What are the parameters for Option in a dirmngr dialogue? - gnupg

I've connected to the dirmngr using the gpg-connect-agent. Typing help gives a list of options. Trying the OPTION command, I get : argument required
Trying help OPTION I get: Not found <Dirmngr>
What are the additional fields to the OPTION command?

When running gpg in debug mode, the conversation with dirmngr is in the clear, so the OPTION verb is to set the different options for dirmngr, and not for retrieving the dirmngr configuration option itself.
for instance OPTION http-proxy=http://237.237.237.237:237
This wasn't displayed at first because dirmngr does a dns lookup for the keyserver to begin with and dies with a No keyserver available if it doesn't at least have an ip address associated with the keyserver.

Related

Unable to perform SNMP GET using snmpget CLI command but able to perform SNMP GET using MIB browser

I was configuring my SNMP agent on a Linux machine, below is the user-defined settings which I have included in the default snmpd.conf settings.
rwuser bootstrap priv
rwuser prateek priv
createUser bootstrap SHA temp_password AES
I then restarted the SNMP service and then tried to perform SNMP GET on sysDescr OID and was able to perform is successful.
I then tried to same with snmpget CLI command,
snmpget -v 3 -u bootstrap -l authPriv -a SHA -x AES -A temp_password -X temp_password 127.0.0.1:161 1.3.6.1.2.1.1.1.0
but I get the below error.
Timeout: No Response from 127.0.0.1:161
NOTE: SNMP client and agent are running on same host.
Can anyone explain to me why I am unable to perform the same operation which I am able to perform using MIB browser?
The address 127.0.0.1 means you MUST be running the SNMPGET on the same system
as the agent, and you have not proven that.
Also, the error message should be "127.0.0.1:161", so either the edit is mistaken,
or the command is mistaken. Inconsistencies like this usually points to user error.

Google Cloud Platform - SSH/Telnet

I am running apps on Compute Engine. I run on a Windows box and use Putty to connect to the CE. This pretty much seems to work fine (leaving aside the problems in the Google doc on this).
I have set up another user who I want to enable for SSH (on a Mac) and have her use FileZilla to push files to the CE.
I am trying it out on my own Mac. I set up 2 firewall rules with 2 different priorities for tcp:22 =
myssh Apply to all IP ranges: 0.0.0.0/0 tcp:22 Allow 1000 default
default-allow-ssh Apply to all IP ranges: 0.0.0.0/0 tcp:22 Allow 65534 default
The user has permissions on of the Project of: "Compute Instance Admin(v1)"
On the Mac terminal I do the following:
ssh-keygen -t rsa -f ~/.ssh/userfirstname-ssh-key -C [googleusername.gmail.com]
I go to the GCP CE Meta data (logged in as myself) and then copy the contents of the userfirstname-ssh-key.pub to the Metadata/SSH Keys and save.
After GCP gives the ok on the key being added I enter the following in the Mac terminal:
ssh -i [userfirstname]-ssh-key [googleusername.gmail.com]#gcp-external-ip
Depending on i-don't-know-what, sometimes it says "Permission denied (public key)", "Operation timed out"
I've repeated this a few times and just tried to telnet in to the gcp-external-ip and get "Operation timed out" telnet: Unable to connect to remote host.
At a complete loss. Please help.
You could (and should) use the gcloud command line tools. Then it is easiest to simple copy the correct gcloud command from the Web Console. There is a little drop-down menu next to 'SSH' for each of your instances.

How to change Docker daemon's arguments in OSX

I need to modify the docker daemon'a arguments in OSX.
I got an error when pull a private repository without certificate.
2014/11/11 13:40:02 Error: Invalid registry endpoint
https://registry.af-sys.com/v1/: Get
https://registry.af-sys.com/v1/_ping: dial tcp 54.229.102.95:443: i/o
timeout. If this private registry supports only HTTP or HTTPS with an
unknown CA certificate, please add --insecure-registry
registry.af-sys.com to the daemon's arguments. In the case of HTTPS,
if you have access to the registry's CA certificate, no need for the
flag; simply place the CA certificate at
/etc/docker/certs.d/registry.af-sys.com/ca.crt
According to this message I should modify the daemon arguments. How can I do that?
Following Bryan's note, I added the following to the boot2docker profile:
boot2docker ssh -t sudo vi /var/lib/boot2docker/profile
# Insecure Registry
EXTRA_ARGS="--insecure-registry registry.af-sys.com"
boot2docker restart
If you're running Docker for Mac, you can set up some arguments in the UI Preferences:
For example:
add Insecure registries
add Registry mirrors
change the HTTP proxy settings

Kerberos Sercurity Error

I am having a problem with my server and so far couldn't find any solution for this. When I try to add a server from a server manager (windows server 2012) I can see only the kerberos security error. Both servers are in the same domain(i have tried from several servers from domain and got the same error).
The strange thing is when I unjoin the problematic server from domain and rejoin it with another name it works normally. But the problem is to make it work with existing name. Anyhelp will be highly appreciated
thanks in advance.
Late reply, but I've just encountered the same error and hope this solution proves useful to others.
Situation: I had to wipe and reinstall a virtual server on which I'd previously had to set some Service Principal Names, and some SPNs for a service account. Turns out the SPNs were still there for the old server/account and I had to remove them.
I recommend checking for and removing rogue SPNs to resolve this. Use the following commands in an elevated command prompt:
setspn -l <servername/username>
In my case I had problems with MBAM, the Bitlocker admin tool, so for example I used:
setspn -l mbam01
Which gave me the output (changed names to protect the innocent):
Registered ServicePrincipalNames for CN=MBAM01,OU=Member Servers,DC=corp,DC=domainname,DC=com:
termserv/mbam01.corp.domainname.com
termserv/mbam01
http/mbam01.corp.domainname.com
http/mbam01
HOST/MBAM01
HOST/mbam01.corp.domainname.com
This will list the SPNs associated with the server or user account. Then you remove the errant SPNs with this command:
setspn -d <listed service> <servername/username>
In my case it turned out the mbamapppool user had http/mbam01 and http/mbam01.corp.domainname.com associated with it, causing Server Manager to fail to poll the server. I removed the http/ refs from the user and then added them to the server with the following commands:
setspn -d http/mbam01 corp\mbamapppooluser
setspn -d http/mbam.corp.domainname.com corp\mbamapppooluser
setspn -s http/mbam01 mbam01
setspn -s http/mbam01.corp.domainname.com mbam01
I then refreshed Server Manager and it polled the server successfully, and the Kerberos Security Error had gone.

Get windows proxy username/password

I have an access to a preconfigured Windows XP 32-bit workstation.
It's under firewall and to get outside it uses http proxy server.
To get proxy settings I need host, port, username and password.
http: // username : password # server : port
I'm able to find the proxy url and port (from PAC - automatic config file),
but I don't know how to get username/password. Is there a way to read it somehow? At least username? I might get the admin rights.
Do you know any tool that can help?
I only found these MS docs about some methods to get proxy config connection, but I don't know how to determinate what's the provided credentials:
WinHttpGetIEProxyConfigForCurrentUser function
WINHTTP_CURRENT_USER_IE_PROXY_CONFIG structure
WinHttpGetProxyForUrl function
I've also found this lib, but it's rather for parsing PAC:
http://code.google.com/p/pacparser/
In windows you cannot get password.
To get connect throw a proxy you have to use SSPI, check libcurl, you can get a connected socket throw proxy, build it with enable-sspi and openssl.
Iterating on Fernando Sanchez's answer and Robert's comment, you need to authenticate via SSPI. In my case I've connected using NTLM using this link
With curl using ntlm :
curl.exe --proxy <proxy_name>:<proxy_port> --proxy-ntlm -U : https://www.google.com
Also to partially answer your question the -U : means from curl man page :
If you use a Windows SSPI-enabled curl binary and do either Negotiate
or NTLM authentication then you can tell curl to select the user name
and password from your environment by specifying a single colon with
this option: "-U :".
You can get the proxy name and port from the windows registry (regedit). Quote from Robert's comment:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
It can be present either in a manual way using REG_SZ ProxyServer or using an autoconfiguration script using REG_SZ AutoConfigURL = https://<configuration_url>
If the curl command above fails with Failure when receiving data from the peer maybe you have a curl release without NTLM, SSPI or OpenSSL. Try with the latest curl release

Resources