Archive
Error – gpg: cancelled by user/gpg: Key generation canceled.
While generating gpg key, I was getting error where the screen automatically goes off and the control immediately comes back stating below
gpg: cancelled by user
gpg: Key generation canceled.
-bash-4.2$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: svc_WellsFargo
Email address: user@domain.com.com
Comment:
You selected this USER-ID:
"svc_WellsFargo <user@domain.com.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
gpg: cancelled by user
gpg: Key generation canceled.
Solution Applied: It bugged a lot and finally googled the solution (putting it here for the sake of everyone)
As a root user, run below command
$ chmod o+rw $(tty)
Happy reading !!!
Anand M
TNSPing & SQLPlus just hang without errors
Usually, when you connect to Oracle, you get errors that give you some feedback on what is happening.
Today, I got an issue where when trying to connect to SQLplus or even running a tnsping command was hanging. Not getting any error to start the troubleshooting. The issue was definitely some sort of connectivity but not able to point it out
In our case, we use “nameserver” in addition to tnsnames.ora. Our sqlnet.ora file looks like this:
NAMES.DIRECTORY_PATH= (ONAMES,TNSNAMES)
I needed to trace my “tnsping” command to see where it is getting hung.
To troubleshoot the issue with tnsping hanging, all you need to do is add these settings in sqlnet.ora to trace tnsping
TNSPING.TRACE_LEVEL = ADMIN
TNSPING.TRACE_DIRECTORY =/d01/abc/product/8.0.6/network/admin
My being a linux box and hence the path. You may need to modify according to your OS and directory
I ran the “tnsping” to the same Oracle SID again, a trace file “tnsping.trc” got generated in the path defined in the above “TNSPING.TRACE_DIRECTORY” variable.
Careful review of the trace file revealed that he connection was having an issue with the “name server” defined in my sqlnet.ora file.
I asked the Oracle DBA to confirm if the “name server” is started and she confirmed that it is not. Once she started the “name server”, tnsping command went successfully and I was able to connect to SQLplus.
Hope this helps you in some way.
Happy learning!!!
-Anand M
PGP key generation using gpg 1.4.5 on Linux
Step 1 – Confirm GPG version
$gpg -help gpg (GnuPG) 1.4.5 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details.
Step 2 – Start generating gpg key
$ gpg --gen-key gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 5 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: <User ID for which the key is being generated> Email address: <Valid mail ID> Comment: You selected this USER-ID: "<User ID provided earlier> <Mail ID>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. You don't want a passphrase - this is probably a *bad* idea! I will do it anyway. You can change your passphrase at any time, using this program with the option "--edit-key". We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 276 more bytes) ....+++++ ..+++++ gpg: key 193EAC92 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 2048R/193EAC92 2016-11-15 Key fingerprint = F7B1 F82D 8DA3 850B 5F8A 5905 B93D 5AF3 193E AC92 uid <User ID provided earlier> <Mail ID> Note that this key cannot be used for encryption. You may want to use the command "--edit-key" to generate a subkey for this purpose.
Step 3 – List your keys
$ gpg -k /home/.gnupg/pubring.gpg ----------------------------------------- pub 2048R/193EAC92 2016-11-15 uid <User ID provided earlier> <Mail ID>
Step 4 – Export the public key in ASCII format
$ gpg --armor --output <User ID>-pub.asc --export '<User ID>' $ $ ls -ltr -rw-rw-r-- 1 xxx xxxyy 979 Nov 15 09:28 -pub.asc $ cat <User ID>-pub.asc -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux) mQENBFgrKJYBCADMiFYMrVbhl7HH/WLPqPN5SSSaxv5go92m9LjcLysU0Vd9+JTi hck+8zy3wutY4Q6QK61Zlx72J/Va+4hcv8tMKaJjWfhEGbXV54yKNjNoSM20BtuO AC5+Z4/2UWA3xh3S1JPRRiV3KDO0MTM2JdhH9sufkhpBsLdJd+jFq+X8o633hqAk xK75ihNYyof0Pi8VqGJdmaEwgzy1/bXIYeH8wbivC7yx6Kg84oF5Znii50tP6Grq JygEcnyVjrfS6frsnO4uIBQEuFFoqLGHBohWKQqwkRU6Sd6KTIFkdN6E/SE1XelF EDMURzDczxsQYaNH1A5QRLNxAC2Zm+uCt76bABEBAAG0NHN2Y19Xb3JrZGF5X3Nm dHAgPGFuYW5kLm1hbmRpbHdhci1zY0BhaXJsaXF1aWRlLmNvbT6JATYEEwECACAF AlgrKJYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRC5PVrzGT6skkMmB/4m SxJJ/cgPBcMArpUpsargl/g4SOVuH1RKIBi+Sjqt1n7ioW3zfceUxEz0u3t76KaN 4+ndKrCxxCokL8xOu0Qgq1tQtdl5MiONwJ7hvxa459U7qjDE9joj/4WcnxZVIYhj 5+ZPxdR+dfiFmJDyIkln1wUnB8RmAov/hzNCvx50nmLJUIVM6C+e3VWyDqDx66Uh vHUPpLY+wk/d+qyHeldk4nqa5z+A6Oh3ZB1qcc9h9mEd3tDHQLZiaiqXst0pFQB+ 3X9QiSektAXrKSIuOf7Bky4DjDfpoCWuSDDpTaF1IIUTv3YrosbyRamAJ3fAu39x ltW8BKpKP3nJWKmWmw7i =EkgV -----END PGP PUBLIC KEY BLOCK----- $
How to copy PGP public and private key from one machine (Linux here) to other Linux.
Step# 1: Export private secret key on the source machine
$ gpg --export-secret-keys -a <key_ID> > myfilename_private_key.asc
key_ID – when you list the key using “gpg -k”
pub 4096R/AD761536 2017-03-29
uid <User_Name> <username@domain.com>
sub 4096R/B045ADCF 2017-03-29
AD761536 – this is the key_ID
Step# 2: Export public secret key
$ gpg --export -a <key_ID> > myfilename_public_key.asc
Step # 3: SCP these 2 files to the target server – where you want to copy the PGP keys (in my case it is other Linux server)
Step # 4: Import the private and public key copied in Step# 3 on the target machine.
$ gpg --import myfilename_private_key.asc gpg: key ADC61536: secret key imported gpg: key ADC61536: public key "<User_name> <username@domain.com>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: secret keys read: 1 gpg: secret keys imported: 1 $ gpg --import myfilename_public_key.asc <-- this is for public key gpg: key ADC61536: "<User_name> <username@domain.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1
Step # 5: Change the trust level
Now you need to change the “trust” level of the private key thus imported to new server
$ gpg --edit-key username@domain.com gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/ADC61536 created: 2017-03-29 expires: never usage: SC trust: unknown validity: unknown sub 4096R/B044ADFF created: 2017-03-29 expires: never usage: E [ unknown] (1). <User_name> <username@domain.com> gpg> trust pub 4096R/ADC61536 created: 2017-03-29 expires: never usage: SC trust: unknown validity: unknown sub 4096R/B033456FF created: 2017-03-29 expires: never usage: E [ unknown] (1). <User_name> <username@domain.com> Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y pub 4096R/ADC61536 created: 2017-03-29 expires: never usage: SC trust: ultimate validity: unknown sub 4096R/B033456FF created: 2017-03-29 expires: never usage: E [ unknown] (1). <User_name> <username@domain.com> Please note that the shown key validity is not necessarily correct unless you restart the program. gpg> quit
Now if you list the keys using “gpg -k”, you will find the PGP key ID and associated details are exactly the same as that of the source server.
Happy reading.
-Anand M
How to Generate SSH key in Linux
Some or the other times, there is a need to have a SSH key generated to allow traffic from/to different server. Today I created a SSH key on LINUX machine.
You need to run the command “ssh-keygen -t dsa” on the command prompt.
applerp.R12VIS.adc-al-lnx45>ssh-keygen -t dsa Generating public/private dsa key pair Enter file in which to save the key (/home/applerp/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/applerp/.ssh/id_dsa. Your public key has been saved in /home/applerp/.ssh/id_dsa.pub. The key fingerprint is: 48:80:4f:8f:0a:7b:27:e4:82:a0:33:ab:89:48:67:ed <a href="mailto:applerp@adc-al-lnx45.am.corp.airliquide.com">applerp@adc-al-lnx45.am.corp.airliquide.com</a> <em>applerp.R12VIS.adc-al-lnx45></em>
If you need to create 4k RSA SSH key, issue the below command
ssh-keygen -t rsa -b 4096
And once the key is generated, if you would like to view the fingerprint, issue below command
ssh-keygen -lf <complete_path_of_public_key>/id_rsa.pub
-Anand
Passwordless SSH login
Many times requirement comes from development team that they need to login to remote server for some activity – be it ‘ftp’ or ‘copy’ or ‘writing’ on the remote server. In such cases, it is required that there is seamless and password less login from source server to target server.
I am going to discuss the way to achieve the same…
First of all be clear on
- what is the user on source server. say e.g. on application tier it is ‘applmgr’ and source server is A
- what is the user on target server – user could be same of different on target server. For my case, i would consider it to be different i.e. ‘wlshop’ and server is B
Step 1: Login to source server A using ‘applmgr’ user
Step 2: Generate public/private key pair using ssh-keygen command. This will prompt you to save the key in the default directory (/home/applmgr/.ssh/id_rsa). It will ask yo put the passsphrase. You may or may not enter the same
Step 3: Now the identification key is saved in /home/applmgr/.ssh/id_rsa and public key is saved in /home/applmgr/.ssh/id_rsa.pub
Step 4: Login to target server B using ‘wlshop’ user and create .ssh directory if not already present
Step 5: applmgr.A> cat .ssh/id_rsa.pub | ssh wlshop@B ‘cat >> .ssh/authorized_keys’. It will ask for wlshop@B password.
Step 6: Now you can login to B as ‘wlshop’ from server A without being prompted for password
applmgr.A> ssh wlshop@B
-Anand
