Wednesday, May 24, 2023

Unable to ssh into docker playground virtual machine (Permission denied (publickey) error)

Docker playground is a very useful place to learn how to use docker. However, the web interface is sometimes can be quite difficult to use, especially if we are trying to copy long commands into the virtual machine. 


A good solution to this, is to connect to the virtual machine using ssh. We can copy the link at the ssh column of the virtual machine, and paste it in our terminal. 




One of the issue that we encounter when we are trying to ssh into the virtual machine, is we will get permission denied (publickey) error, like below 








The reason this happened is, the ssh server inside the playground's virtual machine is expecting the client to connect from a machine that owns a ed25519 key. This can be verified by running below command inside the playground's virtual machine






To encounter that, simply create an ed25519 in our machine, using ssh-keygen
$ ssh-keygen -t ed25519


























We should be able to ssh into the playground's virtual machine now


Tuesday, May 16, 2023

Hide Apache Httpd Version in HTTP Header

Hiding software version in any deployment is a basic security practice that we can use to lower the risk of the deployment being breached. In this post, we will see how we can hide the apache httpd version from the http header, and from server generated pages.


To check our header, just use curl. Let's say we have an apache httpd server running on localhost
$ curl --header http://localhost












The version will also showing in the server generated page, like when we tried to access non existent page
$ curl --header http://localhost/error








To hide the version number, we can just add below line into httpd.conf. I usually will put it at the bottom of the configuration file. The location of the httpd.conf will varies depending on how you install httpd. The usual location is at /etc/httpd/conf/httpd.conf:
ServerToken Prod
ServerSignature Off

"ServerToken Prod" will hide apache httpd version from http header, while "ServerSignature Off" will hide the version from server generated pages.

Example is like below











To make sure that our change is syntax error free, test with "apachectl -t"








Once we are satisfied, restart apache httpd
# systemctl restart httpd

Then, we test it back using curl, and we do not see the version anymore
$ curl --head http://localhost
$ curl --head http://localhost/error


Tuesday, May 9, 2023

Exiting a docker container running in interactive mode

To exit from a docker container while in interactive mode (using the -it option without -d), there are 2 options:


1. Press ctrl-d to exit the shell (if you are in it) and exiting the container

2. Press ctrl-p, then ctrl-q to daemonize the container, making it run in the background without occupying the terminal

Monday, May 1, 2023

Using psql from command line to get data from postgresql

Sometimes we need to get some data from postgresql database, and we want the output to appear on the terminal so that we can further process the output.

Lets say, we want to get a list of actor from a database called dvdrental, we can simply use below command:
$ psql -U postgres -d dvdrental -c "select * from actor;"

The output will be in an interactive mode if the output is very long.



In order to run psql with output that is not interactive, we can use here-document method. The method comprise of a "<<" symbol followed by some text used as ending text for the here-document. For example, in order to get the same result as above using here-document method, we can use below command:
$ psql -U postgres -d dvdrental <<END
select * from actor;
END

The END keyword is a signal to end the here-document, thus executing the command. The output will be like below, which is not interactive, but easy to copy and paste: