right values and they will be used the next time you import the binding file.
Of course you'll have to remember to redo this every time you export a new binding ...