Develop Reference

How to replace/add key pair for a Windows EC2 instance

I have a running Windows server image on EC2.
I created an additional administrator login and have been using it login using RDP. Unfortunately I've lost the PEM file for the "Administrator" account and I've also disabled it for "safety"
Since I have access to the instance through an alternative administrative account I'm trying to figure out a few things:
Do need the "Administator" account PEM file in future?
If I get Amazon to generate a new PEM file using the same name that I currently have, how do I replace the "Administrator" key pair for the instance?
I've searched all over and can't find an answer on how to replace the key pair or add an additional key pair to a running "Windows" instance
Everything talks about shutting down and creating an new instance. I cannot shut down this server, so that must be a way to replace the key pair for the "Administrator" account.
I can't even find where Windows stores the key pair in a Windows server.

When an instance is first launched from one of the Amazon-supplied Windows AMIs, some code on the instance generates a random Administrator password. This password is then encrypted with the selected Keypair and passed back to AWS (you can actually see it in the System Log).
When you wish to first login to the instance, you will need to use the PEM to decrypt the Administrator password. You can then login to the Windows instance using that password.
It is recommended that you immediately change the Administrator password or connect the instance to Active Directory -- basically, follow your standard company security practices.
If you remember the password, you will not require the PEM file again. In fact, if you change the password, then even having the PEM will not facilitate access because it will only decrypt the original password, not the current password.
Bottom line: Ignore the PEM file. You still have administrative access to the instance, so you don't even need the Administrator account anymore. If you wish to use the Administrator account, simply use your existing administrative login to reactive it and set the password. There is no reason to panic and, actually, no reason to do anything.

Ansible hash password not working

I have a variable with ansible_ssh_user and ansible_ssh_pass in my playbook global variable. I tried hashing my password with various method but I still couldn't ssh to my remote VMs. I have tried ansible_user and ansible_pass but still no luck. The following are methods I used and it all failed. I'm not sure what I am missing and hopefully some experts could help. When I use clear password, it works, but not hash. Here are the methods I've tried but still unsuccessful:-
1. mkpasswd --method=SHA-512
2. python -c "from passlib.hash import sha512_crypt;
print sha512_crypt.encrypt('<password>')"
3. # python
>>> import crypt
>>> crypt.crypt('<PASSWORD>', '$6$salt$')
4. cat /etc/shadow | grep <user>
Try to get the encrypted password but still not working
I have confirm my VM is using ENCRYPTED_METHOD SHA512. Nothing is working, appreciate if someone could help

I tried hashing my password with various method but I still couldn't ssh to my remote VMs
And for a good reason — to connect to a remote machine with an SSH protocol with password authentication you must provide a password, not a password hash.
In password authentication users provide passwords and systems process them. As one of security measures, systems store password hashes instead of passwords, so that in case of a breach, the passwords themselves do not get compromised.
If for some reason a system would allow authenticating users using a hash rather then password, it would be a huge security flaw (equal to storing passwords in clear).
If you really need to use password authentication, then Ansible Vault provides a way to protect the passwords. Otherwise use a public key authentication.

It seems like you want access your VMs and do something using Ansible.
Best practice to use Ansible, is to first setup a public-private key pair.
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
Check whether SSH using key-pair is working fine. If it is, you can go ahead.
Now suppose if you want to access a host having IP 10.192.34.74. Add the following line to your inventory file:
10.192.34.72 ansible_ssh_private_key_file=/path/to/private/key/file
Now it should work.

psql: FATAL: password authentication failed for user windows 8

I installed postgresql on windows and while the installation it asks to make a user for the account.This made a new windows user in my computer called postgres, I have created a password for it as well.
Now I want to run psql on windows command line, it asks for a password (without mentioning the user) and always gives me back the error: psql: FATAL: password authentication failed for user "Ash". Even though I have put my accounts password many times.
using pgadmin I changed the user "postgres" to "Ash" but I have yet to remake the password. I followed the steps here: I forgot the password I entered during postgres installation (I rather types host all 127.0.0.1/32 trust because I am on windows), but when running psql again so that I can change the password I get the error: psql FATAL:could not load pg_hba.conf. All together.
Why can it not load? All I did was add an extra authentication option.
Also, is the windows user separated from a postresql user or are they the same(depend on each other)?
Edit:
As you can see, it did not give me the option to choose if Aisha should be a superuser or not. or the other options for that matter.
I also used pgadmin||| to create a new user but the same error pops up:
The user does not exist so why does it do this?

The user on your machine has nothing to do with the user on PostgreSQL. The installer just creates an account and a PostgreSQL role with the same name and password (which in my mind is a bad idea), but they're not related in any way. The Windows user is used to run the server, the PostgreSQL role is used inside the database.
So you should first access the server with the user postgres and then create a user for yourself. Don't change the username inside the server, or the server's running user! Just create a new username and grant it the permissions you need.
You can use psql -U postgres to connect to the server and it'll ask for the password.
Check the permissions for pg_hba.conf, the postgres user must have permissions for it. If you only edited it as an admin, it should be ok, but if you took permissions or anything else, it may mess it up.

createuser is a command-line utility. Use CREATE USER username WITH PASSWORD 'fred'; or similar at the SQL level in psql. Note the semicolon.
What you're doing in your screenshot is starting to write an SQL command beginning with createuser, but never sending it to the server to run because there's no semicolon terminator. So you never get the error that would tell you it doesn't make sense to do that.

I had exactly the same problem and this line solved it;
createuser --createdb -U postgres --login -P 'your_new_user'
#sami-kuhmonen was right, but his approach of solving the problem did not work for me.

This can also happen if the encryption for stored passwords does not match the encryption for connections as defined in postgresql.conf ang pg_hba.conf
For example, if postgresql.conf has:
password_encryption = md5
but pg_hba.conf has:
host all all 10.0.0.110/24 scram-sha-256
Then all connections on the 10.0.0.110 interface will have the 'FATAL: password authentication failed error'.
Remember that if you change either of these files you will need to restart postgresql and if you change the password encryption in postgresql.conf you will need to change the passwords for all of the users.
Hope this helps some others with this problems.

I was having the same error. I get to solve it by locating the "pg_hba.conf" file. You can use this navigation:
C:\Program Files\PostgreSQL\14\data\pg_hba.conf
Then inside the file, changed all the methods "scram-sha-256" to trust and problem was solved.

How to check if a svn command needs authentication

Is there any possible way to check if a SVN update needs authentication or not?
Scenario : I have written a ruby GUI app which updates SVN repositories (from a static path) in a scheduled manner. This executes as a windows service. Also have tortoisesvn installed.
In ruby when I execute
svn update local_path_to_repository --username user --password password in my script then it works fine as I am passing the username & password with the update command.
But, tortoisesvn saves the password (by caching password, using standard Windows cryptography services to encrypt the password on disk) when I checkout the repository for the first time so I don't necessarily need to pass the username and password every time. Thus I just have svn update local_path_to_repository in my script.
Issue: This works fine until I change my LDAP password. Once my LDAP password is changed all the repository fails to get updated as it is requesting for the new password but there is no user interface for passing the new password.
I need to build the username and password UI only when svn updates needs those credentials but not always. How do I achieve this?
Update : Reading from the SVN book. I Understood that:
The client checks whether the user specified any credentials as command-line options (--username and/or --password). If not, or if these options fail to authenticate successfully, then
The client looks up the server's hostname, port, and realm in the runtime auth/ area, to see if the user already has the appropriate credentials cached. If not, or if the cached credentials fail to authenticate, then
Finally, the client resorts to prompting the user (unless instructed not to do so via the --non-interactive option or its client-specific equivalents).
But I did not find a way to check if authentication is required.
Can anyone please help me!

So I finally found a work around by doing:
output = `svn update "#{repo_path}" --non-interactive 2>&1`
check_authentication = output.include?("Authentication failed")
if check_authentication returns true meaning authentication has failed then I build the GUI for entering the new password and send it to the user.

Passworded ssh key suddenly does *not* require that I type the password

I use console2 in combination with git bash in order to interact with my local git repositories and by extension several github and bitbucket repositories also.
I use an ssh key pair to authenticate myself to these services, howevermy ssh key pair has an associated password.
This morning I found that I was no longer required to enter this password n my laptop in order to complete the authentication process.
I did some testing and it seems that the same key present on my desktop machine still requires me to enter my password.
So my question is.... why am I no longer required to enter my password on my laptop in order to authenticate with these servers?

Sounds like you have ssh-agent (sshagent.exe) running.
It is a small utility which allows you to enter your key's passphrase once and it then holds it "unlocked" for further use without you needing to re-enter the passphrase each time. Killing it will cause the original behaviour.
ssh-agent comes along with ssh in a standard msysgit installation. I'm not sure if something's changed that now means it's used by default or not though. Another explanation as to why it's running might be if you've installed posh-git and ran a Powershell session. By default (I believe - it's been a while), it'll run at the start of the session and ask for your key's passphrase. I use it every single day with this configuration as my passphrase is quite long... :-)

Something to do with having git-credential-winstore installed on your laptop?