We are using the Eclipse IDE on Windows virtual machines running on Xen. On the other hand, we are using Gitolite to manage the Git repositories. They are mirrored across several servers using Gitolite's mirroring feature.
What I intend to do is to transparently switch the users to the backup server in case the master server is down.
To do so, my idea is to create a system-wide host alias in the SSH settings. On Linux for instance, I would use the /etc/ssh/ssh_config file with an entry like:
Host scms.box
Hostname master-server
If ever master-server is down, I can then replace the hostname:
Host scms.box
Hostname backup-server
The Eclipse IDE is reading the SSH settings from ~/.ssh/config but this is user-specific (like on Linux).
I was wondering if there would be an equivalent to /etc/ssh/ssh_config on Windows?
I was wondering if there would be an equivalent to /etc/ssh/ssh_config on Windows?
As mentioned in "Git SSH client for Windows and path for .ssh/config file"
<installPath>\Git\etc\ssh\ssh_config
If you set GIT_SHH to <installPath>\Git\usr\bin\ssh.exe (and the launch Eclipse), then Eclipse should also use the global ssh config.
Short answer: it is not implemented in JGit. It only supports the "user" config file.
Long answer: I have been looking into the EGit/JGit source code. JGit is reading the SSH configuration and passing the object as argument to create the SSH session. However, JGit only supports the user config file.
Snippet of jgit/org.eclipse.jgit/src/org/eclipse/jgit/transport/OpenSshConfig.java:
public static OpenSshConfig get(FS fs) {
File home = fs.userHome();
if (home == null)
home = new File(".").getAbsoluteFile(); //$NON-NLS-1$
final File config = new File(new File(home, ".ssh"), Constants.CONFIG); //$NON-NLS-1$
final OpenSshConfig osc = new OpenSshConfig(home, config);
osc.refresh();
return osc;
}
Related
I have created an Azure Function to connect to an SFTP server via SSH. The only problem appears to be that needed SSH ciphers are not supported by SSH on the Ubuntu 20.04.4 LTS operating system that the Azure Function is running on. So I'd like to know if there's a way to update the SSH ciphers to the ones I need for the Azure Function on that operating system (without using Docker Hub)?
I read somewhere that you can edit /etc/ssh/sshd_config to get this done, but if that's the way forward, then how is it done (bear in mind that I don't think I have direct access to the operating system in the context of the Azure Function unless I'm mistaken)?
Yes you heard it correct you need to edit edit /etc/ssh/sshd_config to get this done.You can configure encryption algorithms in the configuration file using the Ciphers keyword; the default is 'AnyStdCipher'.
Perform the following steps:
1.In /etc/ssh/sshd_config (server) and /etc/ssh/ssh_config (client), search for Ciphers. The following is the default configuration:
Copy
#Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
2.Uncomment this line and replace it with the following value:
Copy
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
3.Restart SSH by running the service sshd restart command.
reference : https://www.netiq.com/documentation/access-manager-45/security-guide/data/ssh-ciphers.html
I have one Linux machine and one Windows machine for developments. For data sharing, we have set up a shared Windows directory in another Windows machine, which both my Linux and Windows can access.
I am now using DVC for version control of the shared data. To make it easy, I mount the shared Windows folder both in Windows and in Linux development machine. In Windows, it looks like
[core]
analytics = false
remote = remote_storage
['remote "remote_storage"']
url = \\my_shared_storage\project_dir
In Linux, it looks like:
[core]
analytics = false
remote = remote_storage
['remote "remote_storage"']
url = /mnt/mount_point/project_dir
As you can see, Windows and Linux have different mounting points. So my question is: is there a way to make that both Windows and Linux have the same ùrl in the DVC configuration file?
If this is impossible, is there another alternative solution for DVC keeps data in remote shared Windows folder? Thanks.
If you are using a local remote this way, you won't be able to have to the same url on both platforms since the mount points are different (as you already realized).
The simplest way to configure this would be to pick one (Linux or Windows) url to use as your default case that gets git-committed into .dvc/config. On the other platform you (or your users) can override that url in the local configuration file: .dvc/config.local.
(Note that .dvc/config.local is a git-ignored file and will not be included in any commits)
So if you wanted Windows to be the default case, in .dvc/config you would have:
[core]
analytics = false
remote = remote_storage
['remote "remote_storage"']
url = \\my_shared_storage\project_dir
and on your Linux machine you would add the file .dvc/config.local containing:
['remote "remote_storage"']
url = /mnt/mount_point/project_dir
See the DVC docs for dvc config --local and dvc remote modify --local for more details:
https://dvc.org/doc/command-reference/config#description
https://dvc.org/doc/command-reference/remote/modify#command-options-flags
I have an ssh connection to a remote machine in my terminal window, and GVim running locally as my text editor. I can mount the remote machine via SSH and open files in my local Vim. I can also edit remote files in my local Vim via Vim's support for editing over SCP.
Say I then use ag on the remote machine to search my project for a symbol:
[user#remote project]$ ag thingy
include/blah/foo.h
1137:void thingy() {
Now what can I type inside my SSH session to send that file to my local editor in a tab? If I were on my local machine, I could do something like gvim -p --remote-tab-silent include/blah/foo.h, but I don't think the Vim +clientserver Remote system can be forwarded over an SSH session, can it? Would it somehow magically work if I set up X11 forwarding? If so, how would Vim work out what remote server to connect to to edit the file? Is there maybe some kind of integration between a vim-embedded terminal session and the netrw system that I could use instead?
If I wanted to roll my own system with shell scripts and netcat and forwarding sockets of some kind over ssh, how might I design that?
The +clientserver mechanism on Linux and Unix systems uses X11:
The communication between client and server goes through the X server. The
display of the Vim server must be specified. The usual protection of the X
server is used, you must be able to open a window on the X server for the
communication to work. It is possible to communicate between different
systems.
If you set up X forwarding properly, you should be able to open the file, although I haven't tested. That means that the remote system should have a $DISPLAY environment variable.
If you haven't specified the server name explicitly, it is usually in the title bar of the window. The first one, on my Debian system, is GVIM, the next is GVIM2, etc. Client/server arguments need to go on the command line in a specific order and first on the command line. I'd try setting this up on a local machine and only then trying it with the remote machine.
To work remotely I need to SSH into the main server and then again into the departmental server.
I would like to set up a tunnel using sublime text 3 wbond sftp package to view and edit files remotely but I can't seem to find any information for setting up a tunnel. Is this even possible?
The reason I'm interested in this particular package is because I am unable to install any packages locally on the server, hence using something like rsub is not possible.
Any other suggestions besides sublime sftp are welcome.
I'm not sure the SFTP plugin would allow to do this directly.
What i would suggest is for you to use ssh -L to create a tunnel.
ssh -L localhost:random_unused_port:target_server:22 username_for_middle_server#middle_server -nNT
Use the password/identity_file for the middle server
The -nNT is to avoid opening an interactive shell in the middle server.
IMPORTANT: You need to keep the ssh -L command running so keep that shell open.
In this way you can connect to the target_server as such:
ssh username_for_target_server#localhost -p random_port_you_allocated
Similarly you can setup the SFTP plugin file as such
{
...
"host":"localhost",
"user":"username_for_target_server",
"ssh_key_file": "path_to_target_server_key",
"port":"random_port_you_allocated",
....
}
As a sidenote, always use the same port to tunnel to the same server, otherwise, with the default ssh configuration, you will be warned of a "Man in the middle attack" because the signature saved in the .ssh/known_hosts will not match with the previous one. This can be avoided by disabling this feature but I wouldn't recommend it.
System environment :
Server: Centos 6.2
Client: Windows + TortoiseSVN + putty
I have installed subversion in centos, created repository on server, and configured svn+ssh access way using key authentication. Everything works fine.
But I have a question about svn user using svn+ssh mode.
The svn user have a ssh key, so he can access subversion server and of course he can also access Centos server by SSH using the key authentication. Further, he can copy subversion repository files(Specifically /db files) from centos server using like WinSCP tool base on SSH.
So, I wanna know if there is a way that let the svn user just can access svn repository via svn+ssh and can't copy repository files from centos directly via ssh accessing?
If he can copy repository files from centos server via ssh, I think the svn access control realized by conf/authz file doesn't make any sense and svn repository isn't safe.
I just learn how to create a svn+ssh subversion server, so maybe my knowledge isn't enough, please give me a idea or just tell me whether a solution exists.
If can't prohibit copying files from Linux server via SSH, I will use svn or http(s) access mode.
Thank you!
I found a way to solve this problem.
add command into authorized_keys file to disable ssh shell login and scp, but enable svn+ssh, like this:
"/usr/bin/svnserve -t -r /svn/test/",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding
after add your authorized_keys file will like this:
command="/usr/bin/svnserve -t -r /svn/test/",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-rsa A......................................................................
I think this is one solution, do your have others? Please let me know.