• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

password

GCP Windows Password Reset

February 14, 2022

Instead of the GCP Console, you can reset Windows Server password via gcloud.

gcloud compute reset-windows-password server-name \
--zone us-central1-a \
--project project-id

gcloud compute reset-windows-password server-name \ --zone us-central1-a \ --project project-id

Username and password will generated.

Filed Under: Cloud Tagged With: gcloud, gcp, password, reset, windows

GCP Reset Windows Password

February 4, 2022

How to reset password of a GCP Compute Engine running on Windows OS.

gcloud compute reset-windows-password servername \
--zone us-central1-a \
--project your-project-id

gcloud compute reset-windows-password servername \ --zone us-central1-a \ --project your-project-id

Output

This command creates an account and sets an initial password for the
user [firstname_lastname] if the account does not already exist.
If the account already exists, resetting the password can cause the
LOSS OF ENCRYPTED DATA secured with the current password, including
files and stored passwords.
 
For more information, see:
https://cloud.google.com/compute/docs/operating-systems/windows#reset
 
Would you like to set or reset the password for [firstname_lastname]
(Y/n)?  y
 
Resetting and retrieving password for [firstname_lastname] on [servername]
Updated [https://www.googleapis.com/compute/v1/projects/your-project-id/zones/us-central1-a/instances/servername].
WARNING: Instance [servername] does not appear to have an external IP
address, so it will not be able to accept external connections.
To add an external IP address to the instance, use
gcloud compute instances add-access-config.
password: xxxxxxxxxxxxxxx
username: firstname_lastname

This command creates an account and sets an initial password for the user [firstname_lastname] if the account does not already exist. If the account already exists, resetting the password can cause the LOSS OF ENCRYPTED DATA secured with the current password, including files and stored passwords. For more information, see: https://cloud.google.com/compute/docs/operating-systems/windows#reset Would you like to set or reset the password for [firstname_lastname] (Y/n)? y Resetting and retrieving password for [firstname_lastname] on [servername] Updated [https://www.googleapis.com/compute/v1/projects/your-project-id/zones/us-central1-a/instances/servername]. WARNING: Instance [servername] does not appear to have an external IP address, so it will not be able to accept external connections. To add an external IP address to the instance, use gcloud compute instances add-access-config. password: xxxxxxxxxxxxxxx username: firstname_lastname

Filed Under: Cloud Tagged With: compute, gcp, password, reset, set, windows

Allow Key Access for user in SSH

January 16, 2022

Allow shared key access only for one user in SSH.

Disable the password authentication for one user in your SSH config. Edit /etc/ssh/sshd_config.

Match User username
  PasswordAuthentication no

Match User username PasswordAuthentication no

Restart the SSH service.

service ssh restart

service ssh restart

Copy user’s public key to the destination server’s authorized file in ~/.ssh/authorized_keys.

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

Back on your client, login via SSH. User will not be prompted for password since public key is already authorized on server.

ssh username@server

ssh username@server

Filed Under: Linux Tagged With: authentication, key, password, ssh

Run MySQL in a Docker container

December 12, 2021

How to run MySQL commands in a Docker container.

#!/bin/bash
set -a; source <(cat .env | sed -e '/^#/d;/^\s*$/d' -e "s/'/'\\\''/g" -e "s/=\(.*\)/='\1'/g"); set +a
docker exec wp_db mysql -uroot -p${MYSQL_PASSWORD} -e " \
use db1; \
select * from wp_options where option_name='siteurl'; \
select * from wp_options where option_name='home';" 2>/dev/null

#!/bin/bash set -a; source <(cat .env | sed -e '/^#/d;/^\s*$/d' -e "s/'/'\\\''/g" -e "s/=\(.*\)/='\1'/g"); set +a docker exec wp_db mysql -uroot -p${MYSQL_PASSWORD} -e " \ use db1; \ select * from wp_options where option_name='siteurl'; \ select * from wp_options where option_name='home';" 2>/dev/null

  • The first command loads the content of .env to environment variables.
  • The MySQL password can then be used using the ${MYSQL_PASSWORD} variable.
  • I’m using sed to get around the special characters in the password.
  • The second command runs docker exec on wp_db container.
  • The last 3 commands are the actual sql commands.
  • We are selecting to use the db1 database.
  • Then we run select statements from the wp_options table.
  • Finally, 2>/dev/null suppresses errors and warning to null.

Filed Under: Cloud, Linux Tagged With: database, docker, environment, exec, mysql, password, select, tables

Wiki SSL Certificate Location

November 12, 2021

Here’s where the Wiki keeps its SSL certificate keys.

/etc/pki/tls/certs/yourdomain.crt
/etc/pki/tls/private/yourdomain.key

/etc/pki/tls/certs/yourdomain.crt /etc/pki/tls/private/yourdomain.key

In some cases, SSL needs to be converted so it doesn’t prompt you for a password if you restart Apache.

Conversion

openssl rsa -in /etc/pki/tls/private/yourdomain.key.new -out /etc/pki/tls/private/yourdomain.key.new_no_pass

openssl rsa -in /etc/pki/tls/private/yourdomain.key.new -out /etc/pki/tls/private/yourdomain.key.new_no_pass

Filed Under: Linux Tagged With: apache, certificate, location, password, ssl, wiki

BitWarden

March 11, 2021

I changed password managers from LastPass to BitWarden the other day. Migrating your credentials requires exporting and importing a CSV file from one program to another. It was an easy transition. Everything seems to work. As you may be aware, LastPass decided to make their free account limited to just one device. Customers will need to choose which device to use, whether desktop or mobile. Not both. If you want it on multiple devices, you’ll need to fork up $3 per month. It is not that expensive, but there are other alternatives. A few recommend BitWarden. It will let you sync to all devices for free. It was an easy choice.

Filed Under: Misc Tagged With: bitwarden, lastpass, managers, password

Change MySQL User Password

November 29, 2020

This is a very simple command to run. Login to MySQL first and run the following the command line.

ALTER USER username IDENTIFIED BY 'password';

ALTER USER username IDENTIFIED BY 'password';

Flush privileges for changes to take effect.

flush privileges;

flush privileges;

Filed Under: Linux Tagged With: alter, change, mysql, password, user

AWS IAM Self Manage Policy

July 28, 2020

Here’s the permission needed for an AWS user to manage their own IAM account. The policy allows them to view their own account information, change their own passwords, rotate access keys and certificates, and manage their own git credentials.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowViewAccountInfo",
            "Effect": "Allow",
            "Action": [
                "iam:GetAccountPasswordPolicy",
                "iam:GetAccountSummary"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowManageOwnPasswords",
            "Effect": "Allow",
            "Action": [
                "iam:ChangePassword",
                "iam:GetUser"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnAccessKeys",
            "Effect": "Allow",
            "Action": [
                "iam:CreateAccessKey",
                "iam:DeleteAccessKey",
                "iam:GetAccessKeyLastUsed",
                "iam:ListAccessKeys",
                "iam:UpdateAccessKey"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnSigningCertificates",
            "Effect": "Allow",
            "Action": [
                "iam:DeleteSigningCertificate",
                "iam:ListSigningCertificates",
                "iam:UpdateSigningCertificate",
                "iam:UploadSigningCertificate"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnSSHPublicKeys",
            "Effect": "Allow",
            "Action": [
                "iam:DeleteSSHPublicKey",
                "iam:GetSSHPublicKey",
                "iam:ListSSHPublicKeys",
                "iam:UpdateSSHPublicKey",
                "iam:UploadSSHPublicKey"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnGitCredentials",
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceSpecificCredential",
                "iam:DeleteServiceSpecificCredential",
                "iam:ListServiceSpecificCredentials",
                "iam:ResetServiceSpecificCredential",
                "iam:UpdateServiceSpecificCredential"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowViewAccountInfo", "Effect": "Allow", "Action": [ "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary" ], "Resource": "*" }, { "Sid": "AllowManageOwnPasswords", "Effect": "Allow", "Action": [ "iam:ChangePassword", "iam:GetUser" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnAccessKeys", "Effect": "Allow", "Action": [ "iam:CreateAccessKey", "iam:DeleteAccessKey", "iam:GetAccessKeyLastUsed", "iam:ListAccessKeys", "iam:UpdateAccessKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnSigningCertificates", "Effect": "Allow", "Action": [ "iam:DeleteSigningCertificate", "iam:ListSigningCertificates", "iam:UpdateSigningCertificate", "iam:UploadSigningCertificate" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnSSHPublicKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "AllowManageOwnGitCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ListServiceSpecificCredentials", "iam:ResetServiceSpecificCredential", "iam:UpdateServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" } ] }

Filed Under: Cloud Tagged With: access, account, aws, certificates, change, credentials, git, iam, keys, manage, password, rotate

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023