I have looked everywhere and couldn't find any way of encrypting passwords in the collectd.conf file.
Right now I have a collectd config file with the Postgres plugin install and loaded, it requires the connection credentials for each database I'm querying.
This means right now i have the password saved in cleartext in the configuration file.
is there any way to encrypt/hash the passwords in the config file, or even encrypt the entire file(but still make collectd work with it)
EDIT: im working on a linux server (rhel 7.4, using collectd 5.8.0)
Related
I have created the batch to transfer the file using SSH keys, I checked the public and private key mapping on both the servers and it's working fine.
My Windows batch code using SFTP command is as follows:
open sftp://sftp_user#ssh_dest_server -privatekey="D:\directory_full_path\private_key.ppk" -rawsettings TryAgent=0 AuthKI=0 AuthGSSAPI=0
CD "/XYZ_Directory/folder1"
Put "\\full_directory_path\FILE1.zip"
exit
When I execute the batch manually it's executing fine without any issue, but when I execute batch from SQL Job (using different user) then it's shows below error:
Searching for host...
Connecting to host...
Authenticating...
Continue connecting to an unknown server and add its host key to a cache?
The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
The server's RSA key details are:
Algorithm: ssh-rsa 2048
SHA-256: finger_print_key
MD5: zz:xx:yy:xx:yy:xx:yy:xx:yy:xx:yy:xx:yy:zz:zz:00
If you trust this host,
press Yes. To connect without adding host key to the cache,
press No. To abandon the connection press Cancel.
In scripting, you should use a -hostkey switch to configure the expected host key.
(Y)es, (N)o, C(a)ncel (10 s), (C)opy Key, (P)aste key: Cancel
Host key wasn't verified!
Host key fingerprint is ssh-rsa 2048 finger_print_key.
Authentication failed.
I already tried -hostkey WinSCP command but says "unknown command". Suggestions are most welcome.
Something I want to do like this link "WinSCP" through WinSCP command but inside my Windows batch automatically to verify the host.
To verify a host key in WinSCP script, add -hostkey switch to the open command:
open sftp://sftp_user#ssh_dest_server -hostkey=... -privatekey="D:\directory_full_path\private_key.ppk" -rawsettings TryAgent=0 AuthKI=0 AuthGSSAPI=0
See Verifying the host key ... in script in WinSCP documentation. It covers everything you need to know. In particular, where to get the host key value.
Also note that WinSCP GUI can generate a script template even with the -hostkey switch for you.
Also covered in My script works fine when executed manually, but fails or hangs when run by Windows Scheduler, SSIS or other automation service. What am I doing wrong?
I have created a jar for encryption using PBE(PBEWITHSHA1ANDDESEDE) algorithm with Jasypt jar file.
Creating encrypt password using this jar file on unix environment but when I am trying to decrypt that password in my local environment (Windows PC) it is throwing error. But when I am encrypting password in my local then same encrypt password I am able to decrypt in my local PC.
I am using jasypt jar file using "PBEWITHSHA1ANDDESEDE" algorithm. Please let me know, is there any environment dependency there in encryption and decryption logic like those password encrypted in unix env can not be decrypted in Windows environment ?
I created a windows library to do data reading from files and some custom filter, append, remove, update data towards my database on SQL Server. And my library requires app config which needs to put in connection string, because this library actually connects with more than 1 database.
If i were to deploy to my database server, i would need to do encryption to my connection string for security purpose. I have read a lot of discussion in stack overflow, but most of them are using RsaProtectedConfigurationProvider which requires my database server to have IIS server to do decryption. But the case is my database server don't add in the IIS on windows component as it will requires opening a new port which means open a new thread towards the server.
So my challenge right now is to do encryption of my app config without using any of ASP.net encryption tools. Is there any other way for me to do the encryption?
We have a web application which consists of an IIS web server which is on the internet, and a database server, which IIS accesses over a VPN link.
The problem we have is that we need to store the connectstring somewhere (which obviously can't be in the database).
I note that it is possible to encrypt web.config connect strings using aspnet_regiis :
https://msdn.microsoft.com/en-us/library/dx0f3cf2%28v=vs.85%29.aspx
Can anyone comment on how robust this is. What we do not want is the database being hacked from the internet.
One thing which concerns me is the aspnet_regiis is used to decrypt and encrypt and is installed on the machine itself. So if the machine was compromised and this exe was on there, discovering the passwords would not be that hard.
So assuming that this method of securing a password is not recommended, what other options do I have.
Note that in case it is relevant, IIS is running in the context of IIS APPPOOL\DefaultAppPool account.
Thanks.
You do not encrypt your configuration files to prevent being hacked from the internet. IIS will never serve *.config files. You encrypt configuration files to hide the information therein from server administrators.
If a remote attacker has access to the server and can run arbitrary executables, all bets are off. There's nothing you can do to secure the server after that.
How to prevent the server from being accessed remotely is too broad to answer, check OWASP for general hints.
If possible, give your app pool identity (in your case IIS APPPOOL\DefaultAppPool) access to the SQL Server.
Then use integrated authentication instead of password and username in your connection string:
Server=myServerAddress;Database=myDataBase;Trusted_Connection=True;
I got the connection details of a SFTP server, connected to it with FileZilla, and then successfully downloaded a file from that SFTP.
The only details I had was host, port, user and pass.
Now I'm trying to connect to this same server trough WinSCP .NET assembly (C#)
using(Session session = new WinSCP.Session()) {
session.Open(new SessionOptions() {
Protocol = Protocol.,
HostName = "ftp.*********.be",
UserName ="*****",
Password ="*****"
});
TransferOptions transferOptions = new TransferOptions();
transferOptions.TransferMode = WinSCP.TransferMode.Binary;
TransferOperationResult transferResult;
transferResult = session.GetFiles("/downld/fileonserver.dbf",#"c:\testfolder\localfilename.dbf", false, transferOptions);
Whatever I try here it keeps asking for a key for SSH, but I don't have that key, I generated a 128 bit RSA key somewhere online and put it in the session options like:
SshHostKeyFingerprint = "ssh-rsa 1024 82:09:12:b4:93:92:3a:61:10:90:61:12:b4:XX:XX:XX"
But this just tells me that key is invalid.
I kind of figured out that I maybe need the public/private SSH key from the server to get this to work but I sadly don't have access to this server.
Since FileZilla can connect to it without me entering any KEYS, why can't my C# program do the same?
I'm not an expert when it comes to security related stuff, so please point me in the right direction. I found this thread but I don't have access to .ssh folder on the FTP server and I don't really get where they are going with this.
You are confusing the SSH server public host key verification with the client public key authentication. These are two completely different things. This first involves the public key of the server, while the latter involves your account public key.
Read about SSH Key Pairs to learn the difference.
FileZilla cannot connect without verifying the server's public host key either. On the first connection it always prompts you to accept the key. Once you do, it optionally caches the key and won't prompt you again, unless the key changes.
You have probably forgotten that you got this prompt before or someone else connected to the server before from your machine.
Any SSH (SFTP) client must do the same. You are losing any security had you not verified your server's host key.
You should get the host key fingerprint from your server administrator.
If you had not, you can see it on WinSCP Server and Protocol information dialog.
For details see WinSCP FAQ Where do I get SSH host key fingerprint to authorize the server?
I solved this by just copying the SSH key returned to my FileZilla client into my C# app. I don't know if this is the right thing to do, but at least it got my solution working now.
It was also an SSH-DSS key 2048 key instead of an SSH-RSA 1024, and that's why messing around with the keys kept failing I guess.