Stardom Solutions: October 2020

Tuesday 13 October 2020

How to Setup Passwordless SSH Login

Secure Shell (SSH) is a cryptographic network protocol used for secure connection between a client and a server and supports various authentication mechanisms. The two most popular mechanisms are passwords based authentication and public key based authentication.

In this tutorial, we will show you how to setup an SSH key-based authentication as well how to connect to your Linux server without entering a password

To set up a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file.

The following steps will describe the process for configuring passwordless SSH login:

Check for existing SSH key pair.
Before generating a new SSH key pair first check if you already have an SSH key on your client machine because you don’t want to overwrite your existing keys.
Run the following ls command to see if existing SSH keys are present:
```
ls -al ~/.ssh/id_*.pub
```
If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate a new one.
If you see No such file or directory or no matches found it means that you do not have an SSH key and you can proceed with the next step and generate a new one.
Generate a new SSH key pair.
The following command will generate a new 4096 bits SSH key pair with your email address as a comment:
```
ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
```
Press Enter to accept the default file location and file name:
```
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
```
Next, the ssh-keygen tool will ask you to type a secure passphrase. Whether you want to use passphrase it’s up to you, if you choose to use passphrase you will get an extra layer of security. In most cases, developers and system administrators use SSH without a passphrase because they are useful for fully automated processes. If you don’t want to use a passphrase just press Enter.
```
Enter passphrase (empty for no passphrase):
```
The whole interaction looks like this:
1. To be sure that the SSH keys are generated you can list your new private and public keys with:
```
ls ~/.ssh/id_*
```
```
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub
```
2. Copy the public key
  Now that you have generated an SSH key pair, in order to be able to login to your server without a password you need to copy the public key to the server you want to manage.
  The easiest way to copy your public key to your server is to use a command called ssh-copy-id. On your local machine terminal type:
```
ssh-copy-id remote_username@server_ip_address
```
  You will be prompted to enter the remote_username password:
```
remote_username@server_ip_address's password:
```
  Once the user is authenticated, the public key will be appended to the remote user authorized_keys file and connection will be closed.
  If by some reason the ssh-copy-id utility is not available on your local computer you can use the following command to copy the public key:
```
cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
```
3. Login to your server using SSH keys
  After completing the steps above you should be able log in to the remote server without being prompted for a password.
  To test it just try to login to your server via SSH:
```
ssh remote_username@server_ip_address
```
  If everything went well, you will be logged in immediately.

Saturday 10 October 2020

How to forward multiple ports from Vagrant VM to host machine

You can forward as many ports as you want from Vagrant Virtual machine to your host machine (if those ports are not used by the host), by configure them in VagrantFile as following:

# for Redis
config.vm.network "forwarded_port", guest: 6379, host: 6379
# for HTTP
config.vm.network "forwarded_port", guest: 80, host: 80
# for MySQL
config.vm.network "forwarded_port", guest: 3306, host: 3306

If you want to forward a range of ports, for loop also can be used like this:

for i in 81..89
          config.vm.network :forwarded_port, guest: i, host: i
end

for i in 8080..8089
          config.vm.network :forwarded_port, guest: i, host: i
end

Thursday 8 October 2020

Ansible: Generate Crypted Passwords for the User Module

The user module can be used to create user accounts and set passwords.

The Problem

How to use the user module to set passwords for Linux accounts? This is something that took me a while to figure out. Luckily, there is a reference to Ansible FAQ in ansible-doc.

The Solution: Hashing Filters

The answer is taken from Ansible FAQ. To get a sha512 password hash with random salt, we can use the following:

{{ 'password' | password_hash('sha512') }}

Let us store the plaintext password in Ansible vault:

$ ansible-vault view my_vault.yml
Vault password: 
my_password: myPlaintextPassword

Our playbook that uses the vault file my_vault.yml will look something like this:

---
- name: Create New Users
  hosts: all
  become: true
  gather_facts: false
  vars_files:
    - my_vault.yml
  tasks:
    - name: Create Users
      user:
        name: "{{ item }}"
        password: "{{ my_password | password_hash('sha512') }}"
        shell: /bin/bash
      loop:
        - alice
        - vincent

Note that while the playbook does the job, it’s not idempotent. The password hash will be generated every time the playbook is run, and the /etc/shadow file will be updated.

To make the playbook idempotent, set update_password: on_create. This will only set the password for newly created users.

---
- name: Create New Users
  hosts: all
  become: true
  gather_facts: false
  vars_files:
    - my_vault.yml
  tasks:
    - name: Create Users
      user:
        name: "{{ item }}"
        password: "{{ my_password | password_hash('sha512') }}"
        shell: /bin/bash
        update_password: on_create
      loop:
        - alice
        - vincent

Tuesday 6 October 2020

html mail sent using Python

Sample Python code to send HTML email to recipients. This post assume you already have SES authentication enabled on your EC2 instance to send emails.

import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
with open("TestResults.html") as f:
    file_content = f.read().rstrip("\n")
msg = MIMEMultipart('alternative')
recipients = 'venkatesh.madala@gmail.com'
html_format = MIMEText(file_content, 'html')
msg['Subject'] = "Test Email"
msg['To'] = recipients
msg.attach(html_format)
mail=smtplib.SMTP('kgjg')
mail.ehlo()
mail.sendmail('test@gmail.com',recipients.split(','),msg.as_string())
mail.close()

Saturday 3 October 2020

How to push maven artifacts to Nexus Repository

In this post we will discuss mainly on how we can push maven artifacts to Nexus repository.

In the pom.xml file please add below content. Please replace {{ NEXUS_HOST }} and {{ NEXUS_PORT }}as per your environment setup.

<id>maven-snapshots</id>

<url>http://{{ NEXUS_HOST }}:{{ NEXUS_PORT }}/repository/maven-snapshots/</url>

</snapshotRepository>

<id>maven-releases</id>

<url>http://{{ NEXUS_HOST }}:{{ NEXUS_PORT }}/repository/maven-releases/</url>

</repository>

</distributionManagement>

Add below lines in plugins section in pom.xml

<artifactId>maven-deploy-plugin</artifactId>

<id>default-deploy</id>

<phase>deploy</phase>

<goals>

<goal>deploy</goal>

</goals>

</execution>

</executions>

</plugin>

To Authenticate with Nexus we need to provide creds in settings.xml. Please add below content in settings.xml. Please update {{NEXUS_USERNAME}} and {{NEXUS_PASSWORD}} as per your environment.

Under <servers> section please add below content and save file.