FTP_INCORRECT_HOST_KEY in N/SFTP Module - sftp

While creating the connection from NetSuite to SFTP using N/SFTP module i'm facing an error states:
"FTP_INCORRECT_HOST_KEY","message":"Provided host key does not match
remote server's fingerprint."
I have tried checking with my server team but no hope. Can any one suggest me how to resolve this or how can i get an authorized finger print host key from server.
I have tried with Suitescript 2.0 module (N/SFTP) with the help of the tool mentioned below.
https://ursuscode.com/netsuite-tips/suitescript-2-0-sftp-tool/
/**
*#NApiVersion 2.x
#NScriptType ScheduledScript
*/
define(['N/sftp', 'N/file', 'N/runtime'],function(sftp, file,runtime) {
function execute(context)
{
var myPwdGuid = "Encrypted password by GUID";
var myHostKey = "Some long Host key around 380 characters";
// establish connection to remote FTP server
var connection = sftp.createConnection({
username: 'fuel_integration',
passwordGuid: myPwdGuid, // references var myPwdGuid
url: '59.165.215.45',//Example IP
directory: '/sftproot/TaleoSync',
restrictToScriptIds : runtime.getCurrentScript().id,
restrictToCurrentUser :false,
hostKey: myHostKey // references var myHostKey
});
// specify the file to upload using the N/file module
// download the file from the remote server
var downloadedFile = connection.download({
directory: '/sftproot/TaleoSync',
filename: 'Fuel Funnel Report_without filter.csv'
});
downloadedFile.folder = ;
downloadedFile.save();
context.response.write(' Downloaded "Fuel Funnel Report_without filter" to fileCabinet');
}
return {
execute: execute
};
});
I expect to create a connection between SFTP and NetSuite to down a file from SFTP and place it to NetSuite file cabinet.

A couple of things:
restrictToScriptIds : runtime.getCurrentScript().id,
restrictToCurrentUser :false,
Are not part of the createConnection signature. Those should have been used when you created a Suitelet to vault your credential.
However the hostkey complaint may be dealt with by using ssh-keyscan from a linux box.
ssh-keyscan 59.165.215.45
should replay with the server name then ssh-rsa then a long base64 string. Copy that string so it ends up in myHostKey and set the hostKeyType to RSA.

Related

Error "The parameter KeyVault Certificate has an invalid value" with App Service Certificate

I have created in my Azure Key Vault a secret containing an ssl certificate converted from .pfx to base64 string. Now I try to use it to create a certificate linked to an App Service using bicep file.
resource kv 'Microsoft.KeyVault/vaults#2021-06-01-preview' = {
name: 'mykeyvault'
location: resourceGroup().location
properties: {
tenantId: tenantId
sku: {
name: 'standard'
family: 'A'
}
enabledForTemplateDeployment: true
accessPolicies: [...]
}
}
resource sslCertificateSecret 'Microsoft.KeyVault/vaults/secrets#2021-06-01-preview' = {
name: '${kv.name}/sslcert'
properties: {
attributes: {
enabled: true
}
value: <base64_string_ssl>
contentType: 'application/x-pkcs12'
}
}
resource appServicePlan 'Microsoft.Web/serverfarms#2021-01-15' = {
name: 'myServiceplan'
location: resourceGroup().location
kind: 'linux'
properties: {
reserved: true
}
sku: {
name: 'B1'
}
}
resource sslCertificate 'Microsoft.Web/certificates#2021-01-15' = {
name: 'myCertificate'
location: resourceGroup().location
properties: {
keyVaultId: <my_keyvaultId>
keyVaultSecretName: <my_keyvaultCertificateSecretName>
serverFarmId: appServicePlan.id
}
}
I also tried to import the certificate manually in the key vault and reexport it to ensure the base64 string was correct and it seemed ok.
However I am getting the error "The parameter KeyVault Certificate has an invalid value."
Do you have an idea of what I am missing?
Azure KeyVault as a solution for secure storage of confidential information.
Two ways to authenticate a web application in KeyVault. A better is approach is to authenticate the web application using a certificate. This certificate is also deployed directly from KeyVault. This means neither the confidential information nor the keys to the vault are ever disclosed.
Please check the below steps:
Click on the below link to know steps of create certificate linked with app service from keyVault.
Loading the access certificate for your application into KeyVault
Check the File Formats of Certificates which is the major building block when importing certificates
PEM & PFX are the supported certificate formats in Azure Key Vault resource.
• .pem file format consists of 1 or more X509 certificate files.
• A server certificate (issued for your domain), a matching private key, and an optional intermediate CA can all be stored in a single file using the .pfx archive file format.
The first step is to convert any certificates used by the App Service to (and label them as) application/x-pkcs12. It might be possible to resolve the issue by reimport the certificate from a pfx file with the —password parameter (az keyvault certificate import), and then import it from the key vault to the webapp. You could use this blog as a resource.
Also, look if Cert and the Key Vault are in their original resource group.
References:
Azure Key Vault Import Certificates provided by Microsoft and GitHub Source of Deploying Azure Web App Certificate using KV
If you missed the certificate policy on upload and if generating new certificates, then try to generate in the key vault itself.
$credential = Get-Credential
login-azurermaccount -Credential $credential
$vaultName = 'my-vault-full-of-keys'
$certificateName = 'my-new-cert'
$policy = New-AzureKeyVaultCertificatePolicy -SubjectName "CN=mememe.me" -IssuerName Self -ValidityInMonths 120
Add-AzureKeyVaultCertificate -VaultName $vaultName -Name $certificateName -CertificatePolicy $policy
"The parameter KeyVault Certificate has an invalid value"
Please check that you have given permission to access the key vault for Resource Provider
Use PowerShell to enable the 'Microsoft.Web' Resource Provider directly access the azure key Vault.
Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId AZURE_SUBSCRIPTION_ID
Set-AzureRmKeyVaultAccessPolicy -VaultName KEY_VAULT_NAME -ServicePrincipalName abfa0a7c-a6b6-4736-8310-5855508787cd -PermissionsToSecrets get
Sometimes this problem exists in the step of how the certificate was uploaded to the Key Vault: If using PowerShell, give full path instead of the relative path to the cert when uploading.
$pfxFilePath = "PFX_CERTIFICATE_FILE_PATH" # Change this path
Example:
$pfxFilePath = "F:\KeyVault\PrivateCertificate.pfx"
$pwd = "[2+)t^BgfYZ2C0WAu__gw["
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName akurmitestvault -Name keyVaultCert -SecretValue $Secret -ContentType $secretContentType # Change the Key Vault name and secret name

syslog-ng not filtering on tags on remote server

I have an nginx server using syslog-ng to send access and error logs to a remote syslog-ng server. I am having it tag the messages so that the remote server can filter on the tags to put them into files. But the filter statements seem to be not working. On the local client I did a test, sending the messages to a local file using the filters and they work there. But they seem to break somehow when being sent remote.
The config on the client is:
#version: 3.13
#include "scl.conf"
## global options.
options { chain_hostnames(off);
flush_lines(0);
use_dns(no);
use_fqdn(no);
owner("root");
group("adm");
perm(0640);
stats_freq(0);
bad_hostname("^gconfd$");
};
source s_qa_nginx_access {
file("/var/log/nginx/access.log" follow-freq(1)
tags("qa_nginx_access")
flags(no-parse));
};
source s_qa_nginx_error {
file("/var/log/nginx/error.log" follow-freq(1)
tags("qa_nginx_error")
flags(no-parse));
};
destination d_syslog-ng_central { syslog("10.0.0.50" transport("tcp") port(514)); };
log { source(s_qa_nginx_access); destination(d_syslog-ng_central);};
log { source(s_qa_nginx_error); destination(d_syslog-ng_central);};
On the remote syslog-ng server I have
#version: 3.13
#include "scl.conf"
options {
flush_lines(0);
use_dns(no);
use_fqdn(no);
owner("root");
group("adm");
perm(0640);
stats_freq(0);
bad_hostname("^gconfd$");
time-reap(30);
mark-freq(10);
keep-hostname(yes);
};
source s_network { syslog(transport(tcp) port(514)); };
filter f_qa_nginx_access { tags("qa_nginx_access"); };
filter f_qa_nginx_error { tags("qa_nginx_error"); };
destination d_qa_nginx_access {
file(
"/var/log/remote/qa_nginx_access.log"
owner("root")
group("adm")
perm(0640)
);
};
destination d_qa_nginx_error {
file(
"/var/log/remote/qa_nginx_error.log"
owner("root")
group("adm")
perm(0640)
);
};
log { source(s_network); filter(f_qa_nginx_access); destination(d_qa_nginx_access); };
log { source(s_network); filter(f_qa_nginx_error); destination(d_qa_nginx_error); };
If I remove the filter from the log statement all of the log messages go to both files. but with the filter in place nothing makes it to any of the files on the remote server. Is it somehow not sending the tags to remote?
You might want to refer to syslog-ng administration guide. Below are some of the important notes from the guide. If you need to send the tags remotely, use SDATA.meta.tags instead or you can use the template to write is as part of the message too.
Full admin guide can be find at the following link:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.22/administration-guide/58
Tags are available locally, that is, if you add tags to a message on the client, these tags will not be available on the server.
To include the tags in the message, use the ${TAGS} macro in a template. Alternatively, if you are using the IETF-syslog message format, you can include the ${TAGS} macro in the .SDATA.meta part of the message. Note that the ${TAGS} macro is available only in syslog-ng OSE 3.1.1 and later.

Corda - Failed to find a store at certificates\sslkeystore.jks

Corda open source on Linux. Node RPC SSL enabled. I am getting error "Failed to find a store at certificates\sslkeystore.jks". Any ideas? I have entered absolute path in keyStorePath.
You must follow the steps of this paragraph: https://docs.corda.net/clientrpc.html#wire-security which I detailed for you below.
When you enable RPC SSL, you must run this command one time (you will be asked to supply 2 new passwords):
java -jar corda.jar generate-rpc-ssl-settings
It will create the rpcsslkeystore.jks under certificates folder, and rpcssltruststore.jks under certificates/export folder.
Inside your node.conf supply the path and password of rpcsslkeystore.jks:
rpcSettings {
useSsl=true
ssl {
keyStorePath=${baseDirectory}/certificates/rpcsslkeystore.jks
keyStorePassword=password
}
standAloneBroker = false
address = "0.0.0.0:10003"
adminAddress = "0.0.0.0:10004"
}
Now if you have a webserver, inside NodeRPCConnection you must use the constructor that takes a ClientRpcSslOptions parameter:
// RPC SSL properties.
#Value("${config.rpc.ssl.truststorepath}")
private String trustStorePath;
#Value("${config.rpc.ssl.truststorepassword}")
private String trustStorePassword;
#PostConstruct
public void initialiseNodeRPCConnection() {
NetworkHostAndPort rpcAddress = new NetworkHostAndPort(host, rpcPort);
ClientRpcSslOptions clientRpcSslOptions = new ClientRpcSslOptions(Paths.get(trustStorePath),
trustStorePassword, "JKS");
CordaRPCClient rpcClient = new CordaRPCClient(rpcAddress, clientRpcSslOptions, null);
rpcConnection = rpcClient.start(username, password);
proxy = rpcConnection.getProxy();
}
We added above 2 extra attributes that you must now supply when starting the webserver, for that; modify your clients module build.gradle:
task runNodeServer(type: JavaExec, dependsOn: jar) {
classpath = sourceSets.main.runtimeClasspath
main = 'com.example.server.ServerKt'
args '--server.port=50005', '--config.rpc.host=localhost',
'--config.rpc.port=10005', '--config.rpc.username=user1', '--config.rpc.password=test',
'--config.rpc.ssl.truststorepath=/path-to-project/build/nodes/your-node/certificates/export/rpcssltruststore.jks',
'--config.rpc.ssl.truststorepassword=password'
}
If you're planning to connect to the node with a standalone shell, you must do something similar, but it didn't work for me; I reported the following bug: https://github.com/corda/corda/issues/5955

PHPmailer - Add pdf file as attachment doesn't work

My Goal:
Use AddStringAttachment() to send a auto-generated base64 string as a .pdf file to another email address.
Coding Environment:
I'm working on WordPress with a ajax call passing a base64 string to the server. The size of the string is usually around 30kbs, it can be guaranteed not exceeding over 50kbs. I have MAX_EXECUTION_TIME 120s.
What I've Been Working Through:
I succeeded:
Sending plain text body
Sending a small .txt file
I failed:
Sending base64 string using AddStringAttachment(). The server returns me a 504 Gateway Time-out error most of time, even if $mail->send() function passes through, I can only receive a corrupt .pdf file with 10kbs bigger than original size.
Sending a already exist .pdf file with AddAttachment(), The server also returns me a 504 Gateway Time-out error, and I also get a warning like Resource interpreted as Document but transferred with MIME type application/pdf
My Code:
function sendPdf() {
$mail = new PHPMailer(true);
//Server settings
$mail->SMTPDebug = 2; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'smtp.hostinger.com'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'janice#popper.ga'; // SMTP username
$mail->Password = 'secret'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
//Recipient
$mail->SetFrom('janice#popper.ga');
$mail->AddAddress( 'xxxxxxxx#gmail.com' );
$pdf_base64 = $_POST[pdfString];
//Content
$mail->isHTML(true); // Set email format to HTML
$mail->Subject= ' New Application Form ';
$mail->Body= ' New Application Form From WordPress site ';
//Attachment
//$mail->AddStringAttachment($pdf_base64, $_POST[clientName].'_Application.pdf', 'base64', 'application/pdf');
//$mail->AddAttachment(dirname(__FILE__)."/Qian_Zhong_Application.pdf", 'Qian_Zhong_Application.pdf');
$error = '';
if(!$mail->send()){
$error = 'Mail error: '.$mail->ErrorInfo;
echo $error;
}else{
echo 'Message has been sent.';
}
exit; // This is required to end AJAX requests properly.
}
The data you pass in to addStringAttachment should be raw binary, not encoded in any way, as PHPMailer will take care of that for you. It will also set the encoding and MIME type from the filename you provide, so you do not need to set them manually.
Using a debugger would allow you to watch the script as it runs so you would be able to see exactly what it’s having trouble with. Any error 500s will cause errors to be logged in your web server logs and will usually provide more info.
I would also recommend against using $_POST[clientName] like that without any filtering or validation - you should never trust user input like that.

syslog-ng revice json string

Now I used syslog-ng recive json-format log and store to local file, but the log was be changed.
pro log:
{"input_name":"sensor_alert","machine":"10.200.249.27"}
currently store log:
"sensor_alert","machine":"10.200.249.27"}`
the key "input_name" was be deleted
syslog-ng config:
source test_src {
udp(
ip(0.0.0.0) port(5115)
);
};
destination test_dest {
file("/data/test_${YEAR}${MONTH}${DAY}.log"
template("$MSG\n")
template-escape(no));
};
log {
source(test_src);
destination(test_dest);
};
Who can tell me the reason, thks.
If you only send the above mentioned string (without any other framing) probably you should turn of parsing in the source with:
udp(... flags(no-parse));
This is going to put everything it received into the MSG macro.
If you have some kind of framing (like syslog) please provide an sample message, because otherwise I can only guess.

Resources