After 2-3 day search and work now i hope you can help ...
I want to use from openconnect in my program and for auth have 2 solution
1 - use from user and pass (but pass dont have any option for command line and only with standard input can input pass)
2 - used from cookie (but openconnect not work with cookie for me !)
For Cookie i do this
-send user with post method to server
-server ask for password
-send password with post method to server
-if all is ok and auth id = success
-read header and get cookie
open command line and send ip and cookie to openconenct
and Error !
Creating SSL connection failed
command line code
openconnect.exe vpn.server.ip --no-cert-check -C "webvpn=BPlUDg9oaTN2uQQ0DQvH7QopD3x5NahiCHQgTqKQ7KPJg38dSuvqLmYIo9Jskig; Secure,webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure,webvpnc=bu:/&p:t&iu:1/&sh:7350D46A8EE85D06&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/profile.xml&fh:6B5181182D2B5483FBB8D2AA1BCBACC9A70E2BA3; path=/; Secure"
for send user and pass with post method i use from C#
2 - for user and pass i do this work
use from command line for auto fill input with this code
type password | openconnect.exe vpn.server.ip -u username --no-cert-check
and
password | openconnect.exe vpn.server.ip -u username --no-cert-check
and
openconnect.exe vpn.server.ip -u username --no-cert-check < pas.txt
and again error !!!
Password: ReadConsole() failed: The handle is invalid.
now i want to know whats wrong in my code ??
or have any better solution for accept cookie or auto fill input ?
if you have any idea please tell me.
thanks and kind regards.
openconnect command line info
Openconnect Autofill Username and Password
There is a trade-off between convenience and security. Autofill user and password is not recommended in terms of security.
In case you need the convenience to make an autoconnection using openconnect here is a simple example steps:
Simple Steps Example
Create a plaintext password file
mypass.txt
contains only the password:
mysupersecretpassword
Create a script to call openconnect
myscript.sh contains two lines of command:
openconnect --protocol=gp vpn.mycompany.com --user=abc123 --passwd-on-stdin < mypass.txt
./myscript.sh
the second line ./myscript.sh is intentionally added to make the script loop forever thus create a persistent VPN connection.
Make script executable
In terminal line:
chmod +x myscript.sh
Run your script
run your script with a sudo privilege
sudo ./myscript.sh
to exit the loop just press CTRL + C
For More Security
For added security you can make the process not so simple:
put your script and password file in a protected/hidden directory that only root level user can access;
Encrypt the plaintext password file and make another script to decrypt and read the password for example using linux gpg, but you will still have to enter the encryption/decryption passphrase.
In ubuntu you can use this:
openconnect --script ./vpnc.sh target-domain --no-cert-check -u username --passwd-on-stdin < pass.txt
Hope this helps.
Related
I am creating a role in postgresql. The documentation gives me the following example with clear-text password:
CREATE ROLE foo WITH LOGIN PASSWORD 'secret'
My task is to use MD5 instead of a clear-text password because it is not secure enough. However, the documentation merely mentioned the possibility to use md5 instead of a password, without giving any example code. I wonder how could I re-write the code above to implement MD5? Thank you in advance!
To change the authentication method:
Open a terminal window
Change into the postgres bin directory
Example: cd /usr/local/pgsql/bin
Note: Depending on your install environment the path to the bin directory may vary.
Type su – postgres and press Enter. This will change the logged in to the postgres user.
From the bin directory type ./psql
Type ALTER USER postgres password 'your shell account postgres password'; and press Enter. ALTER ROLE should be displayed.
Type \q and press Enter
Type vi /path to data directory/pg_hba.conf and press Enter
Modify the line at the bottom of the config file to resemble one of these examples.
Note: You will probably only have to change the word trust to md5. The line or lines should already exist.
host all postgres your.ip your.subnet md5
host all all your.ip your.subnet md5
Note: If you are using vi as the editor press i to insert text
Save the changes
Note: If you are using vi as the editor press i to insert then press :wq! to save the changes.
From the postgres bin directory type./pg_ctl restart -D /usr/local/pgsql/data and press Enter
I am creating a powershell script to change the sybase database account password. I am using isql.exe to change the password. Below are the steps I am trying to automate:
1) isql.exe -SServerName -UUserAccount -PPassword [Run this command and it should log you in with user account]
2) At this point it is waiting for you to run this command "sp_password 'oldPassword', 'newPassword'" [keyboard Enter]
3) GO [Keyboard Enter]
With the below script I built I am able to login, but unable to execute steps 2 and 3. I see that the screen is waiting for the input Step 2 and Step 3, but how should I write to it?
I am new to powershell, but I tried using Write-Output, Write-Host, Invoke-Expression, Invoke-Command for Step 2 and it did not work
$exe=$args[0] #argument which contains the path to isql.exe
$server=$args[1] #argument which contains server name
$user=$args[2] #argument which contains user account
$oldPassword=$args[3] #argument which contains current password
$newPassword=$args[4] #argument which contains new password
$severPrefix= '-S'
$userPrefix= '-U'
$passwordPrefix='-P'
$scriptPrefix='-E'
$spPasswordCmd= 'sp_password'+' '+ $oldPassword +','+ $newPassword
$serverArg = $severPrefix + $server
$userArg= $userPrefix + $user
$passwordArg= $passwordPrefix + $oldPassword
#Step 1- isql.exe -SserverName -UuserAcount -PoldPassword
&$exe $serverArg $userArg $passwordArg
#Step 2 - After login, execute "sp_password 'oldPassword', 'newPassword'"
#&$spPasswordCmd
#Step 3- Go
Read-Host -Prompt "Press Enter to continue"
What went wrong:
By entering the first command you entered "inside" ISQL prompt.
The powershell script won't send ISQL specific commands (Steps 2 & 3) to that session.
It seems to me that you have two options:
1.
You need to open an ISQL session and send a block of commands to that session.
This is a link about connections on Sysbase but I cannot test the things in there.
2.
By reading the ISQL docs, it seems that you can pass a file with commands to the steps 1:
Read in an operating system file containing a query for execution by
isql: isql -U alma -Ppassword < input_file The file must include a
command terminator. The results appear on your terminal. Read in an
operating system file containing a query and direct the results to
another file: isql -U alma -Ppassword < input_file > output_file
I would spend my time here first. See that in there you can find a link with instructions on how to write the sysbase commands file.
After trying lot of combination, finally I was able to get it to work. Posting my script so that it could be helpful for others.
$exe=$args[0] #argument which contains the path to isql.exe
$server=$args[1] #argument which contains server name
$user=$args[2] #argument which contains user account
$currentPassword=$args[3] #argument which contains current password
$newPassword=$args[4] #argument which contains new password
$outputFilePath=$args[5] #argument which containes spPassword file script path
$spPasswordCmd = "sp_password `'$currentPassword`',`'$newPassword`'"
# Create file:
$spPasswordCmd | Set-Content "$outputFilePath"
# Append to file:
"GO" | Add-Content "$outputFilePath"
isql -S"$server" -U"$user" -P"$currentPassword" -i"$outputFilePath"
write-host "**** Password Change Complete *****"
Read-Host -Prompt "Press Enter to exit.!"
After you login to Sybase using isql.exe, you would need to get into the session of isql.exe to change the password by calling sp_password. In your code, you're are simply executing the login command. I dont think you're getting into the session of isql.exe
Take a look at the below link, I guess it might be useful and probably better way to change the database account password.
https://www.cdata.com/drivers/sybase/powershell/
I have a problem I cannot get around. I am using YAML for loading a CSV to a gpdb table. I want to avoid hard coding the database login details (host, id, password). YAML does not support include or import option. How can I concatenate or call the credentials stored in a second file to the right place in the YAML script used for execution?
---
VERSION:
DATABASE: dbname # <- these should be dynamic
USER: user # <-
PASSWORD: itsasecret # <-
HOST: server_address # <-
PORT: 1234 # <-
GPLOAD:
input...
output...
You can call gpload with command line arguments to specify the host and user and get them out of the YAML file itself:
gpload -f yourfile.yml -h database_server_name -U user_login_name
You can set the password as:
$PGPASSWORD environment variable with password in it
$PGPASSFILE environment variable pointing to a file with the password for that user
put the login information in .pgpass
You can add a -W to the command line to force a password prompt if you don't want to store it in a file somewhere.
OK, so here's what I'm trying to do. I'm writing a program that will retrieve a keepass database from my phone (via ssh) and search through it for whatever password I'm interested in. I'd like to use the same password for the keepass database as the ssh-key that I've made for retrieving the keepass database, but I don't want to enter the password twice. So. Here's what I thought: I'll write a perl script that asks for the password once (via ssh-askpass) (That's my readpass function at the bottom. It works fine.) I can read the keepass, via that key, etc, and all is good.
But, I can't seem to figure out how to add the ssh-add without it prompting me for the password for the key again when I try to ssh to the phone.
I tried making a shell script that would simply echo an environment variable, and then setting SSH_ASKPASS to that script, (and setting the password in an environment variable and system'ing that... Like this:
my $key = readpass();
$ENV{"SSH_ASKPASS_ENV"} = $key;
$ENV{"SSH_ASKPASS"} = "/home/user/bin/ssh-askpass-env";
system("/usr/bin/ssh-add /home/user/.ssh/keepass-retriever");
ssh-askpass-env simply has:
#! /bin/sh
echo "${SSH_ASKPASS_ENV}"
But, that doesn't seem to do it, it still asks me for my password. I can verify that ssh-askpass-env is being called, and that it is getting the password.
I guess my question is: How can I add a key to ssh-agent from within perl using a prespecified password? (Since I've just read the password from readpass() below)
Thanks!
sub readpass() {
my $passwd = undef;
if (defined($ENV{"DISPLAY"})) {
if (open(PASSWD, "/usr/bin/ssh-askpass 'KeePass' |")) {
chomp($passwd = <PASSWD>);
close(PASSWD);
}
}
else {
ReadMode('noecho');
printf("Enter keepass password: ");
$passwd = ReadLine(0);
chomp($passwd);
ReadMode('normal');
}
return($passwd);
}
After reading the ssh-add man page, I found detaching the terminal worked:
system("/usr/bin/ssh-add /home/user/.ssh/keepass-retriever < /dev/null &>/dev/null");
using makecert i have written the commade:
makecert -pe -n "CN=Myauthority" -sr localmachine -ss Root -a sha256 -cy authority -r -sk MyCAContainerName -sky exchange -sp "Microsoft RSA Schannel Cryptographic Provider " -sy 12 -len 2048 certif.cer;
i recieved an error
Error: Can't create the key of the Subject <'MyCAContainerName'>
In seeking the solution, I discovered that the problem arises because I did not Authorizations on machineKey file : (C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys ), the
following link explains better what I'm saying;
http://support.microsoft.com/kb/278381
I followed the same procedures in order to have enough permissions to the a machine key, but the problem is always posed
It seems that Can't create the key of the subject is a fairly generic error, however, what follows after it may give a clue.
While it may be caused by permissions errors (e.g. makecert.exe error: Can't create the key of the subject), I have also seen the error of the form Can't create the key of the subject ('<some guid>') caused by an incorrect parameter to the -sp argument.
In your case, Error: Can't create the key of the Subject <'MyCAContainerName'> would make me guess that there is something wrong with the -sk MyCAContainerName portion of the command, but the upshot is, if it is not something with permissions, than it is likely an incorrect command argument or combination of arguments.
Master,
I Ran on the same error. I solved it running command prompt as an administrator user.
MV
Its late but I have the solution to this. First execute the command as you are, it will give the error Error: Can't create the key of the Subject <'MyCAContainerName'>. But it will create a .pvk file. Don't delete it. Instead execute the command again, but this time remove -sk MyCAContainerName from the command. And it will create your certificate.
In my case the C drive did not have enough space. I cleared some unwanted files and folders and it worked.