Im using Open SSH and trying to use ssh-add on windows server 2012 but keep receiving the following error
Could not add identity "C:\Users\SERVICE_ACCOUNT/.ssh/id_rsa": agent refused operation
I have made sure all my permissions are intact with all files within C:\Users\SERVICE_ACCOUNT.ssh
Icacls C:\Users\SERVICE_ACCOUNT\
C:\Users\SERVICE_ACCOUNT\ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
CP\SERVICE_ACCOUNT:(OI)(CI)(F)
Icacls C:\Users\SERVICE_ACCOUNT\.ssh
C:\Users\SERVICE_ACCOUNT\.ssh CP\SERVICE_ACCOUNT:(OI)(CI)(F)
I have tried ssh-add using a different user on my windows and im able to successfully do so without any issues, i have also made sure that the permissions for the other user match my service account as well
Related
I trying to make SVN work on a Windows 2016 Server. I am using SVN over commandline. SVN is always using the user which is logged in. Let's say the logged in user is USER. The user needed for SVN is called SVNUSER. We are using a VisualSVN Server. Both Servers are inside a company network and they use the same AD for authentication.
I tried following stuff:
svn checkout --username SVNUSER http://svn01.de/svn/Application/trunk/FSW
or
svn checkout --username e102365 --password pass http://svn01.w3.de/svn/Application/trunk/FSW
didn't work. I get following error:
svn: E175013: Unable to connect to a repository at URL 'http://svn01.de/svn/Application/trunk/FSW'
svn: E175013: Access to '/svn/Application/trunk/FSW' forbidden
The serverlog says i tried to connect with USER.
The only way I was able to make the checkout work is using run as with the SVNUSER but I need it for automation and run as is interactive so it does not help.
The folder C:\Users\USER\AppData\Roaming\Subversion\auth is empty. When using tortoise SVN it says there is no saved authentication.
I assume that your VisualSVN Server installation is configured for Integrated Windows Authentication (Active Directory Single Sign-On) (see KB182 for details).
Since it's Single Sign-On, you have to run your scripts as the user account that has permissions to access the repository. Specifying credentials in the command-line won't work - it will always authenticate as the user account who started the svn.exe client. You can try running your script from Windows Task Scheduler, custom Windows Service, etc.
Or you can enable Basic Windows authentication on the server in addition to Integrated Windows Authentication. And force your svn client to always prefer Basic auth (i.e., disable Integrated Windows Authentication on the client side). You can append the following option to your svn.exe commands:
--config-option servers:global:http-auth-types=basic
Or modify the %APPDATA%\Subversion\servers file. Add the http-auth-types=basic string under [Global].
I have a build server that is not part of a Windows domain trying to connect to a VisualSVN server running HTTPS via apache with domain login via Active Directory. When I try to connect to the server using specifying a domain username I observe a client hang:
svn ls --username=domainuser https://subversion.mydomain/svn/repo1/
The logs on the server show Windows authentication failures using the login-name for the build-machine, and the build-machine's hostname in the Domain name field. The username provided on the command-line is completely ignored.
SVN Client: TortoiseSVN commandline tools: svn, version 1.8.1 (r1503906)
On a separate machine (on the domain) - I found that the --username would not be ignored if I used the cygwin svn instead.
The solution I found was to disable the http-auth-type 'negotiate'. This prevents Windows credentials being automatically shared.
I verified this using a command-line override, it asked for password for the user on the command-line:
svn ls --username=domainuser --config-option servers:global:http-auth-types=basic;digest https://subversion.mydomain/svn/repo1/
Authentication realm: <https://subversion.mydomain/svn/repo1/> VisualSVN Server
Password for 'domainuser':
(Note for Cygwin users: If you use SVN under Windows via Cygwin then you will need to add quotes to your command like this: $ svn ls --username=domainuser --config-option "servers:global:http-auth-types=basic;digest" https://subversion.mydomain/svn/repo1/ -- Otherwise the semicolon will be treated as a command delimiter.)
To configure this more permanently you can make a servers config file entry for all matching servers. For Win7 that's C:\Users\<User>\AppData\Roaming\Subversion\servers.
[groups]
mydomain = *.mydomain
[mydomain]
http-auth-types=basic;digest
Instead of disabling negotiate in client's config, I'd suggest using Windows Credential Manager to store the other account's credentials for Single Sign-On.
The following instruction shows how to put other domain credentials to access VisualSVN Server into Windows Credential Manager:
Start | Control Panel | Credential Manager,
Click 'Add a Windows Credential',
As 'Internet or network address' enter the FQDN of VisualSVN
Server's machine,
As 'Username' enter the <DOMAIN>\<username> of user account that
exists in domain and has access rights to VisualSVN Server,
Complete the password field and click OK,
Verify that you can authenticate to VisualSVN Server under the selected user account after completing the above steps.
I have disabled the remote desktop firewall rule in a Windows Azure virtual machine.As you would expect, I can no longer remote desktop in to the server.
Does anyone know if it is possible to re-enable the Remote Desktop Windows firewall rule?
What I have tried
As a long shot, I have downloaded the Windows Azure CLI but can't see anything in there that would do it but have not found anything.
I have also tried to execute the following command against the MSSQL server:
EXEC xp_cmdshell 'netsh advfirewall firewall set rule group="remote desktop" new enable=Yes';
GO
I am getting the following message from the query:
The requested operation requires elevation (Run as administrator).
Please tell me I don't have to re-create the site (which is backed up).
If you're using a VM inside a resource group with the new azure portal, you can do this:
Click reset password
Change mode to "Reset configuration only"
Click update and wipe your sweat off :)
It turns out that all I needed to do was to PowerShell into the Azure VM.
Steps:
Make sure PowerShell is enabled in the Endpoints section of the Azure portal.
Get the server's certificate (PowerShell needs this for remote commands). You can get the server certificate by going to your domains' URL: https://yourdomaing.cloudapp.net:12345 (where :12345 is the port that PowerShell uses).
Export the SSL certificate of the site as a .CER file and install it on your local machine.
Save it to the "Trusted Root Certification Authorities" store on your machine.
Open PowerShell with administrative privileges on your local machine and type:
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL
A login popup will appear, enter your VM's login credentials here.
You will now be able to execute commands against the Azure VM. In my case, I ran netsh advfirewall firewall set rule group="remote desktop" new enable=Yes and exited the PowerShell session and was able to remotely connect to my machine.
I have trouble getting the official Windows ADT 21.1.0 distribution to connect to a git repository. No matter what I tried(details below) it complains about host key not present in the registry and shows me no option to accept the host key. The remote server is running Gitlab and is under my control. There's no problem with connectivity or firewalls.
What I tried so far:
connecting without giving a password, with user git
connecting while giving a password, with another user
adding manually the host key in the known_hosts file that is found in the ssh home directory(Preferences->General->Network Connections->SSH2->SSH2 home).
The message is always:
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx...
Connection abandoned.
RSE works without any problems, only egit gives me problems.
You could workaround the problem by not using the ssh protocol with the git server, but instead the git or http protocol.
One reason for the above message can be using a folder called "ssh" instead of ".ssh" (note the dot). Some colleague of mine experienced that, and this can easily happen when using Windows explorer, as it will silently remove the dot, when creating a folder called ".ssh". You have to use the command line instead.
I just installed postgresql-9.1.4-1-windows-x64 on a Windows 7 64 bit machine. I'm having trouble starting the service and connecting to a database.
After a successful installation I've tried the following based on similar postings.
1) Looked for "Start Server" under Start > All Programs > PostreSQL 9.1 and could not find it.
2) Tried starting the server from the command line
pg_ctl.exe -D "C:\Program Files\PostgreSQL\9.1\bin\data"
This gave me the error:
could not create lock file 'postmaster.pid': Permission denied
I have administrative rights, and there is not postmaster.pid file either in the bin or data directories.
3) Next I tried starting the Service from Admistrative Tools by right clicking on the postgresql-9.1.4-1-windows-x64 Service and selecting Start. I received the message:
The postgresql-9.1.4-1-windows-x64 Service on local computer started
and stopped. Some services stop automatically if they are not in use
by other services or programs.
The Event Viewer showed the error as Timed out waiting for server startup
4) I figured there the data in the data directory was probably and initial database, but just in case I ran "initdb" and got:
If you want to create a new database system either remove or empty the
directory c:\program files\postgreSql/9.1/data or run initdb with an
argument other than c:\program files\postgreSql/9.1/data
4) And just for fun I Started pgAdminIII, right clicked on "PostreSQL 9.1(localhost:5432)", selected Connect, entered password, and got:
could not connect to server: Connection refused (0x0000274D/10061) Is
the server running on host "localhost" (::1) and accepting TCP/IP
connections on port 5432?
Does anybody have a suggestion?
Thanks.
«"could not create lock file 'postmaster.pid': Permission denied"»
Do not look any further, Postgres cannot start if it can't create this temp file. If it is not created, you evidently cannot find it if you look for it on the disk. Your DATA directory has been created so no need to re run initdb again and if you try to use pgadmin it complains that it cannot connect to Pg -- which is not running.
I am not familiar with windows but found out where postmaster.pid is to be created you will probably find out why Postgres cannot create this file.
Hope it helps.