why run this command :"gpg-connect-agent updatestartuptty /bye" - gnupg

I have a arch linux in vm,
I imported my gpg keys and configs gpg as described here:
https://github.com/drduh/YubiKey-Guide
and also config pass & git to use gpg keys, and everything works fine,
so for example when I run git pull for first time it asks me the password,
the problem is:
when I restart my vm, before I can run any command(like git pull),I have to run this command:
gpg-connect-agent updatestartuptty /bye
then everything works fine,
How can I solve this issue?

GPG depends on pinentry to provide user interaction for typing the passwords such as the one to protect your smartcard. In order to function properly, pinentry (which, on terminal, is either pinentry-tty or pinentry-curses) needs to know which tty it should listen for user interaction.
When GPG is acting as your ssh-agent to provide git+ssh authentication, it will keep a reference of the first tty available when it started, which is not the same you will have when you connect to your VM. Unfortunately, gpg-agent has no way to know at runtime which tty you are connected to, so it will fail every time it tries to communicate with its startup tty. That's why you need to update the startup tty using that command. This behavior is shortly described on their docs.
An alternative to avoid that command every time is to use any pinentry application that does not rely on tty, such as GUI ones like pinentry-gtk-2, pinentry-gnome and so on.

Related

ssh-add not saving identity after reboot - continues to fail after editing config file and trying numerous flag options

I have tried numerous options to add my ssh key for bitbucket to no avail.
When I reboot it ssh-add -L it says The agent has no identities.
I have tried using the following guides to add my ssh-key:
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/
I have tried several configurations of my config file including the following:
From BitBucket docs
Host *
UseKeychain yes
From Github docs
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/bitbucket
I tried using ssh-add -K ~/.ssh/bitbucket and ssh-add --apple-use-keychain ~/.ssh/bitbucket
I tried starting the agent 2 different ways
From BitBucket docs
eval `ssh-agent`
From GitHub Docs
eval "$(ssh-agent -s)"
When I run it, it works until I reboot. Sometimes it doesn't work when I switch terminals or use git operations in VSCode.
On reboot nothing works.
Looking for any solutions
I'm guessing from:
--apple-use-keychain
that you're on macOS (I added that to the tags). This matches up with another part of your question:
Sometimes it doesn't work when I switch terminals ...
There are two tricky bits that intertwine here:
It's possible to have more than one ssh-agent running (but generally you don't want this).
On macOS, when you boot up the system and log in—even before any Terminal windows open up—the system has started one ssh agent for you.
This second bullet point is specific to macOS. On other systems, it's usually the case that the system has not started an agent for you, and therefore you must start one. But on macOS the system has started one for you. You don't want to start a second one! So do not run eval `ssh-agent`.
If you do run it, you get a second agent, as requested, and then only that one Terminal window can talk to that agent. This results in other Terminal windows not working, as you observed, and could lead to other similar issues like the VSCode one, perhaps. (I don't use VSCode so this part is just a guess.)
You do have to run:
ssh-add ~/.ssh/bitbucket
or similar at least once; I do it after each reboot, to load the key into the agent. According to this question on apple.stackexchange.com, using -K will save the passphrase for the key, and on Sierra or later you must take an extra step as well; see that question and its answer for more.
(I switch OSes a lot so I tend to avoid depending too much on any one particular OS's features. The trick with Terminal and ssh-agent is actually kind of annoying, in that respect. 😀 But it is useful.)

Launching a Singularity Container Remotely using Visual Studio Code

I am aware that you can launch docker containers remotely in VSCode. Is it possible to do the same with singularity containers?
Update: the solution to this was published in the same issue (https://github.com/microsoft/vscode-remote-release/issues/3066#issuecomment-1019500216) as before by user oschulz:
As promised, here are some instructions on how to use Singularity with VS-Code Remote SSH via SSH RemoteCommand. The procedure described below makes VS-Code run it’s remote server component inside a Singularity container instance (other runtimes like Shifter work too).
Acknowledgement: Credit for a lot of this goes to #gipert, who refined my original approach (using a custom SSH script) when support for RemoteCommand became available in VS-Code recently
Step 1
Use VS-Code >= v1.64 (includes support for the SSH RemoteCommand setting). Install the Pre-Release version of the Remote SSH extension
Important: In the VS-Code settings, set "remote.SSH.enableRemoteCommand": true.
Step 2
In your "$HOME/.ssh/config", add something like
Host myimage1~*
RemoteCommand singularity shell /path/to/image1.sif
RequestTTY yes
Host myimage2~*
RemoteCommand singularity shell /path/to/image2.sif
RequestTTY yes
Host somehost myimage1~somehost myimage2~somehost
HostName some.host.somewhere
User your_username_
Host otherhost myimage1~otherhost myimage2~otherhost
HostName some.otherhost.somewhere
User your_username_
Test whether this works using ssh myimage1~somehost. This should drop you into an SSH session inside of an instance of the "/path/to/image1.sif" container image on some.host.somewhere.
Connecting to the remote host with VS-Code: F1 > "Connect to Host" > "myimage1~somehost” should now get you a remote VS-Code session running in the container image as well. The same for "myimage2~somehost", "myimage1~otherhost" and "myimage2~otherhost".
Step 3
However, since VS-code reuses remote server instance, that's not sufficient to run multiple container images on the same host at the same time. To get separate (per container) VS-Code server instances the same host, add something like this to your VS-Code preferences:
"remote.SSH.serverInstallPath": {
"myimage1~somehost": "~/.vscode-container/myimage1",
"myimage1~otherhost": "~/.vscode-container/myimage1",
"myimage2~somehost": "~/.vscode-container/myimage2",
"myimage2~otherhost": "~/.vscode-container/myimage2"
}
Request to the VS-Code dev team
Could "remote.SSH.serverInstallPath" be controlled via an environment variable? This would allow us to eliminate all these cumbersome "remote.SSH.serverInstallPath" preferences. The environment variable could be set by a container startup script on the remote side (like the one below) automatically, depending on the selected container image.
Other Container runtimes
To use a different container runtime than Singularity (e.g. Shifter, Charliecloud, etc.), simply replace singularity shell /path/to/image1.sif by the appropriate command for your runtime.
On some systems (e.g. with Shifter at NERSC) you may also need to override $XDG_RUNTIME_DIR, since it's default location may not be writable from within a container instance. In such cases, it's best to use a custom container run-script like
#!/bin/sh
export XDG_RUNTIME_DIR="${TMPDIR:-/tmp}/`whoami`/run"
exec shifter --image="$1"
So in your SSH config, use
RemoteCommand /my/homedir/.local/bin/run_container image_name
I maintain a little container start-script called cenv that handles $XDG_RUNTIME_DIR (and quite a bit more, including some default bind-mounts) automatically for both Singularity and Shifter (contributions welcome).
Tips and tricks
If things don't work, try "Kill server on remote" from VS-Code and reconnect.
You can also try starting over from scratch with brute force: Close the VS-Code remote connection. Then, from an external terminal, kill the remote VS-Code server instance:
$ ssh somehost
$ kill -9 -1
(Will kill all processes you own on the remote host.)
Remove the ~/.vscode-server directory.
Old:
I believe this is still not supported. Refer to this issue: https://github.com/microsoft/vscode-remote-release/issues/3066, and there are also some ideas for potential workarounds in the same link.

Creating a executable for mac terminal commands

I'm using a series of commands for deploying my files to production,This is done manually currently.Is it possible to make these commands to an executable file,So that i don't have to copy paste these commands each and every time.
When the first line is executed ie, connecting to the root server it will ask for the password and have to paste the password: xxxxxxxxxxxxxx
I'm using mac system.
if you have any idea please let me know?
ssh root#server
pwd: xxxxxxxxxxxxxx
ssh-agent bash
ssh-add bi-master
cd /home/trans/bimaster
git status
git pull git#bitbucket.org:xxxxxxxxx/bimaster.git master
Yes it is possible, normally people use services like Jenkins (free) or bamboo (not free) to run deployment tasks, then you can save credentials on the bamboo/Jenkins server and write a deployment script or pipeline to do the deployment steps.
You should also consider setting up ssh keys on your local machine (public private keypair with ssh-keygen) and the remote (just the public key - ssh-copy-id can do this IIRC) so you don't have to rely on password logins on the remote login. generally, ssh keys are considered more secure and practical than using passwords.
Also, don't do things as the root user unless you have no other choice or you're just testing. Running things as root in production is asking for trouble.

slapd command on MacOS

I have the following commands on MacOS
$ sl
slapacl slapadd slapauth slapcat slapconfig slapdn
slapindex slappasswd slapschema slaptest sleep slogin
I am following this tutorial on running an ldap server on MacOS:
http://krypted.com/mac-security/starting-openldap-on-mac-os-x-client/
seems strange that I don't have a slapd command - anyone know why?
Since slapd is almost never run "by hand", it's not in one of the binaries directories that're in the default PATH. Instead, it's in /usr/libexec, which is the usual place for things that're run automatically rather than manually. So run it with sudo /usr/libexec/slapd instead of just as slapd. (BTW, the sudo is needed so it can allocate low-numbererd TCP ports, and get full access to its database).

Cannot open graphical application through command line?

I am having trouble opening graphical applications in linux (Sublime Text 2 in this case) through the terminal. I am using Fedora 17. I get this error for other graphical applications that I try to open up through the command line as well.
[root#computer djproject]# sublime settings.py
No protocol specified
(sublime:4202): Gtk-WARNING **: cannot open display: :0
Also, I get the same type of error when I try to do:
sudo sublime
Note in the command above I was logged in as a regular user without root access. Also 'sublime' is mapped to Sublime Text 2, and I have tested it before in other scenarios, so it is not the problem. Also, I have set this particular user up as a valid sudoer and the sudo command also works in other cases.
While researching the problem I came across many similar cases with no clear solution.
The following link has a user with a similar problem (although using ssh and on Ubuntu, rather than local and Fedora in my case).
Thanks in advance!
I spent quite a lot of time trying to figure this problem out, and came across this thread as I found a fix.
My problem was simply that I was running my commands from within the byobu session. I opened a new terminal tab and successfully ran the same commands.
Since DISPLAY is being defined, this may be a problem with permissions. How are you starting X? (As far as I know normally X is started by root and when you login you are granted access such that these issues don't occur, unless you're running sudo from a different account than the one you're logged into X with.)
You need to provide the correct 'cookie' file to access the session (simply being root isn't enough to get in). For users this is normally ~/.Xauthority, so executing xauth merge /home/<user>/.Xauthority should do the trick.
Alternatively have you tried gksu?
I actually needed this (run an X application from CLI with a different user), and valid workarround is to SSH -X:
user1 owns X
user2 is the second user that wants to run an X program from CLI, in this example, eclipse ide
user1:~$ ssh -X user2#localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
user2#localhost's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-44-generic x86_64)
user2:~$
user2:~$ /opt/eclipse/eclipse
I know this is 5 years old post, but I spend much time to solve issue like this on installation of Renderman of Pixar. Then I like to send my solution that maybe helps someone else
The problem is because of this "sudoer (here root) has no access to graphical space". (I don't know it is always or sometimes. I faced this issue on Ubuntu 16.04)
Doing the following solved my issue:
first, start Terminal as graphical user, Alt+Ctrl+T
then, execute these lines
$ unset XAUTHORITY
$ xhost add $DISPLAY . 123f
$ xhost +local:all
$ sudo xclock # or any graphical program needs sudoer
Let me know your feedbacks

Resources