Fabric does not use SSH key [duplicate] - fabric

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Using an SSH keyfile with Fabric
In my fable
env.ip = 'x.x.x.x'
env.hosts = [env.ip]
env.user = 'root'
env.environment = 'production'
I have the config like this, but when I trying to execute something using run(command), it prompts me to put the password for root, why?
In my native Terminal.app, I can ssh x.x.x.x without entering the password.
I have enabled logging in the fabfile, and here is the ouput
DEBUG:ssh.transport:starting thread (client mode): 0xaa84dd0L
INFO:ssh.transport:Connected (version 2.0, client OpenSSH_5.8p1)
DEBUG:ssh.transport:kex algos:['ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc#lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc#lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64#openssh.com', 'hmac-ripemd160', 'hmac-ripemd160#openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64#openssh.com', 'hmac-ripemd160', 'hmac-ripemd160#openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib#openssh.com'] server compress:['none', 'zlib#openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEBUG:ssh.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
DEBUG:ssh.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:ssh.transport:Switch to new keys ... [x.x.x.x] Login password for 'root':

You have to specify the path to the keyfile to use.
See this post for details, which boil down to adding
env.key_filename = '/path/to/keyfile.pem'
in your case.

Related

How can I set [output_adapter.email] with Aruba address in wso2 Identity Server v. 5.11.0?

I'm trying to set an email sender (for example recovery password). I already set with a Gmail and Outlook address mail and it's work!
Now i nedd to configure an Aruba hostmail.
this is my deployment.toml configuration module
[output_adapter.email]
from_address= "****#aruba.it"
username= "*****#****.it"
password= "******"
hostname= "smtps.aruba.it"
port= 465
enable_start_tls= true
enable_authentication= true
signature = "****"
[output_adapter.email.custom_properties]
"mail.smtp.ssl.protocols"="TLSv1.2"
"mail.transport.protocol"="smtps"
Logs return
ERROR {org.wso2.carbon.event.output.adapter.email.EmailEventAdapter} - Event dropped at Output Adapter 'EmailPublisher' for tenant id '-1234', Error in message format, Could not connect to SMTP host: smtps.aruba.it, port: 465, response: -1 javax.mail.MessagingException: Could not connect to SMTP host: smtps.aruba.it, port: 465, response: -1
I tried with smpts and smpt (it should be the same port 465).
Can you tell me if it's not supported or something?
THanks, i really need help :(
I fixed it by adding these properties in deployment.toml file below this modules:
[output_adapter.email]
from_address= "***#aruba.it"
username= "****"
password= "****!"
hostname= "smtps.aruba.it"
port= 465
enable_start_tls= true
enable_authentication= true
signature = "WSO2"
[output_adapter.email.custom_properties]
"mail.smtp.ssl.protocols"="TLSv1.2"
"mail.smtp.debug"="true"
"mail.smtp.socketFactory.port"="465"
"mail.smtp.socketFactory.class"="javax.net.ssl.SSLSocketFactory"
"mail.smtp.socketFactory.fallback"="false"

Cannot send SMTP email from JBoss java app in Amazon EC2 instance: Could not convert socket to TLS

I'm running a java app in JBoss 6.4.0 in an Amazon Web Services red hat 8 EC2 instance.
When my app tries to send an email via javax.mail I'm getting an error "Could not convert socket to TLS".
I then coded up the AmazonSESSample.java sample program and tried it. I ran it in my EC2 instance outside JBoss and it ran successfully. (The AmazonSESSample program can be found here: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/examples-send-using-smtp.html)
Then I commented out the email code in my java app, and replaced it with the code in AmazonSESSample.java. When I run my java app with the AmazonSESSample code in JBoss I get the same error: "Could not convert socket to TLS". So the AmazonSESSample works fine outside JBoss, and gives an error when running inside JBoss.
Here is the AmazonSESSample code in my app. Can somebody help me fix the "Could not convert socket to TLS" error?:
public class AmazonSESSample {
private static final Logger logger = LogManager.getFormatterLogger("AmazonSESSample");
// Replace sender#example.com with your "From" address.
// This address must be verified.
static final String FROM = "email1#gmail.com";
static final String FROMNAME = "Steve";
// Replace recipient#example.com with a "To" address. If your account
// is still in the sandbox, this address must be verified.
static final String TO = "email2#gmail.com";
// Replace smtp_username with your Amazon SES SMTP user name.
static final String SMTP_USERNAME = "thisIsNotActualghijikl";
// Replace smtp_password with your Amazon SES SMTP password.
static final String SMTP_PASSWORD = "abcdefThisIsNotActual";
// Amazon SES SMTP host name. This example uses the US West (Oregon) region.
// See https://docs.aws.amazon.com/ses/latest/DeveloperGuide/regions.html#region-endpoints
// for more information.
static final String HOST = "email-smtp.us-east-2.amazonaws.com";
// The port you will connect to on the Amazon SES SMTP endpoint.
static final int PORT = 587;
static final String SUBJECT = "Amazon SES test (SMTP interface accessed using Java)";
static final String BODY = String.join(
System.getProperty("line.separator"),
"<h1>Amazon SES SMTP Email Test</h1>",
"<p>This email was sent with Amazon SES using the ",
"<a href='https://github.com/javaee/javamail'>Javamail Package</a>",
" for <a href='https://www.java.com'>Java</a>."
);
public int sendEmail(DisplayEmailMessage emailMessage) throws UnsupportedEncodingException, MessagingException {
// Create a Properties object to contain connection configuration information.
Properties props = System.getProperties();
props.put("mail.transport.protocol", "smtp");
props.put("mail.smtp.port", PORT);
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.auth", "true");
// Create a Session object to represent a mail session with the specified properties.
Session session = Session.getDefaultInstance(props);
// Create a message with the specified information.
MimeMessage msg = new MimeMessage(session);
msg.setFrom(new InternetAddress(FROM, FROMNAME));
msg.setRecipient(Message.RecipientType.TO, new InternetAddress(TO));
msg.setSubject(SUBJECT);
msg.setContent(BODY, "text/html");
// Create a transport.
Transport transport = session.getTransport();
// Send the message.
try {
System.out.println("Sending...");
// Connect to Amazon SES using the SMTP username and password you specified above.
transport.connect(HOST, SMTP_USERNAME, SMTP_PASSWORD);
// Send the email.
transport.sendMessage(msg, msg.getAllRecipients());
System.out.println("Email sent!");
}
catch (Exception ex) {
System.out.println("The email was not sent.");
System.out.println("Error message: " + ex.getMessage());
}
finally {
// Close and terminate the connection.
transport.close();
}
return 0;
}
}
Here is the javamail debug output:
DEBUG: setDebug: JavaMail version 1.4.5.redhat-2
Sending email to 123#gmail.com
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
Starting to connect at Sun Dec 26 13:14:23 UTC 2021 to email 123#gmail.com
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.dreamhost.com", port 587, isSSL false
220 pdx1-sub0-mail-a290.dreamhost.com ESMTP
DEBUG SMTP: connected to host "smtp.dreamhost.com", port: 587
EHLO ip-172-31-29-30.us-east-2.compute.internal
250-pdx1-sub0-mail-a290.dreamhost.com
250-PIPELINING
250-SIZE 40960000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 CHUNKING
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "40960000"
DEBUG SMTP: Found extension "ETRN", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "AUTH", arg "PLAIN LOGIN"
DEBUG SMTP: Found extension "AUTH=PLAIN", arg "LOGIN"
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "CHUNKING", arg ""
STARTTLS
220 2.0.0 Ready to start TLS
MessagingException
javax.mail.MessagingException: Could not convert socket to TLS
I fixed this by upgrading my JBoss to 7.4.0.

How do I get the client Remote Port number in a Django?

I know I can use request.META['REMOTE_ADDR'] to get the client's IP in my django view function.
However, I have no idea how to get the client remote port number.
For example, you can see your own remote port number on the site below:
https://www.myip.com/
Remote Port
here is sample of view.py:
if request.user.is_authenticated:
        gelenIleti = request.META.get('HTTP_X_FORWARDED_FOR')
        if gelenIleti:
            ip = gelenIleti.split(',')[0]
        else:
            ip = request.META.get('REMOTE_ADDR')
            portNumarasi = request.META['SERVER_PORT']
        logger.info(' ' + 'LOG KAYDI :' + ' ' + ' KULLANICI : ' + request.user.username + ' ' + ' IP : ' + ip + ' ' + ' SERVER PORT : ' + portNumarasi)
You can get the IP and PORT through WSGIRequest connected socket.
Django 1.11:
sock = request._stream.stream._sock
client_ip, port = sock.getpeername()
Django 2.1:
sock = request._stream.stream.raw._sock
client_ip, port = sock.getpeername()
Django 2.2 and 3.1:
sock = request._stream.stream.stream.raw._sock
client_ip, port = sock.getpeername()
UPDATE
if request.user.is_authenticated:
sock = request._stream.stream.stream.raw._sock
client_ip, port = sock.getpeername()
logger.info(' LOG KAYDI : KULLANICI : %s IP : %s SERVER PORT : %s' % (request.user.username, client_ip, port))

APNS issue with django

I'm using the following project for enabling APNS in my project:
https://github.com/stephenmuss/django-ios-notifications
I'm able to send and receive push notifications on my production app fine, but the sandbox apns is having strange issues which i'm not able to solve. It's constantly not connecting to the push service. When I do manually the _connect() on the APNService or FeedbackService classes, I get the following error:
File "/Users/MyUser/git/prod/django/ios_notifications/models.py", line 56, in _connect
self.connection.do_handshake()
Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')]
I tried recreating the APN certificate a number of times and constantly get the same error. Is there anything else i'm missing?
I'm using the endpoints gateway.push.apple.com and gateway.sandbox.push.apple.com for connecting to the service. Is there anything else I should look into for this? I have read the following:
Apns php error "Failed to connect to APNS: 110 Connection timed out."
Converting PKCS#12 certificate into PEM using OpenSSL
Error Using PHP for iPhone APNS
Turns out Apple changed ssl context from SSL3 to TLSv1 in development. They will do this in Production eventually (not sure when). The following link shows my pull request which was accepted into the above project:
https://github.com/stephenmuss/django-ios-notifications/commit/879d589c032b935ab2921b099fd3286440bc174e
Basically, use OpenSSL.SSL.TLSv1_METHOD if you're using python or something similar in other languages.
Although OpenSSL.SSL.SSLv3_METHOD works in production, it may not work in the near future. OpenSSL.SSL.TLSv1_METHOD works in production and development.
UPDATE
Apple will remove SSL 3.0 support in production on October 29th, 2014 due to the poodle flaw.
https://developer.apple.com/news/?id=10222014a
I have worked on APN using python-django, for this you need three things URL, PORT and Certificate provided by Apple for authentication.
views.py
import socket, ssl, json, struct
theCertfile = '/tmp/abc.cert' ## absolute path where certificate file is placed.
ios_url = 'gateway.push.apple.com'
ios_port = 2195
deviceToken = '3234t54tgwg34g' ## ios device token to which you want to send notification
def ios_push(msg, theCertfile, ios_url, ios_port, deviceToken):
thePayLoad = {
'aps': {
'alert':msg,
'sound':'default',
'badge':0,
},
}
theHost = ( ios_url, ios_port )
data = json.dumps( thePayLoad )
deviceToken = deviceToken.replace(' ','')
byteToken = deviceToken.decode('hex') # Python 2
theFormat = '!BH32sH%ds' % len(data)
theNotification = struct.pack( theFormat, 0, 32, byteToken, len(data), data )
# Create our connection using the certfile saved locally
ssl_sock = ssl.wrap_socket( socket.socket( socket.AF_INET, socket.SOCK_STREAM ), certfile = theCertfile )
ssl_sock.connect( theHost )
# Write out our data
ssl_sock.write( theNotification )
# Close the connection -- apple would prefer that we keep
# a connection open and push data as needed.
ssl_sock.close()
Hopefully this would work for you.

ssh-login with python.paramiko module into cisco device fails

I try to make a ssh-login into a cisco device, which fails with paramiko.SSHClient.
ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
transport = ssh.get_transport()
ssh.connect(hostname, username='user', password='pwd')
ssh.close()
With paramiko.DEBU turned on:
DEBUG:paramiko.transport:starting thread (client mode): 0x2efdc18L
INFO:paramiko.transport:Connected (version 1.99, client Cisco-1.25)
DEBUG:paramiko.transport:kex algos:['diffie-hellman-group1-sha1'] server key:['ssh- rsa'] client encrypt:['aes128-cbc', '3des-cbc', 'aes192-cbc', 'aes256-cbc'] server encrypt:['aes128-cbc', '3des-cbc', 'aes192-cbc', 'aes256-cbc'] client mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96'] server mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False
DEBUG:paramiko.transport:Ciphers agreed: local=aes128-cbc, remote=aes128-cbc
DEBUG:paramiko.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-cbc, remote aes128-cbc; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for 172.20.112.77: ff666b2246321237c117d838f56df217
DEBUG:paramiko.transport:Trying discovered key 33e9714dae2cebdcfa3f30820ed2b17b in C:\Users\lauener/.ssh/id_rsa
DEBUG:paramiko.transport:userauth is OK
DEBUG:paramiko.transport:Authentication type (publickey) not permitted.
DEBUG:paramiko.transport:Allowed methods: ['keyboard-interactive', 'password']
INFO:paramiko.transport:Disconnect (code 2): Protocol error: expected packet type 50, got 5
I tried to do something with Transport but for
transport = ssh.get_transport()
transport is None.
But if I try to connect with the simple_demo provided by paramiko I can connect.
The following code works:
# get host key, if we know one
hostkeytype = None
hostkey = None
try:
host_keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
except IOError:
try:
# try ~/ssh/ too, because windows can't have a folder named ~/.ssh/
host_keys = paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
except IOError:
print '*** Unable to open host keys file'
host_keys = {}
if host_keys.has_key(hostname):
hostkeytype = host_keys[hostname].keys()[0]
hostkey = host_keys[hostname][hostkeytype]
print 'Using host key of type %s' % hostkeytype
# now, connect and use paramiko Transport to negotiate SSH2 across the connection
try:
t = paramiko.Transport((hostname, port))
t.connect(username='user', password='pwd', hostkey=hostkey)
t.close()
except Exception, e:
print '*** Caught exception: %s: %s' % (e.__class__, e)
traceback.print_exc()
try:
t.close()
except:
pass
sys.exit(1)
But I think I would be more comfortable with using SSHClient. Thats why I would appreciate any help on this.
Thank you.
try setting the allow_agent and look_for_keys to false or else the ssh client will try to use your ssh agent if active or any ssh keys in the default path.
ssh.connect(hostname, username='user', password='pwd', allow_agent=False,look_for_keys=False)
Had the same issue, c0m4 answer resolved it :
>>> sshobj.connect('192.168.0.200', username=usr, password=pass, allow_agent=False,look_for_keys=False)
DEBUG:paramiko.transport:starting thread (client mode): 0x9ecfc4cL
INFO:paramiko.transport:Connected (version 2.0, client Cisco-1.25)
DEBUG:paramiko.transport:kex algos:['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa'] client encrypt:['aes128-cbc', '3des-cbc', 'aes192-cbc', 'aes256-cbc'] server encrypt:['aes128-cbc', '3des-cbc', 'aes192-cbc', 'aes256-cbc'] client mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96'] server mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False
DEBUG:paramiko.transport:Ciphers agreed: local=aes128-cbc, remote=aes128-cbc
DEBUG:paramiko.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-cbc, remote aes128-cbc; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:**Authentication (password) successful!**
>>>