I have a PowerShell script hosted in Windows Server 2008 R2. This script need to invoke a UNIX script residing in a UNIX server. After completion of execution of script it must return the output to the calling script. (PowerShell Script). I am implementing it in highly secured servers. Hence cannot use third party built tools/Libraries unless they are authenticated and approved by standards. If there is any standard library which I can make use of and accomplish this task will be appreciated.
There is no "native" way to do it that I'm aware of.
The most secure method I can think of offhand which will be accepted by your review board is to use ssh with keys for authentication. Yes, you'll have to acquire & install an SSH client for Windows, but if your servers are "highly secured" then your security people should be very happy to hear that you want to use SSH. SSH should already be running on the UNIX servers.
You can use ssh to execute any command on the remote system (that you're authorized to execute) instead of creating a login shell simply by appending the command to the end of the ssh command line (as described by the link above).
Related
I'm having trouble debugging a WindRiver build system where the build machine seems unable to obtain a license from the WindRiver license server. Is there a tool that allows me to run a "get me a license" check without having to run a complete build?
you can try on the client side, to run from the command line the command -lmutil stat, this will ping the license server and return a response.
regards.
Paul, in this case, if you're using another machine as a license server, first be sure that the server is up and running, after that on the client machine, set the environment variable WRSD_LICENSE_FILE = 27000# and test.
What i am trying seems quite simple, but i cant really get my head wrapped around what i need to do:
Inside a job, i have a build-step that executes shell-commands. This shell command tries using the Jenkins CLI.
So basically it says "java -jar theCliFile -s jenkinsURL / command
So inside of a job, i am trying to make a SSH connection to the jenkins-server itself.
This fails, console output says that "[WARN] Failed to authenticate with your SSH keys. Proceeding as anonymous
You must authenticate to access this Jenkins.".
I could provide a username and password as clear text inside of the shell, but i would like to avoid that.
What do i need to setup in order to allow an automatic authentication? I don't understand who needs what kind of keys.
The Jenkins CLI Wiki says to configured a /me/configure user. I just don't see how this makes sense. I guess this was meant to be for use cases where someone tries to build a SSH connection from a remote machine, not from the Jenkins itself, as in my case.
Actually, i solved it myself:
I had both a private and public key on the Jenkins-Server (incase you don't have those, just generate them on the server machine that the Jenkins runs on (there are tons of tutorials on how to do so out there)).
To allow what i was trying in my question, i had to take the public key and enter it in some user existing for the jenkins-application.
As far as i understand, entering the Jenkins Servers public key in any user will make the SSH request authenticate as this user and thus the shell will have the rights of said user.
I have an Ant script that I use to populate/prepare a database. All I need is to set the host, port and credentials for the database. It works fine for MySQL and DB2, the DB just need to be reachable from were the script is executed.
The DB service in Bluemix gives me a DB with an IP (75.x.x.x) that is only reachable from the internal network of Bluemix, it is not accessible externally.
My understanding is that my ant script needs to be executed from inside the Bluemix network/servers.
How can I do that?
What would be the alternatives?
I'm considering to create a NodeJS script to trigger that ant internally, but I'm not sure if it will work properly.
dashDB always had the ability for local clients (outside of Bluemix) to connect to the cloud database, and SQL Database later added the feature as well. So you should be able to populate a database as long as you have the correct driver client installed on your local machine.
Can you provide more details on how you tested that the IP is not reachable? Is there a firewall put in place between your local machine and Bluemix? Note that ping is not a good test because the port is blocked for security reasons. You may try the JDBC port indicated on the connection page from the console.
See link for instructions on how to make a connection:
https://www.ng.bluemix.net/docs/#services/SQLDB/index.html#connecting-to-sqldb
You might be able to use a simple custom buildpack. You can start with a sample like this one:
https://github.com/dmikusa-pivotal/cf-test-buildpack
fork it and modify the bin/compile script to run your ant task instead. Then put your ant script (and probably executable as I expect it is not installed in the Bluemix environment) in a directory and run
cf push <appname> -b <your forked git url>
To push it to Bluemix and run it. If you're just using it once you can probably get away with hard-coding the address and credentials, or else you can bind to the same service instance and get the info from VCAP_SERVICES.
I have one windows service which will use plink.exe for SSH connection and I found that Plink cannot find the running Pageant.
Here is the steps I have done so far.
Install Windows service to run as particular user
Before starting Windows service, I log in as that user and start Pageant with PuTTY generated key.
Then I start the Windows service (but I can't manage to make it work since Plink cannot find Pageant and server reply as No supported authentication methods available.)
Note: If I run Windows service as console application with that user, everything is working fine.
PLink will be run in Service session (Session\0) while pageant runs in user session (Session\1). Plink uses some interprocess communication which, as it looks from your problem, doesn't work across sessions. Most likely there's MMF communication inside and objects are created without prefix, i.e. they become session-only (not global). You would need to build custom version of plink to solve the problem.
Pageant explicitly allows feeding keys to an application (PuTTY, PSFTP, PSCP, WinSCP, FileZilla) running in the same Windows session only. This is obviously for security reasons, not to allow a different user on the same machine hijack private keys loaded by another users. And even for convenience (ironically), so that you do not inadvertently use keys of a different user (leading possibly to having your account locked due to invalid login attempts).
Also note that the Pageant is not intended for an automation anyway. For the automation, use the private key explicitly, using the -i command-line parameter.
See https://the.earth.li/~sgtatham/putty/latest/htmldoc/Chapter3.html#using-cmdline-identity
Such private key have to be unencrypted. Note that this imposes security risk, if someone gains access to the key. You should consider restricting an access to the unprotected private key file to the local account that runs the script only (using Windows file system permissions).
As #Eugene point out, it is Session 0 Isolation.
I managed to solve the issue by not using agent but directly passed the private key and password to plink.exe. By doing that, I'm able to run without using pageant.
To start plink.exe without agent;
plink.exe -noagent -i private_key.ppk -pw mypassword -P 1234 user#host.com
can any one help me
how to copy file from unix Windoes system to windows UNIX using ant?
Thanks in advance
EDIT
Let me explain in detail what I am looking for I want to copy file from windows to unix machine (correcting my previous question not from unix to windows) using ANT. I thought of using ftp task.
Before that as a check I tried to ftp unix sever from windows but it gave connection refused error(Do I need to provide my username and password,if that is the case what is the syntax).
But I am able to connect through putty which asks for my user name and password. Does putty uses a different protocol.
So if that is the case does ftp task works for me in ANT?. If not what task I need to use?
You have a couple of options.
If you have a windows shared drive mounted on your windows you can simply use the task.
<copy>
http://ant.apache.org/manual/Tasks/copy.html
If you don't you'll need to set up some service in the Windows side, probably FTP, if that's the case you'll need to use the task:
<ftp>
http://ant.apache.org/manual/Tasks/ftp.html
EDIT
As per your comment, this is all you need:
http://ant.apache.org/manual/Tasks/ftp.html
Take a look at your server ( UNIX ) FTP configuration, compare it with the one you're using in putty.
The protocol should be the same, but unless you give us your FTP server IP + User/Password we won't be able to test it for you.
The link I posted has the needed configuration and examples on how to connect to an UNIX server using FTP. Just, try it.
Probably the simplest option (if you are going from Windows -> Unix) is the Ant SCP task (which will use the same underlying type of connection PuTTY uses -- SSH). See the Ant SCP Task for details. Note that this will require that you have JSch here.
ant scp task can be set up to use passwordless ssh if you set it up with an appropriate key file.
So first make sure you can ssh to the windos server without putting your password into the shell. here is a good set of tutorial for doing it unix to unix http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html . Haven't tried setting up a windows machine, so not too sure how that would work though.
<scp file="file.zip" dir="${userid}#${server}:${remotedir}" keyfile="${env.HOME}/.ssh/id_rsa" passphrase=""/>