I am trying JProfiler and need to connect via ssh to running JVMs in our prod system. The JVMs are started with a special user that doesn't have his home directory in /home but /var/opt/<username>. I added a .ssh folder and my public key. Now connecting with JProfiler does the authentication, but immediatly after throws a java RuntimeException:
net.schmizz.sshj.sftp.SFTPExcetion: No such file or directory
Any suggestions?
Related
I launched an instance & downloaded my secret key. I've attempted this on 2 different devices and instances. Im trying to connect to the instance so I can upload files. Whenever I attempt to connect, this permission denied message displays.
Note I've downloaded and used openSSH
PS C:\WINDOWS\system32> ssh -i C:\Users*\Downloads*key.pem #ec2----.us-west-2.compute.amazonaws.com
The authenticity of host 'ec2----.us-west-2.compute.amazonaws.com (...)' can't be established.
ECDSA key fingerprint is SHA256:.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ec2----.us-west-2.compute.amazonaws.com,...' (ECDSA) to the list of known hosts.
*#ec2----**.us-west-2.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
PS C:\WINDOWS\system32>
P.S. This is my first post, so constructive criticism on etiquette is welcome :)
Recently started my first job (an internship really) in the IT field. 3 months ago working for a start-up. Im hoping to migrate eventually to something in the field of cloud security, OSINT, DevSecOps, Web Development. Passionate about information security, open source software.
I followed this tutorial from amazon on how to connect to my instance
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/openssh.html
Looks like it's an issue with .pem file permissions. Check this video & see if you can resolve the error.
You can use puttygen to get ppk file which is helpful to SSH from windows.
If you want to use .pem files, mobaxterm is good software to use
You are very welcome to the community, it's nice to know you started your first Job!
To get you started on how to connect to the AWS Linux instance there is a nice KB article Connect to your Linux instance from Windows using Windows Subsystem for Linux and another one using putty look at here & another SO thread.
There are a few thing you need to learn as Prerequisites:
Verify that the instance is ready
Verify the general prerequisites for connecting to your instance
Install the Windows Subsystem for Linux (WSL) and a Linux distribution on your local computer
Copy the private key from Windows to WSL
Then use :
ssh -i /path/key-pair-name.pem instance-user-name#instance-public-dns-name
OR
ssh -i /path/key-pair-name.pem instance-user-name#instance-IPv6-address
From using your Windows CMD:
PS C:\WINDOWS\system32> ssh -i C:\Users\<user_name>\Downloads\testkey.pem ec2-user#ec2----.us-west-2.compute.amazonaws.com
OR
PS C:\WINDOWS\system32> ssh -i C:\Users\<user_name>\Downloads\testkey.pem ec2-user#<Some_IP_Address>
Better Use mobaexterm and copy user key in there and you will there:
I have setup Sonarqube in my Ec2 earlier using java version 1.8 and it was running fine. Now also I am using java 1.8 for this. I have configured sonarqube by making a user in root in ec2 and inside opt folder I have configured everything for it. Now its not working. I am using ./sonar.sh start for starting the sonarqube in it.After sometime when I check the status of sonar it shows its not running.
Attaching the screenshot for the same.
enter image description here
Sonar Sever will not work with root account as it uses elastic search. Therefore, the service will stop as you as you run the start command. You can go to logs and see the error.
Log files shows the root cause for the error
Create a normal user to start sonar server. If you are using ubuntu, you can use ubuntu user or create a new one.
Once user is created, sonar.sh file and search for RUN_AS_USER parameter.
set your non root user in sonar.sh file
check the ownership of sonar directory as follows:
check sonar directory ownership
If package is not installed, ru below command to install ACL.
access control list installation on ubuntu
Change the ownership of directory/ sub dir as follows:
change ownership of directory
Restart sonar server as follows:
start sonar server
Get the status after start
check the status
Finally, Go to your network settings in EC# and open port 9000.
I m trying to cross-compiling a simple HelloWorld app in C++ on Win 10 for raspberry pi3. I installed toolchain to configure it out. But till now by creating new ssh connection i got always an Error such as "Access denied" or "No connection could be made bcz the target maschine actively refused it".
I checked many tutorials to cross-compiling but no success till now
I think you are mixing different stuff here.
Cross compiling means compiling (and linking) the software for the embedded target on the host computer (in your case Win10). You don't need to SSH on the target for this. You'll likely need to run your configure your build like this:
./configure --host=arm-linux --build=amd64-pc-linux-gnu
The host argument is where the binary should run, and the build argument is where the binary is built.
However, I suspect that you've successfully built the software on your Win10 computer, and then you're trying to copy it on the embedded device. In that case, you must make sure that:
The embedded device is connected to the network
It's running a SSH daemon (likely opensshd)
It's allowing your user to connect to (typically, on default installation, root is not allowed to connect, you'll need to modify /etc/ssh/sshd_config to PermitRootLogin to yes)
(Optionally) You generate a key pair on the host (via ssh-keygen and copy the public key on your embedded user's .ssh/authorized_keys folder) to allow password-less login
Please refer to SSH man page.
With all the above in place, you can then scp build/mySoftware root#myDevice:/usr/local/bin without the Access Denied message.
I have deployed Keycloak-Server (as a Wildfly Swarm fraction) to the Swisscom Cloud Foundry environment (with a Java build pack).
When I try to access the Keycloak admin console I get the following error:
"You need local access to create the initial admin user. Open http://localhost:8080/auth or use the add-user-keycloak script."
How could I resolve this?
Can I somehow open an ssh tunnel to my Java buildpack app in order to access it with http://localhost:8080?
I also tried to "cf login" and "cf ssh" into my app. I created the "add-user-kecloak.sh" by copy/pasting it. When I try to execute it I get the error "java command not found"?
This is the script: https://github.com/keycloak/keycloak/blob/master/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/add-user-keycloak.sh
You can use cf ssh to open an ssh tunnel into your container and access a URL within: cf ssh your-app -N -L 8080:localhost:8080.
This will listen to port 8080 on your machine, and forward any requests to it to port 8080 on your app container. So you should be able to point your browser to http://localhost:8080/auth to get to the console.
Running the script may be a bit more complicated; at least the Java Buildpack has not standardized where it stores the java executable and it's not added to the PATH when you cf ssh into the container, so you'd first need to find it.
I have not used Keycloak myself so my answer is limited to how to tunnel into your app container to access a local console.
Either way, note that if this admin user is saved to local disk, and not to some external storage, next time the app is restaged (either by you or by the system to apply patches to its rootfs), you may need to go through this again.
I've just stumbled upon Fabric and the documentation doesn't really make it obvious how it works.
My educated guess is that you need to install it on both client-side and server-side. The Python code is stored on the client side and transferred through Fabric's wire-protocol when the command is run. The server accepts connections using the OpenSSH SSH daemon through the ~/.ssh/authorized_keys file for the current user (or a special user, or specified in the host name to the fab command).
Is any of this correct? If not, how does it work?
From the docs:
Fabric is a Python (2.5 or higher) library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks.
It provides a basic suite of operations for executing local or remote shell commands (normally or via sudo) and uploading/downloading files, as well as auxiliary functionality such as prompting the running user for input, or aborting execution.
So it's just like ssh'ing into a box and running the commands you've put into run()/sudo().
There is no transfer of code, so you only need to have ssh running on the remote machine and have some sort of shell (bash is assumed by default).
If you want remote access to a python interpreter you're more looking at something like execnet.
If you want more information on how execution on the remote machine(s) work look to this section of the docs.
Most what you are saying is correct, except that the "fabfile.py" file only has to be stored on your client. An SSH server like OpenSSH needs to be installed on your server and an SSH client needs to be installed on your client.
Fabric then logs into one or more servers in turn and executes the shell commands defined in "fabfile.py". If you are located in the same dir as "fabfile.py" you can go "fab --list" to see a list of available commands and then "fab [COMMAND_NAME]" to execute a command.
The user on the server does not need to be added to "~/.ssh/authorized_keys" but if it is you don't have to type the password every time you want to execute a command.