Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this

During ssh of multiple hosts from ansible , the connectivity fails due to key checks from the target where there is no password authentication by default FAILED | rc=-1 >> Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host. As a workaround,…

Linux: Hide Your Shell Passwords with sshpass - The New Stack

Non-interactive SSH password authentication

https://vincent.bernat.ch/en/blog/2023-sshpass-without-sshpass

Ubuntu 使用 sshpass 執行 SCP 不需手動輸入密碼

Ubuntu 使用 sshpass 執行 SCP 不需手動輸入密碼

之前介紹過兩台電腦互傳檔案的指令 SCP， 以這樣的指令是需要自行輸入密碼才會傳送檔案 scp  -P [ port 號] [傳送檔名] [使用者名稱]@[ip]:~  在自動執行的 script 中是無法使用的 這時就需要今天的主角 Ubuntu 使用 sshpass  執行 SCP 不需手動輸入密碼 首先必須先安裝套件 sudo apt-get install sshpass 再來就是執行 sshpass -p “pass” scp  -o StrictHostKeyChecking=no -P [ port 號] [傳送檔名] [使用者名稱]@[ip]:~ 指令中的 pass 要更換為自己的密碼 這樣在 script 執行的時候就不需要使用者手動輸入密碼。 好文推薦 Ubuntu 使用 sshpass 執行 SCP 不需手動輸入密碼 Ubuntu 修改…

View On WordPress

Conectar por SSH incluyendo el password

Conectar por SSH incluyendo el password, en una sola línea con el comando sshpass. SSH es la forma preferida por los administradores de sistemas, para acceder a los servidores Linux u otros sistemas como firewalls, enrutadores y otros dispositivos. En este artículo de hoy, aprenderemos a conectar por ssh con una sola línea que contenga los datos necesarios para que la conexión sea válida. Para lograr nuestro objetivo nos ayudamos de la herramienta sshpass. Esta utilidad fue diseñada para ejecutar ssh con lo que se conoce como autenticación de contraseña interactiva con teclado, pero en modo no interactivo. Sshpass ejecuta ssh en un tty dedicado, engañando al sistema de manera que este crea que el password lo introduce un humano mediante un teclado físico. Si manejas muchas máquinas, el ahorro de tiempo puede ser enorme. También es válido para incluirlo en scripts y otros tipos de herramientas o aplicaciones.   Conectar por SSH incluyendo el password La utilidad sshpass no viene instalada por defecto en casi ninguna distribución linux, así que procedemos a ello. En Debian, Ubuntu, Linux Mint y derivados: sudo apt install sshpass Ejemplo... root@demo:/home/sololinux-demo# apt install sshpass Leyendo lista de paquetes... Hecho Creando árbol de dependencias Leyendo la información de estado... Hecho Se instalarán los siguientes paquetes NUEVOS: sshpass 0 actualizados, 1 nuevos se instalarán, 0 para eliminar y 0 no actualizados. Se Read the full article

Distributed Wireless

A bunch of wireless access points running 802.11r in a bridged network, based on linux, hostapd, ect.

Objectives:

- distributed, redundant, optimised, converged coverage

Hardware:

Raspberry Pi 3B is ok for testing supporting either spectrum (2.4 or 5.0) in ht mode

SBC with dual concurrent radios to test .. Wally’s Communications DR6018 and DR6018-S V02

OS:

DD-WRT ( I really should revisit this, but seems like bloatware

Ubuntu server for ARM seems like a better option

Build:

apt-get install rfkill hostapd bridge-utils cpufrequtils dnsmasq htop lldpd sshpass wireless-tools 

remove snap from ubuntu

Netplan

Don’t need to configure wlan interfaces into the bridge hostapd will do this, loopback is a /32 from within the bridge lan range (linux is crap at strict routing so this will actually work), loopback duplicated on all AP’s for distributed DHCP, DNSMasq, ect

       version: 2

       renderer: networkd

       ethernets:

               eth0:

                       dhcp4: false

                       dhcp6: false

               lo:

                       match:

                               name: lo

                       addresses:

                               - 192.168.200.251/32

       bridges:

               br0:

                       dhcp4: false

                       dhcp6: false

                       addresses:

                               - 192.168.200.201/24

                       gateway4: 192.168.200.250

                       interfaces:

                               - eth0

Hostapd

country_code=NZ

interface=wlan0

bridge=br0

ssid=ssid here

auth_algs=1

macaddr_acl=0

ignore_broadcast_ssid=0

wpa=2

wpa_passphrase=password here

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP

rsn_pairwise=CCMP

hw_mode=a

wmm_enabled=1

iapp_interface=br0

okc=1

ieee80211n=1

require_ht=1

ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

ieee80211ac=1

ieee80211ac=1

require_vht=1

ieee80211d=0

ieee80211h=0

vht_capab=[SHORT-GI-80][SU-BEAMFORMEE]

vht_oper_chwidth=1

channel=36

#vht_oper_centr_freq_seq_idx=42

disassoc_low_ack=1

multicast_to_unicast=1

#proxy_arp=1

#rssi_reject_assoc_rssi=-75

#rssi_ignore_probe_request=-75

rssi_reject_assoc_timeout=10

mobility_domain=a1b2

nas_identifier=b827eb3b638c

r0_key_lifetime=10000

r1_key_holder=b827eb3b638c

reassociation_deadline=1000

#ft_over_ds=1

r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff

DNSMasq

port=53

domain-needed

resolv-file=/etc/resolv.dns

strict-order

server=/200.168.192.in-addr.arpa/192.168.200.250

address=/double-click.net/127.0.0.1

ipset=/yahoo.com/google.com/vpn,search

server=192.168.200.250@br0

interface=br0

Thinks to do

Docker and Openshift Origin

Salt Stack package and configuration management

sshd authentication allow non privilege users during startup/shutdown

pretty sure if I set the radius interface and nas identifier it will control which interface hostapd used for broadcast

cluster DHCP and DNSMasq if required

Clean up and format this blog

TCP multipath dual ip uplinks

wireless backhaul backup

QoS/WMM

build standard vlan on bridge interface (management lan, user, security ect)

build mutiple SSID to vlan

something like vrf to ensure segmentation of SSID/VLANS

Manage all this via salt.. and look into dbus remote send

move to WPA3 or Radius or something more secure

Zigbee and BT....

Wifi spectrum management (channel management/switching)

RF location services

DHCP PXE boot for future management of zigbee ect.

802.11ac dongle, onboard 5ghz radio and antenna are weak switched to 2.4(g) 

Do I

local cluster/bind9 <--> local dnsmasq 

local cluster/bind isc-dhcp-server <--> local dnsmasq

Why, bind9 able to look up root no fowarder required, and local entries for windows ect, but dnsmasq for fast caching .. is it overkill, bind9 is supposed to cache too in ram, but we want this highly available and fast

Same for dhcp fast/redundancy

References / Reading

http://www.routereflector.com/2016/11/working-with-vrf-on-linux/

https://www.raspberrypi.org/documentation/configuration/wireless/access-point-bridged.md

http://ftp.gwdg.de/pub/linux/linux-magazin/listings/raspberry-pi-geek.com/04/AccessPoint/Listing04.txt

https://www.linux.com/topic/networking/advanced-dnsmasq-tips-and-tricks/

 APACHE WEBSERVER CONFIGURATION IN DOCKER USING ANSIBLE ⚜

Now the question is what is docker and what is ansible ???

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications.

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.   

SO basically our task is : 

🔰Write an Ansible PlayBook that does the following operations in the managed nodes: 🔹 Configure Docker 🔹 Start and enable Docker services 🔹 Pull the httpd server image from the Docker Hub 🔹 Run the docker container and expose it to the public 🔹 Copy the html code in /var/www/html directory and start the web server

Lets do it :)))) 

So lets know some of the concept of ansible first : 

Ansible Playbooks :

Ordered lists of tasks, saved so you can run those tasks in that order repeatedly. Playbooks can include variables as well as tasks. Playbooks are written in YAML and are easy to read, write, share and understand.

♦️ Inventory :

A list of managed nodes. An inventory file is also sometimes called a “hostfile”. Your inventory can specify information like IP address for each managed node. An inventory can also organize managed nodes.

♦️ Control Node:

Any machine with Ansible installed is known as controller node. You can run Ansible commands and playbooks by invoking the ansible or ansible-playbook command from any control node. You can use any computer that has a Python installation as a control node - laptops, shared desktops, and servers can all run Ansible. However, you cannot use a Windows machine as a control node. You can have multiple control nodes.

If you want to install ansible use below commands : 

pip3 install ansible

yum install sshpass

ansible --version >> TO check version

Lets do the project :: 

So this is my managed nodes where we will use ansible book to automate docker  using ansible : 

so In this picture you can clearly see we dont have docker , HTTPD and hostname is Managed_node so  Lets automate : 

IP : 192.168.147.139 

And this is my controller nodes from where we will automate the managed Node : 

IP : 192.168.147.138 

So Let do :: 

If this shows its means you are ready to go : 

Lets create yaml file and automate the managed Node : 

Finally created the yml file :) 

And now if we are trying to go to this url we will reach to our destination :)  : http://192.168.147.139:32771/Search/index.html  

So we come to the end of our task : 

Thanku || hope you all enjoy my task | 

Github link for this project : https://github.com/ROHITkumaw/Search_Capital 

linkedln : https://www.linkedin.com/in/rohit-kumar-4b5183181/ 

You want to install Ansible on CentOS 8 / RHEL 8 Linux?. Ansible is the leading Open Source configuration management system. It makes it easy for administrators and operations teams to control thousands of servers from central machine without installing agents on them. Ansible is the simplest to use and manage when compared to other configuration management systems such as Puppet, Chef and Salt. It is easy to install, learn, and use. The only dependency required on the remote server is SSH service and Python. Install and Configure Ansible on CentOS 8 / RHEL 8 using the steps below. Step 1: Install Python on RHEL 8 / CentOS 8 Install and Set your default Python on RHEL 8 using the guide below. How to Install Python 3 / Python 2.7 on RHEL 8 Once it has been installed, proceed to install Pip which is a Python package manager used to install Ansible. If you’re using Python3, install python3-pip package. sudo dnf -y install python3-pip sudo pip3 install --upgrade pip For Python2 users you have to install python2-pip sudo dnf -y install python2-pip sudo pip2 install --upgrade pip Step 2: Install Ansible on RHEL 8 / CentOS 8 There are two methods from which you can install Ansible on CentOS 8 / RHEL 8. Method 1: Install Ansible on CentOS 8 / RHEL 8 from EPEL Add EPEL repository to your CentOS 8 / RHEL 8 system. sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm Then Enable EPEL playground repository and install Ansible on CentOS 8 / RHEL 8 from it. sudo dnf install --enablerepo epel-playground ansible This will default to using Python 3, so some Python 3 packages are installed. Dependencies resolved. =================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================== Installing: ansible noarch 2.8.5-2.epel8.playground epel-playground 15 M Installing dependencies: python3-jmespath noarch 0.9.0-11.el8 AppStream 45 k python3-pyasn1 noarch 0.3.7-6.el8 AppStream 126 k python3-bcrypt x86_64 3.1.6-2.epel8.playground.1 epel-playground 44 k python3-pynacl x86_64 1.3.0-5.epel8.playground epel-playground 100 k sshpass x86_64 1.06-9.epel8.playground epel-playground 27 k libsodium x86_64 1.0.18-2.el8 epel 162 k Installing weak dependencies: python3-paramiko noarch 2.4.3-1.epel8.playground epel-playground 289 k Transaction Summary =================================================================================================================================================== Install 8 Packages Total download size: 15 M Installed size: 81 M Is this ok [y/N]: y Check the version of Ansible installed on your CentOS 8 / RHEL 8 system. $ ansible --version ansible 2.8.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/cloud-user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible

executable location = /usr/bin/ansible python version = 3.6.8 (default, Jul 1 2019, 16:43:04) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] Method 2: Install Ansible on CentOS 8 / RHEL 8 using pip Once you have Pip installed, you can use it to get Ansible installed in your CentOS 8 / RHEL 8 machine. $ pip3 install ansible --user For Python2 pip, use: $ pip2 install ansible --user You can see Ansible installed using the following command: $ ansible --version ansible 2.7.5 config file = None configured module search path = ['/home/jmutai/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/jmutai/.local/lib/python3.6/site-packages/ansible executable location = /home/jmutai/.local/bin/ansible python version = 3.6.6 (default, Oct 16 2018, 01:53:53) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] Step 3: Testing Ansible on CentOS 8 / RHEL 8 Linux To test Ansible, you should have OpenSSH service running on the remote server. $ sudo systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2018-12-29 20:17:11 EAT; 39min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 820 (sshd) Tasks: 1 (limit: 11510) Memory: 4.6M CGroup: /system.slice/sshd.service └─820 /usr/sbin/sshd -D [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-> Dec 29 20:17:11 rhel8.local systemd[1]: Starting OpenSSH server daemon… Dec 29 20:17:11 rhel8.local sshd[820]: Server listening on 0.0.0.0 port 22. Dec 29 20:17:11 rhel8.local sshd[820]: Server listening on :: port 22. Dec 29 20:17:11 rhel8.local systemd[1]: Started OpenSSH server daemon. Dec 29 20:19:03 rhel8.local sshd[1499]: Accepted publickey for jmutai from 192.168.122.1 port 35902 ssh2: RSA SHA256:b/8AoYgbThoBYPcFh7CetJuGY/Tl7s4fi> Dec 29 20:19:03 rhel8.local sshd[1499]: pam_unix(sshd:session): session opened for user jmutai by (uid=0) Create Ansible inventory file, default is /etc/ansible/hosts I like creating inventory file in my working directory. $ vim hosts Copy the IP address of your remote server(s) to manage and add to Ansible inventory file. $ echo "192.168.122.197" > hosts You can also create a group of hosts like below: [web] 192.168.122.197 [db] 192.168.122.198 [staging] 192.168.122.199 192.168.122.200 192.168.122.201 Generate SSH key and copy it to remote servers. $ ssh-keygen $ ssh-copy-id [email protected] Use ping module to test ansible: $ ansible -i hosts 192.168.122.197 -m ping 192.168.122.197 | SUCCESS => "changed": false, "ping": "pong" The -i option is used to provide path to inventory file. You should get the same output for hosts group name. $ ansible -i hosts web -m ping 192.168.122.197 | SUCCESS => "changed": false, "ping": "pong" For commands that need sudo, pass the option --ask-become-pass. This will ask for privilege escalation password. This may require installation of the sshpass program. $ ansible -i hosts web -m command -a "sudo yum install vim" --ask-become-pass .... 192.168.122.197 | CHANGED | rc=0 >> Updating Subscription Management repositories. Updating Subscription Management repositories. Last metadata expiration check: 0:52:23 ago on Sat 29 Dec 2018 08:28:46 PM EAT. Package vim-enhanced-2:8.0.1763-7.el8.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! You now have Ansible installed on RHEL 8 / CentOS 8 server or Workstation. You can learn more on using Ansible to Manage your servers from Official Ansible

Bitcoin Mining: Can it is profitable In 2018?

However as a substitute of turning in your credit score card to pay, you pull out your smartphone and take a picture of a QR code displayed by the cash sign in. according with the professionals, GPUs have a wonderful advantage over the hashing expertise of CPU because of their higher processing power. in the course of that time, a big fraction of the Monero issuance changed into centralizing into the arms of a small institution, and a fifty one% assault may additionally were finished at any time. on this scenario, a best usb bitcoin miners who has the mining energy of greater than fifty one% of the network, can take management of the global blockchain ledger and generate an change block-chain.

Given the popularity of Bitcoin similarly to its ancient past, the time period “altcoin” is sometimes used to explain exclusive cryptocurrencies to bitcoin (specifically coins with small market caps). Retail curiosity inside the looking for and promoting of virtual coins exploded very last yr after charges skyrocketed, and institutional involvement has been anticipated to grow, irrespective of regulatory warnings that cryptocurrencies are exceedingly risky and liable to scams. i finished up getting a Rosewill 10-Port excessive pace USB 2.zero Hub (RHB-500) if you are fascinated. Bitcoin and several specific Cryptocurrencies that followed are gaining real traction inside the funding network. at some point we'd all be capable to send Bitcoin BTC from literally wherever within the world, without a strength and no web connection.

because the positioning states, you will be able to earn spherical 0.9 USD consistent with day. but we additionally want enough money to hold the location jogging. On one of these huge scale, mining is extremely profitable and the shoppers are making masses of cash. Hackers are turning to cryptojacking — infecting organisation infrastructure with crypto mining software program — to have a gradual, reliable, ongoing earnings movement. In 2017, consumers scrambled to guess that crypto was going mainstream. The employee names want to be special, however the passwords can all be the same if you would like. You create a username, password, after which employee credentials(for every mining device). After that, the malware installs ZMap and sshpass software, and then it configures itself.

#1yrago Linux worm turns Raspberry Pis into cryptocurrency mining bots

Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware's author and handing you the power-bill.

https://boingboing.net/2017/06/11/mzi8s867ylmc7bspmeh95povxpq3pz.html

Un #Malware para #Linux infecta equipos #RaspberryPi para minar Criptomonedas Si eres uno de esos usuarios que cuentan con una Raspberry Pi y nunca has cambiado la clave con la que viene por defecto, pues ha llegado el momento que lo hagas de inmediato, un nuevo malware llamado Linux.MulDrop.14 busca este tipo de dispositivos que no han sido correctamente asegurados y se conecta a través de ssh luego instala ZMap y sshpass y se configura así mismo, el objetivo final es crear dinero digital para alguien mas.

Gerenciamento de SSH da Ubiquiti

Gerenciamento de SSH da Ubiquiti

Para conectar via SSH ao equipamento Ubiquiti (UBNT) no Windows, você pode usar o popular utilitário PuTTY. No Linux, você pode se conectar digitando o comando:

1 ssh [email protected]

Antes de alterar as configurações, recomendo fazer um backup da interface da web ou comando do Linux:

1 sudo sshpass -p "PASSWORD" scp -oStrictHostKeyChecking=no…

View On WordPress

Started this in the beginning of the year...    On a Friday night, I spent my time working up til 6 in the morning on this. Probably the most difficult but simple process I've completed. Still proud that I completed it in a single night despite all the challenges. Some of which actually helped me create a solution more professional in my opinion. Meaning I didn't just create a work around. For example in my research I found other developers using scp (secure copy in linux) with sshpass which isn't problem when deploying remotely. However I needed to do it locally. So for me using an ssh really seems waste for internal Processing. At the time creating this solution though I didn't care I need something fast. I should also note I'm not using docker to host my aspnetcore app but using the gitlab-runner in docker.  Update to now I've come a long way now to where creating task runners is a lot easier and I'm spinning them up specifically for each project need. Where I can improve is mapping out what projects need what and what I can reuse. This might not be possible since I use a folder to map the docker image files out in the server's location. However if I used a parent folder and have a way to config the child folder that would reduce the amount of times I need to create a new task runner. That would also mean though that I'd have to group projects based on their technologies. A lot of my projects are based on open source projects on github. I do have a plan to combine some projects or handle them with a more api based backends. So this is really just a question of time and design with the api since I do use the same frontend technologies (if I can help it). Docker Images  This is a list of images I can use when I'm attaching a new task runner. Most of my projects are dotcore but as I start to include more android projects this list will grow. Still in the middle with third parties on mobile development but doing more unit testings.

microsoft/dotnet 

dotnet/core/sdk:2.1 (old version)

mcr.microsoft.com/dotnet/core/sdk:2.1

openjdk:8-jdk