ssh – BAFM

NetApp FAS/Data ONTAP public key authentification with CIFS/NFS license

March 7, 2012June 21, 2013 Christian 2 Comments

Well as the title says, sadly we bought our FAS6210 without CIFS/NFS license. Thus, in order to create the folder structure/add the authorized_keys file, you’ll have to work for your money a little bit.

First, you need to run cifs setup / cifs passwd somewhere. I did it on our Data ONTAP simulator, which comes in handy for things like that.

You’ll get a cryptic looking password (no clue which format that is), looking like this: _OnWddr)xa.

Now, in order for the ftpd process to work, you need to create a /etc/passwd file. Usually the cifs setup would take care of that, but since we don’t own a CIFS license and I didn’t wanna add a trial license, I simply did what I described above on our simulator.

Now, open a SSH session with your filer. Create a new /etc/passwd file using wrfile. The new passwd file should look like this:

root:_OnWddr)xa.:0:1::/:
pcuser::65534:65534::/:
nobody::65535:65535::/:
ftp::65533:65533:FTP Anonymous:/home/ftp:

root:_OnWddr)xa.:0:1::/:

pcuser::65534:65534::/:

nobody::65535:65535::/:

ftp::65533:65533:FTP Anonymous:/home/ftp:

Now make sure, to replace the whole string in between the double dots with the one you got from the output of cifs passwd. After that is done, enable the FTP daemon using the options command:

; html-script: false ]options ftpd.enable on

1	; html-script: false ]options ftpd.enable on

Now, create your authorized_keys file somewhere (I exported my Public Key using PuTTygen), and from there open a ftp sessions with your root user on the filer. In the ftp shell run this:

cd /etc/sshd
mkdir root
cd root
mkdir .ssh
cd .ssh
lcd D:userschrischieDesktop
prompt
mput authorized_keys

cd /etc/sshd

mkdir root

cd root

mkdir .ssh

cd .ssh

lcd D:userschrischieDesktop

prompt

mput authorized_keys

The above example asumes that you created the authorized_keys file in the folder Desktop (that’s where my Desktop folder is, so replace it to suit your needs). Afterwards, disable the FTP daemon again:

options ftpd.enable off

1	options ftpd.enable off

And, tada … enjoy SSH password-less with your shiny public key.

XBMC: Adding the ppa keys to apt

May 15, 2009May 15, 2009 Christian 1 Comment

I recently bought an Acer Aspire Revo and had one of my trainees put XMBC on a SDHC card today. So after a bit of toying earlier, I started looking at the thing (from the command line that is).

One thing, if you enable the PPA (ppa.launchpad.net) sources, apt/aptitude is gonna babble something about an unverified key.

Fetched 119kB in 2s (41.4kB/s)
Reading package lists... Done
W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6D975C4791E7EE5E
W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2BBD133164234534
W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A956EB81318C7509

Fetched 119kB in 2s (41.4kB/s)

Reading package lists... Done

W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6D975C4791E7EE5E

W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2BBD133164234534

W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A956EB81318C7509

I ended up looking the error up (since I only have an Ubuntu desktop). There’s a simple solution for this:

for i in 2BBD133164234534 A956EB81318C7509 6D975C4791E7EE5E
do
  gpg --keyserver wwwkeys.eu.pgp.net --recv-keys $i
  gpg --export --armor $i | apt-key add -
done

for i in 2BBD133164234534 A956EB81318C7509 6D975C4791E7EE5E

gpg --keyserver wwwkeys.eu.pgp.net --recv-keys $i

gpg --export --armor $i | apt-key add -

done

Alternatively you can also use this:

for i in 2BBD133164234534 A956EB81318C7509 6D975C4791E7EE5E
  apt-key adv --keyserver=wwwkeys.de.pgp.net --recv-key $i
done

for i in 2BBD133164234534 A956EB81318C7509 6D975C4791E7EE5E

apt-key adv --keyserver=wwwkeys.de.pgp.net --recv-key $i

done

Work sometimes sucks (#2)

March 10, 2006June 21, 2013 Christian Leave a comment

Today they finally let me fiddle around on an AIX 5.3 system. Well AIX ain’t bad, but misses (by default installation) some features and comfort.

The first thing I noticed, they only! install telnet and don’t even give an option to install sshd .. That sucks, especially if you’re supposed to log in via the internet (yay! an telnet open to the internet :eek:)

So I googled a bit around and found out, that we should have some Bonus CD’s (from IBM of course) featuring openssl/openssh, looked into the cubicle behind the rack and look what I’ve found … Go, go … 😛

Put in the CD into the drive, fire up smitty (thats a really nifty tool they invented there) and installed openssh with all it’s dependencies (despite it’s pretty old v3.6.0) but now I got openssh running instead of a weaky telnet 🙂

What do I need also ? Yeah, bash … ksh really sucks (heh, and I love to scroll back in my command history). Fired smitty up again, and also installed bash …

That was pretty much work for the first day on AIX 😉