60 Matching Annotations
  1. Last 7 days
  2. Sep 2023
  3. Aug 2023
    1. 那么,如何让发起请求的时候,使用我们小号的私钥呢?我们先来看一下执行 clone 代码时候,仓库源那个以 git 开头的链接是什么意思:


  4. May 2023
  5. Jan 2023
  6. Dec 2022
  7. Oct 2022
    1. The version of OpenSSH included in 16.04 disables ssh-dss. There's a neat page with legacy information that includes this issue: http://www.openssh.com/legacy.html In a nutshell, you should add the option -oHostKeyAlgorithms=+ssh-dss to the SSH command: ssh -oHostKeyAlgorithms=+ssh-dss root@
      • ok
      • SOLUCION: rsync de cygwin(8) en cygwin(16)/bin
    1. However, if the test file is in fact 0 bytes, then your shell is behaving, but it is possible that you just have a very old version of rsync. You can tell the client end (assuming it is the newer end) to not advertise such a high version that the old rysnc server version doesn't recognize it. You can do this using the --protocol= option. In my case, using --protocol=30 did the trick. If you are still having trouble, try ssh in as the user rsysnc is connecting with and try running rsync --version to see if the shell can find rsync. If you get something that says command not found, then rsync might not be installed on the machine you are connecting to or it might not be in the path. Rsync does have options for specifying the path of the remote end, read the man page(s). ShareShare a link to this answer Copy linkCC BY-SA 3.0 Improve this answer Follow Follow this answer to receive notifications answered Jul 16, 2014 at 20:28 AzendaleAzendale 1,50522 gold badges1111 silver badges1414 bronze badges 2 +1 for the hint about --protocol which solved my problem with a 2.5.6 server (protocol version 26) and a 3.1.0 client (protocol version 31) – MattBianco
      • SEE
    2. If testfile is NOT 0 bytes, then the trouble is that your shell is outputting something. Check /etc/profile, .profile, .bashrc, .cshrc, etc. If it is, you can change it to check if your terminal is interactive and only output text by using the following code in a bashrc. Something equivalent exists for other shells as well: if shopt -q login_shell; then [any code that outputs text here] fi or alternatively, like this, since the special parameter - contains i when the shell is interactive: if echo "$-" | grep i > /dev/null; then [any code that outputs text here] fi
      • SEE
    1. Use SSH and connect:

      Disposable root server:

      bash ssh root@segfault.net # Password is 'segfault'

  8. Aug 2022
  9. Jul 2022
  10. Mar 2022
    1. HostName Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. The default is the name given on the command line. Numeric IP addresses are also permitted (both on the command line and in HostName specifications).


  11. Feb 2022
  12. Nov 2021
  13. Mar 2021
    1. 两个远程系统之间的复制

      Note: scp is able to copy file from a remote server to another one.

  14. Feb 2021
  15. Nov 2020
    1. awk '{print $2}' /etc/ssh/ssh_host_ed25519_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' | awk '{print "SHA256:"$1}'
  16. May 2020
    1. You want to execute SSH commands from the build environment to a remote server You want to rsync files from the build environment to a remote server If anything of the above rings a bell, then you most likely need an SSH key.
    1. There is a serious weakness in DSA (which extends to ECDSA) that has been exploited in several real world systems (including Android Bitcoin wallets and the PS3); the signature algorithm relies on quality randomness (bits that are indistinguishable from random); once the PRNG enters a predictable state, signatures may leak private keys. Systems that use ECDSA must be aware of this issue, and pay particular attention to their PRNG.
  17. Apr 2020
    1. Configure a remote Python interpreter via SSH credentials

      Setting up Webstorm to work with SSH

  18. Jan 2020
    1. ssh doesn't let you specify a command precisely, as you have done, as a series of arguments to be passed to execvp on the remote host. Instead it concatenates all the arguments into a string and runs them through a remote shell. This stands out as a major design flaw in ssh in my opinion... it's a well-behaved unix tool in most ways, but when it comes time to specify a command it chose to use a single monolithic string instead of an argv, like it was designed for MSDOS or something!
    1. git -c core.sshCommand="ssh -vvv" pull

      This seems like the most reliable and direct way to enable debugging of the ssh connection (authentication, etc.) used by a git command.

    1. Once the number of unauthenticated connections goes over the sshd:MaxStartUps parameter, sshd starts rejecting those connections. So preferably increase the MaxStartups in sshd_config
    2. maybe the server is getting brute-forced some way. so the ssh connections are in use this way. In this case MaxStartups would only lead to more bandwith usage and higher server load. You should think about a non default port in high port range and something like fail2ban
  19. Dec 2019
    1. I discovered that remote shells are treated differently. While non-interactive Bash shells don’t normally run ~/.bashrc commands at start-up, a special case is made when the shell is Invoked by remote shell daemon:
    1. An ssh public key in a ~/.ssh/authorized_keys file can have a command="" option which forces a particular command to be executed when the key is used to authenticate an ssh connection. This is a security control that mitigates against private key compromise. This is great when you only need to execute a single command. But if you need to perform multiple tasks, you would normally need to create and install a separate key pair for each command, or just not bother making use of forced commands and allow the key to be used to execute any command.
    1. The IdentitiesOnly yes is required to prevent the SSH default behavior of sending the identity file matching the default filename for each protocol. If you have a file named ~/.ssh/id_rsa that will get tried BEFORE your ~/.ssh/id_rsa.github without this option.
    1. Add a ProxyJump option and corresponding -J command-line flag to allow simplified indirection through a one or more SSH bastions or "jump hosts".
    1. echo "from="${MYIP%% *}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rsync ${SSH_ORIGINAL_COMMAND#* }" $(ssh-keygen -yf ~/.ssh/rsync_rsa)" | ssh targetserver "cat - >>~/.ssh/authorized_keys" Note that the ‘command=’ restriction (http://larstobi.blogspot.ch/2011/01/restrict-ssh-access-to-one-command-but.html) will not apply if ‘/etc/sshd_config’ has already a ‘ForceCommand’ directive.
    1. Just for the record newer versions of ssh support the -W option, you can do something like ProxyCommand ssh -W %h:%p gateway instead of depending on nc
    1. In today's cruel networked world, we're too often hampered behind (evil) company proxies that restricts how we can use the internet while at work, at a customers' place or even in some cases while at home or at friends'. Not only do proxies restrict what you can do, what protocols that are accepted, what sites you can visit and what TCP ports that are let through, it also allows your company or friend to log and supervise you.
  20. Mar 2019
    1. Hashicorp Vault: One-Time Password para SSH

      Está aí um assunto sob o qual quero aprender! Não é explicitamente coberto pelos tópicos de certificação DevOps, mas dá uma olhada nos assuntos cobrindo ssh e security (procura também por vault em https://wiki.lpi.org/wiki/DevOps_Tools_Engineer_Objectives_V1).

  21. Dec 2018
  22. Nov 2018
    1. rsync -azvvP /home/path/folder1/ /home/path/folder2

      Or the case with remotes:

      rsync -azvvP /full/path/source_folder_or_file username@remotehost:/full/path/target_folder_or_file

  23. Oct 2018
  24. Jan 2018
  25. Nov 2017
  26. Jul 2017
  27. Apr 2016