how can we get a different tor circuit with torify command in a separate terminal window? Specifically, if I type a command in a terminal 1 window
torify curl http://icanhazip.com
I receive my IP address in response.
but if I try it in another terminal window simultaneously I get the same IP which is a normal behavior.
what I am trying to achieve is to use a different config file in every new terminal window so as to get a different IP address in a different terminal window.
Use the -i (--isolate) option or --user and --pass to get stream isolation.
From man 1 torsocks:
-u, --user
Set username for the SOCKS5 authentication. Use for circuit isolation in Tor.
Note that you MUST have a password set either by the command line,
environment variable or configuration file (torsocks.conf(5).
-p, --pass
Set password for the SOCKS5 authentication. Use for circuit isolation in
Tor. Note that you MUST have a username set either by the command line,
environment variable or configuration file (torsocks.conf(5)).
-i, --isolate
Automatic tor isolation. Set the username and password for
the SOCKS5 authentication method to a PID/current time based value
automatically. Username and Password MUST NOT be set.
Example:
torify --user foo --pass password curl https://example.com/
Then, using a different set of credentials will get you a different circuit and exit relay:
torify --user foo2 --pass password2 curl https://example.com/
You can achieve the same using Tor's socks proxy directly with curl, and specify a unique proxy username/password combination to get stream isolation as well.
Example:
curl -Lv --socks5-hostname 127.0.0.1:9050 \
--proxy-user foo:password \
https://example.com/
Then, using a different set of credentials will get you a different circuit and exit relay:
curl -Lv --socks5-hostname 127.0.0.1:9050 \
--proxy-user foo2:password2 \
https://example.com/
Related
I am using curl - u user:password -X post method in shell script to trigger my Jenkins jobs externally. While using this method I am providing my credentials to access Jenkins.
Is there any way to hide or encrypt credentials.?
Curl with -u does not support encrypt username and password but you can do it in different way to hide username and password
Create an environment variable Use that on your curl command like below :
export USERNAME=""
export PASSWORD=""
after that
curl -u $USERNAME:$PASSWORD -X POST ...
Make use of .netrc file with curl command.
curl command option for .netrc file
-n, --netrc Must read .netrc for user name and password
--netrc-file <filename> Specify FILE for netrc
Steps to use .netrc
Create a .netrc file on your home directory (~) with content
machine jenkins.url
login username
password jenkinsTokenOrPassword
invoke curl command
curl -n -X POST ....
Note. If you don't want to keep your .netrc file on your home directory ~ , than place it somewhere else but make sure let curl know about the location like curl --netrc-file /path/to/.netrc -X POST ...
I am trying to overcome some limitations in our environment to write up an authorized SSH file for passwordless ssh keys.
I am requiring to perform an ssh as a to a target system, and then run a "sudo su - , and then update the service account authorized_keys with a key"
This eventually has to go onto my ansible scripts.
I am using "ssh -t user#target "sudo su - service-user" - which actually successfully gets me into a shell for service-user. But I am not able to figure out a way to pass along the file modify commands with the above.
Any tips or alternative options?
Note: I need to use "ssh -t" option as the requiretty is not set on target systems.
Cheers!
Depending on what transport you're using you can use ssh_args.
OpenSSH is the default connection type for Ansible on OSes that are new enough to support ControlPersist. (This means basically all operating systems except Enterprise Linux 6 or earlier).
Then you can do something like this in your ansible.cfg:
ssh_args = -t -t
Which will force ansible to connect the same way you do manually.
Then in your playbook or together with the task where you need it specify become and become_user
- name: Some task
debug: msg="this is a test"
become: true
become_user: someuser
su has an option, -c, that allows you to pass along a command to execute instead of launching a new shell.
-c, --command=COMMAND
pass a single COMMAND to the shell with -c
However, you're authenticating with sudo, which already does this by default; you can just cut su out of the command entirely:
ssh -t user#target "sudo -u service-user <your-command>"
To go one step further, you note that you're planning on putting this into an Ansible playbook. If so, you probably shouldn't be spending too much time trying to do this manually - Ansible will handle running commands remotely (that's one of its primary features, after all), and has a module for modifying the authorized_keys file.
Perhaps the answer to this question is that it is not possible but hopefully someone knows how to get around this issue. In the past, before the admins configured Kerberos in our school machines I was able to create ssh keys for several purposes. The way this was done was via the ~/.ssh/config file in my machine and the ~/.ssh/authorized_keys in the server. An example of my ssh config file goes as follows
Host sayHI
IdentityFile path/to/sayHiPrivateKey
HostName servername
User myusername
Host sayHey
IdentityFile path/to/sayHeyPrivateKey
HostName servername
User myusername
Then in the authorized_keys file I would have
command="echo hi" ssh-rsa sayHiPublicKeyLONGSTRING....
command="echo hey" ssh-rsa sayHeyPublicKeyLONGSTRING....
ssh-rsa otherkeysformypasswordlessentry
With this setup I could do something like
$ ssh sayHI
hi
$ ssh sayHey
hey
Unfortunately, this has now stopped since we are now using Kerberos to authenticate every day. What this means is that now I have do
$ kinit username#SERVERNAME
Once I put in my password I can use ssh as follows:
$ ssh -K username#hostname
and now I have access. If I do
$ ssh sayHi
this will not work since it asks for my password. If I do
$ ssh -K sayHi
this logs me in but it completely ignores the fact that this was supposed to use an identity so that I can run the command echo hi. Instead it just uses the kerberos credentials and logs me in. So now that I have explain the functionality that I once had, does anyone know if it is possible to recover this using kerberos and ssh? The multiple identities files was useful specially if you wanted to let a friend run a command on your behalf without giving them your password (http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch08_02.htm). I really hope this is still possible somehow. Thanks in advance.
It depends if the server still accepts pubkey authentication or not (it looks like it does not, otherwise the kerberos authentication wouldn't make any sense).
Depending on the vendor of the OS, there might be possible to set up .k5login, but it will probably not solve the issue. Better way to differentiate between the commands would be using some alias on your client:
alias sayHi="ssh -K host echo Hi"
alias sayHello="ssh -K host echo Hello"
in your ~/.bashrc.
I am using cURL to test some RESTful APIs. Some of these APIs are served from an Apache machine, and protected with user/password combination using simple .httaccess files.
Is there a way to provide cURL with a username / password combination as arguments?
Use this curl option for the commandline
-u "User:Password"
More details about this parameter can be found from here.
You can use this curl command for example:
curl -A "Mozilla" -L 'http://user:password#localhost/api/someapi.php'
This is my first shot at trying out cgi-perl scripts. I have SSH keys set up between my (root user) local machine and a remote machine. I'm trying to run a command on the remote box and display the output on a webpage hosted from my local machine. The script runs fine from command line however, it throws SSH key error when called from the webpage because the user running the script is apache and not root. Is there a way to get around this issue?
If you not already have a restricted account, create one, create the SSH keys and add the commands that the user should be allowed to execute via sudo to the /etc/sudoers file (e.g. via visudo, more about sudoers). This is the safest approach imho.
You can even restrict the user in such a way, that he can only execute these commands. For
I don't know about Perl, but normal you can specify which user should be logged in via SSH:
ssh user#host
Update:
Are you using the Net::SSH::Perl module? If so, just set the user accordingly:
my $host = "perlhowto.com";
my $user = "user";
my $password = "password";
#-- set up a new connection
my $ssh = Net::SSH::Perl->new($host);
#-- authenticate
$ssh->login($user, $pass);
(I just copied and pasted this code from perlhowto.com)