Allowing a user to connect through SSH
I need to allow a user (not root) to connect to a server ESXi 4.1 via SSH.
The ESXi server is not a member of Active Directory.
I have read the article on the http://kb.vmware.com/kb/1024235 page and created a new user.
Then I opened the inventory, choose 'Add Permission' and adds the new user with the role of administrator on all of the inventory.
When I try to access it via SSH using the user name and the password of the user I get "access denied".
I think I missed a relevant step because if I open the inventory again and select ' add permission "the list of users with the privileges granted is empty and I don'tI do not see the user in the list of users with permissions."
However, if I use the vSphere client I locon as a new user and perform all the administrative tasks of ther.
- What step am I missing?
- As my user should only use SSH to perform actions on a given virtual machine, I can great administrative rights only for the virtual machine without rights to granding to all inventory?
- Is there a more detailed documentation for referred to?
Concerning
Marius
Why not use powercli to create a snapshot of the vm? http://tech.mikeal.com/Blog1.php/2011/01/21/VMware-PowerCLI-scripts-delete-all-snapshots-create-new-snapshots
Tags: VMware
Similar Questions
-
Allow other users to connect through my internet connection of mobile phones.
Quite simply, I'm setting up my xbox live to run through my internet connection of mobile.
When I select the check box to allow other users of the network to connect through this computer's internet connection it turns off immediately, so is not enabled.
I tried disabling the firewall etc to see if it limited the ability of sharing, but it did not work.
Any information or help would be greatly appreciated.
Hi Stewart,Please go through the article below which will help you to connect to windows live using your internet connection for your laptop.How to connect your Xbox 360 wired controller to a computer running Windows
http://support.Microsoft.com/kb/906347Please also see the link below. This could help you.
http://support.Microsoft.com/kb/978618If the problem persists, I suggest that question you post you to Xbox forums.
Xbox supporthttp://forums.Xbox.com/xbox_forums/xbox_support/default.aspx
-
Is it enough for connection through SSH-2 RSA only, 1024, force 8 password?
Hello world
I provide the highest level of security on C2821-CCME-VSEC/K9. Is it sufficient for connection through SSH-2 RSA only, 1024, force password: 8 symbols, no. CAPS letters, numbers, special symbols, example of password [homeless ^ & * 89]?
line vty 0 4
exec-timeout 60 0
entry ssh transport
line vty 5 15
entry ssh transport
I should create MAC based Access-List on cisco router?
Should I use connection with higher security level options: SSH-2 RSA only, 2048, force password: XX symbols, CAPS and small letters, numbers, special symbols, example of password [homeless ^ & * 89Ad @[email protected]/ * / & #]?
It's paranoia that has nothing to do with real life, or is a recommended practice?
Please, advice. Thank you very much.
for extra protection
I do it
access-list 23 allow any newspaper
line vty 0 4
access-class 23 in
line vty 5 15
access-class 23 in
Journal connection failure
Connection on the success journal
This will be syslog all connection attempts
Archives
The config log
Enable logging
hidekeys
This will be syslog all comands
SSH itself can be easily decoded when the man in the middle attack
-
Desktop sharing, allow two users to connect on the same desktop
Does anyone know if view Horizon be configured in such a way that:
-Two (or more) users can connect on the same desktop
-vSGA can still be used
The reason why I ask, is that in my area there is a request for collaboration in which two people on different locations want to go through a 3D medical treatment plan and discuss on the phone. Documentation of the Horizon does not say that it can, but it does not say that he can't.
There is nothing on the Horizon that would in native mode. You must use a product type to have two people viewing the same third party screen sharing office.
-
Two of our accounts of Firefox will not allow the user to connect to gmail.
I just upgraded my desktop computer for Windows 10. We have several user accounts on this computer. We all use Firefox as a browser. When one user other than me opens Firefox in their account, they can go without a problem, but cannot connect to gmail. They receive the following message: "secure connection failed. An error occurred during a connection to accounts.google.com. The peer certificate has an invalid signature. (Error code: sec_error_bad_signature). The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Contact the Web site owners to inform them of this problem. »
If they disconnect from their user account on the computer and connect in mine, then start Firefox, they are able to access gmail and have all the features. Any suggestions? Thank you.
Hi DShef, in case you are an avast user, please try to disable https scanning in avast:
- Open the Avast dashboard on an affected system.
- Select settings in the left side menu.
- Adopt a Protection Active.
- Click on customize next to the Web Shield.
- Uncheck the option "Enable HTTPS analysis", and then click ok.
http://www.gHacks.NET/2014/10/31/avasts-HTTPS-scanning-interferes-with-Firefox-and-other-programs/
-
I am frustrated because I know that the iPhone can connect to any Apple TV via Bluetooth to "auto set-up" but when it comes to linking in general, apple specifically denies this functionality to users. I would use this feature because I use my AppleTV for travelI obtained and I would make a transfer to wi - Fi password. I can access Wi - Fi without needing to put distance with me.
Download the Remote by Apple app on your phone.
-
Do not allow a user to connect from multiple computers
IM using APEX 3.02.
Is there a way to put an end to the former a user session when a user logs in from a different computer/browser?
Hope someone can help me :)
Edit:
After a little research I found that the sessions are stored in: flows_030100.wwv_flow_sessions$
I can also run this like sql and it actually works:
remove the flows_030100.wwv_flow_sessions$ where cookie = upper ('username');
We have our own function of connection and I thought that I would delete all the lines in wwv_flow_sessions$ where the COOKIE is equal to the username of the user like this:
remove the flows_030100.wwv_flow_sessions$ where cookie = upper (p_username);
but then I get this error:
Error: PL/SQL: ORA-00942: table or view does not exist
Text: delete from flows_030100.wwv_flow_sessions$
Edited by: bjarkekr 2011-02-07 14:35I'm not aware of any builtin setting that does this.
If there is an internal API to disconnect from any session (as the admin can do this, he must be anyway), it would have been easier. Probably it is not made available to users of the normal application because of security problems
- Maybe this isn't the best solution, but it should work.
It's Miley application process to be run whenever a new page is loaded as well after submission before calculations (this process means 2 that makes the same run each of these events).
In the process, it checks whether new sessions for this user has been created and if there is a new session it disconnect the current session.DECLARE ln_i NUMBER; BEGIN --Check if a newer session for current user exists SELECT 1 INTO ln_i FROM apex_workspace_sessions WHERE UPPER(user_name) = UPPER(:APP_USER) --for current user AND apex_session_id != :APP_SESSION --sessions other than current session AND session_created > (SELECT session_created FROM apex_workspace_sessions where apex_session_id = :APP_SESSION); --newer session creation date --Log the user out HTMLDB_CUSTOM_AUTH.LOGOUT ( p_this_app => :APP_ID, p_next_app_page_sess => :APP_ID||':101' ); WHEN NO_DATA_FOUND THEN NULL; END;
Not tested
If necessary, you can redirect to a separate page where you show the message that the current session is exceeded due to a new session elsewhere.
-
How activate/connect with SSH?
For Beta3 release notes say is a new feature ' secure connection: you can now connect to the Tablet using Secure Shell (SSH) and download files from your application using SCP and SFTP.
The simulator of listening on port 22 (the SSH standard) or any other port for SSH connections, with or without active development mode does not have a vanilla installation.
I found the blackberry connect program in the SDK bin folder and tried this after creating a RSA2 key:
c:\>blackberry-connect -targetHost 192.168.7.172 -devicePassword x PROGRESS: Connecting to target 192.168.7.172:4455 PROGRESS: Authenticating with target 192.168.7.172:4455 PROGRESS: Encryption parameters verified PROGRESS: Authenticating with target credentials. PROGRESS: Successfully authenticated with target credentials. PROGRESS: Sending ssh key to target 192.168.7.172:4455 Connection refused: Invalid ssh key contents. The target actively refused the connection. Please ensure that qconnDoor is running on the target. PROGRESS: Unable to send ssh key to target
The fichier.ssh/id_rsa.pub is generated as a SSH-1 using PuttyGen key. I also tried a file SSH-2 RSA with the same results.
The fact that he said that he "succesfully authenticated" it suggests successfully connected... probably using port 443 (https) the way I guess that deploy blackberry is. However, after that he seems to say my key is not valid (not sure, I believe that), but also actively target "connection refused" (I think that... qconn is not listening on port 8000 or another).
Any who have knowledge of this area, or wild guess I can try?
OK, I am able to connect through SSH. It's a little complicated at the moment but I'll simplify and post a recipe as soon as I can.
For anyone technical enough to follow with minimal intervention:
- I generated a 4096-bit RSA key using 'ssh-keygen - b 4096' on a Linux machine, recording in the format 'test_rsa' and 'test_rsa.pub '.
- I transferred those to my Windows box.
- I called "blackberry-connect targetHost - PCMGM - devicePassword x - test_rsa.pub sshPublicKey."
This operation transfers the public key in the device by connecting through qconn (port 4455) using unknown protocols. The output looks like this:
PROGRESS: Connecting to target 192.168.7.172:4455 PROGRESS: Authenticating with target 192.168.7.172:4455 PROGRESS: Encryption parameters verified PROGRESS: Authenticating with target credentials. PROGRESS: Successfully authenticated with target credentials. PROGRESS: Sending ssh key to target 192.168.7.172:4455 PROGRESS: ssh key successfully transfered. PROGRESS: Succesfully Connected
Blackberry connect program continues to run, and as long as it is running at this point the Simulator will be listening for SSH connections on port 22.
At this point, I had to take the test_rsa (the private key) file and import it into Puttygen using Conversions-> import menu button. Save the private key, and load the key in the pageant.
Finally, normally connect using PuTTY at the address PCMGM and sign in as "devuser". This was discovered by looking in the /accounts folder using a primitive file browser application, where I found two subfolders, 1000 / and devuser.
-
ESXi 5 - added user cannot connect ssh
I am lost in the vast amount of documents and have not found anything that, covering thus pointers to docs command-line ESXi will be very appreciated...
I added a user (with password) on a host machine ESXi 5.0.0 made the new user member of the users group and granted access the user's shell. I have double-double-checked access password and shell setting, but trying to connect to the host fails: login just repeat the password, and then closes the connection. After logging in as root, I can su to the new user (password is not required). Am I misunderstanding something, maybe added users can not connect? Or have I just missed some setting somewhere?
$ ssh [email protected]
Password:
The time and date of this connection have been sent in the system logs.< snip >
~ #
~ su bot #.~ $ whoami
BOT
~ exit $
~ exit #.
Connection to 10.217.174.27 closed.$ ssh [email protected]
Password:
Password:
Password:
Permission denied (publickey, keyboard-interactive).Suggestions, please, how to make it work?
Advice on finding good documentation would be so awesome!
You must add the new user to the root group in order to ssh. That opens a lot of other security issues as well. As an alternative, you can also change the following files to add a user ssh:
/etc/security/access.conf
Add a line that allows your user. For example, for the "bot" user add the following before the last line (-:ALL:ALL) in the file):
+: bot: ALL
Edit the following file:
/ etc/passwd
Find your username in the line add a base directory, the works/tmp and then change their interpreter/bin/Ash. For the "bot" user you have a line like:
BOT: x: 501:100:ESXi user: / tmp: / bin/ash
You should now be able to ssh in the host by using your user name. The problem is that these files do not have the sticky bit set, so once you restart changes will disappear. You can change this behavior to have your settings persist, but I'll be here all day describing the process. You can probably find a good ventilation of the how to make your setting persist on vm-help forums.
-
We will use a script that allows users to connect only once.
We will use a script that allows users to connect only once.
However some users need a second possibility of connection.
How is - this can be handled in a script?The users in question are members of the same group secuity.
Where the use of Windows server 2003 with xp clients.
Hello
Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in Windows 7 IT Pro Technet Forums network.
http://social.technet.Microsoft.com/forums/en/category/WindowsServer/
I hope this helps.
-
simple trigger that allows users to connect at certain times
I am trying to create a trigger that will allow some users only log in the database between 12 am-04:00.
I can assign a trigger to a user or a role or how to parse out. I don't think I have this trigger just yet...
Or it can be set in the database it self? I looked the user accounts, profiles, roles and do not see anything on the connection time.
Oracle 10.2.0.4
I want to create a trigger that only allows the user to log into the database of 12 at 04:00.
My next question is can I assign this trigger on the role that the user has been assigned to?
I pulled a similar code that I would use, but don't know how to change to be either assigned to a user: QNP or for the ntq_ro role.
create or replace trigger logon_time after logon on database
Start
If to_char (sysdate, 'HH24') between 4 and 24
then
raise_application_error (-20001, 'not allowed in database connection during this time');
end if;
end
/
-
Need me a firewall if my internet connection through a router. I'm with Virgin and I have a D-Link router
On Friday, June 8, 2012 14:45:42 + 0000, Ian 213 wrote:
Need me a firewall if my internet connection through a router. I'm with Virgin and I have a D-Link router
Your router provides firewall protection, so the need is not the same
as if you had no a router. There are some who say you need to no.
all firewall software.But my opinion is that you would be a lot safer if you have run a
router software, and since there is little reason not to, I
recommend that you do.Ken Blake, Microsoft MVP
I agree.
@OP Windows XP (SP2 and above), Vista, 7 and 8 all have active firewall software by default.
There is no need of any 3rd party firewall.
Some users like running programs such as ZoneAlarm because it warns him from the processes that use the network, and then there is the possibility to deny/allow it on the spot, or deny/allow forever. There may be slight discomfort in the installation, but once it's for all your programs, and then it really can work in silent mode.
Microsoft Firewall simply leave everything default, but they can be configured manually to block anything outgoing or incoming.
-
Allow VPN users access a VLAN different
I have an ASA 5505. I have configured remote access VPN so that users can connect to the VPN and access my main VIRTUAL local network (inside). I want to set so that when a user s in VPN, they are permitted access only to the CCV vlan (Vlan 2) as seen in my configuration. Please note that there is also a VPN LAN LAN 2, which has been set up as well.
What Miss me?
!
interface Ethernet0/0
switchport access vlan 4
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
switchport access vlan 2
!
interface Ethernet0/7
switchport access vlan 2
!
interface Vlan1
nameif inside
security-level 100
IP 10.240.0.1 255.255.0.0
!
interface Vlan2
prior to interface Vlan1
nameif HVAC
security-level 100
IP address 172.16.128.1 255.255.255.0
!
interface Vlan4
nameif outside
security-level 0
IP address 12.x.x.x 255.255.255.0
!
passive FTP mode
IP 10.240.0.0 allow Access - list extended CDEO 255.255.0.0 10.0.0.0 255.0.0.0
IP 10.240.0.0 allow Access - list extended sheep 255.255.0.0 10.0.0.0 255.0.0.0
IP 10.240.0.0 allow Access - list extended sheep 255.255.0.0 172.16.129.0 255.255
. 255.0
IP 10.102.229.0 allow Access - list extended sheep 255.255.255.0 172.16.129.0 255
. 255.255.0
IP 172.16.129.0 allow Access - list extended sheep 255.255.255.0 10.102.229.0 255
. 255.255.0
access-list sheep extended ip 172.16.128.0 allow 255.255.255.0 172.16.129.0 255
. 255.255.0
IP 172.16.129.0 allow Access - list extended sheep 255.255.255.0 172.16.128.0 255
. 255.255.0
list of inbound icmp permitted access extended throughout entire echo response
list of extended inbound icmp permitted access any source-quench any
list of extended all inbound icmp permitted access all inaccessible
access list entering permit icmp any once extended beyond
coming out to the one permitted all ip extended access list
standard vpn access list allows 10.240.0.0 255.255.0.0
standard vpn access list allows 10.102.229.0 255.255.255.0
list of access allowed standard vpn 172.16.128.0 255.255.255.0
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
MTU 1500 HVAC
IP local pool 172.16.129.1 - 172.16.129.5 mask 255.255.255.0 shhfvpnpool
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0 access-list sheep
NAT (inside) 1 0.0.0.0 0.0.0.0
Access-group out on the interface inside
Access-group interface incoming outside
Route outside 0.0.0.0 0.0.0.0 12.x.x.x 1
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp - esp-sha-hmac hand
Crypto ipsec transform-set esp - esp-md5-hmac RIGHT
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto-map dynamic dynmap 10 transform-set RIGHT
life together - the association of security crypto dynamic-map dynmap 10 28800 seconds
Crypto-map dynamic dynmap 10 kilobytes of life together - the association of safety 4608000
Crypto-map dynamic dynmap 10 the value reverse-road
CDEOVPN 35 crypto card matches the address CDEO
CDEOVPN 35 crypto map set peer 64.x.x.x
card crypto CDEOVPN 35 the transform-set hand value
map CDEOVPN 100-isakmp ipsec crypto dynamic dynmap
CDEOVPN interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 20
preshared authentication
the Encryption
sha hash
Group 1
life 86400
crypto ISAKMP policy 30
preshared authentication
the Encryption
md5 hash
Group 2
life 86400Console timeout 0
management-access insidea basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
attributes of Group Policy DfltGrpPolicy
VPN-idle-timeout no
internal group shhf strategy
attributes of shhf group policy
VPN-idle-timeout 30
VPN-session-timeout 1440
VPN-filter no
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value vpntunnel-group 64.x.x.x type ipsec-l2l
64.x.x.x group tunnel ipsec-attributes
pre-shared key *.
tunnel-group shhf type remote access
tunnel-group shhf General attributes
address shhfvpnpool pool
strategy-group-by default shhf
shhf group tunnel ipsec-attributes
pre-shared key *.
tunnel-group vpnclient type remote access
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:1cbd55e987f9b41cd2ebcb320fa2e3b2
: endThis route to be applied on the switch, if your port eth0/7 on SAA is connected to a switch of later3.
"Route ip 172.16.129.0 255.255.255.0 172.16.128.1.
So, don't worry on this route, if you can not apply on the SAA.
So are you saying that a PC is directly connected to eth0/7 on the SAA.
What is the IP address, mask and gateway address on the PC connected on eth0/7?
The trace package seems good.
-
Update 4.0 to esx 4.1.0 348481 can no longer connect in SSH
Hello:
I've recently updated 4 host esx 4.1.0. I called them VM1, VM3 and VM5 VM7. I also installed a new physical server Vcenter. For one of the hosts, (VM1), I decided to do a fresh install using the CD. I am doing this for my own personal reason so I'm forced to redo a machine from scratch due to rehabilitation.
For my 3 other hosts (VM3, VM5, VM7), I used the Update Manager tool, followed by documentation and some UTube tutorials. This seemed to work well. I had all the computers in a cluster, and they all worked without any problems.
What I'm trying to do now is to install a component of Dell. Following the instructions for it, I ran into an issue with SSH. I can no longer connect SSH using PuTTY with the two previous accounts that I had before the upgrade.
When you perform a new installation, I always create a 2nd account called vmadmin. I'm doing this on the same screen, he asks the password to root for the installation CD. Once I have installed host I use an article of Vmware to access SSH root (8375637 KB)
Interstingly enough VM1 (installation of one I did costs since) allows me to connect in SSH using VMadmin... and roots. But the three hosts I upgraded using the Update Manager is no longer connect in SSH allows you to use one of the two accounts.
Using Vcenter I can connect to the host directly using roots but is no longer it will allow the account vmadmin connect (permission denied).
When I connect to the host using Vcenter, I see the vmadmin account. I tried to look at the properties on both my work (VM1) host computer and a work not to compare... but everything looks the same.
Can anyone help with what do I do to fix this? and or add a question if I can respond to the need for additional information?
Thank you
R
I guess that you don't have a DRAC card in your server... otherwise, it is simple to access the console and resolve the problem.
Have you try to connect to each host and add a new user?
André
-
WindowsMail does not connect through to gmail
My windows mail email is not connectingthru to my gmail. When I presssend & receive a box comesup askingfor my name of user & p'word, but when I put it thiscomesup: account: 'pop.gmail.com', server: 'pop.gmail.com', Protocol: POP3, server response: '-ERR [AUTH] username and password not accepted.', Port: 995, secure (SSL): Yes, Server error: 0x800CCC90, error number: 0x800CCC92. As a senior, PLS help me to get it reconnected > Ihave reset the p'word propertiesand gmai but nothingseems to connect through. Thank you and pls help as I am really frustrated
This Gmail account has already worked in WinMail?Activation of POP in your Gmail account
http://mail.Google.com/support/bin/answer.py?answer=13273How to configure gmail in Windows Mail & Windows Live Mail
http://mail.Google.com/support/bin/answer.py?answer=86383
Maybe you are looking for
-
What is the difference between the Firefox for android and Firefox beta
I noticed in the store of Google play there are two applications of Firefox. What is the center of the difference between the two Firefox browser for android and Firefox beta.
-
Satellite A25-S279: how to reinstall XP with Ghost DVD without disc internal
I have tosbhia satellite a25-s279 and toshiba dvd of ghost.My internal dvd drive is broken (w / some difficult, it can play some audio cd of some of the time. it recognizes no cd-rom or dvd). I also have external pioneer dvd writer dvr-s606 (connect
-
The best Skype video call recorder?
Hello I'm looking for the best Skype video call recorder. Which is the best and easy to use? Thank you Kevin
-
I received a scam email.
Original title: Microsoft Sweepstakes Hello, I received an email stating that I have won a large sum of money from a publicity contest of Microsoft windows 8 a u can tell me if this is a scam or not?
-
MicroSoft made an upgrade in Hotmail accounts?
I received an email from * address email is removed from the privacy * claiming to represent the HOTMAIL TEAM indicating that MicroSoft has been updated with this joint: Dear user, This email is from Windows Live Customer Care®. We will send it to al