What does -2 do when using psftp.exe? - sftp

I've just come across this line of code in a .bat file:
psftp -2 -l XXXXX 195.2.37.69 -pw XXXXX -P 10022 -b c:\sftp\sendfile.bat -v -bc -be
The help tells me what all the parameters do except for the -2.
Can anybody tell me what the -2 does?

-2 or -1 forces the use of a the corresponding SSH protocol version, so in your example it enforces the use of SSH2. You can also specify -4 or -6 which forces the use of respectively IPv4 or IPv6.

Quoting the psftp documentation:
3.8.3.16 -1 and -2: specify an SSH protocol version
The -1 and -2 options force PuTTY to use version 1 or version 2 of the
SSH protocol. These options are only meaningful if you are using SSH.
These options are equivalent to selecting your preferred SSH protocol
version as ‘1 only’ or ‘2 only’ in the SSH panel of the PuTTY
configuration box (see section 4.18.4).
So the -2 forces SSH version 2.
In older versions, the psftp tried the SSH version 2 and fell back to the SSH version 1, if the server did not support the version 2. With -2, the fallback to an insecure version 1 did not happen and connection is abandoned. The latest versions do not fall back by default anymore. Nowadays, no serious SSH/SFTP server even supports the version 1 anyway.

Related

How to disable weak SSH cipher in CentOS 7

I am running CentOS 7.9 (server edition)
I have been searching online for some help on how to disable weak ssh cypher. However, I do not seem to be able to fix the issue. Qualys scans keeps reporting weak cipher in ssh service. I followed some recommendations (i.e: https://www.thegeekdiary.com/how-to-disable-weak-cipher-and-insecure-hmac-algorithms-in-ssh-services-for-centos-rhel-6-and-7/) online without any luck.
Here is what my /etc/ssh/sshd_config looks like
# Addresses Qualys QID 38739 Deprecated SSH Cryptographic Settings (CentOS 6)
## Changed this line:
##ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc#lysator.liu.se
## to this line:
ciphers aes128-ctr,aes192-ctr,aes256-ctr
Thank you for your help.
Step 1:
Go to below directory and uncomment the below line
Vi /etc/sysconfig/sshd
Uncomment
CRYPTO_POLICY=
Step 2:
Go to the below directories and append the below lines at the end of file
vi /etc/ssh/sshd_config
KexAlgorithms curve25519-sha256#libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305#openssh.com,aes256-gcm#openssh.com,aes128-gcm#openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm#openssh.com,hmac-sha2-256-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128#openssh.com
Step 3:
systemctl restart sshd

Keepalived health check can't connect to 127.0.0.1

I've currently got a cluster of servers running Centos 7 and Docker, and I want to use Keepalived to allocate a floating IP between them. I've configured Keepalived to run a check command on each node which just does curl --silent --fail localhost:80 to ensure a HTTP server is listening.
The web app is running using a Docker container bound to port 80 and --net=host on Docker 1.10.3. Firewalld is also completely disabled.
The problem I'm having is that the curl never succeeds. If I change the check command to echo '' or anything else which exits 0 (without any network interaction) it works fine, but for some reason the curl doesn't work. When I run it from a normal bash terminal it is fine, and echo $? prints a 0.
I'm not even sure how to debug this as Keepalived doesn't provide any documentation on the matter and doesn't seem to log anything in relation to errors coming from the vrrp script.
Any help or suggestions would be greatly appreciated.
Turns out I was using an ancient version of Keepalived. Compiling the latest version from source fixed the issue (rather than using the binary from Centos repos)

MPICH2 gethostbyname failed

I don't understand the error message. I am trying to do is to run a MPICH2 application after I installed mpich2 version 1.4 or 1.5 to /opt/mpich2 (both version failed with the same error). My MPI application was compiled with 1.3 but I am able to run it with mpi 1.4 on another workstation. I am testing it on Ubuntu 12.04.
Fatal error in PMPI_Init_thread: Other MPI error, error stack:
MPIR_Init_thread(467)..............:
MPID_Init(177).....................: channel initialization failed
MPIDI_CH3_Init(70).................:
MPID_nem_init(319).................:
MPID_nem_tcp_init(171).............:
MPID_nem_tcp_get_business_card(418):
MPID_nem_tcp_init(377).............: gethostbyname failed, localhost (errno 3)
Solution for macOS
I stumbled upon this issue on macOS 10.12.1.
The solution is to add 127.0.0.1 computername.local to /etc/hosts. Your file will look more or less like this:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
127.0.0.1 computername.local
255.255.255.255 broadcasthost
::1 localhost
You can change/check your computer's name if you go to System Preferences > Sharing > Computer Name.
What worked for me was the following:
Make sure your hostname is the same for 1 and 2 below:
terminal hostname
"/etc/hosts" hostname
So if you type cat /etc/hosts in terminal it should look like:
// 127.0.0.1 my_hostname
My hostname was not the same for 1 and 2 for me. Once I changed them to match then my mpi program would execute.
To change your terminal hostname type the following:
sudo scutil --set HostName my_new_host_name
To change your /etc/hosts hostname type the following:
sudo nano /etc/hosts
and then add the line
127.0.0.1 my_new_hostname
This error indicates that there's a problem resolving localhost. Check your /etc/hosts file, make certain that you have localhost correctly defined here, it should be pointing to 127.0.0.1. Try using ssh to connect to localhost, make sure that works as well.
Being the question different, the answer is probably the same I gave time ago for OpenMPI:
gethostname() function missing in openMPI
The MPI portable solution is to use MPI_Get_processor_name()
adding -host localhost to the command line solved this for me. Suggested in https://github.com/pmodels/mpich/issues/4710#issuecomment-661933489
e.g.
mpiexec -host localhost -np 4 ./testExecutable
Maybe your /dev/shm is full, try to clean it.

Solaris 10 - How do I check for IPv4-in-IPv6 mapping?

I was wondering if there is the equivalent of the following in Solaris for checking if IPV6_V6ONLY is enabled by default:
On a Linux system I can check if IPv6 only is enabled by checking the following file:
/proc/sys/net/ipv6/bindv6only
If bindv6only contains 0 (IPv4-in-IPv6 & IPv6 are both enabled).
If bindv6only contains 1 (Only IPv6 is enabled).
How can I check that IPV6_V6ONLY by default is enabled on Solaris 10 ? Is there one configuration parameter that can provide this info or do I need to iterate through interfaces via ifconfig -a6 or /etc/hostname6.xxx
Thanks.
Solaris provides socket option defaults with the ndd command, e.g.
sudo /usr/sbin/ndd /dev/ip \?
In this instance Solaris does not provide an option to allow the administrator to enable IPV6_V6ONLY by default.
You might enjoy this:
http://blog.caurea.org/2010/01/31/the-abomination-known-as-ipv6-v6only.html

How does scp traffic flow between two remote hosts?

If you issue a scp command between 2 remote servers, will the traffic flow directly between the hosts, or will it flow from Remote1 => Local Machine => Remote2?
For example I issue this command on my laptop:
scp user1#remote1.com:/Files user2#remote2.com:/Files
Newer versions of scp (since 2011) have the option -3 which will route the traffic through your local machine. This is useful if the hosts are on different networks and can't see each other. Found this on SuperUser. From your linked article it seems like normally the hosts will try to connect directly to each other.
Looks like it can be done.
If your linux/bsd/unix or Mac do not have the -3 option, just compile the last version from: http://www.openssh.org/portable.html
It is as simple as:
./configure; make ; sudo make install
It will be installed on /usr/local/bin by default. I just did that on my Mac OS X Lion.

Resources