key

How to instruct SSH use only my password and ignore my (rsa) key

7 June 2017 in GNU/Linux tagged key / keyboard-interactive / password / PreferredAuthentications / PubkeyAuthentication / rsa / ssh by Tux

Recently, we wanted to connect to a machine via SSH without using the default RSA key that was available in the client’s profile (~/.ssh/id_rsa).

We needed to avoid using the public key authentication method for two reasons:

The client did not want to share the passphrase with us
We did not want to move the key, not even temporarily

So, to connect via SSH while ignoring the key completely we connected using the following command


ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no user@server;

Explanation of parameters:

-o Was used to give options in the format used in the configuration file (/etc/ssh/ssh_config). It is useful for specifying options for which there is no separate command-line flag available.
-o PreferredAuthentications can be used to change the default order of authentication and bypass the GSSAPI-based authentication, the host-based authentication, the public key authentication and the challenge-response authentication.
-o PreferredAuthentications=keyboard-interactive,password instructs the server to perform the authentication through the keyboard-interactive method and if that method is not available to use the password method.
The keyboard-interactive authentication method is a request for all different pieces of information needed for the authentication. The server can specify, which inputs need to be hidden when user types them and which are not.
The password authentication is a request for a single password. There is no configuration sent by the server. So the client decides how to format the prompt.
-o PubkeyAuthentication=no Specifies whether to try public key authentication. By setting the value to no it disables it.

Installing Jenkins on Red Hat (CentOS 7 64bit) distributions

11 November 2016 in GNU/Linux tagged CentOS / jenkins / key / pgp / rpm by Tux

Following the official guides:

We tried to install Jenkins using the RPM repositories.

sudo yum install java -y;
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo;
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key;
sudo yum install jenkins -y;

Unfortunately, that resulted in an error:

warning: /var/cache/yum/x86_64/7/jenkins/packages/jenkins-2.19.2-1.1.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID d50582e6: NOKEY

Public key for jenkins-2.19.2-1.1.noarch.rpm is not installed

Apparently, sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key; failed silently and it did not import the key.

To verify, we executed rpm -qa gpg-pubkey* to display a list of all keys installed for RPM verification. From that list we wanted to see if any of the keys was the one needed by jenkins which should end with the value d50582e6. Since none of them matched, we tried to manually re-import it which failed again.

Our Solution

Our solution, although ugly, was to disable PGP verification in the file /etc/yum.repos.d/jenkins.repo.

[jenkins]
name=Jenkins-stable
baseurl=http://pkg.jenkins.io/redhat-stable
gpgcheck=0

That was enough to allow us to install the package using:

sudo yum install jenkins -y;

Finally, we started jenkins using sudo service jenkins start;.

Logs from failed installation


[bytefreaks@localhost ~]$ sudo yum install jenkins -y
[sudo] password for bytefreaks:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.coreix.net
* extras: mirrors.coreix.net
* updates: mirrors.coreix.net
Resolving Dependencies
--> Running transaction check
---> Package jenkins.noarch 0:2.19.2-1.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================================================================================================================
Package                                                Arch                                                  Version                                                     Repository                                              Size
=======================================================================================================================================================================================================================================
Installing:
jenkins                                                noarch                                                2.19.2-1.1                                                  jenkins                                                 66 M

Transaction Summary
=======================================================================================================================================================================================================================================
Install  1 Package

Total size: 66 M
Installed size: 67 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/jenkins/packages/jenkins-2.19.2-1.1.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID d50582e6: NOKEY


Public key for jenkins-2.19.2-1.1.noarch.rpm is not installed

Bytefreaks.net – a place for hacks