I'm using PHPStorm and an "OpenSSH" dialog continues to pop up every few minutes on a project I'm working on. It appears to be trying to fetch a status from the remote Mercurial repository. How can I configure OpenSSH to remember my password?
OpenSSH will bravely refuse to save passwords. You need to setup a public key, run the key agent, and then add that key. Here's a howto: http://paulkeck.com/ssh/
Related
I accidentally deleted my public and private key and had to generate new SSH keys due to not being able to restore the keys (and not having a backup anywhere). How do I change the public SSH key then of my Oracle Cloud instance?
Terminating the instance and remaking it isn't an option, and I've tried looking online but wasn't able to find much. Any help would be appreciated.
Thanks
Some background
Found a solution! Just so people are aware, there are methods online that involve connecting to the machine via VNC, but for me personally it felt very trial-an-error, when pressing buttons at the wrong time, and it ended up not working properly (VNC didn't display recovery mode for me, just a blank screen after selecting it).
Summary
This guide involves: Creating another machine (as incl. in free tier anyway), detaching the boot volume drive from the machine and attaching it to the machine just created, to do editing to change the keys over, then attaching the drive back up.
Create another VPS (Oracle have them incl. > free tier)
I deleted one of my other VPS' in the Oracle panel (that was a free machine - as I didn't need it and wasn't using it) and created it again anew (I made sure to delete the old boot volumes before continuing).
(This solution is assuming your using Ubuntu 20.04, but this will probably work for other OS's as well)
Basically from there,
I powered off the machine I wanted to change my SSH key of.
After fully being powered off, just detach the boot volume from the VPS, and attached it as a block volume to the machine just created.
Login to the machine via SSH, and run the connection commands by hitting the three dots (image below) and viewing the connection commands, to connect the drive up.
Editing files on the drive & mounting process
Then by running blkid (or sudo fdisk -l for a more friendly view)
you're able to see what drives are available for mounting. So then you just make a folder and simply type:
sudo mount [drive path e.g. /dev/sdb] [folder path e.g. ./drive]
Edit the file at /home/ubuntu/.ssh/authorized_keys, or however your machine is configured (Oracle by default disallows root, but if you've edited your configuration it's up to your end).
Then, simply go to the relevant path to be able to unmount the drive, umount [folder path e.g. ./drive]
Run the disconnect commands for the drive from the panel.
Then, simply detach the drive from your other machine and reattach it back to the original machine. Wait till it's fully attached and then start the machine again.
You can create a console connection, connection to it, then reboot the instance (through OCI console), and get to GRUB in the console connection... a few more steps and you can upload a new ssh key: https://docs.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm
My Laravel database got hacked for the second time. the hacker deleted all tables and left a table threatening to delete it If I didn't send bitcoin. That's not a problem since I do have a backup but what can I do to prevent it?
This is for Laravel 6. the first time I had debugging mode ON in the .env file so I thought this might be the problem. after turning debugging off I still got hacked am I missing anything?
Hello Mohamed Elmoniry,
I would check your server database configuration for the following security settings I mean this is pretty basic and normally done automatically if you are not self hosting and using a service like forge or digital ocean, but here you go:
Update the password plugin
Change the root password
Remove anonymous users
Disallow remote root login
Remove test database
If you are new to this and you are using MYSQL on your server you can run the following command/script that will automatically guide you through that process
sudo mysql_secure_installation
Additionally:
If you are using a web server I would also enable SSH and deactivate password login.
If you are using a firewall I would check that only the necessary ports to your application are allowed by the UTM (Unified threat management) if it is a hardware firewall. (same applies to a software firewall)
It would be great if you know how the hacker got into the database. Maybe you have an old database version? Maybe you have an easy-to-crack password and have exposed your database to the internet. Laravel by default blocks SQL injection, so that can't be it.
If you have exposed your database, a good first step is to block all requests and allow only ones from certain IP addresses, like your server and IP addresses where you often work. This way, hackers can only get to your database if they are on one of those IP's.
Do you publish your code to GitHub? Maybe the hacker got the password from your repository (this is only possible if this is public). You should make sure you NEVER EVER publish your .env file to the internet and only keep local copies.
But the best solution would be to find out how he got in. Then you can block that entrance. You should certainly check your database version and update it if necessary.
it seems your website has some shell (malware) stored. Virus take palace with following reasons :
Old version framework (but you are using v6, that is updated)
A shell/virus already in code (check if a php shell exist, & scan with antivirus)
You have public git repo, where attacker placed his malware
You have credentials hardcoded that leaked, either through git repo or JS files.
You have unrestricted file upload option in your code, which allow hacker to upload shell.
your database server is publicly exposed,allowing anyone to access.
If you are using older jenkins or other automation tool, which exploit used.
SQL injection, (check logs)
Thanks, Jaikey
Check whether your .env or .env.sample files expose to public for some reason?
https://yourdomain.com/system/.env
If yes, block the public access of .env by adding the code below to the .htaccess file.
<FilesMatch "^\.env">
Order allow,deny
Deny from all
</FilesMatch>
I have windows server machine on GCE.Whenever I try to take remote or RDP into machine it is showing
The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.
Please contact the server administrator
I have reset the machine but didn't work. The solutions that I got on the net needs access to the machine first, but I am not able to access the machine. Here is a link http://www.dell.com/support/Article/us/en/04/635765/EN to troubleshoot this, but I am not able to access machine as the machine is on google server.
In my case license has been expired. But I was able to take remote in admin mode. Use the command in Run to take remote in admin mode
mstsc /admin
Then I added new license to continue remote service. For more detail on remote desktop licensing check out the link https://technet.microsoft.com/en-us/library/cc732684.aspx
According to this post the solution is to delete the following key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod
I Followed Sunil Garg's instructions:
mstsc /admin
to remote into the server.
Then I deleted the key. Please note you must run regedit as System user to delete the key. Use the RunAsSystem tool to achieve this
This problem made by some kind of caching of remote desktop licensing in clients you can solve this by remove the bellow key in registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing
It's much easier to make a reg file and run it so .
Make a empty text file
Name it "mypatch.reg" or "mypatch.reg"
Put bellow text in it and save it
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing]
Run it by dubble click on file!
It should remove the key.
I've recently switched from Netbeans to PHPStorm and I have weird issue with PHPStorm. Sometimes (really often) when I pull or push it shows that it is pulling/pushing but it never ends. I must restart PHPStorm, do it again and then it work.
I synchronize with bitbucket if that helps and I use mercurial.
PHPStorm doesn't show any errors.
Does anyone know what can cause this?
Have a look at SSH, a lot of people prefer SSH over username/password. With SSH you need to enter password for private key once on first pull or push. Here is manual.
I'm using Mercurial (latest bundled with THG) and have a repo on Google Code. I enabled the mercurial_keyring extension and this worked perfectly until I changed the password on my Google account. Now Google Code returns a HTTP 403 error due to the wrong password stored in the keychain, which causes HG to abort the push without asking for the password again.
Is there any way to force the password change on the keyring, or even just to reset it, so that I can re-enter the new password? A tool to manage the stored entries for the python Win32CryptoKeyring would also be fine, since I could use that to delete my password.
I found this question accidentally. Mercurial_keyring tries to detect such cases and re-ask for the password, but for one reason or another this did not work.
I created issue https://bitbucket.org/Mekk/mercurial_keyring/issue/45/some-way-to-clear-password-and-maybe to track the problem, anybody wishing to add some information or to follow the work is welcome to track it.
(mercurial_keyring author)