I am using a Plesk obsidian server. Where there are multiple domains, I want to delete or remove a particular file from all domain using some SSH command with the help of SSH terminal in Plesk.
Related
How can we pass encrypted password in SQL connection string on PowerShell?
Unable to connect SQL server with NT AUTHORITY\ SYSTEM account. What teps need to be taken to connect to SQL Server with NT Authority\System account?
As checked, I installed PSTools and extract all files in specific location and ran cmd.
With below cmd
psexec -i -s ssms.exe
After running the above cmd, I got :
couldn't install
Access denied
You dont say much about the client and what you are supposed to achieve. The part about psexec is quite hard for me to understand.
You can use credentials in two ways from local network, sql login and windows login. I assume you are attemting to use windows login.
If you, from a windows computer, run a console app or desktop app, you will connect as the user who started the app. In normal terms, you.
Since you get "NT AUTHORITY\SYSTEM", I guess you want to try as similar as possible like a Windows Service. My recommendation is to start the service as a named user "AD\MyServiceAccount". You give access to this user in SQL server.
I recommend you to read about the differences of:
NT AUTHORITY\System
NT AUTHORITY\NetworkService
AD Account
If you are not trying to debug/build a service, but just want to get some sql server data in an desktop application. Use regular tools and your personal account. If not, sql login.
If you want to use the Computer Account, you should use add AD\$ComputerAccount to ACL list on SQLserver.
Note: AD being the name of your Active Directory.
I am creating an application that runs on multiple remote Linux devices and has a central administrator to manage the devices. I am adding a feature so the user can open a terminal window in the central administrator to a remote device. It works a lot like using an SSH client to remote into a server except I am using the existing communication channel between the central administrator and the device so I do not need to use the SSH protocol at all.
I have it mostly working. I create a pseudo terminal (pty) on the device and communicate the output/input between the pty and the terminal client running on the central administrator.
The one part that I can't figure out is how SSH prompts for a username and then password using a client like putty. Is this something that the shell in the pseudo terminal prompts for or is the client doing the prompting and passing that to the SSH server?
If the shell is prompting for user and/or password, what shell command does this? I have tried many things with su and sudo but have not figured it out.
If the client is prompting before the shell is created, how does the SSH server authenticate the user and password? What library calls are used to do this?
If anyone has suggestions about where to look for this information, please share them.
PuTTY implements SSH, and part of that is implementing the authentication exchange. For servers that allow password authentication, SSH will usually prompt for a password if an initial attempt using a key failed.
This is likely a feature of PuTTY's SSH implementation. In other words, to get that prompt to appear, you must expose a valid SSH service.
If you're running a plain-text TCP service you may want to do this to at least encrypt it.
In looking through the source code for OpenSSH (https://github.com/openssh/openssh-portable) there is code in there to prompt for user and password and then authenticate the credentials. The prompting is done through the terminal interface.
So I believe the answer to my question is that my server running on the remote Linux devices need to send terminal commands to the xterm client to prompt for credentials. Then authenticate those credentials and start the pseudo terminal in the user context.
This functionality is not built into the shell and it is not built into the terminal client.
My boss forgot the password of the VPS where we host Plesk, so I changed it manually and now when I try to enter to the control panel outside the VPS I get a 500 error.
Does somebody knows where is the config of Plesk to change the windows' password?
Normally, Plesk Panel doesn't allow any manual changes on web.config file for security reasons. You should change it from ASP.Net settings under Websites&Domains tab.
If you have access to your Windows VPS server - if you need an access to the PLESK and you dont know the password - the solution is very simple - you need to access mysql database and reset the password from there:
Connect to your Windows dedicated server using Remote Desktop Connection.
From the Start menu, select Run.
In the Run dialog, type:
"%plesk_bin%\plesksrvclient" -get
http://kb.sp.parallels.com/en/473
or
https://support.managed.com/kb/a553/retrieving-and-changing-plesk-admin-password.aspx
I'm following this post http://blog.springsource.com/2009/09/28/spring-security-kerberos/ to set up a service principal on a local server which i'll be using to test the spring security integration with active directory. The server has tomcat running where i deploy my application and I access it by http://localhost:8080/myapp
Question
What should be my service provider name?
The article says:
For this to work, every web applications needs to be registered at the
Kerberos server and gets a service prinicipal and a shared secret
assigned. For web applications, the service principal must be
"HTTP/#DOMAIN". For example
"HTTP/web.springsource.com#SPRINGSOURCE.COM", if your app runs on
web.springsource.com.
Since I'm running on localhost I guess it will be HTTP/localhost#.... what do I put inplace of #SPRINGSOURCE.COM?
To Kerberos working, you should configure DNS and AD server in your network. Application server and the client machine must use the DNS and client machines must use AD authentication. Use the name "localhost" is NOT permissible. The application server may not be in the domain.
Suppose all machines in the domain then you need is:
Assign an application server dns name eg appserver (appserver.yourdomain.local)
Add the DNS name of your server applications in the area of direct and reverse DNS-server. (link)
Create a simple user in the domain and set the option "not change password" and "Password never expires is limited" (eg username myUser)
On the server, the domain controller, open a command prompt and run the following commands:
C:>setspn -A HTTP/appserver myUser
C:>setspn -A HTTP/appserver.yourdomain.local myUser
Check the correct:
C:>setspn -l myUser (if will display what you entered previously, then everything is OK)
Next, create a key file:
C:>ktpass /out C:/myUser.keytab /mapuser myUser#YOURDOMAIN.LOCAL /princ HTTP/appserver.yourdomain.local#YOURDOMAIN.LOCAL /pass +rndPass /crypto RC4-HMAC-NT /ptype KRB5_NT_PRINCIPAL /kvno 0
That's it, now you can use the file myUser.keytab and principal name HTTP/appserver.yourdomain.local in your web application
may be useful in the future:
Blank page after user cancels basic authentication
Combine custom authentication filter with spring-security-kerberos
If I want to log into a SQL Server instance using another Windows account can I do this by simply selecting "SQL Server Authentication" as my authentication mode and entering the DOMAIN/username and password for the account I want to use?
Are there any special settings that I need to set in order to get this to work?
No. 'SQL Server Authentication' works only with SQL Server logins, it won't work with a NT login. To log in as another credential have the process run as the credential you desire to run as. Use runas, most likely you want to run SSMS like this:
runas /netonly /user:domain\user "c:\program files\...\ssms.exe"
By specifying the /netonly argument your SSMS will run with the desired NT credential only for remote hosts, locally will have your local credentials. This not only preserves your SSMS environment (last used files, options etc) and doesn't require domain\user to have local priviledges, but, more importantly, it works even for a completely unrelated domain. That is if you machine is in domain foo (or not even joined to the domain) and the desired runas is in domain bar, the runas /netonly /user:bar\user ... will run just fine.
The /netonly trick works only if the SQL server host you are connecting to is remote (not on the same machine). If is local, then your runas must be locally using the desired credential, so remove the /netonly argument.
If you have Windows 7, you can add credentials for other domains via Control Panel > Administrative Tools > Credential Manager. Map your credentials to each server you want to log into.
Then, log into additional machines using Windows Authentication. I think there is a caveat - it will try to log you in to the server using your current domain/username. IF that is rejected, it will lookup any entries you have for that server in Credential Manager, and if those are valid, you will be logged in.
If I understand the question correctly, the solution it just ship + Right click on your SSMS, that will give you "connect as different user" option and that where you want to put your windows authentication. Domain\User and password.