198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Quick-n-Dirty: Hotfix for DateTimeHelper
Mon, Jun 12th 2017 2
High Performance REST Applications (4) – Looking into OSGi
Thu, May 4th 2017 7
High Performance REST Applications (3) – Importing the Starter Project
Mon, Apr 24th 2017 8
High Performance REST Applications (2) – Dev Environment
Sun, Apr 23rd 2017 4
High Performance REST Applications (1) – Intro
Fri, Apr 21st 2017 4
Re: Domino REST performance analysis
Thu, Mar 16th 2017 1
Domino & Java 1.8: Thank you, IBM!
Tue, Mar 14th 2017 5
Top 10
Security: Usefull HTTP Response Headers
Wed, Jan 14th 2015 12
Hardening SSH vs. Eclipse RSE
Tue, Jan 13th 2015 10
XPages: WebContent Files (3) – Create a Minimizer Servlet
Thu, Nov 27th 2014 9
xsp.application.context.proxy
Wed, Jun 17th 2015 9
DomiNodeJS: Node.js on Domino
Fri, Aug 26th 2016 9
Jackson: Skip Objects conditionally
Wed, Feb 8th 2017 9
REST & Security: CSRF Attacks
Tue, Dec 30th 2014 8
High Performance REST Applications (3) – Importing the Starter Project
Mon, Apr 24th 2017 8
Mining Massive Datasets
Thu, Dec 4th 2014 7
Raspberry Pi vs. IBM Bluemix – 1:0
Wed, Jan 28th 2015 7


Hardening SSH vs. Eclipse RSE
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Sven Hasselbach    

After hardening the SSH configuration on a Debian server by removing unsecure ciphers and MACs I got in trouble with Eclipse Remote System Explorer.

When trying to open the server, I always got an “Algorithm negotiation fail” message:

Even installing the missing Unlimited Strength version of Java Crypto Extension which allows key sizes larger then 128 bit doesn’t helped me out.

The problem was the allowed KexAlgorithms and the list of MACs in the configuration:

Ciphers aes256-ctr,aes256-cbc
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

After re-enabling the insecure default configuration by commenting out the both lines in the configuration allowed me to reconnect to the server again.

Ciphers aes256-ctr,aes256-cbc
#KexAlgorithms diffie-hellman-group-exchange-sha256
#MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

I don’t feel happy about it. But it seems that there is actually no workaround.



---------------------
http://hasselba.ch/blog/?p=1875
Jan 13, 2015
11 hits



Recent Blog Posts
2
Quick-n-Dirty: Hotfix for DateTimeHelper
Mon, Jun 12th 2017 3:04p   Sven Hasselbach
This weekend I stumbled over a bug of the DateTimeHelper: If the value of the field is empty, no actions and/or action listeners connected with a managed bean will be executed anymore. Here is an example of a small XPage to illustrate the problem: It does not matter if you set the disableValidators property for the text field to true, even an immediate=true won’t help here. The reason for the problem is that the renderer of the dateTimeHelper al
7
High Performance REST Applications (4) – Looking into OSGi
Thu, May 4th 2017 9:41a   Sven Hasselbach
Before going any deeper into the the servlet project, let’s have a look at the imported projects and talk about some OSGi basics. First you will notice that for every cloned repository three Eclipse projects have been imported: A plugin project A feature project An updatesite project The plugin project contains the code and all the relevant resources of the servlet. It defines extension points provided or describes which extension points are used by the plugin. A feature project is basi
8
High Performance REST Applications (3) – Importing the Starter Project
Mon, Apr 24th 2017 9:03a   Sven Hasselbach
Now you can import the projects required from Git. First, go to „File > Import…“ Import Project Then select „Projects from Git“ Projects from Git and „Clone URI“ to clone an existing repository: Clone existing respository To get the URI, you have to open https://github.com/hasselbach/ and select the repository „ch.hasselba.concurrent„. Click the „Clone or download„-Button and copy the URI from the opening box: Get the repositor
4
High Performance REST Applications (2) – Dev Environment
Sun, Apr 23rd 2017 8:55a   Sven Hasselbach
Before you can start developing a Servlet as an OSGi Plugins, you must set up a development environment first. To do this, download Eclipse IDE (Eclipse IDE for Java EE Developers) and XPages SDK from OpenNTF (The XPages SDK is a helper to create the JRE environment and the Target Platform). For development it is the best to have a (local) development server, because during development you might want to restart and/or modify it, and debugging is a lot easier if have control over the whole server
4
High Performance REST Applications (1) – Intro
Fri, Apr 21st 2017 9:33a   Sven Hasselbach
This is a new serie about developing high performance REST applications on top of Domino. It will contain my presentations from SNoUG and EntwicklerCamp this year and descripe all required steps to develop, build and deploy these servlets on a basic level. The code used in this serie is already available at GitHub: https://github.com/hasselbach/domino-rest-servlet/tree/highperformance https://github.com/hasselbach/ch.hasselba.concurrent (The high performance part is in a branch of my example D
1
Re: Domino REST performance analysis
Thu, Mar 16th 2017 8:51p   Sven Hasselbach
I have created a Quick-n-Dirty performance test for Csaba’s „10K record test“: Loading time 200 ms overall, 60 ms TTFB. Do you want to know how this works? Feel free to come to SNoUG next week or to Rudi’s EntwicklerCamp and join my sessions.
5
Domino & Java 1.8: Thank you, IBM!
Tue, Mar 14th 2017 1:16p   Sven Hasselbach
For years it was a lot of pain when developing for the Domino platform using Java 1.6 only. But now, Java 1.8 is available, and this allows to use the latest versions for a lot of libraries and development tools. After installing FP8 to the Client, Eclipse allowes to use the Domino JRE in a JavaSE-1.8 environment: This gives access to the latest M2Eclipse plugin (1.7.0). The old version problem when running with JRE 1.6… … is solved: Eclipse Updates? No problem, just do it! Latest
6
Domin & REST: Debug your Plugin
Tue, Mar 7th 2017 11:14a   Sven Hasselbach
When developing OSGi Plugins, you should have your own development server running on your local machine. Not only because of the faster deployment of changes (a new version of a plugin must always deployed with a HTTP restart), but because of the Java debugging posibilities: Only one Eclipse instance can connect to the JVM, and every request processed by the server will start the debugger. If multiple users a accessing the server while you are debugging, your Eclipse will try to debug every inco
1
Domino & REST: More about Jackson
Fri, Mar 3rd 2017 10:16a   Sven Hasselbach
When creating a REST API servlet, Jackson provides a huge list of possibilities to manipulate the JSON data, mostly using annotations. Let’s demonstrate some of them with this little class, which has only two properties: public class Demo { private String foo; private String bar; public String getFoo() { return foo; } public void setFoo(String foo) { this.foo = foo; } public String getBar() { return bar; } public void setBar(String bar) { this.bar = ba
2
Domino & REST: Accessing Domino’s Environment / Check Authentication
Thu, Mar 2nd 2017 11:00a   Sven Hasselbach
If we want to access Domino’s Environment, it is the ContextInfo class which gives us all we need. Everything you need to do to use the class is described in an earlier blog post. The class gives mainly access to the following methods: Method Description getDataDirectory() Path to notes data directory getEnvironmentString(String envName) Returns the environment variable getServerDatabase() The actual database as NAPI object, if any getServerVariable(String varName) Variables




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition