ssh public key logging fails to work on centos

after doing a ssh-copy-id to a server I am still unable to logon to the server the following did fix this on the destination server:

First play with Arista API Python

so was testing the arista API with the following code:

It spat out the following error:

to fix this you can do the following:

Backup Avocent ACS6000 using RANCID

There are several ways to backup an Avocent ACS6000, I will be going through one way which is using RANCID as that is our preferred method of backing up our config, we added the below commands to: avologin in the rancid bin dir.

Restoring the config is as easy as copying the config in using cli

ldapsearch with openldap

So I was recently working with openldap to provide a developer details for an application ability to provide different levels of auth based on the group, the below helped me achieve this and some things I ran into:

ldap_bind: Confidentiality required (13)

We have ldaps setup with SSL, when you setup ldaps with private certificates and you want to ignore them below is your best bet:

Free OpenLDAP Browsers

cisco acs command-line linux shell

So how does one drop to the linux shell on the Cisco ACS, recently I needed to get to the Cisco ACS Linux shell to change some permissions due to the fact we were hitting the following bug:

ACS – new configuration of RSA authentication would not take effect

CSCur93568
Description
Symptom:
ACS cannot apply configuration that contain node secret from RSA server:

Users and Identity Stores > External Identity Stores > RSA SecureID Token Servers > Edit “RSA-SecureID-Token-Server” at tab “ACS Instance Settings” the Node Secret Status will display: “-not created-”

On the RSA server
-in the monitor window the authentication will fail with message “pre-shared-secret mismatch”
-at the very first try to sync up the ACS with RSA the authentication might show as successful on RSA appliance.

Conditions:
-new setup
-ACS version 5.5 and 5.6
-when ACS is configured to perform an addition authentication against an RSA server

Workaround:
Change group and owner for directory /opt/CSCOacs/config/RSA (TAC assistance required):
-chown acsuser:gadmin -R /opt/CSCOacs/config/RSA

Access to the Cisco ACS Linux Shell

In order to do the workaround you need access to the Cisco ACS Linux Shell, in order to be able to do this you need to follow the below steps:
download the following package which was provided by cisco:
rpsshv2.tar.gz
and follow the below steps:

Root shell patch for Cisco ACS.

  • Setup a Cisco ACS Repo:
  • application install rpsshv2.tar.gz
  • log out and back in
  • root_enable, this will prompt you to configure a root password
  • root

macosx install openconnect with libstoken support

Install openconnect with libstoken support

Prerequisites

Configure, Make, Install Openconnect with libstoken support

The below will install openconnect with libstoken support:
you can download the latest package for openconnect here: http://www.infradead.org/openconnect/download.html

Using OpenConnect with stoken support

Import your token

  1. Import your RSA token provisioning string, URL, or file with one of:

  2. Enter the token’s password if prompted; you may choose a new one or leave it blank.
  3. If prompted for a PIN, use the provisioning PIN; if you don’t have one, it’s probably 0000
  4. Check to see that ~/.stokenrc was created

Commands useful for a networking engineer

Useful commands that I have put together which have helped me during my career as a network engineer.

nmap ping scan with formatted results
sudo nmap -sP -oG – 10.45.0.0/24

using SED to find and replace from all files in directory
go into the directory where the files are and run the below:
sed -i -e ‘s/17.211.200.29/10.1.3.79/g’ .
or for a specific file
sed -i -e ‘s/17.211.200.29/10.1.3.79/g’ filename

port-mirroring juniper srx with routing-instance

So recently was working on setting up port-mirroring on a juniper srx 240, configured as I thought it should be with the below config:

configured the above and committed the config no issues when i went to check the status saw the following:

I did the above in the default routing-instance and it worked fine. With the above in mind tried to look this up in their docs however could not find out why this wasn’t working so therefore came to the conclusion that port-mirroring is not supported on the juniper srx with routing-instances, raised a case with juniper to confirm and my suspicions and below the response from juniper:

I have gone through some lab replications and also after checking in our internal database I found out that port mirroring is not supported when enabled on a custom routing instance. This feature will only work on the main Routing Instance.

There is no specific document that explicitly says that it is not supported in a customer Routing instance; however, I have personally did a lab recreation with 3 different Software Version and I did not work for me either. Also Advanced TAC was consulted and they confirm that this feature is not supported in a customer RI.

vpnc-script returned error 1 resolv.conf mac osx

Recently on my MAC OSX i rebooted and when I tried to start my vpn using vpnc i got the following error:

Which basically rendered the vpnc-script useless in order to resolve this you need to do the below:

then try starting the VPN again, hopefully should fix this, any issues please comment.

Linux 2 NIC with different networks routing problem

We ran out of host addresses in network 10.231.210.0/25 therefore needed to add additional IP space on our avocent console switch. We have two NICs (eth0 and eth1) on the server which and have an ip from a different subnet assigned which was non-contiguous IP space, therefore it was a different network 10.231.213.0/25. So in this scenario my team had configured the VLAN with an additional IP address on the Juniper EX switch, as each NIC was connected to the same switch and VLAN:

So now the issue was that we were unable to reach the address 10.231.213.4 which was configured on the avocent (linux server) therefore on NIC1:

As we know having 2 static default gateways on the server isn’t going to go down well, the reason we were not able to get through to the address 10.231.213.4, was due to the static default route sending us through eth0, therefore we followed this guide:

http://lartc.org/howto/lartc.rpdb.multiple-links.html

and made the following change:

having done that it resolved our issues yay!!

References:
http://serverfault.com/questions/460364/centos-two-nics-eth0-eth1-with-different-subnets-arent-reachable-outside-vlan
http://lartc.org/howto/lartc.rpdb.multiple-links.html