CyberKeeda In Social Media

How to enable password based ssh authentication in ec2 instance

 



EC2 Linux SSH Authentication.

By default, preferred and default way of accessing any ec2 linux instance is key based authentication.
Here in this blog post, we will know 
  • How to enable basic authentication that is password based authentication in ec2 instance.
  • How to enable root login to ec2 instance.
I will keep on updating the post as per my learnings and used in practical scenarios.

Let's go through it :)

How to enable root login on linux ec2 instance.
  • Login to ec2 linux instance using it's private key.
  • Sudo to root
  • change password for root
  • Permit root login in sshd_config file

Syntax

[ec2-user@ip-10-0-1-116 ~]$ sudo su

Change root password from below command.


[root@ip-10-0-1-116 ec2-user]# passwd root

Permit root login by un-commenting the below line in sshd_config


[root@ip-10-0-1-116 ec2-user]# vi /etc/ssh/sshd_config

From


# PermitRootLogin yes

To

PermitRootLogin yes


How to enable password based authentication for ssh user.
  • Login to ec2 linux instance using it's private key.
  • Sudo to root
  • Permit root login in sshd_config file
  • Restart sshd service

Syntax

[ec2-user@ip-10-0-1-116 ~]$ sudo su

Permit root login by un-commenting the below line in sshd_config


[root@ip-10-0-1-116 ec2-user]# vi /etc/ssh/sshd_config

From


# PasswordAuthentication yes

To

PasswordAuthentication yes

Restart SSHD service

service sshd restart


Login and check !
Read more ...

idrac default password

racadm


The exceptionally One need to install srvadmin package to run racadm cli commands to use it further.

Once installed, we can use below command to find IP address details for IDRAC from installed base operating system.

Use racadmin utility to confirm IDRAC ip address, once you have this use default password.



root#  racadm getniccfg
NIC Enabled = 1
DHCP Enabled = 0
IP Address = 10.10.12.34
Subnet Mask = 255.255.255.0
Gateway = 10.10.12.1

Here IP address resembles to the configured IDRAC IP, use it to access installed server remotely. 

Deafault User : root
Default Password : calvin 
Read more ...

How to use, Python's DateTime Module

 


Python's Date Time Module:
    Python's datetime module ships with default python package which you can't skip for sure sooner or later you will come to know about it.
This module will help you to verify multiple checks and algorithms based upon date time filter.

I will keep on updating the post as per my learnings and used in practical scenarios.
Let's go through it :)

Basic Usage of date time
  • Import module and display current date.

Syntax
# Import datetime function from datetime library
from datetime import datetime
datetime.datetime(2021, 6, 7, 2, 43, 32, 276412)

# Create object and store value##
  dt = datetime.now()
# Display date, time without Formatting
print(dt)

Output:

datetime.datetime(2021, 6, 7, 2, 43, 32, 276412)


Filter datetime output as per our requirement.
  • Filter date

Syntax
# dt = datetime.now()
# show_date = dt.date()

# print (show_date)

Output:

datetime.date(2021, 6, 7)

Filter only Day

# dt = datetime.now()
# show_day = dt.day

# print (show_day)

Output:

7

  • Filter Month

Syntax
# dt = datetime.now()
# show_month = dt.month

# print (show_month)

Output:

6

Use datetime strftime to format date/time as per our need

    Below are some identifier to use while formatting.
    • %a  : Day of week (Short )
      • Mon, Tue, Wed, ... Sat, Sun
    • %A : Day of week (Full )
      • Monday, Tuesday, Wednesday .. Saturday, Sunday
    • %m : Month  ( Two digit number )
      • 01,02,03,04 .... 10,11,12
    • %y : Year ( Short, Two digit number )
      • 19,20,21
    • %Y : Year ( Full)
      • 2019,2020,2021
    • %d : Date ( Two digit number )
      • 01,02,03,04, 22,23,30,31

    Use Strftime as per our need.
    • With or Without Variables


    Syntax
    # dt = datetime.now()
    # show_val1 = dt.strftime('%m%d%y')
    # show_val2 = dt.strftime('%m%d%Y')
    # show_val3 = dt.strftime('%Y%m%d')
    # show_val4 = dt.strftime('%a %m %y')
    # show_val5 = dt.strftime('%A-%m-%Y')
    # show_val6 = dt.strftime('%I %p %S')
    # show_val7 = dt.strftime('%-j')
    # show_val8 = dt.strftime('myprefix-%m%d%y-mysuffix')

    # print (show_val1)
    # print (show_val2)
    # print (show_val3)
    # print (show_val4)
    # print (show_val5)
    # print (show_val6)
    # print (show_val7)

    Output:

    060721
    06072021
    20210607
    Mon 06 21
    Monday-06-2021
    02 AM 32
    158
    myprefix-060721-mysuffix


    There is lot of content with respect to datetime module, will keep this post updated ;)
    Read more ...

    Linux : Create dummy file of any size for test purpose using fallocate

    Requirement :
    Create dummy/fake file of desired size using Linux terminal
        There might be some test requirement to mimic the prod setup, in my case I have to write a script to validate files before downloading, instead of making request to prod site I just created a local setup and placed similar dummy files to replicate the prod environment.
    Let's know the one linux one liner using tool fallocate to create dummy file of desired size.

    • Fallocate is the Linux terminal utility.

    One Liner
    # fallocate -l <size_of_file> <desired_name_of_file>

    • Fallocate is the Linux terminal utility.

    Syntax Template

    # fallocate -l 15M myfile.img

    • <size_of_file >
      • in GB and MB : M for MB and G for GB
      • example : 15M for 15 MB and 5G for 5GB
    • <desired_name_of_file> 
      • It can be anything with our without extension : myfile.tar or myfile.img or myfile or anything

    Using Linux for loop and Seq to generate a series of file.
    Example : 
    • Below one liner can be used to generate 100 files of 15mb each with suffix changes as file count number.

    Syntax Template

    # for val in `seq 100`; do fallocate -l 15M demo060621000$val.tar; done;

    Output : File starts with name 
    demo0606210001.tar and ends with demo0606210099.tar

    Syntax Output

    # ls -ltr

    -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210001.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210002.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210003.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210004.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210005.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210006.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210007.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210008.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo0606210009.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100010.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100011.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100012.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100013.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100014.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100015.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100016.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100017.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100018.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100019.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100020.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100021.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100022.tar -rw-r--r-- 1 root root 15728640 Jun 6 23:25 demo06062100023.tar

    Read more ...

    How to allow only SFTP access and no shell access.

     

    Requirement :
    • Restricted to SFTP access
    • Disallow all SSH connection coming from sftp user
    Lab setup details
    • Ubuntu 16.04
    • Hostname : cyberkeeda.sftp.com

    • Create a sftp user

    Syntax Template

    # adduser sftpadmin

    • Create a sftp folder, this folder will be used for sftp user
    • Provide ownership to root and give other users only read and execute rights.

    Syntax Template

    # mkdir /var/sftpdata
    # chown root.root /var/sftpdata

    # chmod 755 /var/sftpdata

    • Update SSH server config file with below snippet 

    Syntax Template

    # vim /etc/ssh/sshd_config

    • Copy paste the below snippet at the bottom of the file and save.

    Syntax Template


    Match User sftpadmin ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/sftpdata PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no

    • Restart SSHD server

    Syntax Template

    # systemctl restart sshd

    • Check by logging in via sftp and ssh both

    Syntax Template

    # sftp sftpadmin@cyberkeeda.sftp.com



    Read more ...

    How to fix failed to get exclusive lock on the configuration file VMWare Workstation.

     


    In case you too face similar issue, follow this recommended YouTube video to fix it.


    Read more ...

    Understand Basic Cryptography

     

     All About Cryptography



    Follow Complete Playlist of  "10 Basic Cryptography"

    Playlist Name : Basic Cryptography
    Channel Name : Sunny Classroom

    This playlist has below contents.
    • Private Key Encryption ( Symmetric Encryption )
    • Public Key Encryption ( Asymmetric Encryption )
    • How Hash Function Work.
    • Tricks to hack hashed passwords.
    • Dictionary attacks.
    • Bruteforce attacks.
    • Authentication protocols.
    • How to salt and pepper passwords.




    Read more ...

    GitLab CI : fatal: git fetch-pack: expected shallow list [[ FIXED ]]

     


    GitLab CI Fix : fatal: git fetch-pack: expected shallow list.

    Update the git strategy to clone within .gitlab-ci.yml file.

    Syntax

    variables: GIT_STRATEGY: clone


    Read more ...

    F5 tmsh error : The application service () has strict updates enabled, the object () must be updated using an application management interface.

     



    F5 tmos/tmsh cheat sheet

    These one lines will be really helpful in order to create your automated solution of managing operation activities in F5 devices.
    Please note, I have used below one liner on F5 version 13.

    You might have received this error while modifying any of the LTM value using tmsh.

    Reason for error : Your iApps has strict updates enabled, till the time it's enabled it will not allow to do modify any changes.
    For instance, if you want to change the Ciphers used in LTM ssl client profile, within iApps Strict Updates must be in disabled state.

    Where Strict Update section is found :
        Go to iApps --> Select your iApp --> Properties --> Advances --> Strict Updates

    How can we enable/disable Strict Updates for an individual iApp.
    1. From UI as describes above     Go to iApps --> Select your iApp --> Properties --> Advances --> Strict Updates --> Enable/Disable
    2. From TMSH Shell:

    Syntax

    # tmsh modify sys app service myexampleiApp.app/myexampleiApp-onlyhttps strict-updates disabled

    Read more ...

    F5 tmsh Cheat Sheet

     


    F5 tmos/tmsh cheat sheet

    These one lines will be really helpful in order to create your automated solution of managing operation activities in F5 devices.
    Please note, I have used below one liner on F5 version 13.


    How to list all iApps details created under F5 device (LTM/GTM)

    A detailed STDOUT will give details for the iApps config.

    Syntax

    # tmsh list sys app service recursive

    How to filter out single iApp details

    A detailed STDOUT will give details for the iApps config.
    Here replace myexampleiApp.app/myexampleiApp-onlyhttps with your own iApp partition and name.

    Syntax

    # tmsh list sys app service recursive myexampleiApp.app/myexampleiApp-onlyhttps

    How to list only a single configuration data for all iApps

    Lets assume, we want to check the strict updates status for all iapps.

    Syntax

    # tmsh list sys app service recursive strict-updates

    How to modify configuration data for an pre configured iApps

    Lets assume, we want to change the status from enabled to disabled for strict updates status for one of our iApp named myexampleiApp.app/myexampleiApp-onlyhttps

    Syntax

    # tmsh modify sys app service myexampleiApp.app/myexampleiApp-onlyhttps strict-updates disabled

    How to modify SSL ciphers for a LTM client ssl profile.

    Lets assume, we want to check the strict updates status for all iapps.

    Syntax

    # tmsh modify ltm profile client-ssl myexampleiApp.app/myexampleiApp-onlyhttps ciphers_ssl 'TLSv1_1:!SSLv2'


    Will update this thread more,  keep checking for new updates.

    Read more ...
    Designed By Jackuna