To secure a Linux server, disable password authentication on it. This way only those users can connect to it, who have access to an authorized private key.
To enable users to connect to a Linux server with a private-public key pair
Generate an RSA key pair
- In a Bash terminal on your workstation execute
- Follow the prompts to specify the name of the key file pair. In most of the cases, you don’t need to protect the key with a password.
- If you don’t specify the file name, the key will be saved as ~/.ssh/id_rsa
- If you specify a file name, the key files will be saved in the current directory
- The public key file will get the “.pub” extension, the private file has no extension
Upload the public key to the Linux server
- Log into the server with the “ssh” command using a username and password
- Add the public part of the key to the user configuration
- Switch to sudo mode, this command will ask for the password again
- Navigate to the user home directory
- Add the public key to the user’s authorized_keys file. Open the file with a text editor and copy the public key into a new line.
- To test the configuration, on your workstation navigate to the directory where the new key is located, and log into the server with
ssh -i MY_KEY_NAME MY_USER_NAME@SERVER_IP_ADDRESS
Turn off password authentication
- Make sure you can log in with the new key !!!
- Execute the command
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
When a Scheduled task is created by another user (or SYSTEM) most of the time only that user can manually trigger the task execution.
When you try to execute the scheduled task from the user interface you can get the error message:
The user account does not have permission to run this task
This error is caused by the lack of permissions on the XML file that contains the task details. To allow all administrators to execute the scheduled task
- Remote into the Windows server
- Open the C:\Windows\System32\Tasks folder in Windows Explorer
- Right-click the file with the name of the scheduled task and select properties
- On the Security tab select Administrators and click the Edit button
- Check the Read & execute checkbox and click the OK button
- Click Yes on the Windows Security popup
Now you should be able to manually execute the scheduled task
When a PostgreSQL table name contains uppercase letters there is no known way to get the table definition SQL script.
When we right-click a table name in SQLPro for Postgres the has an uppercase letter and select Script as, CREATE to, New query window
we get the error message
* Error loading table definition.
* ERROR: relation “public.users” does not exist
As the error message tells us, PostgreSQL is looking for the table name with all lowercase letters.
The pg_dump utility acts the same way.
pg_dump -s -h MY_SERVER_ADDRESS -U M_USERNAME -t Users MY_DATABASE
The error message is
pg_dump: no matching tables were found
The same process works if the table name only contains lowercase letters.
Convert an existing PostgreSQL database to all lowercase table and column names
To avoid similar errors caused by upper case letters in table and column names, convert the existing database definition to all lowercase
- Backup your database from the command prompt
PGPASSWORD=MY_PASSWORD pg_dump -h MY_DATABASE_ADDRESS -U MY_DATABSE_USER -f MY_BACKUP_FILENAME.bak MY_DATABASE_NAME
- Open the backup file in a text editor
- Add underscores to the table and column names to match the .NET entity framework user identity processes.
- The PostgreSQL driver converts the first letter of all lowercase table and column names to upper-case and the letter that follows an underscore. For example, asp_net_users will be converted to AspNetUsers.
- Replace the table names with TableName -> table_name ( leave __EFMigrationsHistory as is)
- Replace the column names with “ColumnName” -> “column_name”
- Replace the primary key names with PK_ -> pk_
- Replace the index names with IX_ -> ix_
- Replace the foreign key names with FK_ -> fk_
- Drop the database. In SQL Pro for Postgres
- Right-click the database and select Drop database
- Re-create the database. In SQL Pro for Postgres
- Rith-click the server name and select Create database
- Import the modified backup file from the command prompt
PGPASSWORD=MY_PASSWORD psql -h MY_DATABASE_ADDRESS -U MY_DATABSE_USER -d MY_DATABASE_NAME -f MY_BACKUP_FILENAME.bak
- Reverse engineer the database back to the .NET data layer project
- Delete the class files that correspond to the database tables
- Delete the MY_DATABSEContext.cs file
- Import execute the command in the data layer project directory
dotnet ef dbcontext scaffold --force "Host=MY_DATABASE_ADDRESS;Database=MY_DATABASE_NAME;Username=MY_DATABSE_USER;Password=MY_PASSWORD" Npgsql.EntityFrameworkCore.PostgreSQL
The rsync command allows you to copy files using SSH connection, between your workstation and another Linux machine. You have to be logged into one of the machines, this command cannot copy files between two remote machines.
To copy a file from a remote server to your local workstation, execute
rsync -avz -e "ssh -i SSH_KEY_NAME" USER_NAME@SOURCE_IP:/SOURCE_DIRECTORY/SOURCE_FILE_NAME TARGET_DIRECTORY
To copy a file to a remote server, swap the source and target definitions after the SSH_KEY_NAME option.
The tmux terminal multiplexer allows us to open multiple terminal windows in the same SSH session and continue the command execution even when we log out of the SSH session. This way we can execute long-running copy commands overnight without keeping the SSH session open.
On CentOS family Linux
yum install tmux
To start tmux and attach to the last session
To keep the current session active
To continue the session execution even when you log out of the server, detach from the session before closing the connection. See the commands below.
To switch to binding mode
Commands in binding mode
||move between panes
||last used pane
||display pane numbers
||enable scroll with arrow keys or pgup, pgdown
||quit scroll mode
||close the pane (will ask you to press “y” to confirm)
|cmd-shift 0 (zero)
To display the Linux operating system version execute the command
There are many tools to copy files between Windows and Linux computers, I have found this method the simplest.
It does not require any software installation on the Windows machine, and only one package installation on the Linux machine.
Share a folder on the Windows machine
Share a folder on the Windows machine and allow access to it for a user. If the Windows computer is in the Windows domain, the domain user does not have to be a member of any security group on the Windows machine.
If you copy files from Windows to Linux, make the folder read-only for the user. If you copy files to the Windows machine, allow write access to the folder for the user.
Set up the Linux machine
- Install the cifs-utils on the Linux machine
- On Red Hat, CentOS, and Amazon Linux
sudo yum install cifs-utils
- On Ubuntu
sudo apt-get install cifs-utils
Mount the shared Windows folder on the Linux machine
- On the Linux machine create a directory to mount the Windows folder to
- Mount the Windows share
sudo mount.cifs '\\WINDOWS_SERVER_IP\attachments' /tmp/windows -o domain=MY_DOMAIN,username=MY_USERNAME,password=MY_PASSWORD,vers=1.0
First, you will be asked for the root password on the Linux machine.
If you do not specify your password in the line above, you will be also asked to enter your password on the Windows machine.
Access the Windows share
- On the Linux machine navigate to the mount directory
- List the files of the Windows share
If you get the error message when you issue the mount command
mount error(16): Device or resource busy
try to unmount (umount !) the share first and try the mount again
The user-specific settings in the Windows registry are stored under the HKEY_CURRENT_USER key. If you open the Regedit.exe application the HKEY_CURRENT_USER key contains the settings for your user account.
To access the registry keys of another user we need to
Find the Security ID of the user
- In Regedit navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
- The key lists the Security IDs and usernames
- Save the Security ID of the user.
Another Security ID list location:
The partial list of the Security IDs is also available at
Not all user profiles are listed here.
Click the Security ID folders on the left to see the username in the ProfileImagePath.
Open the user-specific registry keys
- In Regedit navigate to the HKEY_USERS key
- Select the Security ID of the user you are looking for
- The user-specific values are under that key
When you create a file in a script and use an end of file delimiter,
cat <<EOF> $chef_dir/attrib.json
and you indent the word EOF to look nicer, you will get the error message
warning: here-document at line … delimited by end-of-file (wanted `EOF’)
STDERR> …: line …: syntax error: unexpected end of file
To correct the script, move the EOF to the beginning of the line
cat <<EOF> $chef_dir/attrib.json