I use the git for FlowPersistenceProvider for nifi registry. But encrypt tool does not support encryptyng the file providers.xml. providers.xml contains the parameter "Remote Access Password" for connacting to my git repositry.
Are there any ways to encrypt this parameter "Remote Access Password" in providers.xml?
Related
I've created GIT repo at my account of shared hosting via cPanel. Then I've installed Git to my local PC with Windows, right-clicked local repo folder and selected the command "Git Bash Here". Next I've run in CMD the command like
git clone ssh://user123#example.com/home/user123/public_html/repo
First I've received
The authenticity of host 'example.com (...)' can't be established.
ED25519 key fingerprint is SHA256:...
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
I've typed "yes" and received the error
Warning: Permanently added 'example.com' (ED25519) to the list of known hosts.
user123#example.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Next I've copy-pasted the file id_rsa from the folder .ssh at my hosting to my local folder C:/Users/MyUserName/.ssh
Now if I run the command of cloning I receive
Enter passphrase for key '/c/Users/MyUserName/.ssh/id_rsa':
Why? What is the passphrase and where can I get it?
The pass-phrase is the password(s) you used when you created the ssh keys. You must use those password(s) to unlock access to the ssh keys.
Note that the warnings (about whether the host is known or not) are just that: warnings. The first time you connect to some other system, your ssh software checks the identity message that comes from that host. But there's nothing to check against, so you get the warnings. After that, the identity is saved, so the second, third, etc., times that you connect to the host, your ssh makes sure it identifies itself the same way. (This is a fancied-up variant of having the host tell you its password, which you then check to make sure you're still talking to the same guy.)
Of course, the host doesn't know whether the guy claiming to be you is really you, so the host demands that you provide your password. Your "password" in this case is your ssh key ... and your ssh key is protected with another password (or rather, "pass phrase": you can use multiple words). So you give your machine your "get me the password" pass-phrase, after which your machine gets the password to give to their host.
I'm using OpenSSH for Windows on Windows 10 v1809. I've added an identity via ssh-add which required I enter the password for my encrypted key (C:\Users\Me\.ssh\id_rsa). I find that identity remains in ssh-agent after I restart Windows. Therefore, I can ssh to other machines without entering the key's password. In previous agents I've used, such as the one in MobaXterm (not OpenSSH), there was a master password used to unlock all keys saved to the agent. You had to re-enter that one master password after restarting.
Is this behavior in OpenSSH for Windows of no password being required after restart expected?
Perhaps I could write a script to ssh-add -D on Windows shutdown if don't want the identities to be saved?
I have a service running at local system account (NT AUTHORITY\SYSTEM). This service shall connect to local subversion repository. Is this possible?
I tried this
svn export --non-interactive http://localhost/svn/MyRepository TargetFolder
but it does not work. As far as I know I cannot set any password for "NT AUTHORITY\SYSTEM". I don't like to use my personal account and put my password there as clear text.
My SVN runs on VisualSVN-Server
You should never use SYSTEM account for such tasks for numerous security reasons. Create and use a dedicated local Windows or Active Directory account with limited permissions.
Setting up the cached authentication credentials for the System user requires running an svn.exe command as the System user. Windows Vista+/Server 2008+ doesn't make that easy.
Install psexec from https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
Start an elevated cmd.exe as Administrator.
Run "psexec -i -s cmd.exe".
A new cmd.exe should appear which is running as the System user.
Type whoami. Verify the output reads something like "nt authority\system".
Perform a subversion command like "svn --username your-svn-user list your-https-repo-url".
When prompted by svn.exe, enter the password for your-svn-user.
The "svn auth" command allows you to examine the cached credentials.
Note if a new SSL certificate is installed on the Subversion server, you'll have to repeat this process.
For more responses on this topic: How do you run CMD.exe under the Local System Account?
I have a build server that is not part of a Windows domain trying to connect to a VisualSVN server running HTTPS via apache with domain login via Active Directory. When I try to connect to the server using specifying a domain username I observe a client hang:
svn ls --username=domainuser https://subversion.mydomain/svn/repo1/
The logs on the server show Windows authentication failures using the login-name for the build-machine, and the build-machine's hostname in the Domain name field. The username provided on the command-line is completely ignored.
SVN Client: TortoiseSVN commandline tools: svn, version 1.8.1 (r1503906)
On a separate machine (on the domain) - I found that the --username would not be ignored if I used the cygwin svn instead.
The solution I found was to disable the http-auth-type 'negotiate'. This prevents Windows credentials being automatically shared.
I verified this using a command-line override, it asked for password for the user on the command-line:
svn ls --username=domainuser --config-option servers:global:http-auth-types=basic;digest https://subversion.mydomain/svn/repo1/
Authentication realm: <https://subversion.mydomain/svn/repo1/> VisualSVN Server
Password for 'domainuser':
(Note for Cygwin users: If you use SVN under Windows via Cygwin then you will need to add quotes to your command like this: $ svn ls --username=domainuser --config-option "servers:global:http-auth-types=basic;digest" https://subversion.mydomain/svn/repo1/ -- Otherwise the semicolon will be treated as a command delimiter.)
To configure this more permanently you can make a servers config file entry for all matching servers. For Win7 that's C:\Users\<User>\AppData\Roaming\Subversion\servers.
[groups]
mydomain = *.mydomain
[mydomain]
http-auth-types=basic;digest
Instead of disabling negotiate in client's config, I'd suggest using Windows Credential Manager to store the other account's credentials for Single Sign-On.
The following instruction shows how to put other domain credentials to access VisualSVN Server into Windows Credential Manager:
Start | Control Panel | Credential Manager,
Click 'Add a Windows Credential',
As 'Internet or network address' enter the FQDN of VisualSVN
Server's machine,
As 'Username' enter the <DOMAIN>\<username> of user account that
exists in domain and has access rights to VisualSVN Server,
Complete the password field and click OK,
Verify that you can authenticate to VisualSVN Server under the selected user account after completing the above steps.
I'm on a Windows 7 machine and have installed PuTTY. I'm trying to connect, but the authentication fails because of an incorrect password. But, the VM I'm connecting to doesn't have a password?
Here are the creds I'm trying to use:
Host: 127.0.0.1
Port: 2222
Username: vagrant
Private key: c:/users/<username>/.vagrant.d/insecure_private_key
When I open PuTTY, I put in the above credentials and click open, at which point it ask for the username and I enter 'vagrant', then it asks for the password, but there isn't a password, so I get access denied?
Not sure how to get around this?
Thanks.
The "---Begin RSA PRIVATE KEY ...." key is not of a format that PuTTY uses.
Use the program puttygen.exe (same place where the putty.exe program
is) to "Load" the private key.
Select "All Files (.)" from the filter to see the file c:/users/.../.vagrant.d/insecure_private_key
and open it. It will say that it has successfully imported foreign
key....
Then use "Save private key" option to save the loaded key
into a *.ppk file.
Then use that ppk file as the key file for "SSH |
Auth" in PuTTY
That should work.
I had experienced the opposite: using the putty proprietary .ppk format to configure the "config.ssh.private_key_path" which expects the SSH format.
You can also you the puttygen to convert from .ppk format to SSH format.