How to SSH into devices with Insecure Algorithms in Linux

Sometimes I need to connect to an older router, firewall, etc. but get an error like- 

ssh admin@123.123.123.123

Unable to negotiate with 123.123.123.123 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

You can allow the insecure algorithms and ciphers. Obvious warnings, you're connecting insecurely, etc.

cd /etc/ssh
cp ssh_config ssh_config.bak
sudo nano ssh_config

Add-
HostKeyAlgorithms +ssh-rsa

PubkeyAcceptedAlgorithms +ssh-rsa

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes128-cbc,3des-cb>

MACs hmac-md5,hmac-sha1,umac-64@openssh.com

KexAlgorithms +diffie-hellman-group14-sha1

You can just throw those in the beginning.

Good luck!

Adam Cushing

www.adamcushing.com

Keep a program running at all times - if a program closes, have it restart automatically in Windows

First, create a batch file to monitor the program and restart it-

@echo off
setlocal enabledelayedexpansion

set EXE_PATH="C:\path\to\MyProgram.exe"
set EXE_NAME=MyProgram.exe

:start_program
start "" %EXE_PATH%
echo Program started. Monitoring...

:monitor
REM Check if the program is running
tasklist /FI "IMAGENAME eq %EXE_NAME%" 2>NUL | find /I "%EXE_NAME%" >NUL
if "%ERRORLEVEL%"=="0" (
    REM Program is running, wait and check again
    timeout /t 1 >nul
    goto monitor
)

REM Program is not running, restart it
echo Program closed. Restarting...
goto start_program

Next, create a VBS script to run the batch file-

Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "cmd.exe /c C:\path\to\monitor.bat", 0, False  

Finally, set the vbs script to run at windows startup-

Press Win + R to open the Run dialog.
Type shell:startup and press Enter. This opens the Startup folder.
Create a shortcut to the VBS script in the Startup folder.

Adam Cushing
www.adamcushing.com

ScreenConnect / ConnectWise Control not working on RHEL/Oracle Linux- service runs but doesn't work or garbled screen.

I recently had a problem where I loaded ScreenConnect for remote access to a RHEL server. I imagine this is similar for other distros, Centos, Rocky. It has happened on Oracle Linux.




First thing you need is Java. The stupid thing is, it will install without it. But it won't work.
sudo yum install java-1.8.0-openjdk

Then you'll need to disable  Wayland-
sudo nano /etc/gdm/custom.conf

Uncomment this-

WaylandEnable=false

Check the service-

systemctl --type=service

Start or Restart the 'Connectwisexxx"

systemctl status ConnectWisexxx

systemctl start/stop/restart ConnectWisexxx

If you still have issues, check the logs-

/var/logs/messages

/var/logs/connectwise***

Adam Cushing

www.adamcushing.com

Veeam- Your service provider has implemented backup files protection against deletion by an insider for this cloud repository. To protect against advanced attack vectors, we recommend that you configure your cloud backup jobs to keep multiple full backups on disk (as opposed to forever-incremental chain with a single full backup).

You may get this error. My provider does air gap behind the scenes. You can disable this with the below registry change-

Your service provider has implemented backup files protection against deletion by an insider for this cloud repository. To protect against advanced attack vectors, we recommend that you configure your cloud backup jobs to keep multiple full backups on disk (as opposed to forever-incremental chain with a single full backup).  

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\ 

Value Name: CloudConnectBinGfsNotificationSeverity

Value Type: DWORD (32-Bit) Value

Value Data (Default): 2


New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'CloudConnectBinGfsNotificationSeverity' -Value "1" -PropertyType DWORD -Force

Move SQL Temp DB to alternate partition

If you need to move your temporary databases to another partition-

USE master
GO
ALTER DATABASE tempdb
MODIFY FILE( NAME = temp2, FILENAME = 'F:\MSSQL\DATA\tempdb.mdf' )

ALTER DATABASE tempdb
MODIFY FILE( NAME = templog, FILENAME = 'F:\MSSQL\DATA\templog.ldf')

ALTER DATABASE model
MODIFY FILE( NAME = modeldev, FILENAME = 'F:\MSSQL\DATA\model.mdf' )

ALTER DATABASE model
MODIFY FILE( NAME = modellog, FILENAME = 'F:\MSSQL\DATA\modellog.ldf')

ALTER DATABASE msdb
MODIFY FILE( NAME = MSDBData, FILENAME = 'F:\MSSQL\DATA\MSDBData.mdf' )

ALTER DATABASE msdb
MODIFY FILE( NAME = MSDBLog, FILENAME = 'F:\MSSQL\DATA\MSDBLog.ldf')

Move files, restart service.

OpenSSL Self Signed Cert / PFX

openssl genpkey -algorithm RSA -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem
openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in cert.pem

If it won't take the password-
openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey contoso.com.key -in contoso.com.crt -out contoso.com-legacy.pfx

Add Certificate Snap-in:
Go to File > Add/Remove Snap-in.
Select Certificates and click Add.
Choose Computer account and click Next.
Select Local computer and click Finish.
Click OK to close the Add or Remove Snap-ins window.

Import the Certificate:
Expand Certificates (Local Computer) > Personal.
Right-click Certificates and choose All Tasks > Import.
Follow the Certificate Import Wizard to import the certificate from the .pem or .cer file you exported earlier.
Assign the Certificate to LDAPS:

Once imported, locate the certificate in the Certificates (Local Computer) > Personal store.
Right-click on the certificate and choose All Tasks > Manage Private Keys.
Assign appropriate permissions to the private key for the account running the LDAP service (usually NTDS).

You create and deploy a shortcut/URL via GPO, but network icon file is missing.

Create a GPO and enable-

Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer -> Allow the user of remote paths in file shortcut icons