199 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
java.sql.SQLException: IO Error: The Network Adapter could not establish the connection DSRA0010E: SQL State = 08006, Error Code = 17,002
Mon, Jul 24th 2017 27
Further adventures with Oracle database - ORA-01078 and LRM-00109
Mon, Jul 24th 2017 17
ilog.rules.teamserver.model.IlrConnectException Caused by: java.lang.NullPointerException
Sun, Jul 16th 2017 27
WebSphere Application Server - Transaction Logs - getting it wrong
Sun, Jul 16th 2017 35
XAException occurred. Error code is: XAER_RMERR (-3). Exception is:
Sun, Jul 16th 2017 33
TypeError: __add__ nor __radd__ defined for these operands
Fri, Jul 14th 2017 33
CWMCB0012W: An inconsistent configuration has been detected for data source jdbc/TeamWorksDB
Fri, Jul 14th 2017 27
Top 10
Transport Layer Security (TLS) 1.2 and SoapUI
Fri, Jun 12th 2015 49
Hmmm, macOS Sierra and XQuartz and X11
Thu, Oct 27th 2016 39
WebSphere Application Server - Transaction Logs - getting it wrong
Sun, Jul 16th 2017 35
Executing external Python/Jython scripts from within WebSphere Application Server's wsadmin tool
Thu, Feb 27th 2014 34
java.lang.UnsupportedClassVersionError: JVMCFRE003 bad major version; class=com/davehay/EmployeeServlet, offset=6
Sat, Nov 8th 2014 34
IBM BPM - "CWSCA8095W: Unable to find class..." seen during serviceDeploy process
Fri, Jul 14th 2017 33
TypeError: __add__ nor __radd__ defined for these operands
Fri, Jul 14th 2017 33
XAException occurred. Error code is: XAER_RMERR (-3). Exception is:
Sun, Jul 16th 2017 33
Hmmmm, HTTP404 and SRVE0190E seen with IBM HTTP Server and WebSphere Application Server
Fri, Nov 14th 2014 30
java.sql.SQLException: Could not commit with auto-commit set on
Fri, Jul 14th 2017 29


Synology NAS - More SSH Loveliness - Permissions and ACLs
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

Following on from my earlier posts: -



I've gone a few steps further in my understanding.

I've now got to a point where I can access the NAS using a user other than root or admin.

Having created a new user via the Web UI ( DaveHay ) which was a member of the users and administrators groups, I went through the same steps as before: -

Client-side ( macOS )

Generate a public/private key

ssh-keygen -t rsa -b 4096 -f foobar -N passw0rd

Generating public/private rsa key pair.
Your identification has been saved in foobar.
Your public key has been saved in foobar.pub.
The key fingerprint is:
SHA256:w7rpoqt07lMZNhT9GVdCOpRKEunRq9+zGb6+YHl8kC4 davidhay@Davids-GhostRider-4.local
The key's randomart image is:
+---[RSA 4096]----+
|     o*  .oo..   |
|     = +.o...    |
|    o + +o+      |
|     = + oo      |
|    . = So       |
|     + .+..      |
| . .. oE.= .     |
|. o.. .+=o+      |
|..+=.o+ .B=      |
+----[SHA256]-----+


Copy the public key to the clipboard

pbcopy < foobar.pub 

Server-side ( Synology )

Logged in as admin

ssh admin@diskstation

admin@diskstation's password: 

Switched to the root user

admin@DiskStation:~$ sudo bash
Password: 

Switched to the DaveHay user

su - DaveHay

( NOTE the above steps are required because I deliberately didn't give the user a password, as I only ever want to authenticate via a public/private key )

Create .ssh subdirectory

mkdir ~/.ssh

Create authorised keys file in .ssh

vi ~/.ssh/authorized_keys

Add public key from clipboard

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz6Nd1Zugpjbsaz0ceF8WK5ps7SExiV6bR3ITtufFd0jp+ZyIhGJY+iRMzqslGEGcrYHGWzZRUGwq+dT4rikm/3yI2usHUI7TE2pFXS0SVI0jdsSp76Yos7lTVdcRJVlVaXG6nCKPYY3zfLrgmNXwDArYUHkVotBuKeF19lXR5Uu5DvxWUCsXz1APuRaX6oylmmk9QgZGClqdn4rrPjzKguwSZpUIOFRIfIbJiEIKvfu1vrEF45QlAoxvx4BQ0Mqew7Dv9Nt/s5ByGs7w/YHwJiWDpbGx0KCMiaeuwLjuj8N/dxfh6DIllqKzEXRCniftU6hXDULKLLoQx8WZoU90kvRLob27SjcVDrdM6C1Q0yQ2OGY0/OjKl2QjFk99LmZbCvLA5hb46eQBJviM1l9BBlf6eBq0qQtADKGV2UfZb43Z32rYObyqPqQjnfYiAk1CdECtJUCCGPdXbviPfDOYKaXgseBCnLNpnAislcmvI0YsuKKTo3xz16PFvhyJel+5EEbIpZaRQTQNDPjpXqr2pzhP5vcKuh09Z/w7lFZ0oRP47SACryYgbQzTowDthJ135kW00AsGMMEP9Yz2HjqQLdZZv0NL0KZgGIxaFHXpshPuCOWK3MmYtEqoJtcSDr++JtLU+/59/b3N+BqZxYuFSoOEUMhiee3k7VMq1ZNT5/Q== davidhay@Davids-GhostRider-4.local

Client-side ( macOS )

Attempt to connect using private key

ssh -i ~/foobar DaveHay@diskstation

which immediately prompted me for a password: -

DaveHay@diskstation's password: 

As before, I went back into the Synology, and updated the directory / file permissions for the newly created .ssh subdirectory

Server-side ( Synology )

( As DaveHay, having logged on as admin and switched user via su - DaveHay )

Check current state

ls -al -R ~

.:
total 20
drwxrwxrwx+ 3 DaveHay users 4096 Jan  5 18:40 .
drwxrwxrwx+ 7 root    root  4096 Jan  5 18:32 ..
drwxrwxrwx+ 2 DaveHay users 4096 Jan  5 18:40 .ssh
-rwxrwxrwx+ 1 DaveHay users  669 Jan  5 18:40 .viminfo

./.ssh:
total 12
drwxrwxrwx+ 2 DaveHay users 4096 Jan  5 18:40 .
drwxrwxrwx+ 3 DaveHay users 4096 Jan  5 18:40 ..
-rwxrwxrwx+ 1 DaveHay users  762 Jan  5 18:40 authorized_keys

Set the .ssh subdirectory to 700

chmod 700 ~/.ssh


Set the authorized_keys file to 644 

chmod 644 ~/.ssh/authorized_keys



Check new state

ls -al -R ~

/var/services/homes/DaveHay:
total 20
drwxrwxrwx+ 3 DaveHay users 4096 Jan  5 18:40 .
drwxrwxrwx+ 7 root    root  4096 Jan  5 18:32 ..
drwx------  2 DaveHay users 4096 Jan  5 18:40 .ssh
-rwxrwxrwx+ 1 DaveHay users  669 Jan  5 18:40 .viminfo

/var/services/homes/DaveHay/.ssh:
total 12
drwx------  2 DaveHay users 4096 Jan  5 18:40 .
drwxrwxrwx+ 3 DaveHay users 4096 Jan  5 18:40 ..
-rw-r--r--  1 DaveHay users  762 Jan  5 18:40 authorized_keys

Attempt to connect using private key

ssh -i ~/foobar DaveHay@diskstation

which immediately prompted me for a password: -

DaveHay@diskstation's password: 

:-(

I added some debugging: -

ssh -v -i ~/foobar DaveHay@diskstation

which showed: -

debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: foobar
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
DaveHay@diskstation's password: 


ssh -vv -i ~/foobar DaveHay@diskstation

which showed: -

debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: foobar
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
DaveHay@diskstation's password: 

...

ssh -vv -i ~/foobar DaveHay@diskstation

debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: foobar
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

DaveHay@diskstation's password: 


Something I read online made me think about extended attributes, over and above the usual Unix permissions.

I re-visited the current state: -

ls -al -R ~

/var/services/homes/DaveHay:
total 20
drwxrwxrwx+ 3 DaveHay users 4096 Jan  5 18:40 .
drwxrwxrwx
+ 7 root    root  4096 Jan  5 18:32 ..
drwx------  2 DaveHay users 4096 Jan  5 18:40 .ssh
-rwxrwxrwx+ 1 DaveHay users  669 Jan  5 18:40 .viminfo

/var/services/homes/DaveHay/.ssh:
total 12
drwx------  2 DaveHay users 4096 Jan  5 18:40 .
drwxrwxrwx
+ 3 DaveHay users 4096 Jan  5 18:40 ..
-rw-r--r--  1 DaveHay users  762 Jan  5 18:40 authorized_keys

Yes, it was the additional plus character that made me wonder; +

As root I checked the permissions for the DaveHay user: -

ls -ale /volume1/homes/DaveHay/

total 20
drwx------+ 3 DaveHay users 4096 Jan  5 18:40 .
 [0] user:DaveHay:allow:rwxpdDaARWcCo:fd-- (level: 0)
 [1] user:DaveHay:allow:rwxpdDaARWc--:fd-- (level: 1)
 [2] user::allow:rwxpdDaARWc--:fd-- (level: 1)
 [3] user::allow:rwxpdDaARWc--:fd-- (level: 1)

d--x--x--x+ 7 root    root  4096 Jan  5 18:32 ..
drwx------  2 DaveHay users 4096 Jan  5 18:40 .ssh
-rwx------+ 1 DaveHay users  669 Jan  5 18:40 .viminfo
 [0] user:DaveHay:allow:rwxpdDaARWcCo:---- (level: 1)
 [1] user:DaveHay:allow:rwxpdDaARWc--:---- (level: 2)
 [2] user::allow:rwxpdDaARWc--:---- (level: 2)
 [3] user::allow:rwxpdDaARWc--:---- (level: 2)


and used chmod to recursively set ALL the permissions on the DaveHay user's home directory: -

chmod -R 700 /volume1/homes/DaveHay/

which removes the special attributes ( I think these may be the ACLs added by the NAS itself when I created the new user ), and validated: -

ls -ale /volume1/homes/DaveHay/

total 20
drwx------  3 DaveHay users 4096 Jan  5 18:40 .
d--x--x--x+ 7 root    root  4096 Jan  5 18:32 ..
drwx------  2 DaveHay users 4096 Jan  5 18:40 .ssh
-rwx------  1 DaveHay users  669 Jan  5 18:40 .viminfo

In other words, the extended attributes for the user have gone, apart from the parent directory ( /volume1/homes ) which is fine.

I re-tested my SSH connection: -

ssh -i foobar DaveHay@diskstation

Enter passphrase for key 'foobar': 
DaveHay@DiskStation:~$ 


In other words, I'm only now being presented with a request for the passphrase for the private key, rather than the password for the DaveHay user.

So, it was a long journey, but an enjoyable one :-)

As ever, #LifeIsGood






---------------------
http://portal2portal.blogspot.com/2017/01/synology-nas-more-ssh-loveliness.html
Jan 05, 2017
10 hits



Recent Blog Posts
27
java.sql.SQLException: IO Error: The Network Adapter could not establish the connection DSRA0010E: SQL State = 08006, Error Code = 17,002
Mon, Jul 24th 2017 3:56p   Dave Hay
I saw this: -The test connection operation failed for data source BPM Business Process Choreographer data source on server nodeagent at node Node1 with the following exception: java.sql.SQLException: IO Error: The Network Adapter could not establish the connection DSRA0010E: SQL State = 08006, Error Code = 17,002. View JVM logs for further details.whilst testing JDBC data sources configured to connect to a newly-minted Oracle 12c database.I checked the Oracle box to ensure that the listener was
17
Further adventures with Oracle database - ORA-01078 and LRM-00109
Mon, Jul 24th 2017 2:58p   Dave Hay
Having installed Oracle 12c ( 12.2.0.1.0 ) today, I was somewhat concerned when I tried to start my database: -sqlplus / as sysdbaSQL*Plus: Release 12.2.0.1.0 Production on Mon Jul 24 14:04:56 2017Copyright (c) 1982, 2016, Oracle. All rights reserved.Connected to an idle instance.SQL> startup ORA-01078: failure in processing system parametersLRM-00109: could not open parameter file '/home/oracle/app/oracle/product/12.2.0/dbhome_1/dbs/initorcl.ora'SQL> quitDisconnectedI checked the offen
27
ilog.rules.teamserver.model.IlrConnectException Caused by: java.lang.NullPointerException
Sun, Jul 16th 2017 4:04p   Dave Hay
As one of my many spinning threads, I've been tinkering with the migration of an IBM Operational Decision Manager (ODM) environment from version 8.0 ( circa 2012 ) to version 8.9 ( circa 2017 ).In part, this involves running some SQL scripts to migrate the old data to the new environment.This is especially relevant for the Decision Center, which is the Rules authoring environment, aka the Source Code Management (SCM) system-of-record.The Decision Center, also known as the Team Server ( reflecti
35
WebSphere Application Server - Transaction Logs - getting it wrong
Sun, Jul 16th 2017 1:02p   Dave Hay
I do need to write a long-form article about this, but I've been on a voyage of discovery configuring AND testing WAS transaction recovery, by placing the transaction/compensation/partner logs in an Oracle 12c database.This is in the context of an IBM Business Process Manager Advanced environment.During the process, I saw this in the SupCluster logs ( specifically the second cluster member ) : -SupClusterMember2/SystemOut.log:[16/07/17 11:53:47:332 BST] 00000001 WASSessionCor I SessionPropertie
33
XAException occurred. Error code is: XAER_RMERR (-3). Exception is:
Sun, Jul 16th 2017 12:43p   Dave Hay
I'm tinkering with WebSphere Application Server, underlying IBM BPM Advanced, in the context of transaction/compensation/partner log recovery.In this scenario, I'm placing these logs into a database, Oracle 12c.It's been a useful - and interesting - learning curve, and I've pretty much proved/tested the concept.I did, however, see one issue today; specifically, these messages: -[16/07/17 13:34:06:748 BST] 00000074 XARecoveryDat A WTRN0151I: Preparing to call xa recover on XAResource: dave[
33
TypeError: __add__ nor __radd__ defined for these operands
Fri, Jul 14th 2017 8:02p   Dave Hay
Whilst scripting the configuration of the WebSphere Application Server transaction/compensation/partner logs into an Oracle database: -/opt/ibm/WebSphereProfiles/Dmgr01/bin/wsadmin.sh -lang jython -user wasadmin -password passw0rd -f tranlogs.jy I saw this: -WASX7209I: Connected to process "dmgr" on node Dmgr using SOAP connector; The type of process is: DeploymentManagerWASX7017E: Exception received while running file "tranlogs.jy"; exception information: com.ibm.bsf.BSFException: exceptio
27
CWMCB0012W: An inconsistent configuration has been detected for data source jdbc/TeamWorksDB
Fri, Jul 14th 2017 7:42p   Dave Hay
This follows on from an earlier post: -ORA-12514, TNS:listener does not currently know of service requested in connect descriptorHaving updated my JDBC data sources to reflect the correct Oracle service name: -jdbc:oracle:thin:@//bpm857.uk.ibm.com:1521/orcl.uk.ibm.comI'm now seeing the following warning: -[14/07/17 20:07:17:855 BST] 000000f5 ConfigReader W com.ibm.bpm.config.util.ws.ConfigReader getDatabaseInfo CWMCB0012W: An inconsistent configuration has been detected for data source jdbc/Te
33
IBM BPM - "CWSCA8095W: Unable to find class..." seen during serviceDeploy process
Fri, Jul 14th 2017 7:32p   Dave Hay
I'm tinkering with IBM BPM Advanced again, specifically taking an export of an SCA module, built using IBM Integration Designer and exported as a Project Interchange (PI) file, and attempting to "compile" it ready for deploying to an external IBM BPM 8.57 environment.Having exported the PI file, and made it available to the BPM box, I then ran serviceDeploy.sh against it: -/opt/ibm/WebSphere/AppServer/bin/serviceDeploy.sh OracleTest.zip which returned: -The workbench is starting in /home/wasa
29
java.sql.SQLException: Could not commit with auto-commit set on
Fri, Jul 14th 2017 7:16p   Dave Hay
I saw this earlier: -[14/07/17 20:00:02:593 BST] FFDC Exception:java.sql.SQLException SourceId:com.ibm.ws.rsadapter.jdbc.WSJdbcConnection.commit ProbeId:587 Reporter:com.ibm.ws.rsadapter.jdbc.WSJdbcConnection@964a1c09java.sql.SQLException: Could not commit with auto-commit set onin the FFDC logs for an IBM BPM 8.57 JVM: -view /opt/ibm/WebSphereProfiles/AppSrv01/logs/ffdc/AppClusterMember1_72d880eb_17.07.14_20.00.02.5935101433318572951378.txt I am using Oracle 12c ( specifically 12.2.0.1.0 )
14
Bootstrap cannot be run against WebSphere:cell=PSCell1,node=Node2,server=dmgr because it is not a BPM deployment target.
Tue, Jul 11th 2017 6:19a   Dave Hay
Another thing that makes me go "Hmmmm" …I'm running the process to bootstrap an IBM BPM 8.5.7 Process Server: -/opt/ibm/WebSphereProfiles/Dmgr01/bin/bootstrapProcessServerData.sh - clusterName AppClusterand I see this: -Bootstraping data for server at /opt/ibm/WebSphereProfiles/Dmgr01 and logging into /opt/ibm/WebSphereProfiles/Dmgr01/logs/bootstrapProcesServerData.logWASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application o




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition