I have searched several posting on this message and I am still getting the error when I attempt to do an "ldapsearch"
I have changed the slapd.conf to use a plain-text password and I am still getting the error. I have also made sure that there are no blank spaces in the file. The log file shows and iptables is turned off. I have attempted to follow the LDAP setup from
"http://www.itmanx.com/kb/centos63-openldap-phpldapadmin".
conn=1001 fd=15 ACCEPT from IP=[::1]:54486 (IP=[::]:389)
conn=1001 op=0 BIND dn="cn=Manager,dc=domain,dc=local,dc=pt" method=128
conn=1001 op=0 RESULT tag=97 err=49 text=
conn=1001 fd=15 closed (connection lost)
my server is running Centos 6.4 64.
below are the commands I am using
"ldapsearch -x -D cn=Manager,dc=domain,dc=local,dc=pt -w abc"
my slapd.conf file
database bdb
suffix "dc=domain,dc=local"
checkpoint 1024 15
rootdn "cn=Manager,dc=domain,dc=local"
rootpw abc
You need to generate your password like below -
slappasswd -h {CLEARTEXT}
enter password - abc
Do the search -
ldapsearch -x -h ipaddress(mention ip address) -D "cn=Manager,dc=domain,dc=local" -W
In the search you try to bind as:
cn=Manager,dc=domain,dc=local,dc=pt
but in the config the rootdn is:
cn=Manager,dc=domain,dc=local
This is of course "an invalid credential".
You are binding as the rootdn, which is to say the "root account" of your DIT. This account's password is, in this case, config-based. It is possible that while 'abc' is the configured password, it may not be the loaded password.
Case in point: Someone goes into the slapd.conf file and changes the rootdn password from 'xyz' to 'abc' but neglects to restart the OpenLDAP daemon. What will happen here is that 'abc' will NOT work until the process is restarted, and thus the OpenLDAP daemon will continue to honor the OLD password of 'xyz'.
I hope this helps...
Max
Related
I am new to salt-ssh and I have gotten it to work successfully for setting up a remote system. However, I have a login issue that I don't know how to address. What is happening is that when I try to run the salt-ssh commands I have to fight with then initial login process before eventually it just works. I am looking to see if I can narrow down what is causing me to have to fight with login process.
I am using OS X to run my salt-ssh commands against an ubuntu vagrant vm.
I have added my root user's ssh key to the root user authorized_keys on the vagrant vm. I have verified that I can log into the system using ssh without any issues
sudo ssh root#192.168.33.10
Here are what my config files look like:
roster
managed:
host: 192.168.33.10
user: root
sudo: true
Saltfile
salt-ssh:
config_dir: /users/vmcilwain/projects/salt-ssh-rails
roster_file: /users/vmcilwain/projects/salt-ssh-rails/roster
log_file: /users/vmcilwain/projects/salt-ssh-rails/saltlog.txt
master
file_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/states
pillar_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/pillars
I run this command:
sudo salt-ssh -i '*' test.ping
I enter my local user's password and I get this output
Permission denied for host 192.168.33.10, do you want to deploy the salt-ssh key? (password required):
[Y/n]
This is where my fight is. If the vagrant vm has the ssh key for the user I am executing salt-ssh as, why am I being told that permission is denied? Especially when I verified I could ssh into the system without using salt-ssh.
Clicking yes prompts me for the remote root user's password, which I didn't set and don't necessarily want to since an ssh key should have worked.
I'm hoping someone can tell me the best way to setup connections between both systems so that I don't have to have this fight every time.
I needed to set the priv in my roster to the rsa key that I am using to connect to the remote host:
priv: /Users/vmcilwain/.ssh/id_rsa
Other posts have talked about using /etc/ssh/sshd_config to change the authorization settings.
What Authorization settings should I set my sshd_config be on if I want this password to connect?
jacobs-mbp:~ nuevo$ ssh username#141.158.1.6
The authenticity of host '141.158.1.6 (142.158.1.6)' can't be established.
RSA key fingerprint is b1:0b:cn:o7:6b:f1:22:c5:x5:d1:f8:d2:63:d8:b2:2l.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '141.158.1.6' (RSA) to the list of known hosts.
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
http://www.faqs.org/docs/securing/chap15sec122.html
Here are the steps to change it:
su
Password:
cd /private/etc
vi sshd_config
Now type this to search for PasswordAuthentication:
/PasswordAuth <Enter>
Now press h a few times to move to the very left of the line and you are on the #
Now press x to delete the #
Now type the following to write and quit:
:wq <Enter>
If you get stuck or lost at any point in the editor, type the following to quit without saving
:q! <Enter>
I am trying to use plink(Putty link) to connect to test servers using a batch file so as to avoid any user prompts and executing shell scripts. But it is pausing by showing a user interactive prompt after logging in with username and password provided which I don't want.
Please provide any suggestion for why this is happening or if I need to change any settings in the configuration to make this work.
Below is the log for the same. I am expecting it to execute a shell script after this step before which it gets stopped and plink puts me in an interactive shell
D:\>plink -v -ssh xxx#xxx.xxx.xxx.xx.com –pw XXXXX
Looking up host "xxx#xxx.xxx.xxx.xx.com"
Connecting to xxx.xx.xxx.xx port 22
Server version: SSH-2.0-OpenSSH_5.1
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 1024 a5:c3:96:57:53:7c:72:06:8d:86:09:76:27:3e:18:8d
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "xxx".
Attempting keyboard-interactive authentication
Access granted
Opening session as main channel
Opened main channel
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
Last login: Wed Mar 5 09:56:41 2014 from 10.34.39.22
←[?1034hxxxxavu2:←]2;xxx#xxxxavu2~ >
When using SSH, upon first connection you are required to verify a service host key in order to make a connection.
Through plink, the command line will generate a prompt, asking the user to "accept service host key? (y/n)".
Step 1: Fix the "Keyboard Interactive Authentication prompts from server"
Follow the URL instruction and Deselect the "Attempt keyboard Interactive auth (SSH-2) in your putty.
https://support.linuxacademy.com/hc/en-us/articles/360027730172-How-Can-I-Copy-and-Paste-into-Putty-on-Windows
Step 2: Below is the commands will fix the "verify a service host key" for every Linux server first SSH connection using plink.
echo yes| C:\PuTTY\plink.exe user-name#10.148.147.41 -pw *************** date
Step 3: Now you can immediately ran your next scripts like "server uptime checks" or "monitoring agent restart" using plink with -batch option (disable all interactive prompts)
C:\PuTTY\plink.exe -batch user-name#10.148.147.41 -pw *************** -m C:\uptime_linux.sh
C:\PuTTY\plink.exe -batch user-name#10.148.147.41 -pw *************** -m C:\monitoring-agent-check_linux.sh
Above mentioned information's 100% will help you to automate the linux tasks using plink utility.
It's giving you an interactive shell because you are not actually giving it a command to execute after connecting. Enclose your command in quotes, eg:
D:\>plink -v user#xxx.xxx.xxx.xxx -pw XXXXX "df -h"
I hope this is the right place to post this.
I have a VM I usually connect from work. To connect from home I was given the following instructions:
Copy and paste ./ssh/id_rsa and ./ssh/id_rsa.pub from the work machine to the home machine. Also make a config file like:
# Debian VM
Host nacho4d.dev.acme.com
# IdentityFile ~/.ssh_acme/id_rsa
User nacho4d
ProxyCommand ssh ns.dev.acme.com -l nacho4d nc -w 1 %h %p
# Tunnel/springboard server
Host ns.dev.acme.com
# IdentityFile ~/.ssh_acme/id_rsa
User nacho4d
ProxyCommand ssh ts6.in.acme.com -l nacho4d nc -w 1 %h %p
So everything works good with:
$ ssh nacho4d.dev.acme.com
The problem is that I already have my own (non-work) private keys and I don't want to replace it with the work .ssh folder every time I need to use ssh. Too tedious.
How can I use a particular key, etc to connect to a specific server only?
I tried putting my files like:
~/.ssh/id_rsa → home private key
~/.ssh/id_rsa.pub → home public key
~/.ssh/config → config file like above but with IdentityFile enabled
~/.ssh_acme/id_rsa → work private key
~/.ssh_acme/id_rsa.pub → work public key
I thought that having a config file with IndentityFile should make ssh to use a particular key ( in this case pointing to ~/.ssh_acme/id_rsa) for that particular host, but I always get "Permission Denied" Connection closed by remote host.
Am I missing something? Perhaps do I need to supply the public key somewhere else too?
I checked ~./ssh/authorized_keys file in the VM and I have a ssh-rsa entry for the work-computer not the home computer (which Is I believe normal since I am using the keys provided by work.)
How come IdentityFile ~/.ssh_acme/id_rsa is not working as expected?
Do I really need to interchange my home/work keys everytime I need to connect to somewhere?
I am almost a beginner in ssh things, but something tells me there must be a clever way of doing this.
Any help is appreciated.
You don't need to specify which key works with which host, just rename the keys and add a IdentityFile line for each key:
IdentityFile ~/.ssh/id_rsa_dev_acme
IdentityFile ~/.ssh/id_rsa_in_acme
It's possible the keys in ~/.ssh_acme/id_rsa aren't being used because the permissions aren't correct on ~/.ssh_acme (0700) or ~/.ssh_acme/id_rsa (0600)
Finally, this question might be more relevant on http://unix.stackexchange.com
How can we verify that SFTP access has been granted on a server, without installing any software/tools?
Most servers have curl and scp installed, which you can use to log into an SFTP server. To test if your credentials work using curl, you could do this:
$ curl -u username sftp://example.org/
Enter host password for user 'username':
Enter your password and if it works you'll get a listing of files (like ls -al), if it doesn't work you'll get an error like this:
curl: (67) Authentication failure
You could also try using scp:
$ scp username#example.org:testing .
Password:
scp: testing: No such file or directory
This verifies that you that you were able to log in, but it couldn't find the testing file. If you weren't able to log in you'd get a message like this:
Permission denied, please try again.
Received disconnect from example.org: 2: ...error message...
One of the many ways to check for SFTP access using password based authentication:
sftp username#serverName
or
sftp username#serverIP
And then entering password.
You will get "Permission denied, please try again." message if it fails otherwise you will be allowed inside the server with screen-
sftp>
You can test it fully works with commands like ls, mkdir etc.
Try logging in.
Not being snarky -- that really is probably the simplest way. By 'verify[ing] that SFTP access has been granted," what you're really doing is checking is a particular l/p pair is recognized by the server.
Alternatively, other than doing the "sftp -v" command mentioned above, you can always cat the SSH/SFTP logs stored on any server running sshd and direct them to a file for viewing.
A command set like the following would work, where 1.1.1 would be the /24 of the block you are trying to search.
cd /var/log/
cat secure.4 secure.3 secure.2 secure.1 secure |grep sshd| grep -v 1.1.1> /tmp/secure.sshd.txt
gzip -9 /tmp/secure.sshd.txt
G'day,
What about telnet on to port 115 (if we're talking Simple FTP) and see what happens when you connect. If you don't get refused try sending a USER command, then a PASS command, and then a QUIT command.
HTH
cheers,
In SFTP , the authentication can be of following types :
1. Password based authetication
2. Key based authentication
But if u r going for key based authentication then u have to prepare setup according to that and
proceed the login procedure.If the key based authentication fails it automatically asks for password means it automatically switches to password based mode. By the way if u want to verify u can use this on linux :
"ssh -v user#IP "
It will show u all the debug messages , and if the authentication is passed u will be logged in otherwise u will get "Permission denied". Hope this will help u.