This document provides instructions for setting up SSH keys on CentOS 7 to enable passwordless login. It describes generating an RSA key pair with ssh-keygen, setting permissions on the private and public key files, and copying the public key to authorized_keys on the server. Running ssh-copy-id copies the public key and allows logging into the server without a password by authenticating with the private key.
This document provides instructions for installing and configuring RSyslog on CentOS 7. It describes how to install RSyslog, configure modules and protocols, manage the daemon, verify the log file, test the service, configure an RSyslog client for UDP and TCP forwarding, restart the client service, and lists the log severity and facility tables.
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...VCP Muthukrishna
The document describes troubleshooting an issue where emails were being deferred from a Zimbra mail server due to port 10024 being refused. The potential causes were a failed or stopped amavisd service, an out-of-date ClamAV antivirus package, or a stale amavisd.pid file. The resolutions included restarting the amavisd service, upgrading ClamAV, and removing and updating the amavisd.pid file before restarting Zimbra services.
How To Install and Configure Apache SSL on CentOS 7VCP Muthukrishna
This document provides instructions on how to install and configure Apache SSL on CentOS 7. It includes steps to install the httpd package and enable the service, create a self-signed SSL certificate, configure the SSL settings in the Apache configuration file including the certificate and key files, open firewall ports, and validate the SSL configuration. The goal is to securely serve HTTPS traffic from the Apache web server using the newly created SSL certificate.
Shell Script Disk Usage Report and E-Mail Current Threshold StatusVCP Muthukrishna
This shell script generates a disk usage report for each disk partition on a server and emails the report. It checks disk usage percentages against thresholds of 90%, 80%, and 70% and colors partitions red, orange, or green accordingly in the report. It also calculates the difference in disk usage from the previous report 12 hours ago and includes this in the emailed report. Running the script generates an HTML report file and uses sendmail to email the file to specified recipients.
How To Configure Apache VirtualHost on RHEL 7 on AWSVCP Muthukrishna
This document provides instructions on how to configure Apache virtual hosts on RHEL 7 to host multiple websites on different ports with different content folders. It includes steps to configure the Apache listen directive, create virtual host directives, set document roots and ports, create log directories, validate the configuration, and modify security settings. Sample index files are provided to demonstrate the three configured websites.
How To Install and Configure SNMP on RHEL 7 or CentOS 7VCP Muthukrishna
The document provides instructions on how to install and configure SNMP on RHEL 7. It describes downloading the required packages, editing the configuration file, opening the required port in the firewall, and testing SNMP queries locally and remotely. SNMP can be used to monitor devices and retrieve statistics on parameters like performance, usage, and storage. The three main versions of SNMP are also outlined, highlighting their features around security, querying, and remote configuration capabilities.
How To Check IE Enhanced Security Is Enabled Windows PowerShellVCP Muthukrishna
This PowerShell script checks the status of Internet Explorer Enhanced Security settings on a system. It reads the registry keys that control IE Enhanced Security for the local machine profile and current user. The script outputs whether each key is supported, the current value set for each key, and notifies if a key is not defined.
How To Install and Configure Open SSH Server on UbuntuVCP Muthukrishna
This document provides instructions on how to install and configure OpenSSH server on Ubuntu. It includes steps to update the system, check if OpenSSH is already installed, install the openssh-server package if needed, verify the installation, configure the listen port to 22, start the SSH daemon, test the SSH service from localhost, and open the firewall to allow SSH connections.
How To Install and Configure AWS CLI for WindowsVCP Muthukrishna
This document provides instructions for installing and configuring the AWS CLI on Windows. It includes downloading the AWS CLI MSI installer, running the installer, and configuring access keys through the aws configure command. The AWS CLI must be configured with an access key ID, secret access key, and default region to authenticate with AWS and interact with AWS services through commands.
How To Disable IE Enhanced Security Windows PowerShellVCP Muthukrishna
This PowerShell script disables Internet Explorer Enhanced Security by modifying registry values. It checks the registry keys for IE Enhanced Security settings for the Admin and current user profiles. If the keys exist and the configuration is enabled, it sets the registry value to 0 to disable IE Enhanced Security. If the keys are already configured to be disabled, it outputs a message indicating no changes are needed. If the keys don't exist, it displays a message that the registry is not configured.
This document provides instructions for managing Linux users on Red Hat Enterprise Linux 7. It discusses user types and ID ranges, and provides examples of how to use the useradd, usermod, and userdel commands to create, modify, and delete users. Specific examples shown include creating users with different options like setting the user ID, group ID, home directory, login shell, comment, and expiry date. It also demonstrates modifying user attributes like ID, primary group, home directory, login shell, and locking/unlocking users.
How To List Nginx Modules Installed / Complied on CentOS 7VCP Muthukrishna
This document provides instructions for listing Nginx modules installed on a RHEL 7 system. It explains that running the command "nginx -V" will output all modules compiled for the Nginx server. Alternatively, piping the output of "nginx -V" through tr and grep can format it to display each module on its own line.
The document provides steps to install Openfire instant messaging server on CentOS 7. It includes downloading and installing Java, setting the hostname, installing MariaDB database, downloading and configuring Openfire, and starting the Openfire service. Troubleshooting tips are also included to address potential issues like service failures.
How To Configure FirewallD on RHEL 7 or CentOS 7VCP Muthukrishna
This document provides instructions on how to configure the FirewallD firewall on RHEL 7 or CentOS 7 systems. It describes how to manage the firewall service, add and remove firewall rules, configure zones, and lists the predefined firewall configurations.
This document provides instructions on how to install and configure Cacti, an open source network and system monitoring tool, on a Linux server. It involves installing key packages like Apache, MySQL, PHP, SNMP, and RRDTool. The steps include configuring the services, creating a MySQL database for Cacti, importing the Cacti data tables, and configuring Apache to access Cacti. Finally, it covers initial Cacti setup like identifying versions, completing the installation wizard, resetting the admin password, and creating initial graphs.
This document provides instructions on using a PowerShell script to check if a file exists and delete it. The script prompts the user to enter a file name, uses the Test-Path command to check if the file exists, and will either delete the file or display an error message depending on the result. It also describes the prerequisites of having the correct execution policy set like AllSigned or Unrestricted to allow scripts to run.
This document provides instructions for installing and configuring the Gnome desktop environment on CentOS 7. It begins with pre-requisites like ensuring the system is updated. It then checks if Gnome is already installed before using YUM to install the GNOME Desktop group package. Post-installation steps include launching the GUI, configuring the system to use Gnome by default, rebooting, and verifying Gnome loads correctly.
This document discusses PowerShell functions and provides an example of creating a simple function called Call_Function_Write_Welcome_Message. The function clears the host, lists function information, prints a purpose message, and outputs the text "Hello - PowerShell Script". To invoke the function, its name is called from the PowerShell CLI or ISE. When run, the function displays its output.
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesBrentMatlock
This document provides best practices for securing Splunk configurations with SSL. It discusses Splunk's default SSL posture and the types of communication that can be encrypted with SSL. The document then provides recommendations for enabling SSL for various Splunk components like Splunkweb, forwarders, indexers, the deployment server, and more. It also discusses options for using a commercial or private certificate authority and provides an example SSL-enabled Splunk architecture.
This document provides steps to install and configure mod_ssl on CentOS/Fedora/Redhat to enable HTTPS on the Apache web server. It describes generating a self-signed certificate, editing the ssl.conf and httpd.conf configuration files to specify the certificate details and enable SSL, and restarting the Apache server to apply the changes.
Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.
The document provides an overview of SSH (Secure Shell), including what it is, its history and architecture, how to install and configure it, use public-key authentication and agent forwarding, and set up port forwarding tunnels. SSH allows securely executing commands, transferring files, and accessing systems behind firewalls.
SSH is a secure network protocol that allows remote access and file transfers between computers in a secure manner. It uses cryptographic keys and algorithms to authenticate users and encrypt data. Some common uses of SSH include remote login and command-line execution. An SSH client initiates an encrypted connection to an SSH server on a remote computer using the secure shell protocol after verifying authentication via keys or passwords. The document then provides examples of SSH commands and configurations for tasks like connecting to remote machines, transferring files, and running commands securely over SSH connections.
This document discusses OpenSSH and provides tricks for using SSH. It begins by explaining what SSH is and why it is important for secure remote access. It then discusses installing OpenSSH and basic SSH usage like remote login. The document covers additional SSH features like executing commands remotely, file transfers using SCP and SFTP, public key authentication, and default configuration files. It provides examples of SSH port forwarding, comparing remote and local files, and mounting remote folders. The document concludes with a list of "best SSH tricks" including enabling password-less login and starting tunnels.
This document provides an overview of the Secure Shell (SSH) protocol. It describes what SSH is, the history and terminology associated with it, how SSH provides secure communication over unsecured networks through encryption and authentication, and how to install and configure SSH clients and servers. Key points covered include the SSH architecture and layers, features like encryption and authentication, how to generate and manage cryptographic keys, and recommendations for configuring SSH clients and servers securely.
1. The document discusses SSH tricks and configuration tips for securing SSH connections and servers. It provides examples of SSH client-side one-liners and ways to quickly set up an SSH server.
2. SSH is a secure network protocol for exchanging data between networked devices. The document outlines ways to lock down SSH servers and clients through configuration files and access controls.
3. The document shows examples of SSH port forwarding, tunnels, and other one-liners that can enable remote access or administration through SSH connections.
Kyle Young presents on SSH tricks and configuration tips. He discusses the history and uses of SSH, how to securely connect to SSH servers by verifying fingerprints, and ways to lock down SSH servers and clients through configuration files like sshd_config and ssh_config. He also shares some useful SSH client-side one-liners.
Secure Shell (SSH) is a cryptographic network protocol for secure data communication and remote shell services over an insecure network. SSH establishes an encrypted connection between a client and server, allowing for secure login, file transfer, port forwarding and tunneling. It uses public-key authentication and encryption to securely handle remote login and other network services between two networked computers.
This document provides instructions for configuring remote access and secure file transfers using OpenSSH on CentOS 5. It describes how to configure SSH for password-less authentication using public key authentication. It also explains how to optionally rebuild OpenSSH 5.4p1 to enable additional access restrictions and features. Scripts are provided to help administer user accounts and setup file structure for hosting users.
SSH or secure shell is an encrypted protocol used to communicate and administer with the servers. It follows simple steps to generate on ubuntu. Generating ssh keys in ubuntu, the windows operating system is moreover similar.
This document provides instructions for installing Hadoop on a single node Ubuntu 14.04 system by setting up Java, SSH, creating Hadoop users and groups, downloading and configuring Hadoop, and formatting the HDFS filesystem. Key steps include installing Java and SSH, configuring SSH certificates for passwordless access, modifying configuration files like core-site.xml and hdfs-site.xml to specify directories, and starting Hadoop processes using start-all.sh.
This document discusses various SSH techniques including creating SSH tunnels with -L to access services on remote networks, using -D to create a quick web proxy, copying files between remote hosts with -R, generating and managing SSH keys with ssh-keygen and ssh-agent, and configuring SSH forwarding and the ~/.ssh/config file. It also covers best practices for SSH key security and management.
Secure Shell (SSH) is a protocol that provides secure remote access to devices. This document provides instructions for configuring SSH on Cisco switches including generating SSH keys, configuring the SSH server, and monitoring the SSH configuration. Key steps include generating an RSA key pair, configuring the SSH version, setting timeout values, and limiting network access to SSH-only connections.
The document outlines the steps to set up SSH key-based authentication between an Ansible control node and two target nodes to enable Ansible to configure the target nodes without passwords. It involves generating public/private key pairs on the control node, adding the public key to each target node's authorized_keys file, and restricting password logins for security.
This document provides an overview of secure shell (SSH) including what it does and does not do, its system architecture, key components like SSH-TRANS, SSH-AUTH and SSH-CONN, and the process of building an SSH connection. It also discusses setting up SSH keys, copying keys to servers, using SSH agents, key scanning tools and other SSH tools. While the document discusses decrypting SSH traffic by disabling encryption, it notes this is not possible with OpenSSH and provides an alternative high performance SSH client that allows decryption. It concludes by providing credits and soliciting questions.
SSH is a secure network protocol that encrypts data in transit. It uses public-key cryptography to authenticate servers and establish encrypted connections. SSH clients connect to SSH servers to securely execute commands, transfer files, and access services over unsecured networks like the Internet. Common uses of SSH include secure remote login, file transfer, port forwarding, and tunneling other protocols through an encrypted SSH connection.
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
This document discusses using SSH certificates as an alternative to SSH keys for secrets management and remote access. It notes that SSH keys require ongoing management as team members join and leave. SSH certificates were introduced over 10 years ago and provide auditability, expiration to remove standing permissions, and avoid issues with lost or stolen keys. However, SSH certificates require some PKI knowledge and infrastructure setup. The document provides steps to set up a basic certificate authority and configure a server to use SSH certificates for login.
SSH (Secure SHell) is a protocol and program used to securely access remote systems. It allows establishing secure communication channels and relies on cryptography. Basic usage provides shell access or executes commands on remote servers, while advanced uses include transferring data, connecting to services, and creating secure tunnels through the public internet. Authentication can be done with passwords or public-key cryptography for increased security.
The document discusses secure shell (SSH) and how penetration testers can use it. It covers SSH clients like PuTTY and commands like scp. It describes SSH authentication methods including passwords and public key authentication. It also discusses hardening the SSH daemon, SSH tunneling, X11 tunneling, SSH agents, and concludes that SSH can be made secure but still has vulnerabilities that pen testers should test for with permission.
How to Fix Duplicate Packages in YUM on CentOS 7VCP Muthukrishna
This document provides steps to resolve duplicate package errors when using YUM on CentOS 7. It involves installing the yum-utils package, using package-cleanup commands to list, count, and clean duplicate packages, and if needed removing any remaining duplicates manually. Running package-cleanup again after should show no more problems.
How To Construct IF and Else Conditional StatementsVCP Muthukrishna
This document discusses using IF and ELSE conditional statements in PowerShell scripts. It provides code snippets to check for input and return different outputs based on whether input is provided or not. When input is provided, it will write the input and beep at a high pitch. If no input is provided, it will write an error message and beep at a lower pitch. The document also provides background on PowerShell functions and execution policies.
How To Create PowerShell Function Mandatory Parameter and Optional ParameterVCP Muthukrishna
This document discusses PowerShell functions that have mandatory and optional arguments. It provides an example function definition that defines the first argument as optional and the second argument as mandatory. It shows calling the function and passing only the mandatory second argument, which works as expected. It also shows calling the function without any arguments, which causes it to prompt for the mandatory second argument value as required.
How To Create Power Shell Function Mandatory Parameter ValueVCP Muthukrishna
This document discusses PowerShell functions and mandatory arguments. It defines a sample function called MandatoryParameter that takes a mandatory string argument. When invoked without passing a value, it will prompt for the argument. When called with a value, it displays the passed value. The document provides examples of invoking the function with and without arguments to demonstrate PowerShell's handling of mandatory parameters.
How To Configure Nginx Load Balancer on CentOS 7VCP Muthukrishna
This document provides instructions on how to configure Nginx as a load balancer on CentOS 7. It describes installing Nginx, configuring two web servers and a load balancer node, setting up the load balancing configuration in the Nginx configuration file, and testing the load balancer functionality using curl commands and a web browser.
The nginx service failed to start because it was configured to bind to port 9080, which was not an authorized port by the default SELinux configuration. Adding port 9080 to the list of authorized HTTP ports using semanage resolved the issue, allowing nginx to bind to the non-standard port and start successfully. Validation steps confirmed the service was now accessible on port 9080.
This document provides instructions on how to install, configure, and use the GNU Screen terminal multiplexer on CentOS 7. It discusses installing the Screen package, verifying installation, launching new screen sessions, listing, attaching, detaching, locking, creating new screens within sessions, switching between sessions, stopping sessions, wiping defunct sessions, scrolling back in sessions, splitting sessions horizontally and vertically, starting and switching split sessions, exiting split sessions, modifying permissions to share sessions between users, and accessing sessions by name from other user accounts.
How To Install and Configure Salt Master on UbuntuVCP Muthukrishna
This document provides instructions on how to install and configure a Salt master on Ubuntu. It includes steps to install the Salt package and PPA repository, create configuration directories, configure the firewall to allow Salt traffic, configure the minion, manage Salt services, accept the minion key on the master, and test the connection by running commands on the minion.
How To Protect SSH Access with Fail2Ban on RHEL 7VCP Muthukrishna
This document provides instructions on how to install and configure Fail2Ban on RHEL 7 to protect SSH access. It describes installing the Fail2Ban package, configuring jails and filters to monitor the SSH service logs, enabling and starting the Fail2Ban service, and viewing firewall rules and banned IP addresses. Key steps include editing /etc/fail2ban/jail.local to enable SSH monitoring, setting attributes like maxretry and findtime, and starting the Fail2Ban service to begin blocking IPs.
This document discusses how to configure SNMP logging on RHEL 7. It describes editing the SNMP daemon configuration file to set startup options like logging level and facility. It also provides instructions for starting, stopping, restarting, and checking the status of the SNMP daemon service using systemctl commands.
This document provides instructions for finding package installation dates on RHEL 7. It explains how to query all installed packages and their dates using rpm -qa --last, query the latest 5 packages using rpm -qa --last | head -5, and query a specific package's installation and build dates using rpm -qi package | grep Date.
This document provides steps to upgrade Openfire on CentOS 7, including stopping the Openfire service, backing up the MySQL database and configuration file, downloading and installing the latest Openfire package, and restarting the service. The process involves launching the Openfire admin console, stopping the service, backing up the database and configuration, downloading and installing the new package, verifying the installation, and restarting the service.
This document provides steps to reset the root password on RHEL 7 if it is forgotten:
1. Reboot the server and choose the "Core" kernel entry in the boot menu.
2. Edit the kernel entry to add "rw init=/sysroot/bin/sh" which will start the system in single user mode.
3. Run the "chroot /sysroot" command and then "passwd root" to set a new root password.
4. Run "touch /.autorelabel" and reboot to relabel the filesystem for SELinux.
Get-ExecutionPolicy displays the current execution policy for PowerShell scripts on the local machine. The execution policy determines whether scripts can run or must be signed by a trusted publisher. Running Get-ExecutionPolicy without parameters shows the current policy, while Get-ExecutionPolicy -List shows the possible policy options: Restricted, AllSigned, RemoteSigned, and Unrestricted.
This document discusses how to install, configure, and use the Automatic Bug Reporting Tool (ABRT) command line interface (CLI) on Linux. It provides instructions on installing the abrt-cli package, checking and starting the abrtd service, viewing the default ABRT configuration, enabling auto reporting, configuring SELinux for ABRT, listing dump files, and describes various ABRT CLI commands to list, report, get info on, remove, and process issues.
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
How Netflix Builds High Performance Applications at Global ScaleScyllaDB
We all want to build applications that are blazingly fast. We also want to scale them to users all over the world. Can the two happen together? Can users in the slowest of environments also get a fast experience? Learn how we do this at Netflix: how we understand every user's needs and preferences and build high performance applications that work for every user, every time.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/
Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit.
AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise.
In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecJames Anderson
The lecture titled "Automating AppSec" delves into the critical challenges associated with manual application security (AppSec) processes and outlines strategic approaches for incorporating automation to enhance efficiency, accuracy, and scalability. The lecture is structured to highlight the inherent difficulties in traditional AppSec practices, emphasizing the labor-intensive triage of issues, the complexity of identifying responsible owners for security flaws, and the challenges of implementing security checks within CI/CD pipelines. Furthermore, it provides actionable insights on automating these processes to not only mitigate these pains but also to enable a more proactive and scalable security posture within development cycles.
The Pains of Manual AppSec:
This section will explore the time-consuming and error-prone nature of manually triaging security issues, including the difficulty of prioritizing vulnerabilities based on their actual risk to the organization. It will also discuss the challenges in determining ownership for remediation tasks, a process often complicated by cross-functional teams and microservices architectures. Additionally, the inefficiencies of manual checks within CI/CD gates will be examined, highlighting how they can delay deployments and introduce security risks.
Automating CI/CD Gates:
Here, the focus shifts to the automation of security within the CI/CD pipelines. The lecture will cover methods to seamlessly integrate security tools that automatically scan for vulnerabilities as part of the build process, thereby ensuring that security is a core component of the development lifecycle. Strategies for configuring automated gates that can block or flag builds based on the severity of detected issues will be discussed, ensuring that only secure code progresses through the pipeline.
Triaging Issues with Automation:
This segment addresses how automation can be leveraged to intelligently triage and prioritize security issues. It will cover technologies and methodologies for automatically assessing the context and potential impact of vulnerabilities, facilitating quicker and more accurate decision-making. The use of automated alerting and reporting mechanisms to ensure the right stakeholders are informed in a timely manner will also be discussed.
Identifying Ownership Automatically:
Automating the process of identifying who owns the responsibility for fixing specific security issues is critical for efficient remediation. This part of the lecture will explore tools and practices for mapping vulnerabilities to code owners, leveraging version control and project management tools.
Three Tips to Scale the Shift Left Program:
Finally, the lecture will offer three practical tips for organizations looking to scale their Shift Left security programs. These will include recommendations on fostering a security culture within development teams, employing DevSecOps principles to integrate security throughout the development
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
AC Atlassian Coimbatore Session Slides( 22/06/2024)apoorva2579
This is the combined Sessions of ACE Atlassian Coimbatore event happened on 22nd June 2024
The session order is as follows:
1.AI and future of help desk by Rajesh Shanmugam
2. Harnessing the power of GenAI for your business by Siddharth
3. Fallacies of GenAI by Raju Kandaswamy
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
How To Setup SSH Keys on CentOS 7
1. How To Setup SSH Keys on CentOS 7
i | P a g e
Table of Contents
Overview.......................................................................................................................................................1
What is SSH Keys...........................................................................................................................................1
SSH Keys – Private Key..............................................................................................................................1
SSH Keys – Public Key................................................................................................................................1
SSH Keys – Algorithm................................................................................................................................1
SSH Keys – Key Size...................................................................................................................................2
SSH Keys – Files and Locations......................................................................................................................2
SSH Keys – Permissions - Set.........................................................................................................................3
SSH Keys – Permissions - Validation .............................................................................................................3
SSH Keys - Generation...................................................................................................................................4
Generate SSH Key – RSA ...........................................................................................................................4
Generate SSH Key – Private Key File.........................................................................................................4
Generate SSH Key – Passphrase................................................................................................................4
Generate SSH Key – Files ..........................................................................................................................5
Generate SSH Key – Copy ID .....................................................................................................................5
SSH Key – SSH Login......................................................................................................................................6
2. How To Setup SSH Keys on CentOS 7
1 | P a g e
Overview
In this guide we will walk through steps of generating and connecting to the host without password with
ssh-keygen utility, this utility will create key pairs for automated authentication.
What is SSH Keys
SSH Keys uses public key cryptography for authenticating hosts and users. This key is much more secured
than older version of utilizing “.rhosts” file authenticating method. In this method password is not stored
in a file and in turn eliminates the possibility of password being compromised.
SSH Keys – Private Key
A private key that remains (only) with the user. It is imperative that key is in the possession of the specific
user. A user has private key that corresponds to the public key of the server will be able to authenticate
successfully.
Ideally private keys have to be stored in a safe location, it should not be tampered, copied or shared with
others. Private keys used for user authentication are called “Identity Keys”.
SSH Keys – Public Key
A public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data
which can then only be read by the person who holds the corresponding private key.
Once an SSH server receives a public key from a user and considers the key as trustworthy, then the server
marks the key as authorized and subsequently its stored in “authorized_keys” file. Such keys are called
“Authorized Keys”.
SSH Keys – Algorithm
Each key has to be generated with specific type of algorithm, different algorithm provide different level
of security the below table will give insight into each algorithm its purpose is described.
Algorithm Description
rsa It’s an old algorithm based on the difficulty of factoring large numbers. A key size with at
least 2048 bits is recommended for RSA; 4096 bits is much better.
RSA is getting old and significant advances are being made in factoring. Choosing a
different algorithm is recommended.
In the near future RSA algorithm might be practically breakable. All SSH clients support
this algorithm.
3. How To Setup SSH Keys on CentOS 7
2 | P a g e
dsa It’s an old US government Digital Signature Algorithm. It is based on the difficulty of
computing discrete algorithms.
A key size of 1024 would normally be used with it.
DSA in its original form is no longer recommended.
ecdsa It’s a new Digital Signature Algorithm standardized by the US government, using elliptic
curves.
It’s probably a good algorithm for current applications. Only three key sizes are currently
supported viz., 256, 384, and 521 bits.
It’s recommend to utilize 521 bits, since the keys are still small and probably more secure
than the smaller keys. Bigger the bits size safer the key.
Most SSH clients now support this algorithm.
ed25519 It’s a new algorithm added in OpenSSH. Support for it in clients is not yet universal.
Its implementation in general purpose applications is not recommended for now; though
it could leak if public key is incorrect.
SSH Keys – Key Size
By default SSH key size that gets generated is with “2048” bits, to customize bit key size set the bit key
size parameter “-b” while generating the ssh key.
SSH Keys – Files and Locations
Each key file has important role to play, to understand each one of the file(s) and their importance, listed
below are the file(s) and their location / along with their purpose is described.
Location & File Purpose / Description
$HOME/.ssh/identity This file contains the RSA private key when using the SSH protocol version 1.
$HOME/.ssh/identity.pub This file contains the RSA public key for authentication when you are using the
SSH protocol version 1.
User has to copy contents in the $HOME/.ssh/authorized_keys file of the
remote system where a user wants to login.
$HOME/.ssh/id_dsa This file contains the protocol version 2 DSA authentication identity of the
user.
$HOME/.ssh/id_dsa.pub This file contains the DSA public key for authentication when you are using the
SSH protocol version 2.
4. How To Setup SSH Keys on CentOS 7
3 | P a g e
User has to copy contents in the $HOME/.ssh/authorized_keys file of the
remote system where a user wants to login.
$HOME/.ssh/id_rsa This file contains the protocol version 2 RSA authentication identity of the
user.
This file should not be readable by anyone but the user.
$HOME/.ssh/id_rsa.pub This file contains the protocol version 2 RSA public key for authentication.
User has to copy contents in the $HOME/.ssh/authorized_keys file of the
remote system where a user wants to login.
SSH Keys – Permissions - Set
Each location / file has to be set to appropriate permission, location / purpose is described in below table.
Location / File Set Permission - Command Purpose / Description
User Home Folder chmod go-w /home/$USER
chmod g-w,o-w ~
User’s home directory on the server should NOT
be writable by others
.ssh Folder chmod 700 /home/$USER/.ssh SSH folder on the server needs 700
authorized_keys chmod 644
/home/$USER/.ssh/authorized_keys
authorized_keys has to be set to 644
authorized_keys* chmod 600
/home/$USER/.ssh/authorized_keys
authorized_keys has to be set to 600; root user
will also not have access, better security.
.ssh Folder chown user:user /home/$USER/.ssh user owns the files/folders and not root
authorized_keys chown user:user authorized_keys user owns the files/folders and not root
SSH Keys – Permissions - Validation
In order to validate permission set on each folder / file, execute command as per the below table.
Location / File Set Permission – Command Long List – Command Permission – View
Home Directory chmod 755 ~ ls -l ~ 755 or (drwxr-xr-x)
.ssh (folder) chmod 700 ~/.ssh ls -l ~/.ssh 700 or (drwx------)
.pub (public key file) chmod 644 ~/.ssh/*.pub ls -l ~/.ssh/*.pub 644 or (-rw-r--r--)
5. How To Setup SSH Keys on CentOS 7
4 | P a g e
id_rsa (private Key file) chmod 600 ~/.ssh/*.id_rsa ls -l ~/.ssh/*.id_rsa 600 or (-rw-------)
SSH Keys - Generation
Before you login to the server without password, you need to generate ssh keys and copy generated key
on to the server and you can subsequently login.
Generate SSH Key – RSA
Generating key is first and foremost task that we have to perform in order setup SSH Key, default
Algorithm is “RSA” and key size is “2048”, to generate a new ssh key, run the command;
ssh-keygen -t rsa -b 4096
Generate SSH Key – Private Key File
By default ssh key file is created as “id_rsa”, optionally you can set the name of the file.
Generate SSH Key – Passphrase
Optionally, you can set “passphrase” or key password for the ssh key, this passphrase will be keyed-in
upon logging on to the server.
6. How To Setup SSH Keys on CentOS 7
5 | P a g e
Generate SSH Key – Files
User’s private and public key generated files will be default stored in “$HOME/.ssh/” folder, wherein
“id_rsa” is a private key file and “id_rsa.pub” is a public key file. In this step key’s “fingerprint” is defined
along with algorithm type and key bits will will also be displayed.
Generate SSH Key – Copy ID
Once the ssh key is generated, next step is to copy the ssh key; to copy run the command;
ssh-copy-id mvcp@salt
7. How To Setup SSH Keys on CentOS 7
6 | P a g e
SSH Key – SSH Login
After copying the ssh key; you can connect to the server without password, ssh key copied with command
ssh-copy-id will be verified and validated and user will be logged into the server automatically, to connect
run the command;
ssh mvcp@salt