Thursday, August 22, 2013

SSH prompting for password even after generating the RSA keys with empty password

I struggled with this issue almost every time I wanted to login to remote hosts without entering the passwords. In some places, I used this solution because I was lazy and in some places it is a requirement such as, Hadoop setup. Anyways, the key to the solution is permissions and the steps are as under:

{USER}@machine1> rm -rf /home/{USER}/.ssh
{USER}@machine2> rm -rf /home/{USER}/.ssh /tmp/id_rsa.pub
{USER}@machine1> ssh-keygen -t rsa [Enter, Enter, Enter]
{USER}@machine1> scp /home/{USER}/.ssh/id_rsa.pub {USER}@machine2:/tmp
{USER}@machine2> mkdir /home/{USER}/.ssh
{USER}@machine2> cat /tmp/id_rsa.pub >> /home/{USER}/.ssh/authorized_keys
{USER}@machine2> chmod -R 700 /home/{USER}/.ssh
{USER}@machine1> chmod 600 /home/{USER}/.ssh/id_rsa*

{USER}@machine2> rm /tmp/id_rsa.pub
{USER}@machine1> chmod 755 /home/{USER}
{USER}@machine2> chmod 755 /home/{USER}


In above steps, replace the {USER} with your user and machine1 and machine2 with appropriate machine ip addresses.h

Please note, the steps marked in BOLD and they should have exactly the same permissions.

Wednesday, August 21, 2013

Step by Step guide to enable X11 forwarding using Cygwin

I always found a need of X11 forwarding and so writing this step by step guide for reference:

Step 1: Install Cygwin/X: I would like to take you through the minimum required packages for Cygwin/X and here are the detailed steps:

  1. Download the cygwin setup file from http://cygwin.com/install.html
  2. Run the Cygwin setup program and you will see the welcome screen.Click Next to proceed to the next screen.
  3. Choose, Install from Internet, this will still save the package files to your download directory so that you can install Cygwin on any number of machines. Click Next to proceed to the next screen.
  4. The default Install Root is c:\cygwin which should be fine for most installations. Leave Default Text File Type as UNIX. Leave Install For set to All unless you lack local administrative privileges.
  5. Click Next to proceed to the next screen.
  6. Local Package Directory should default to the directory that you ran setup.exe from.Click Next to proceed to the next screen.
  7. Choose your proxy setup, or, just choose Direct Connection if no proxy is needed.Click Next to proceed to the next screen.
  8. Select the first mirror for downloading. Click Next to proceed to the next screen; setup will download a list of available packages as it moves to the next screen.
  9. On the next screen you will select the packages that will be downloaded and installed. A listing of the Cygwin/X packages is given below; a listing of the general Cygwin packages would be beyond the scope of this document.
  10. Cygwin/X packages are located in the X11 category:
    • xorg-server (required, the Cygwin/X X Server)
    • xinit (required, scripts for starting the X server: xinitstartxstartwin (and a shortcut on the Start Menu to run it),startxdmcp.bat )
    • xorg-docs (optional, man pages)
    • You may also select any X client programs you want to use, and any fonts you would like to have available.
    • You may also want to ensure that the openssh package is selected if you wish to use ssh connections to run remote X clients.
    • You may also want to ensure that the inetutils or rsh packages are selected if you wish to use telnet or rsh connections to run remote X clients. (not recommended)
  11. Click Next to begin the download process, you may want to try another mirror if you see a "Connecting" message on this screen for a long period of time.
  12. You have now successfully installed Cygwin/X.
Step 2: On your desktop, start the XWin Server from Start > All Programs > Cygwin-X > XWin Server

Step 3: On the XWin Server window, type the following:
  1. ssh -X -C user@hostname
  2. type xclock and it should throw the xclock display
Step 4: If you need to sudo to a different user and still make the X11 work, you need to do the following (before running the sudo command):
  • xauth list
          hostname/unix:13  MIT-MAGIC-COOKIE-1  ada9344e4a990d3b05d3bf66a9948758

          hostname/unix:10  MIT-MAGIC-COOKIE-1  11b30b1d65d90e64d15d811a97b9fb20
          hostname/unix:11  MIT-MAGIC-COOKIE-1  ddaa0d9fc7da0ee5228aa459ccdf427c
  • sudo su - <>
  • echo $DISPLAY
          localhost:11.0
  • xauth add  hostname/unix:11  MIT-MAGIC-COOKIE-1  ddaa0d9fc7da0ee5228aa459ccdf427c
         11 in the $DISPLAY matches the 11 in the list of the xauth.

Now you should be able to throw the display from the remote machine to your local machine.

Tuesday, June 4, 2013

Takes too long to restart the Weblogic Managed Servers

If your Weblogic server startup takes too long, then you might be running into entropy bug that can be fixed in one of the 3 ways:

  1. Patch /jre/lib/security/java.security by replacing the line "securerandom.source=file:/dev/urandom" with "securerandom.source=file:/dev/./urandom"
  2. Add JVM argument -Djava.security.egd=file:/dev/./urandom to the startup scripts
  3. Create a symlink for /dev/urandom to point to /dev/./urandom

Monday, June 3, 2013

Updating a large table in batches

In order to update million of record using the UPDATE statement can be time-consuming and may lead to timeout errors and other issues. A better approach would be to commit the updates in batches and here is the PL/SQL recipe for doing it:

declare
   cursor c is select rowid id from <TABLE> order by rowid;
   counter NUMBER(10) := 0;
   rowids dbms_sql.urowid_table;  

begin
   dbms_output.enable;
   open c;
   loop  
      fetch c bulk collect into rowids limit 1000;
      forall i in 1..rowids.count
         update <TABLE> set date=SYSDATE
              where rowid = rowids(i);
      commit;
      counter := counter + 1;
      dbms_output.put_line('Updated batch ' || counter );
      exit when c%notfound;
   end loop;
   close c;
end;
/

The above PL/SQL would update the DATE column of the table <TABLE> in batches of 1000 and will be much faster than the traditional UPDATE statement.

Thursday, October 25, 2012

How can you timeout invocation of external endpoints from BPEL

SyncMaxWaitTime setting applies to synchronous process invocations when the process has a breakpoint in the middle of the process. If there are no breakpoints, the entire process will be executed by the client thread. If there is a breakpoint then a new thread will be spawned to continue the processing after the break. For more details, follow the link.

In order to explicitly set the timeout for the endpoints invoked from within the BPEL, use the following reference binding properties to configure timeouts while invoking external services.

<reference name="HWService">
 <interface.wsdl interface="writeHW_ptt">
 <binding.ws port="helloWS">
 <property name="oracle.webservices.httpReadTimeout" type="xs:string" many="false">10000</property>
 <property name="oracle.webservices.httpConnTimeout" type="xs:string" many="false">10000</property>
 </binding.ws>
 </reference>

 
The property "oracle.webservices.httpReadTimeout" specifies how long to wait until the target service processes the request and "oracle.webservices.httpConnTimeout" specifies the wait-time to connect to the external service.

In asynchronous invocations, you may use the Pick action for configuring the invocation timeouts.

Friday, October 19, 2012

Oracle Traffic Director : Extract Private Key to Decrypt and View SSL Snoop Data

Oracle Traffic Director (OTD) is the last software load balancer released and is based on iPlanet Web Server. It is a fast, reliable, and scalable layer-7 software load balancer that you can deploy as the reliable entry point for all HTTP and HTTPS traffic to application servers and web servers in your network. It leverage the NSS Shared DB for storing the private key and certificates for the SSL encryption and if you are looking to decrypt the SSL traffic using the private key, you would require to first extract it and the steps for it are as under:

For some reason, the pk12util that comes with OTD installation did not work for me so I have to move the cert9.db and key4.db onto my windows machine and follow the below steps:
  1. Downloaded  NSS Tools for windows from here: NSS_Tools_x86_from_NSS_3.12.7 Tools.zip into C:\
  2. Copied the key4.db and cert9.db to “C:\Users\nj\keys” folder
  3. Go to command prompt (cmd C: ) and executue  c:\pk12util.exe -o C:\Users\nj\keys\cert.p12 -d sql:C:\Users\nj\keys -n "<>" (populated on SSL >> Server Certificates on OTD Admin Console)
  4. Prompted for password, enter <>
  5. This should create a cert.p12 under keys folder
  6. Use OpenSSL to execute: openssl pkcs12 –in cert.p12 –out private.key –nocerts –nodes
  7. Prompted for password, enter <>
  8. private.key file should be created in the folder

 
 


 

Thursday, October 18, 2012

Cisco VPN error : The VPN Client was unable to setup IP Filtering

If you are getting an error "The VPN Client was unable to setup IP Filtering" when trying to use the Cisco Any Connect client then here is the solution for you:
  1. Save the file "BFE.reg" locally and then execute the file by double clicking
  2. Click Start > Run > regedit
  3. Browse to “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy”
  4. Right click on “Policy” and select permission
  5. In the "Permissions for Policy" window, select advanced
  6. Unselect “Include inheritable permission from this object’s parent”
  7. Select Add from the Windows Security popup box
  8. Remove Users and CREATOR OWNER
    • Select Add button
    • Enter in "NT Service\BFE" and select OK
    • Give the Object the following Allow permissions: Query Value, Set Value, Create Subkey, Enumerate Subkeys, Notify, and Read Control
    • Select OK to close all of the boxes
  9. Reboot Windows
  10. Connect with AnyConnect to test the connection

Search This Blog