主页 / user-29196

atroon's questions

Martin Hope
atroon
Asked: 2015-02-05 07:43:42 +0800 CST
  • 1

看起来很简单:使用ip ssh version 2.

结果是这样的:

3750xCoreStack(config)#ip ssh version 2
Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

3750xCoreStack(config)#cry key gen rsa
% You already have RSA keys defined named 3750xCoreStack
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 65 seconds)


3750xCoreStack(config)#ip ssh version 2
Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2). 
3750xCoreStack(config)#

所以,我肯定有一个 2048 位的 RSA 密钥,但它告诉我需要一个才能启用 SSH。SSHv1 目前正在运行。软件是

Cisco IOS Software, C3750E Software (C3750E-IPBASEK9-M), Version 15.0(2)SE7, RELEASE SOFTWARE (fc1)

有什么想法吗?

ssh
Martin Hope
atroon
Asked: 2013-03-22 09:19:17 +0800 CST
  • 1

我有一个行为不端的 Cisco 2811。它通过 Call Manager Express 为我们 20 人的办公室提供互联网和电话服务。除了最近电话无法正常工作并且互联网不稳定。连接到我们的 ISP 的外部接口很好。内部接口连接到连接我们内部网络的 2960。show界面存在明显问题:

    FastEthernet0/1 is up, line protocol is up 
  Hardware is MV96340 Ethernet, address is 001b.d40a.e071 (bia 001b.d40a.e071)
  Internet address is 192.168.1.254/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 13/255, rxload 19/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  1., loopback not set
  Keepalive not set
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:54:10
  Input queue: 1/150/420/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 7463000 bits/sec, 1038 packets/sec
  5 minute output rate 5244000 bits/sec, 880 packets/sec
     3021883 packets input, 2691686783 bytes
     Received 7649 broadcasts, 0 runts, 0 giants, 95 throttles
     2155 input errors, 0 CRC, 0 frame, 0 overrun, 2155 ignored
     0 watchdog
     0 input packets with dribble condition detected
     2537251 packets output, 1717084791 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     464 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

我已经用全新的电缆更换了电缆,但没有效果。我已经在它所连接的 2960 上设置了 switchport nonegotiate。我已验证两个接口(100M,自动/自动)上的设置相同。我已确保 CDP 已打开,并且 keepalive 已关闭。

我今天不在家,但明天我打算在 2960 上安装一个 SPAN 端口以尝试获取更多信息。我还能做些什么来弄清楚这些问题是从哪里来的吗?

我做了一个 sho interface mac-accounting 并且一个人的计算机将大约 80% 的总流量发送到路由器......总共 3100M 字节中的 2800M 字节。我的助手检查了她的 PC,没有发现任何异常。

编辑:

根据要求,这是sh int来自交换机端口的:

GigabitEthernet1/0/48 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet, address is b414.89ba.32b0 (bia b414.89ba.32b0)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, 
     reliability 255/255, txload 22/255, rxload 4/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported 
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:03, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 20147
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1883000 bits/sec, 693 packets/sec
  5 minute output rate 8721000 bits/sec, 1020 packets/sec
     64561402 packets input, 46701593519 bytes, 0 no buffer
     Received 109892 broadcasts (102372 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 102372 multicast, 0 pause input
     0 input packets with dribble condition detected
     66138056 packets output, 36914890016 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
cisco
Martin Hope
atroon
Asked: 2012-05-17 08:01:32 +0800 CST
  • 1

我有一个 Openfire Intranet XMPP 服务器(好吧,直到今天早上),它已经愉快地运行了 370 天而没有被触及,总共运行了大约 3 年。用户向相邻服务器上的 AD 进行身份验证,并按 OU 分组。所有这些功能都很好[ed|s]。

我的问题是今天早上服务崩溃了,我的助手在尝试使用管理控制台确定问题所在时收到“没有 Java 堆空间”错误(抱歉,没有屏幕截图)。我们转到物理控制台并重新启动服务,它重新启动正常,或者至少没有出现可见错误。

但是现在,尝试进入管理控制台会弹出初始设置页面。我呻吟着,但还是翻出了我的笔记,重新输入了所有的 LDAP 信息和数据库连接信息。我心满意足地点击了“登录管理控制台”按钮,然后等待……只是返回到我刚刚离开的设置屏幕,询问我首选的系统语言是什么。所以:

MySQL 服务器正在运行,并且 /opt/openfire/conf/openfire.xml 文件中的连接信息是正确的。我通过使用该文件中的凭据来查看 ofProperty 表来测试连接。检查 ofProperty 表的内容显示设置保存在那里,包括所有 LDAP 信息、名称和其他字段、组定义,所有内容。但是Openfire 拒绝从数据库中加载它们。

我检查过的事情:

  • 检查 /var/log/messages 没有发现任何异常。
  • MySQL 运行良好,能够从本地主机以及我机器上的 MySQL 工作台获取连接。
  • 我的磁盘已使用 3%。
  • 内存没问题,用了0k swap。
  • 这台机器只运行openfire,没有别的。
  • Netstat 仅显示监听 9090 和 9091(管理端口)的 openfire 进程。
  • 运行 ps 仅显示管理进程。
  • 没有安装更新。
  • 没有更改任何配置。
  • 这台机器不能从互联网上访问,所以黑客攻击似乎不太可能。也没有其他迹象。

编辑:显示连接被拒绝的日志剪报,但显然只发生在较早的时间:

    2012.05.16 09:27:47 org.jivesoftware.database.DbConnectionManager - Unable to get a connection from the database pool (attempt 10 out of 10).
com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception: 

** BEGIN NESTED EXCEPTION ** 

java.net.ConnectException
MESSAGE: Connection refused

STACKTRACE:

java.net.ConnectException: Connection refused
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(Unknown Source)
    at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
    at java.net.PlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at java.net.Socket.<init>(Unknown Source)
    at java.net.Socket.<init>(Unknown Source)
    at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:256)
    at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:271)
    at com.mysql.jdbc.Connection.createNewIO(Connection.java:2771)
    at com.mysql.jdbc.Connection.<init>(Connection.java:1555)
    at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at org.logicalcobwebs.proxool.DefaultConnectionBuilder.buildConnection(DefaultConnectionBuilder.java:39)
    at org.logicalcobwebs.proxool.Prototyper.buildConnection(Prototyper.java:159)
    at org.logicalcobwebs.proxool.ConnectionPool.getConnection(ConnectionPool.java:211)
    at org.logicalcobwebs.proxool.ProxoolDriver.connect(ProxoolDriver.java:89)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at org.jivesoftware.database.DefaultConnectionProvider.getConnection(DefaultConnectionProvider.java:86)
    at org.jivesoftware.database.DbConnectionManager.getConnection(DbConnectionManager.java:124)
    at org.jivesoftware.openfire.XMPPServer.verifyDataSource(XMPPServer.java:754)
    at org.jivesoftware.openfire.XMPPServer.start(XMPPServer.java:480)
    at org.jivesoftware.openfire.XMPPServer.<init>(XMPPServer.java:212)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at java.lang.Class.newInstance0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at org.jivesoftware.openfire.starter.ServerStarter.start(ServerStarter.java:113)
    at org.jivesoftware.openfire.starter.ServerStarter.main(ServerStarter.java:58)


** END NESTED EXCEPTION **



Last packet sent to the server was 1 ms ago.
    at com.mysql.jdbc.Connection.createNewIO(Connection.java:2847)
    at com.mysql.jdbc.Connection.<init>(Connection.java:1555)
    at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at org.logicalcobwebs.proxool.DefaultConnectionBuilder.buildConnection(DefaultConnectionBuilder.java:39)
    at org.logicalcobwebs.proxool.Prototyper.buildConnection(Prototyper.java:159)
    at org.logicalcobwebs.proxool.ConnectionPool.getConnection(ConnectionPool.java:211)
    at org.logicalcobwebs.proxool.ProxoolDriver.connect(ProxoolDriver.java:89)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at org.jivesoftware.database.DefaultConnectionProvider.getConnection(DefaultConnectionProvider.java:86)
    at org.jivesoftware.database.DbConnectionManager.getConnection(DbConnectionManager.java:124)
    at org.jivesoftware.openfire.XMPPServer.verifyDataSource(XMPPServer.java:754)
    at org.jivesoftware.openfire.XMPPServer.start(XMPPServer.java:480)
    at org.jivesoftware.openfire.XMPPServer.<init>(XMPPServer.java:212)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at java.lang.Class.newInstance0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at org.jivesoftware.openfire.starter.ServerStarter.start(ServerStarter.java:113)
    at org.jivesoftware.openfire.starter.ServerStarter.main(ServerStarter.java:58)
2012.05.16 09:27:48 org.jivesoftware.openfire.XMPPServer - Server halted
2012.05.16 09:36:34 org.jivesoftware.openfire.pubsub.PubSubModule - Publish-Subscribe domain: pubsub.cc.server.local
2012.05.16 09:36:36 org.jivesoftware.openfire.muc.spi.MultiUserChatServiceImpl - Multi User Chat domain: conference.cc.server.local
2012.05.16 09:37:48 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [May 16, 2012 9:37:48 AM]
2012.05.16 09:38:01 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
  http://127.0.0.1:9090
  https://127.0.0.1:9091
2012.05.16 09:54:21 org.jivesoftware.openfire.XMPPServer - Server halted
2012.05.16 09:54:33 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [May 16, 2012 9:54:33 AM]
2012.05.16 09:54:46 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
  http://127.0.0.1:9090
  https://127.0.0.1:9091
2012.05.16 10:07:24 org.jivesoftware.openfire.XMPPServer - Server halted
2012.05.16 10:07:37 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [May 16, 2012 10:07:37 AM]
2012.05.16 10:07:49 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
  http://127.0.0.1:9090
  https://127.0.0.1:9091
2012.05.16 10:26:39 org.jivesoftware.openfire.XMPPServer - Server halted
2012.05.16 10:28:54 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [May 16, 2012 10:28:54 AM]
2012.05.16 10:29:10 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
  http://127.0.0.1:9090
  https://127.0.0.1:9091
2012.05.16 10:33:25 org.jivesoftware.openfire.XMPPServer - Server halted
2012.05.16 10:33:38 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [May 16, 2012 10:33:38 AM]
2012.05.16 10:33:51 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
  http://127.0.0.1:9090
  https://127.0.0.1:9091
2012.05.16 10:51:38 org.jivesoftware.openfire.XMPPServer - Server halted
2012.05.16 10:51:51 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [May 16, 2012 10:51:51 AM]
2012.05.16 10:52:04 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
  http://127.0.0.1:9090
  https://127.0.0.1:9091
2012.05.16 10:53:01 org.jivesoftware.openfire.XMPPServer - Server halted
2012.05.16 10:53:35 org.jivesoftware.openfire.XMPPServer - Openfire 3.7.1 [May 16, 2012 10:53:35 AM]
2012.05.16 10:53:49 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
  http://127.0.0.1:9090
  https://127.0.0.1:9091

在那次失败之后,我尝试了各种重新配置和重新启动服务的方法,正如您看到的那样,管理控制台出现了。

java linux mysql xmpp openfire
Martin Hope
atroon
Asked: 2010-01-22 10:51:28 +0800 CST
  • 4

我的公司相当广泛地使用 Access + MySQL 应用程序,如果我发布源代码,它可能会在 Daily WTF 上看到一些显着的流量。用户及其权限的管理正在失控,我似乎花费了越来越多的时间来调整这些或试图弄清楚为什么有人看不到他们应该看到的东西。

它最初设置为三个用户在一个仓库中使用。它现在被四个州的 20 多个用户使用,并且很快会添加更多功能,并且功能已经以大约 10 比 1 的比例添加到用户中......实际的核心应用程序还不错,但管理用户是一种痛苦。Access 为数据本身提供了一个很好的前端,它存储在我们总部的 MySQL 后端。用户在卫星分支机构拥有 Cisco VPN 盒子,这也很稳定。Scope 已经从一个简单的仓库运输记录发展成为一个成熟的 CRM/ERP ......好吧,我不认为你可以称之为解决方案。也许是乳液。如果我有预算,我会打电话给 SAP 并告诉他们去做。恐怕,在可预见的未来,这是不可能的。

按照 Google 的说明(并不总是最安全的做法),我使用 Access 中的“用户级安全向导”为各个用户分配用户名和密码,当我开始时总共有 4-5 个用户和 3 个活跃用户时,这很好. 但它现在相当笨拙。我最深切的愿望和愿望是,有某种方法可以根据 Active Directory 用户名和密码对用户进行身份验证并分配特权角色。有人告诉我这是不可能的。一些谷歌搜索没有发现任何值得注意的东西。

我推测应该可以使用 Active Directory 获得某种身份验证框架,因为 VBA 具有指向 Windows 中各种 API 的链接。但是……值得花时间和麻烦吗?有没有人让这个工作,或者我不仅会炸毁我的 WTF 值得应用程序,而且还会炸毁域?

windows microsoft-access security active-directory user-accounts