Server Bug Fix: For a Mac OS user, is there a way to configure the shell to refuse any input whatsoever, beyond an SSH connection?

Original Source Link

I am reasonably familiar with the implementation of SSH tunnelling (forward and reverse) for the purpose of creating a secure conduit by which insecure protocols (eg: VNC) can be carried.

On Mac OS, I would like to create a user which will accept an SSH connection but otherwise, zero input. I don’t wish to rely on the 3rd party initiator using the -nNT flags.

After searching, I discovered an old thread elsewhere which described how, for a Linux box, a user was added with a shell which accepted no input:

The lines of particular interest / significance being:

Set up a user called “sonarman” on my Linux machine. sonarman’s shell
is a script that loops forever, printing the date and hostname, then
sleep 60.

[The 3rd party] can’t do any harm to my system, because sonarman’s
shell doesn’t accept any input.

I’d be grateful for any guidance as to whether this (or something that achieves the same objective) is possible for Mac OS or whether this is a *nix-specific feature.


you can force a command in the authorized_keys of the user. eg. with :

command="sleep 3600" ssh-rsa AAAAB....XYZ== [email protected]

you could also create a “sonarman-like” script and call it from here instead of the sleep command.

Tagged : / / /

Server Bug Fix: Copy a folder from one location to another location based on the Folder Name

Original Source Link

I’m trying to copy a folder from one location to another location based on the Folder Name.
I need to move the folder for each user (the username is on the folder name) to another location. For example C:SourceFolder1_UserName to C:Destination

I was trying to use this code, but is moving everything on the source folder (not just the current user)

robocopy c:Source C:Destination *._$env:USERNAME

I need to find a code to search and copy only the Folder that contain the current username on the Folder name.

Can you guys help me on this?

Tagged : / /

Server Bug Fix: How to shape society’s values such that paleontology becomes the largest / most profitable industry?

Original Source Link

In our iteration of “Earth,” there are several studies suggesting that the study of paleontology is itself going extinct. In an attempt to envision a brighter future for the field, I want to build a world whereby society values paleontology above all else — essentially valuing ancient life more than present life.

Feeling that notion was just a bit too extreme, I dialed back a bit and settled for “paleontology becomes the largest / profitable industry.”

Other industries can/need to exist too (food/beverage/transportation/ect), but the core of this world’s economy is the study, extraction and celebration of ancient life.

Success metric

In our world, understanding the formation of fossil fuels has powerful real world benefits, but may not always be conducive to a broader embrace of the field outside of utilitarian resource exraction. I want the economy to be driven solely by the enthusiasm and demand for understanding ancient life (dinosaurs, therapsids, ect). So the success metric here is designing society’s values to be as fond as possible to ancient life. Equivalently, answers that propose paleontology for utilitarian purposes (gas for cars) will score lower.


Assuming everything else to be and technology near or at , how might I design the values of society such that paleontology becomes the largest / most profitable industry?

You can’t make it the biggest, but it can be a lot bigger

The largest and most profitable industries work with the most available resources and sell them to the largest markets. Everyone wants oil, everyone wants steel (though mostly indirectly), everyone wants software, everyone wants to buy stuff cheaply and easily, you can probably name at least one company for each of those markets.

A T-Rex can sell for $10,000,000

Fossils are of limited supply and of interest to a comparitively small number of organisations. There are commercial fossil hunters and private collectors often with more money to spend than the museums, though the ethics of this industry are sometimes questioned. Clean up the image of this industry and you’re still talking about a luxury product in limited supply.

It’s that limited supply that causes the issue. Consider the gold rush. The way to make money was to sell fresh food and tools to miners. You didn’t mine gold, you mined the miners.

The core of your economy might be extracting fossils for one reason or another, but the biggest industry won’t be paleontology itself, it will be one of the support industries that also has a market to the general population (possibly software), or the equivalent of De Beers that acts as a clearing house for lots of smaller paleontology operations and acts to keep prices up.

Chinese medicine claims it can be used to treat impotency.

Rhino horn does nothing medicinal yet fetches up to $30,000 per pound and has managed to drive rhinos to the point of extinction.

If fossil dust was used instead, it’s value was be much greater thus funding an industry to collect them.

Ancient Technology

Someone discovers ancient alien technology (stasis boxes, warp cores, etc.) that are incredibly important and valuable. Paleontology ( is anything older than 11,700 before present, so that covers a lot.

Now, astro paleontology might get a space program roaring along – imagine if someone found something interesting on the Moon or Mars…

Fossils actually cure diseases

Some impurity in fossil oil cures diseases such as AIDS, COVID-19 and Ebola. But only in reservoirs that have the fossil from animals that filled some specific niches in the past. In fact, different species produce different impurities which cure different diseases. Paleontology then becomes a matter of survival for the world as a whole, and children will probably learn a lot more about it in school. Countries that do not invest heavily in it enter a recession whenever a pandemic hits, whereas those that invest in this science thrive relatively unnafected.

Make paleontology relevant to everyday life

The problem with paleontology and why it’s always the awkward unwanted stepchild when it comes to getting funding is that paleontology has absolutely no broader relevance to modern life. Even compared to similar disciplines such as the taxonomy or ecology of living organisms or history in general. Other evolutionary biologists like Richard Dawkins have even gone on record declaring their contempt for paleontology and how superfluous it is, saying things like “the evidence for evolution would be entirely secure, even if not a single corpse had ever fossilized“. Or the elder Alvarez calling paleontologists “stamp collectors” and “not very good scientists” (though that one I will dispute because 1) paleontology has become more relevant since Alvarez’ day and 2) he was a huge jerk who said things like this without doing any research and often made these half-baked, poorly-researched statements. Though his argument that a physicist managed to make paleontology more relevant than actual paleontologists still stands.

Compared to the study of living organisms paleontology comes up short because studies of the ecology and taxonomy of living animals can be applied to conservation efforts, controlling invasive species, using living animals as barometers to determine the health of an environment, pest control, etc. Paleontology doesn’t do any of those things. And society has already shown how little it values biological taxonomists.

Paleontology is a historical science. It’s basically chronicling the history of the Earth and all the things that live upon it. One might say “well, knowing where one came from is important, as well as what did and did not work in the past”. That’s true. But the problem is that nobody ever starved to death from not knowing their history. It’s intellectually enriching, a nice bonus, but otherwise a superfluous luxury. Compare that to human history, which does have more relevance because it is about human behaviors, and therefore the policies and decisions that worked in the past can be more easily extrapolated to the present day. Those who do not learn from history and doomed to repeat it, and such.

There is no lesson that can be broadly applicable to social policy about how there was a massive volcanic event 225 million years ago at the end of the Triassic or that there was an inland sea in Kansas in the middle of the Cretaceous. No medical advances have ever been made by the discovery of Lucy and Ardi (and other hominins) and piecing together when and how human bipedalism originated. What knowledge can be applied to the present day (e.g., conservation efforts for Burramys finding out that the animal is actually more adaptive than we thought based on its fossil record, or “maybe we should be worrying about meteors”) are rare exceptions that prove the rule.

Even Jack Horner’s suggestion of using developmental biology to rebuild pseudo-dinosaurs from chickens has been laughed at for having no broader applications. Just because you’ve engineered a chicken to have teeth and claws doesn’t mean it’s going to know how to use them, or that it’s behavior will give you any indication on how dinosaurs behaved. It’s still going to act like a chicken. Even the genes or developmental signals you tweak to cause it to turn into a pseudo-dinosaur may not be the same ones that actual dinosaurs used when birds first evolved. Talking with colleagues we concluded the best use for such an animal would be to try to sell it as a curiosity to rich patrons for research money.

As someone who works in paleontology, you should see the kinds of mental gymnastics people do during grant season to try and justify how their research is relevant to the modern day. The big one nowadays is climate change (no, knowing how fast a certain mountain range was thrust up does not tell you how species will adapt to changing climates and anthropogenic habitat destruction).

People often say the fossil fuel industry makes paleontology relevant, but there’s a saying in paleontology: “no oil company cares about your thesis on spinosaur paleoecology”. Fossil fuel companies only care about a select group of paleontologists (people who study stratigraphy or certain microfossils like conodonts and forams), and even then you basically can’t get a job as an oil geologist anymore because what used to require detailed geological knowledge and ferreting conodonts out of rock is now done by machines.

These features are why paleontology is almost always the first science on the chopping block at any major university. And a lot of scientific fields seem to thing the only thing paleontology is good for is getting people interested in science and bringing people into natural history museums.

What’s the point of this long, seemingly nonsensical rant? In order to make paleontology the largest/most profitable industry in your setting it is necessary to understand why it is not so in our timeline. If you want to make paleontology the largest/most profitable industry in real life, you need to make it so that it has some direct application to real life that makes it relevant. Relevant enough that it doesn’t just benefit humanity when funded (and therefore could be passed off as a luxury), but there have to be actual reasons why cutting funding would be bad. Look at other sciences. If medicine research funding gets cuts we don’t have the resources to come up with new vaccines and cures. If engineering funding gets cut countries lose opportunities to make technological advancements. If ecology funding gets cut there are invasive species out there that we spend literal billions each year to contain that will become unleashed. If paleontology gets cut nothing happens. Indeed, this is what happens in IRL museums, the curators get fired and the collections get put in storage, the board of directors only cares about the dinosaur fossils on display.

Some people have brought up ancient technology, and I agree with them. Basically if you’re in a technological arms race and how far ahead you are is dependent on what you dig up, then the people who do the digging are your lifeline. Except that would be archaeology or xeno-archaeology instead of paleontology. Paleontology focuses on non-sentient organisms.

Bringing things back to life is another option but even Michael Crichton pointed out there is no money to be made for bringing dinosaurs back to life. The whole reason he had Jurassic Park set in a dinosaur theme park was he couldn’t think of a way that someone would want to clone dinosaurs and not go bankrupt in the process beyond “rich idiot decides to clone dinosaurs and make a zoo for them”.

If they got out and things went full Dino Crisis you might have a reason for an adult knowing more than an eight-year-old about Tyrannosaurus rex. But even then it’s technically interest in contemporary (if resurrected) animals that requires no knowledge of their fossil history. Field biologists would rapidly outpace paleontologists in their knowledge of these creatures due to accurate, first-hand experience of raptors trying to eat their faces.

Time travel is a good option. There you kind of have to know the landscape in order to know where things are, how to survive, and how to not get eaten by a T. rex. The downside is that from a relativity point of view it’s more looking at contemporary animals than digging up bones, and what would happen really quickly is that scientists would stop digging up bones because you can get more by studying the living, breathing thing. One paper on a flesh-and-blood tyrannosaur would be worth more to science than 100 years of painstakingly pulling information from its fossil bones. Paleontology is like a roadmap to the past, only the map is torn, faded, written in a dead language, and somebody scribbled on it with magic marker.

Fossils as jewels.

Diamonds are precious because they are rare, because people want them for jewels, and because of a Belgian family with a monopoly. Fossils are already rare: if your world values them as much as they do diamonds, and makes necklaces with authentic dinosaur teeth, tribolite seal rings, or bracelets/cuffs from hollowed out vertebrae, then there would be an industry to mine them. Add a little crony capitalism and they become the most expensive thing in the world.

Anthropology required for time traveling

A certain amount of detail is needed in order to time travel to specific times and places, the more is known about the period you’re visiting, the less other resources are needed to make the trip.

Conclusive evidence of dinosaurs being aliens, found

An alien civilisation makes first contact. They are super smart dragons currently and claim that dinosaurs are their ancestors.

They also claim to be Earth’s true owner and have broadcasted an ultimatum of wiping the human civilisation to make way for their return.

Humans must do accelerated research like we are doing for covid-19 right now to

  1. Fight the aliens.
  2. Better Negotiations.
  3. Find their own original stories

Ending could include something heartwarming like the Dragonforce actually just wanting humans to unite and mend their ways towards how they treat the environment or

It could be made fantastical like humans being revealed to be another alien civilisation that are galactic arch nemesis of the Dragonkin or another species of apes that inhabited the same planet as the dragons but were forced to vacate their home planet for various reasons.

Fossils are more common

The reason fossils are rare in our world is because bones decompose; within a few hundred years, most skeletons are reduced to nothing, and only a few rare exceptions survive the millions of years to become what we consider fossils.

So, what would have to change? We have a couple options:

Bones don’t decay: This happened with wood when it was first developed. For a long time, there was no biological process to decompose the wood, meaning that it just piled up. If we’re working with a world where modern bone structure is relatively new (this might be tricky evolutionarilly, but if skeletons were a very recent development, possibly even after intelligence developed, it might work), then it might be possible for bones to not decay yet.

The world is much older: We have had animals with skeletons on our planet for about half a billion years. If this world had skeletons for a lot longer, say many billions of years, it would be possible for a much larger number of fossils to be available.

Events that cause fossilization are more common: The most common cause for fossilization is for the creature to be buried either before or soon after it died in materials that cause the bones to fossilize rather than decay. Now, having a world where creatures die in landslides all the time seems rather unlikely, but this actually seems like the most likely solution. If an ancient (worldwide) civilization had a tradition that would cause them to bury people in a way that would usually cause them to fossilize, it would carry the potential for billions, or perhaps even trillions of fossils to exist, scattered around the world. This is more than enough to create a major industry.

Large-scale motive

The main enduring large-scale motive in this world is power (basically via money or military might), so you’ll need to tie into that if you want everyone in the world interested in paleontology. Depending on your genre and the story you’re wanting to tell, there are many possibilities. Here are some off the top of my head:

  • Ancient advanced race that leaves behind technological advantages. Trite, but effective (so many examples: Stargate, Disney’s Atlantis, etc.)
  • Ancient elements that assist in present-day military power. A substance, material, or refined base element (e.g. vibranium)
  • Ancient DNA. Either Jurassic Park approach, or super-soldier Captain America approach. Could maybe make a Jurassic/Pokemon hybrid where people are trying to find new and novel DNA sources, but again the DNA has to be universally advantageous to everyone.
  • Ancient secret material that provides longer life/near immortality. The Dune approach.

Basically, whatever it is, it has to be desirable by anyone in the world, and it has to actually work and provide some kind of advantage for the individual who possesses it.

The Timeline

In addition to thinking of the “what” above, equally important is where in the cycle of discovery, widespread interest, and decline you want to place your story. In each of the cases above, there’s a time when only a few people know about it, and given the universal interest and advantage of the thing, it becomes in high demand. But all paleontology materials are limited and will eventually be used up, so there will be some kind of scarcity/decline (unless you can think of a way to make it all sustainable, I guess).

Good luck!

You can’t do it in a truly realistic way but you can do it in a fantastical way.

The wild arms series had this with dragon bones. Dragon bones made of a fantastical metal that could not be acquired any other way except digging up dead dragons. the metal was incredibly useful entire industries and military complexes grew up around exploiting it. Later it is discovered dragons were actually ancient alien bio-mechanical weapons and graveyards are actually ancient battlefields.


We assume evolution builds to superior intelligence. We assume no branches existed that got just as far, in a similar span of time, but were cut-down by calamity.

enter image description here
enter image description here

That all changes the first time a Pioneer- or Voyager-like golden disk with pictures of velociraptors is pulled from the dirt.

If it can be reliably dated to several million years ago (say Uranium impurities in the disk, present with Uranium decay products), and can be irrefutably established that they were a peer (or maybe even superior) to us in technology (say, for example, a sister plaque is discovered on the Moon or Mars), I think you’d have a sudden big resurgence in wanting to understand ancient history before the Holocene.

I think the most realistic approach would be to imagine a world not too far removed from our own, where automated machinery and more equitable distribution of resources has freed up humanity to spend far less time just trying to make a living, and offered us more time to explore our world and dwell on the big questions. Paleontology (like prehistoric archaeology and come forms of astronomy) offers the only available means of gathering knowledge about the past. It’s a limited resource, and the process of gathering and studying materials requires destroying the context in which they were found. Engaging in excavation requires shouldering a great deal of responsibility, as you’re denying future generations the opportunity to do what you’re about to do. If society as a whole valued this knowledge more, then we would devote more resources to making sure it’s done as well as possible (thus, spinoff industries in tech and manufacturing would exist to support paleontology).

Previous opening: My initial thoughts all run in the direction of making fossils more valuable as economic resources, similar to the ‘fossils’ on Harlan’s World in the Altered Carbon universe (a nonrenewable resource that is required for their most advanced technology), or by making some changes in the process by which some fossils become preserved for study and others transform into fossil fuels–which, in a sense, ARE the most important industry in our world. Maybe if it were necessary to excavate and study fossils to produce fossil fuels… but that would ultimately transform the meaning and purpose of paleontology itself.

Tagged : / / /

Server Bug Fix: linux yum through a socks v5 proxy

Original Source Link

I can’t use yum because port 80,443 are being blocked by a firewall.

I setup a ssh proxy tunnel (socks v5), it works fine.

I’ve tried to find how to use yum with a socks v5, but looks like it only can be done with a http proxy.

how can I use yum with a socks v5 proxy? I can’t use http proxy.

EDIT: additional information

I can’t use yum at all.
distros: fedora 16 and ubuntu, neither of these two have a compiler.

Have you tried ProxyChains?

Tagged : / / /

Server Bug Fix: How to combine squid reverse proxy with nginx proxy for shiny-server

Original Source Link

I have a nginx web server which acts as a proxy for my shiny-server. I now want to use a squid reverse proxy to provide access to the nginx server (and thus the shiny server) to internet clients. Currently, I can access the nginx server (and thus the shiny-server) through a web browser on my local network.

My objective is to configure the Squid & Nginx instances such that they can pass traffic between them.

nginx.conf (edited for brevity):

server {
    listen       80 default_server;
    return       301 https://$host$request_uri;

server {

    listen       443 ssl http2 default_server;
    listen       [::]:443 ssl http2 default_server;
    server_name  _;
    root         /path/to/server/directory;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
        proxy_pass http://localhost:3838;
        proxy_redirect / $scheme://$http_host/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_read_timeout 20d;
        proxy_buffering off;

squid.conf (edited for brevity):

cache_peer parent 80 0 no-query originserver name=shinyHost login=PASS
acl shinyACL dstdomain
cache_peer_access shinyHost allow shinyACL
http_access allow shinyACL

You don’t need squid in reverse proxying mode with nginx, thus you shouldn’t use it. If you want to cache anything that upstream gives your nginx – you should do it using nginx ngx_http_proxy_module by configuring what to cache.

Tagged : / /

Server Bug Fix: How to do not logout / lose screen when I’m closing RDP?

Original Source Link

I have an appliaction that performs click on screen that’s running on Windows 2019 Server instance

but the thing is that when I close RDP, then application stops working (clicking)

I think it may be caused because User is logging out on RDP close

Is there any way to “don’t lose screen” when I close RDP?

Thanks in advance!

Tagged : /

Server Bug Fix: Ho to point two different domains to the same web application (Apache)

Original Source Link

I have an app: l’et’s call it Mickey.

To access the app, I’ve configured the vhost in apache, so that when accessing the third level domain, the app Mickey is served.

This works.

And this is its configuration:

<VirtualHost *:80>
        # ServerAlias Not required

        ServerAdmin [email protected]
        DocumentRoot /var/www/

        ErrorLog /var/www/
        CustomLog /var/www/ combined

        <Directory /var/www/>
                AllowOverride All

        RewriteEngine on
        RewriteCond %{SERVER_NAME}
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Now I want to configure another domain:

The end result should be that the Mickey app has to be served when accessed from and when accessed from

So, basically I have:

  1. The same third level domain
  2. The same app
  3. TWO DIFFERENT second level domains.


First attempt: configure a DNS CNAME alias

As first attemp, I simply added a new DNS record in domain that pointed to

DNS for domain

  • Type: CNAME
  • Host: Mickey
  • Points to:

This didn’t worked: after DNS propagation, when I accessed the domain, the server redirected me to the default domain configured in Apache (that is, let’s say,

Second attempt

As I didn’t pointed out immediately that it was the server that redirected to, I changed the DNS record from a CNAME one to an A one:

DNS for domain

  • Type: A
  • Host: Mickey
  • Points to: 123.456.789.012

Where 123.456.789.012 is the IP of the server that serves Mickey app.

This didn’t worked: the server continued to redirect me to

At this point I guessed that was the server that redirected me, so I started digging into Vhost configuration (leaving the DNS record as an A one, and it is an A one while I’m writing this question).

Third attempt: ServerAlias in Apache

As first attempt, I tried to add a ServerAlias to the vhost that serves

<VirtualHost *:80>
+       ServerAlias

        ServerAdmin [email protected]
        DocumentRoot /var/www/

        ErrorLog /var/www/
        CustomLog /var/www/ combined

        <Directory /var/www/>
                AllowOverride All

        RewriteEngine on
        RewriteCond %{SERVER_NAME}
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

This didn’t work: Apache continues to redirect me to

Fourth attempt: A dedicated vhost

At this point I created a dedicated vhost calling it

<VirtualHost *:80>
-        ServerName
+        ServerName
        DocumentRoot /var/www/

        ErrorLog /var/www/
        CustomLog /var/www/ combined

        <Directory /var/www/>
                AllowOverride All

        RewriteEngine on
-        RewriteCond %{SERVER_NAME}
+        RewriteCond %{SERVER_NAME}
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Then I enabled the new vhost in Apache and reloaded it:

sudo a2ensite
sudo systemctl reload apache2

Nothing: accessing continues to redirect me to

What to do now?

At this point I don’t know how to proceed: I have tried all what I thought should have worked, but it didn’t.

Any suggestions?

As told, I need to serve the same exact app both from and from

Any ideas about how to do this?

Finally I solved it!

After many hours of tests and digging in the server, I discovered it was an issue with the Let’s Encrypt digital certificate: after a new challenge and a new verification of the third level domain, now all works as expected! 💪

Tagged :

Server Bug Fix: Access denied trying for PHP fpm status page

Original Source Link

I’m running PHP 7.3 FPM and nginx. In my pool config I have

pm.status_path = /fpmstatus

I have nginx config in place to call out to php for that URL. But when I access that path I get an Access Denied.

The logs say:

Access to the script ‘/var/www/’ has been denied (see security.limit_extensions)

As I understand, what’s happening is that PHP is refusing to “run the script” called fpmstatus because it doesn’t end in .php.

But I’m confused because I believe it was previously working, and because the comments in the config file for setting the status path suggest not including .php in the name. I don’t want to turn off security.limit_extensions. And surely with the /fpmstatus path being internal, it should be excempt from these extensions?


I tried setting the status path to /fpmstatus.php but this just gives a “No input file specified.” error. Seems like fpm is not responding to the configured status page?

The nginx config that applies is:

location = /fpmstatus.php {
    access_log off;
    deny all;
  fastcgi_param  SCRIPT_FILENAME    $document_root/fpmstatus.php;
  fastcgi_param  QUERY_STRING       $query_string;
  fastcgi_param  REQUEST_METHOD     $request_method;
  fastcgi_param  CONTENT_TYPE       $content_type;
  fastcgi_param  CONTENT_LENGTH     $content_length;

  fastcgi_param  SCRIPT_NAME        $document_root/fpmstatus.php;
  fastcgi_param  PATH_INFO          $fastcgi_path_info;
  fastcgi_param  REQUEST_URI        $request_uri;
  fastcgi_param  DOCUMENT_URI       $document_uri;
  fastcgi_param  DOCUMENT_ROOT      $document_root;
  fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  fastcgi_param  REQUEST_SCHEME     $scheme;
  fastcgi_param  HTTPS              $https if_not_empty;

  fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

  fastcgi_param  REMOTE_ADDR        $remote_addr;
  fastcgi_param  REMOTE_PORT        $remote_port;
  fastcgi_param  SERVER_ADDR        $server_addr;
  fastcgi_param  SERVER_PORT        $server_port;
  fastcgi_param  SERVER_NAME        $server_name;

  # PHP only, required if PHP was built with --enable-force-cgi-redirect
  fastcgi_param  REDIRECT_STATUS    200;

    fastcgi_pass myupstream;

I can get it working if I set cgi.fix_pathinfo=1 in /etc/php/7.3/fpm/php.ini but is there a way to get it working with that set to 0?

Tagged : /

Server Bug Fix: Trying to authenticate with ssh keys through an LDAP server, gett Permission Denied (publickey) error

Original Source Link

I currently have an LDAP server setup that I am using for user authentication. I can successfully use my client to ssh into a user account, authenticating with that user’s password. However, I would like authenticate with key pairs instead. On my LDAP server, I have added a new ‘sshPublicKey’ attribute to users, which contains a user’s public key. I also created a script on my client at /usr/local/bin/fetchSSHKeysFromLDAP that fetches a given user’s public key information from the LDAP database. I have tested this script and was able to successfully match results from this script with private keys held by the client and confirm them as matching key pairs. I have also edited the client’s sshd_config file with the following lines to set the script to get public keys and turn off password authentication.

AuthorizedKeysCommand /usr/local/bin/fetchSSHKeysFromLDAP
AuthorizedKeysCommandUser nobody
PasswordAuthentication no

However, whenever I run:

ssh -i ~/.ssh/id_rsa [email protected] -vvv

I get the error:

Permission denied (publickey)

Specifically, here are the verbose results of this command. I believe the error might be occurring in the last handful of lines.

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 57: Applying options for *
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file /home/jhuss/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jhuss/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to as 'benji'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:T83mZPyieFJHdxHMMAnka/X8hxw9M1tmOBdhrp/K370
debug1: Host '' is known and matches the ECDSA host key.
debug1: Found key in /home/jhuss/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jhuss/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

I feel like my error is in my sshd_config file, but I have been attempting to track down the problem for quite some time and have not found it. Here is my full sshd_config;

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#Port 22
#AddressFamily any
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile    .ssh/authorized_keys

#AuthorizedPrincipalsFile none

AuthorizedKeysCommand /usr/local/bin/fetchSSHKeysFromLDAP
AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PermitEmptyPasswords no
PasswordAuthentication no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

#GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables

# override default of no subsystems
Subsystem    sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    PermitTTY no
#    ForceCommand cvs server

Thanks for all and any help!

Tagged : / /

Server Bug Fix: Is a Medieval Post-Scarcity Society Possible on an alien world?

Original Source Link

  • By post-scarcity in this case, I mean that the entire society’s sustenance and basic comfort level needs can be met through the minimal effort of what modern man would consider hobbies and odds-and-ends work.
  • These people live in towns and cities of sizes that were typical in the medieval world.
  • These people have technology on par with the medieval world, but things that would have only been available to the middle and upper classes are universally available here.
  • They live on an alien world; so, made-up flora, fauna, and environmental factors are fine as long as they can be scientifically justified.
  • These people are originally from Earth. They evolved from an early human ancestor such as homo erectus which was transported to this alien world between 500,000 and 2,000,000 years ago.
  • These people do not enslave another intelligent species to meet their needs for them.

These people have technology on par with the medieval world.

Medieval technology could ensure food as long as there was no obstacle. The first frost, hail or drought out of season would mean famine, and that was the case until very recent times, if not even until today in part of the world.

I dare to say that medieval technology is the embodiment of scarcity.

So, no, I don’t think post-scarcity would be possible in a medieval world.

Living in basic sustenance & comfort means access to :

  • Food & water
  • Cloth
  • Shelter

All those things, even with today technology, need work, lots of it. And in towns, it’s even worse : the water sources, the fields, the animals, the timber and the stones are further away than for a peasant.

You need something that provide for all those things. For example,
you have post scarcity for a master class with servants of a kind or


You need material and product that are easy to harvest and use, so that
work isn’t too hard and leave a lot of free time.

Some examples :

  • a kind of giant snail that can be eaten and with a big enough shell to live within
  • A fast growing crop that can be grown on flat roofs and harvested on a regular base so that one missed harvest is not that important
  • a tree with a tender wood, easy to cut, that dry really hard

Firstly I suggest that an alien planet capable of supporting human life would in all likelihood also be home to an alien biosphere from an alien biogenesis with completely different biochemistry. Any such life would be very well adapted to the environment on that planet (unlike incoming Earth based life forms). It would also be difficult to eradicate, at the very best inedible and at worst highly toxic.

Setting that to one side (perhaps life on the planet was still in the oceans) and assuming Terrestrial life has successfully colonised the land surface, a lot would depend on the nature of the society and the climate. One key element would be some form of effective population control. If this was not possible then the population would be doomed to boom and bust feast and famine cyclically on a long enough time span. But if there was some means of keeping the population at roughly the same level then there would be hope.

Another problem would be human nature and the tendency to form hierarchies governed by an elite. This is present in all human societies and has lead to huge inequality within those societies with the kings, lords, chiefs and similar taking the lion’s share of any surplus. This would have to be prevented by some means.

Finally there would need to be a benign climate (much better than northern Europe). There are some areas on Earth where the weather is warm all year round and there is plentiful rainfall. In such locations it is possible to get two harvests every year. With the correct mix of crops and the absence of pests and diseases any population should have a bountiful supply of food.

Permaculture and the Periodic Apocalypse

For “Post Scarcity” you need food production to basically take care of itself. In the Medieval world the vast majority of people were involved in farming. So cover your alien planet with fruit and nut trees that provide limited value to the local fauna, but that are just perfect for people.

Basically, money DOES grow on trees – so we’re post scarcity.

Then Population Explodes

The problem is, of course, that without famine or war to control population, the population is going to grow rapidly. Urbanization will occur.

Dense urban populations with free time will lead to universities, explorers clubs, and the general advancement of knowledge. You will rapidly exit the Medieval tech level. So you need to keep the population low.

Enter the Apocalypse

You need some kind of periodic mass death to prevent people from advancing technologically. Bonus points if your apocalypse targets urban centers, since that’s where the exchange of ideas really heats up.

Possible inspirations include:

  • Dragons – Large Monsters are known to attack population centers [citation needed]
  • Plagues – COVID certainly is hitting urban areas harder, and a highly virulent illness could exist in rare animals, only affecting humans when the population is large enough that the host’s territory is impacted.
  • Long Period Famines – maybe there’s something that lowers the productivity of the vital money trees, but only at very long intervals. Every 200 years, the trees cease production for a year, all at once. (Maybe there’s something odd with the host star that lowers solar output?) It’s so infrequent that the famine falls into myth before the next cycle hits.

In any case, the recipe for post-scarcity Mevdieval aliens is: easy access to food and something that keeps population density low.

To keep them from moving out of the Medieval era, you need something that prevents rising returns to human capital as people branch out into industrious pursuits.

To make that society post-scarcity, you need something that brings about a lot of stability for basic resources like food.

One good starting place to think about this might be The Potato’s Contribution to Population and Urbanization: Evidence From A Historical Experiment by Nunn and Qian (2011). In it, they attempt to show that the spread of the potato out of central America “accounts for approximately one-quarter of the growth in Old World population and urbanization between 1700 and 1900.”

This suggests to me that you could introduce a similar staple crop on your planet, but perhaps one that doesn’t lend itself to large-scale farming. Combined with a very stable climate that lacks droughts, floods, and pests (or perhaps has them but the staple crop is resilient to them), you might be able to make this work. Something like a crop that needs a lot of space to grow, and is delicate and messy in a way that prevents automation – like things we still hand-pick today. Or imagine cotton before the invention of the cotton gin.

It would be hard to free up labor from farming to pursue other things. But as long as that labor was engaged in farming, everyone had plenty to eat. That would also help prevent people from dedicating their time to lots of education, thereby coming up with advanced things that will reduce the dependency on farming and break them out of the Medieval era.

That still leaves the problem of population though. Eventually, with enough people, land would become scarce and ruin your setup. I feel like you could hand-wave that away easily enough. Maybe the environment lowers birthrates such that it’s very hard for the natives to grow the birth rate beyond the mortality rate. Happy coincidence; women are just fertile enough and the people just healthy enough that their population growth is checked at a nice equilibrium! Most models of macroeconomic growth also include population growth as an element of economic growth, so this might also help with your Medieval stagnation.

Another problem might be why people don’t enslave others to do the work for them, such as in the cotton example. There are plenty of cultural ways you could explain this though. Maybe they’re fiercely independent, and nothing motivates them to violent uprisings like taking away other’s freedoms.

Anyway, there are lots of details you could tweak to accomplish this, but I feel like it has to start with a staple source of food that they can’t easily mechanize production of.

In the long term probably no, evolution would find something that can compete with humans for resources (weeds).

However if the colonisation could have happened much more recently, say 500 years ago you could steal a planet from the book starship troopers. In the book they have found this world that has not harbored life on land that long. All that grow naturally is some primitive moss or such. That means that their crops from earth rapidly take over the ecosystem creating fields of food with no competition. This coupled with a very stable star and climate makes for easy living.

The Issue with Post-Scarcity here is population growth

This isn’t as much of a danger for modern post-scarcity societies, as birth rates are far lower in modern societies (as in, people have control over how many children they have). In medieval times, birth rates were completely uncontrolled; due to high infant mortality, starvation and other issues, this was a relatively small problem.

However, if you take a medieval society and make it post-scarcity (putting aside for a moment the fact that you just took the jobs away from 80% of the population), this becomes an issue; improved health and reduced disease (I assume there would be less disease in the society you describe) means that most children will survive to adulthood, and with every couple having 5+ children, in only a few generations, population will explode. If we assume each generation is double the size of the one previous, in 500 years the population will have multiplied by a million, and done so again in another 500. Regardless of how abundant food is, this will quickly become an issue.

Of course, as I alluded earlier, medieval society is almost completely geared towards making food, whether cheap food for commoners or meat and pastries for wealthier folk. With this a non-issue, suddenly everyone’s twiddling their thumbs. We’ve recently seen a smaller version of the effects this would have in America; bored and stir-crazy people riot and cause widespread mayhem over issues that would never have normally triggered such a large reaction. America has modern entertainment such as video games and movies, meaning that this would orders of magnitudes worse if you took away the jobs of the majority of the population when they have nothing else to do.

Tagged : /