Sunday, December 31, 2017

ssh error "UNPROTECTED PRIVATE KEY FILE!"

My environment:

  • Windows 10 with powershell
  • chefdk-2.4.17-1
  • vagrant_2.0.1
  • VirtualBox-5.2.4
  • OpenSSH_7.6p1
  • "kitchen create" succeeded with a simple apache recipe, and "kitchen list" showed the instance was created

My Problem:

When run "kitchen login", I got error "UNPROTECTED PRIVATE KEY FILE!". The full error message is as following. It's version related, but similar error should have same root cause.

PS > kitchen login
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for '.../.kitchen/kitchen-vagrant/default-centos-72/.vagrant/machines/default/virtualbox/private_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key ".../.kitchen/kitchen-vagrant/default-centos-72/.vagrant/machines/default/virtualbox/private_key": bad permissions
vagrant@127.0.0.1's password:

Root Cause:

"kitchen login" executed 'ssh' commands, and 'ssh' is complaining the private key file is too open, others can read it, not secure so it refused to use it.

My Solution:

Set the proper permission using ACL. The idea is to use 'ssh-keygen' to generate a private key file which will have the proper ACL, then match previous private key file's ACL to this one. I assume you are in the directory which hosts keyfile 'private_key', and the following is running as administrator. After this, the 'kitchen login'/ssh doesn't complain anymore, and login successfully. This can also serve as a way to change file permission in powershell command line.

ssh-keygen -f C:\Windows\Temp\id_rsa -N dumppass
$Acl = Get-Acl C:\Windows\Temp\id_rsa
Set-Acl .\private_key $Acl

running root with error: cannot open file "iostream" (tmpfile)

running root, got the error message

 Error: cannot open file "iostream"  (tmpfile):2:
*** Interpreter error recovered ***
Error: cannot open file "DllImport.h"  (tmpfile):2:
*** Interpreter error recovered ***

Normally it's because you use the --prefix=dirname but without set the ROOTSYS environment first.

chef "kitchen login" failed with "ssh (Errno::ENOENT)"

My environment:

  • Windows 10 with powershell
  • chefdk-2.4.17-1
  • vagrant_2.0.1
  • VirtualBox-5.2.4
  • "kitchen create" succeeded with a simple apache recipe, and "kitchen list" showed the instance was created

My Problem:

When run "kitchen login", I got error "No such file or directory - ssh (Errno::ENOENT)". The full error message is as following. It's version related, but similar error should have same root cause.

 PS > kitchen login
C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:217:in `exec': No such file or directory - ssh (Errno::ENOENT)
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/instance.rb:217:in `login'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/command/login.rb:36:in `call'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/cli.rb:52:in `perform'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/cli.rb:252:in `login'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/bin/kitchen:13:in `block in '
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/lib/kitchen/errors.rb:171:in `with_friendly_errors'
        from C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.19.2/bin/kitchen:13:in `'
        from C:/opscode/chefdk/bin/kitchen:267:in `load'
        from C:/opscode/chefdk/bin/kitchen:267:in `
'

Root Cause:

"kitchen login" is complaining that when it tried to run 'ssh' command, it didn't find it and failed. You can directly type 'ssh' in powershell, and you will be told that it's not recognized.

My Solution:

You can install any ssh client, as long as when you type 'ssh' in powershell, it prompts you a usage, then this problem of 'kitchen login' will be gone. In my case, I followed https://codehollow.com/2017/06/ssh-for-windows-powershell/ , installed "Open SSH for Powershell". I have to install chocolatey first followed the instruction.

Set-ExecutionPolicy Unrestricted
iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex
choco install openssh                # installs open ssh
refreshenv                           # reloads the environment variables 

Friday, May 1, 2015

把《爱情保卫战》youtube上的link post到文学城的帖子中

1. go to official site https://www.youtube.com/user/aqbwz

 2. click on a specific link, copy the string after "watch?v=" in the address bar. e.g., for the link https://www.youtube.com/watch?v=JO_9buYgos8https://www.youtube.com/watch?v=JO_9buYgos8, copy "JO_9buYgos8", and replace the "REPLACEME" in the following with the above string.
<div id="msgbodyContent"> <iframe allowfullscreen="" frameborder="0" height="360" scrolling="no" src="https://www.youtube.com/embed/REPLACEME?rel=0&amp;wmode=transparent" style="z-index: 0;" width="420"></iframe></div> Source: <a href="https://www.youtube.com/playlist?list=PLV_mg9JwNeM_oH148F-zdPplN0hSCAkMV">Youtube</a><br /> HOWTO: <a href="http://computerlearningnotes.blogspot.com/2015/05/youtubelink-post.html">把&#12298;爱情保卫战&#12299;youtube上的link post到文学城的帖子中</a> 3. create a new 文学城 post using "HTML源代码" method (not 所见即所得), copy and paste the above red color text (replace "REPLACEME"), and you will have a video for 《爱情保卫战》.

Sunday, April 12, 2015

把《非诚勿扰》youtube上的playlist嵌入到文学城的帖子中

1. go to the playlist library https://www.youtube.com/user/JSTVFeichengwurao/playlists
2. click on a specific playlist, copy the string after "playlist?list=" in the address bar. e.g., for the link
https://www.youtube.com/playlist?list=PLtFDvh1SGFq-vqIuKujcVlRkn166XTQX6 , copy "PLtFDvh1SGFq-vqIuKujcVlRkn166XTQX6", and replace the the "REPLACEME" in the following with the above string. Please replace all other "REPLACEME" with the right subtitle
<div id="articleBody" style="font-size: 15px;"> <div id="msgbodyContent"> <iframe allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/videoseries?list=REPLACEME" width="420"></iframe></div> <br /> 非诚勿扰 Part1 REPLACEME陆毅霸气拒绝女嘉宾&#8220;搭讪&#8221; 传授婚姻保鲜秘诀 <br /> 非诚勿扰 Part2 REPLACEME陆毅曝料&#8220;第一眼看中了鲍蕾的腿&#8221; 私密短信大公开 高甜度秀恩爱羡煞旁人 <br /> 非诚勿扰 Part3 REPLACEME&#8220;帅版憨豆&#8221;爆笑相亲 意外牵手女观众上演奇妙邂逅 <br /> REPLACEME非诚勿扰 Part4 REPLACEME陆毅&#12298;非诚勿扰&#12299;授婚姻秘诀 男嘉宾再牵女观众 <br /> 非诚勿扰 Part5 REPLACEME重庆小伙帅气排球教练 陆毅坦言妻子为自己付出很多 <br /> Source: <a href="https://www.youtube.com/user/JSTVFeichengwurao/playlists">Youtube</a> <br /> HOWTO: <a href="http://computerlearningnotes.blogspot.com/2015/04/youtubeplaylist.html">把&#12298;非诚勿扰&#12299;youtube上的playlist嵌入到文学城的帖子中</a> </div>
3. create a new 文学城 post using "HTML源代码" method (not 所见即所得), copy and paste the above red color text (replace "REPLACEME"), and you will have a video for 《非诚勿扰》. It will automatically jump to next one when the current one in playlist finishes.

Wednesday, May 28, 2014

Print out all the IPs in a Subnet Using Linux Command

In my particular case, I need to print out every IPs in a subnet, I used 'nmap' command together with option '-sL', it will list the IPs in the subnet, but not actually do any scan. Here is the first 5 lines and last 5 lines of the output. I checked a /22 subnet.
# nmap -n  -sL 10.188.75.0/22 | head -5

Starting Nmap 5.51 ( http://nmap.org ) at 2014-05-28 06:39 EDT
Nmap scan report for 10.188.72.0
Nmap scan report for 10.188.72.1
Nmap scan report for 10.188.72.2

# nmap -n  -sL 10.188.75.0/22 | tail -5
Nmap scan report for 10.188.75.252
Nmap scan report for 10.188.75.253
Nmap scan report for 10.188.75.254
Nmap scan report for 10.188.75.255
Nmap done: 1024 IP addresses (0 hosts up) scanned in 0.01 seconds
 Since every line I interested has string "Nmap scan report for", I use this to select them, and also delete the first line (network itself) and last line (broadcast address). Unfortunately, there are total 1022 IPs in a /22 subnet, I don't want to display them all, so I list the first 5 IPs, and last 5 IPs.
# nmap -n  -sL 10.188.75.0/22 | sed -n '/Nmap scan report for /s/Nmap scan report for //gp' | sed '$d' | sed '1d' | head -5
10.188.72.1
10.188.72.2
10.188.72.3
10.188.72.4
10.188.72.5

# nmap -n  -sL 10.188.75.0/22 | sed -n '/Nmap scan report for /s/Nmap scan report for //gp' | sed '$d' | sed '1d' | tail -5
10.188.75.250
10.188.75.251
10.188.75.252
10.188.75.253
10.188.75.254

Sunday, March 16, 2014

Amazing intelligent Google maps

I have to say that I'm really impressed by the amazing intelligence of Google maps. Here is the story I always told to my friends so they might also like to use Google maps.

One evening, there was a natural gas leak right before the major entries of high way 78. I came from southwest, driving toward northeast. A lot of police cars blocked the road due to the natural gas leak incident. I put on Google maps after stuck in the traffic for a while (that's my daily commute, I don't need any GPS if everything was normal), and Google maps detoured me to a small road, and directed me to pass the middle barrier as shown in the green line in attached screen shot. The amazing things were:

1. This route was not allowed in a normal condition due to the heave traffic in both directions.
2. The gap between the middle barrier and Police cars were only about 100 feet.

I don't know how Google maps figured out that incredible since the incidents probably only happened 2 hours ago. One I put the Google maps on, it only took me 20 minutes to pass this point. I knew a lot of my friends were stuck there for 4 hours even some of them tried to use GPS. No any other GPS could be so intelligence as Google maps.