DOCSLIB.ORG

K12522815: Modifying the BIG-IP Device SSL Certificate Configuration Using the Icontrol REST API

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
K12522815: Modifying the BIG-IP Device SSL Certificate Configuration Using the Icontrol REST API K12522815: Modifying the BIG-IP device SSL certificate configuration using the iControl REST API Non-Diagnostic Original Publication Date: Apr 30, 2019 Update Date: Aug 6, 2021 Topic You want to use the iControl REST API to generate and apply a new self-signed SSL device certificate and key. You want to use the iControl REST API to apply an uploaded SSL certificate and key as the device certificate. Description You can use the iControl REST API to administer the SSL certificate and key that the Configuration utility uses. You can use the procedures in this article to generate a new self-signed certificate and key, which you can apply as the certificate and key used by the Configuration utility. Additionally, you can use a subset of the procedures to upload a certificate and key to the appropriate directories and then apply these as the certificate and key used by the Configuration utility. Typographic conventions The following typographic conventions are used in the command syntax examples: Note: If you are a new user of the iControl REST API, refer to K13225405: Common iControl REST API command examples. POST = curl -sk -u admin:<password> -H "Content-Type: application/json" -X POST https://<big-ip address> PUT = curl -sk -u admin:<password> -H "Content-Type: application/json" -X PUT https://<big-ip address> GET = curl -sk -u admin:<password> -H "Content-Type: application/json" -X GET https://<big-ip address> Prerequisites You must meet the following prerequisites to use this procedure: The BIG-IP system is licensed, provisioned, and configured with a management IP address. You have administrative access to the BIG-IP LTM Configuration utility. You have command line access to a Linux system (or an alternate BIG-IP system) with the curl and jq (command line JSON processor) utilities installed. Procedures Generating a SSL self-signed certificate and key Uploading a SSL certificate and key Specifying the device SSL certificate and key Restarting the httpd service Viewing the device SSL certificate configuration Generating a SSL self-signed certificate and key Using the iControl REST API, you can generate a new SSL self-signed device certificate and key. Impact of procedure: Performing the following procedure should not have a negative impact on your system. At the Linux command line, use the following command syntax: <POST>/mgmt/tm/util/gencert -d '{"command":"run","utilCmdArgs":" -n \"<name>\" -p \"/config/httpd /conf/\" -e \"<admin email>\" -h \"<hostname>\" -c \"<country>\" -s \"<state>\" -t \"<city>\" --org \" <organization>\" -u \"<organizational unit>\" -k RSA <key size>" }' For example: <POST>/mgmt/tm/util/gencert -d '{"command":"run","utilCmdArgs":" -n \"bigip1.example.com\" -p \" /config/httpd/conf/\" -e \"[email protected]\" -h \"bigip1.example.com\" -c \"US\" -s \"IL\" -t \" Chicago\" --org \"Example BIG-IP\" -u \"Internet Services\" -k RSA 2048" }' SSL certificate and key generation REST command options You can use the following command options to generate your SSL certificate and key. --name | -n --commonname | -h --country | -c --state | -s --city | -t --org | -o --orgunit | -u --email | -e --keytype | -k (RSA or DSA) <keysize> --fips | -f create the key inside the FIPS-140 device --yesterday | -y] Back date the certificate by 1 day --nocfg | -X The certificate will not be part of the configuration Important: The REST command uses the -p flag to declare the base destination directory for the SSL certificate and key files. Without this command syntax, the SSL certificate and key files are generated as BIG-IP traffic SSL certificates and keys and are not accessible for use as the device certificate and key. Uploading a SSL certificate and key To use a certificate and key that is not specifically generated on the BIG-IP device, upload the certificate and key to the /config/httpd/conf/ssl.crt and /config/httpd/conf/ssl.key directories respectively. The ability to upload SSL certificates and key files to the /config/httpd/conf directories using an iControl REST command is not possible. To workaround this limitation, the files can be uploaded using secure copy protocol (SCP). To upload the certificate and key files using SCP use the following procedure. Important: Do not use the certificate or key file names server.crt or server.key as these are the default certificate and key names. Note: There are restrictions in using the scp command to upload the files. For more information, refer to K73463547: Restrictions in transferring files to the BIG-IP system using the scp command. Impact of procedure: Performing the following procedure should not have a negative impact on your system. 1. Using a SCP client on your local device, upload the SSL certificate file to the /config/httpd/conf/ssl.crt directory. At the Linux command line, use the following command syntax: scp <certificate file name>.crt <username>@<big-ip ip address>:/config/httpd/conf/ssl.crt/<certificate file name>.crt For example: scp my_example_certificate.crt [email protected]:/config/httpd/conf/ssl.crt/my_example_certificate.crt 2. Using an SCP client on your local device, upload the SSL certificate key file to the /config/httpd/conf /ssl.key directory. At the Linux command line, use the following command syntax: scp <certificate key file name>.key <username>@<big-ip ip address>:/config/httpd/conf/ssl.key /<certificate key file name>.key For example: scp my_example_key.key [email protected]:/config/httpd/conf/ssl.key/my_example_key.key Specifying the device SSL certificate and key After your new SSL certificate and key is generated or you have uploaded the SSL certificate and key, you can use iControl REST to specify the BIG-IP device to use the SSL certificate and key for Configuration utility access. Impact of procedure: The following procedure configures the BIG-IP device to use the specified SSL certificate and key for Configuration utility access. If the referenced certificate and key are mismatched, the command fails. Important: In BIG-IP 14.0.0 and later, when using the REST API to generate the SSL certificate and key files, the SSL certificate and key files both use the same base name and are named identically (without the . crt and .key suffixes) and are placed in the subdirectories ssl.key and ssl.crt of the specified base directory used in the REST command. For BIG-IP versions prior to 14.0.0, when using the REST API to generate the SSL certificate and key files, the SSL certificate and key file names are automatically appended with the .crt and .key file suffixes and are placed in the subdirectories ssl.key and ssl.crt of the specified base directory used in the REST command. At the Linux command line, use the following command syntax: <PUT>/mgmt/tm/sys/httpd -d '{"sslCertfile":"/config/httpd/conf/ssl.crt/<file name>","sslCertkeyfile":" /config/httpd/conf/ssl.key/<file name>"}' For BIG-IP 14.0.0 and later, specify the iControl REST-generated SSL certificates and keys names without the suffixes. If the SSL certificate and key files were uploaded to the BIG-IP device in the /config/httpd/conf/ssl.key and ssl.crt directories, use the exact file name of the uploaded certificate and key when running the REST command. For example: <PUT>/mgmt/tm/sys/httpd -d '{"sslCertfile":"/config/httpd/conf/ssl.crt/example","sslCertkeyfile":"/config /httpd/conf/ssl.key/example"}' For BIG-IP versions earlier than 14.0.0, specify the SSL certificate file using the .crt suffix and the key file with the .key suffix. If the SSL certificate and key files were uploaded to the BIG-IP device in the /config/httpd/conf/ssl.key and ssl.crt directories, use the exact file name of the SSL certificate and key when running the REST command. At the Linux command line, use the following command syntax: <PUT>/mgmt/tm/sys/httpd -d '{"sslCertfile":"/config/httpd/conf/ssl.crt/<file name>.crt","sslCertkeyfile":" /config/httpd/conf/ssl.key/<file name>.key"}' For example: <PUT>/mgmt/tm/sys/httpd -d '{"sslCertfile":"/config/httpd/conf/ssl.crt/example.crt","sslCertkeyfile":" /config/httpd/conf/ssl.key/example.key"}' Restarting the httpd service After you assign an SSL certificate and key for the device, you must restart the httpd service to implement the change. Impact of procedure: The following procedure restarts the httpd service, causing the Configuration utility to become temporarily unavailable. At the Linux command line, use the following command syntax: <POST> /mgmt/tm/sys/service -d '{"name":"httpd","command":"restart"}' Note: An issue confirmed in BIGIP 12.1.0-16.0.1 exists when restarting httpd from a simple iControl POST. For more information, refer to the following information: ID 775845 K13292945: httpd failing to start after restarting the service using the iControl REST API Workaround on DevCentral: Creating a tmsh script with iControl REST and using it to restart HTTPD Viewing the device SSL certificate configuration You can use the iControl REST API to view the SSL certificate configuration of the device. Impact of procedure: Performing the following procedure should not have a negative impact on your system. At the Linux command line, type the following command: <GET> /mgmt/tm/sys/httpd | jq -M. Note: Viewing objects with a REST command can produce verbose JSON output. To format the JSON output to a more user-friendly format, use the jq command-line JSON-processor command. The jq command -MS flag sets the formatted JSON output to use monochrome when displaying the JSON output. The . (period) parameter is optional in jq 1.5 and later. Supplemental Information K13225405: Common iControl REST API command examples K00842042: BIG-IP AFM iControl REST API example commands K42442250: Obtaining the list of iControl REST asynchronous API transactions Applies to: Product: BIG-IP 14.X.X, 13.X.X, 12.X.X, 11.6.X, 11.5.9.
Load more

Recommended publications
  • CISCO-CONFIG-COPY-MIB: Secure Copy Support
    CISCO-CONFIG-COPY-MIB: Secure Copy Support The CISCO-CONFIG-COPY-MIB: Secure Copy Support feature enhances the CISCO-CONFIG-COPY-MIB by adding support for the copy Cisco IOS EXEC command, and implementing file transfers between a router and server using the secure copy protocol (scp). Feature Specifications for CISCO-CONFIG-COPY-MIB: Secure Copy Support Feature History Release Modification 12.3(2)T This feature was introduced. Supported Platforms Cisco 1710, Cisco 3600 series, Cisco 3725, Cisco 3745, Cisco 6400-NRP series, Cisco 7200, Cisco 7400, Cisco 7500, Cisco AS5300, Cisco AS5350, Cisco AS5400, Cisco AS5850, Cisco CVA 120, Cisco ICS 7750, Cisco ONS 15104, Cisco uBR 7200, Cisco uBR 925 Finding Support Information for Platforms and Cisco IOS Software Images Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel the login dialog box and follow the instructions that appear. Contents • , page 2 • How to Use Secure Copy Support, page 2 Configuration Examples for Secure Copy Support, page 3 Additional References, page 4 Command Reference, page 5 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2007 Cisco Systems, Inc. All rights reserved. CISCO-CONFIG-COPY-MIB: Secure Copy Support Information About CISCO-CONFIG-COPY-MIB Secure Copy Support Information About CISCO-CONFIG-COPY-MIB Secure Copy Support • • CISCO-CONFIG-COPY-MIB Secure Copy Implementation CISCO-CONFIG-COPY-MIB is platform-independent and provides objects to allow the copy functionality.
    [Show full text]
  • Install a VCS Release Key Via the Web Interface and CLI Configuration Example
    Install a VCS Release Key via the Web Interface and CLI Configuration Example Contents Introduction Prerequisites Requirements Components Used Configure Web Interface Release Key Installation Example CLI Release Key Installation Example Verify Web interface Verification of Release Key Installation CLI Interface Verification of Release Key Installation Troubleshoot Introduction This document describes the installation of a release key to a Cisco Video Communication Server (VCS) via the web interface and the Command Line Interface (CLI). Prerequisites Requirements Cisco recommends that you have knowledge of these topics: VCS Installation Have Installed successfully the VCS and applied a valid IP address that is reachable via web interface and or CLI. Have applied for and received a release key valid for the VCS serial number. Have access to the VCS with both root (by CLI) and the admin account by web interface or CLI. Have downloaded a VCS software upgrade image from Cisco.com. Note: Installation guides can be found here: http://www.cisco.com/c/en/us/support/unified- communications/telepresence-video-communication-server-vcs/products-installation-guides- list.html Components Used The information in this document is based on these software versions: VCS Version x8.6.1 and x8.7.3 VCS Control x7.X and x8.X releases VCS Expressway x7.X and x8.X releases PuTTY (terminal emulation software) ---Alternatively, you could use any terminal emulation software that supports SSH such as Secure CRT, TeraTerm and so on. PSCP (PuTTY Secure Copy Protocol client) ---You can use any client that supports SCP. Licensing email with a Release Key or Upgrade Key.
    [Show full text]
  • Pcoip Management Console 20.01 Administrators Guide
    Installing the PCoIP Management Console and Configuring Your System Installing the PCoIP Management Console and Configuring Your System The topics in this section contain information to help you get up and running quickly. Topics that refer to specific versions of PCoIP Management Console will be identified by the release number. Migrating, upgrading, or downgrading from other versions If you are migrating to a new PCoIP Management Console version see Migrating to a Newer Version. If you need to downgrade endpoints from firmware 5.0 or later to 4.8, see Downgrading Endpoints to Firmware 4.x. © 2020 Teradici 1 Installing PCoIP Management Console using vSphere Installing PCoIP Management Console using vSphere Once you have downloaded PCoIP Management Console, deploy it as an Open Virtual Appliance (OVA) using vSphere Client. To install PCoIP Management Console using vSphere Client: 1. Download the latest PCoIP Management Console OVA file to a location accessible from your vSphere Client. 2. Log in to your vSphere Client. 3. If you have more than one ESXi host, select the desired ESXi node; otherwise, there is no need to select a node. 4. From the vSphere client’s File menu, select Deploy OVF Template. 5. In the Source window, click Browse, select the PCoIP Management Console’s OVA file, click Open and Next. 6. In the OVF Template Details window, view the information and click Next. 7. In the End User License Agreement window, read the EULA information, click Accept and then Next. 8. In the Name and Location window, enter the name for your PCoIP Management Console and click Next.
    [Show full text]
  • OSI Model and Network Protocols
    CHAPTER4 FOUR OSI Model and Network Protocols Objectives 1.1 Explain the function of common networking protocols . TCP . FTP . UDP . TCP/IP suite . DHCP . TFTP . DNS . HTTP(S) . ARP . SIP (VoIP) . RTP (VoIP) . SSH . POP3 . NTP . IMAP4 . Telnet . SMTP . SNMP2/3 . ICMP . IGMP . TLS 134 Chapter 4: OSI Model and Network Protocols 4.1 Explain the function of each layer of the OSI model . Layer 1 – physical . Layer 2 – data link . Layer 3 – network . Layer 4 – transport . Layer 5 – session . Layer 6 – presentation . Layer 7 – application What You Need To Know . Identify the seven layers of the OSI model. Identify the function of each layer of the OSI model. Identify the layer at which networking devices function. Identify the function of various networking protocols. Introduction One of the most important networking concepts to understand is the Open Systems Interconnect (OSI) reference model. This conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, describes a network architecture that allows data to be passed between computer systems. This chapter looks at the OSI model and describes how it relates to real-world networking. It also examines how common network devices relate to the OSI model. Even though the OSI model is conceptual, an appreciation of its purpose and function can help you better understand how protocol suites and network architectures work in practical applications. The OSI Seven-Layer Model As shown in Figure 4.1, the OSI reference model is built, bottom to top, in the following order: physical, data link, network, transport, session, presentation, and application.
    [Show full text]
  • P330-ML 4.5 RN.Fm
    Avaya P330-ML Version 4.5 Release Notes 1. Introduction This document contains information related to the Avaya P332G-ML, P332GT-ML and P334T-ML stackable switches that was not included in the User's Guide. This document also describes known issues, and other information required for proper installation and use of the product. 2. Important Notes • This software version is for P330-ML switches only. • You cannot stack P330-ML version 4.5 switches with P330 switches. • When you upgrade from version 3.x to version 4.5, you should first upgrade to version 4.0. Only then upgrade to 4.5. You can obtain firmware version 4.0 from www.avaya.com/support. • You must perform an NVRAM initialization before downloading module or stack configuration files, except for products that are configured with the factory settings. • P330-ML 4.5 Embedded Web Manager requires Java plug-in version 1.4.2. You may download this from the Avaya support site: www.avaya.com/support. — Please refer to the relevant Technical Note on the Avaya Support Site at www.avaya.com/support for managing Avaya products that require different Java plug-in versions. February 2004 1 3. What's New 3. What's New • Remote management access via SNMPv3 — SNMPv3 provides enhanced network management security with user- based authentication (SHA- or MD5-based), communication encryption (DES-based) and access control per-MIB item. • Support for both SNMPv3 and SNMPv2c traps. • SSH (Secure Shell) — SSH server functionality in the P330-ML provides enhanced remote session security using 3DES-CBC encryption, up to 2,048-bit DSA key and password-based user authentication.
    [Show full text]
  • Copyrighted Material
    Index Numerics Address Resolution Protocol (ARP), 1052–1053 admin password, SOHO network, 16-bit Windows applications, 771–776, 985, 1011–1012 900, 902 Administrative Tools window, 1081–1083, 32-bit (x86) architecture, 124, 562, 769 1175–1176 64-bit (x64) architecture, 124, 562, 770–771 administrative tools, Windows, 610 administrator account, 1169–1170 A Administrators group, 1171 ADSL (Asynchronous Digital Subscriber Absolute Software LoJack feature, 206 Line), 1120 AC (alternating current), 40 Advanced Attributes window, NTFS AC adapters, 311–312, 461, 468–469 partitions, 692 Accelerated Graphics Port (AGP), 58 Advanced Computing Environment (ACE) accelerated video cards (graphics initiative, 724 accelerator cards), 388 Advanced Confi guration and Power access points, wireless, 996, 1121 Interface (ACPI) standard, 465 access time, hard drive, 226 Advanced Graphics Port (AGP) card, access tokens, 1146–1147 391–392 Account Operators group, 1172 Advanced Graphics Port (AGP) port, 105 ACE (Advanced Computing Environment) Advanced Host Controller Interface (AHCI), initiative, 724 212–213 ACPI (Advanced Confi guration and Power Advanced Micro Devices (AMD), 141–144 Interface) standard, 465 Advanced Packaging Tool (APT), 572 Action Center, 1191–1192 Advanced Power Management (APM) Active Directory Database, 1145–1146, 1183 standard, 465 active heat sink, 150 Advanced Programmable Interrupt active matrix display, LCD (thin-fi lm Controller (APIC), 374 transistor (TFT) display), 470 Advanced RISC Computing Specifi cation active partition, 267,
    [Show full text]
  • Working with the Cisco IOS File System, Configuration Files, and Software Images
    APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Cisco ME 3400E Ethernet Access switch flash file system, how to copy configuration files, and how to archive (upload and download) software images to a switch. Note For complete syntax and usage information for the commands used in this chapter, see the switch command reference Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 This appendix consists of these sections: • Working with the Flash File System, page B-1 Working with Configuration Files, page B-8 Working with Software Images, page B-23 Working with the Flash File System flash: Displaying Available File Systems, page B-2 Setting the Default File System, page B-3 Displaying Information about Files on a File System, page B-3 Creating and Removing Directories, page B-4 Copying Files, page B-4 Deleting Files, page B-5 Creating, Displaying, and Extracting tar Files, page B-6 Displaying the Contents of a File, page B-8 Cisco ME 3400E Ethernet Access Switch Software Configuration Guide OL-16485-01 B-1 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems show file systems privileged EXEC command as shown in this example. Switch# show file systems File Systems: Size(b) Free(b) Type Flags Prefixes * 15998976 5135872 flash rw flash: - - opaque rw bs: - - opaque rw vb: 524288 520138 nvram rw nvram: - - network rw tftp: - - opaque rw null: - - opaque rw system: - - opaque ro xmodem: - - opaque ro ymodem: Table B-1 show file systems Field Descriptions Field Value Size(b) Amount of memory in the file system in bytes.
    [Show full text]
  • SSH Solutions on Openvms Technical Overview
    SSH Solutions on OpenVMS Technical Overview SSH Solutions Process Software delivers SSH solutions on OpenVMS as a feature of MultiNet and TCPware TCP/IP stacks or as a standalone product with SSH for OpenVMS. SSH for OpenVMS turns VAX, Alpha and Integrity computers into secure application servers in multi-platform environments, and integrate OpenVMS systems with virtually any other system through industry-standard SSH over TCP/IP. The De-Facto Standard for Network Security The SSH protocol is an IETF standard used by millions of people and thousands of organizations all over the world. Process Software’s SSH products are based on ICSA-certified code base. The cryptographic library used is compiled from unaltered source code that is FIPS 140-2 compliant, as determined by the Computer Security Division of the National Institute of Science and Technology (NIST). It is widely used by government organizations and large enterprises. SSH Features Process Software’s SSH products enables remote systems administrators, telecommuters, and other users to access corporate networks without revealing passwords and confidential data to potential eavesdroppers. The main features include: • Supports both SSH v1 and SSH v2 protocols in the client and server • Provides secure file transfer with Secure File Transfer Protocol v2 (SFTP v2) client and server, Secure Copy Protocol v2 (SCP v2) client and server, and Secure File Copy Protocol v1 (SCP v1) server. • Replaces Telnet, FTP, and R services with secure connections • Encrypts X-11 displays using X-11 forwarding
    [Show full text]
  • Setting up Logset Remote Service
    1 Aapo Koskela SETTING UP LOGSET REMOTE SERVICE Introducing Logset REDI and Logset Manager Technology and Communication 2020 VAASAN AMMATTIKORKEAKOULU UNIVERSITY OF APPLIED SCIENCES Information Technology ABSTRACT Author Aapo Koskela Title Setting up Logset Remote Service Year 2020 Language English Pages 30 Name of Supervisor Gao, Chao Logset had a need to develop remote support and control service, which could be used by service personnel and selected resellers. There was also a need for Fleet Management for handling big data, which could be developed with remote ser- vice. Logset started developing both services and as a result, they had to be docu- mented. The purpose of this thesis was to strengthen Logset’s internal knowledge of new upcoming services, and to generate work instructions for setting up, and the usage of Logset REDI Service. Thesis instructions were written based on interviews with the developers of the service and by personal experiences from the testing. During writing this thesis, REDI Service and Logset Manager were being simul- taneously developed. Logset had implemented objective and basic setup which was then followed by first testing in theory and then in practice, and before the thesis was finished, were both REDI Service and Fleet Management announced publicly. The thesis presents features that are available now, and those that will probably be available in near future. The work instructions will be taken in use as soon as wide-scale installations in the factory and field will begin. Keywords CAN bus, CANopen, Work instructions, Remote diagnos- tics, and control 3 VAASAN AMMATTIKORKEAKOULU Koulutusohjelman nimi TIIVISTELMÄ Tekijä Aapo Koskela Opinnäytetyön nimi Setting up Logset Remote Service Vuosi 2020 Kieli englanti Sivumäärä 30 Ohjaaja Gao, Chao Logsetilla oli tarve kehittää etätuki- ja ohjauspalvelua, jota huolto ja valitut jäl- leenmyyjät voisivat käyttää.
    [Show full text]
  • SSH Solutions Quick Reference (PDF)
    SSH Solutions Quick Reference Guide MultiNet and TCPware TCP/IP Stacks and SSH for OpenVMS Overview Key Features Function Benefits Replaces Telnet and R SSH provides secure encrypted SSH provides remote system Services communication over unsecured access securely. It eliminates networks such as the Internet. It potential security breaches, such replaces Telnet, rsh, rlogin, and rcp as spoofing and eavesdropping or sessions as specified by the user. hijacking of sessions. Support for protocol The Process Software SSH products An administrator has the version 1 and 2 support protocol v1 and v2 on both the flexibility to decide which client and server. SSH v2 is more protocol to use. secure then SSH v1 and is an IETF standard. Secure File Transfer SFTP provides a secure mechanism SFTP provides secure file transfer Protocol (SFTP) Server for transferring, deleting, or copying with an FTP-like interface. and Client files over the network using SSH file transfer protocol v4. Secure Copy Protocol - SCP provides a mechanism for Files can be transferred over a SCP transferring, deleting, copying or secure network. moving files securely. Authentication Authentication is used to verify the Authentication protects users identity of a user logging into a against the possibility of a hacker system. RSA and DSA methods are forging their identity. used for authentication. The more secure Diffie-Helmann algorithm is used for the key exchange in SSH v2. Encryption Encryption is used to encode Encrypted data prevents a hostile passwords and data. The options user from being able to read the include DES, 3DES, ARCFOUR, data as it is traversing the network.
    [Show full text]
  • Linux Cheat Sheet
    Linux Cheat Sheet Note: text within <> indicates case specific information that you need to modify, such as specific file names or directory paths You will be assigned to one of three servers. The <servername> referenced below will be one of the following: comtrain.med.psu.edu ri_sb2.hersheymed.net ri_sb3.hersheymed.net Logging on to the Linux Server ssh <psuid>@<servername> #connect to server to do work ssh –XY <psuid>@<servername> #connect to server with X11 tunneling enabled (necessary for programs such as IGV). Need to configure computer for this. Copying files to and from the server – only copy to your M drive Option 1: using secure file transfer protocol (sftp): sftp <psuid>@<servername> #connect to server to transfer or download files Once logged in via sftp: put <filename> #copies file to the server put –r <directoryname> #copies all files in folder on local directory (i.e. your computer) to server get <filename> #copies file from server to local directory get –r <directoryname> #copies all files in directory to local directory lpwd #tells you current local directory lcd <local directory path/name> #change local directory Option 2: using secure copy protocol (scp) scp <localfilename> <psuid>@<servername>:~/ #copies file from local directory to server scp –r <localdirname> <psuid>@<servername>:~/ #copies all files in local directory to server 1 Linux Cheat Sheet scp <psuid>@<servername>:~/ <localfilename> #copies file from server to local directory scp –r <psuid>@<servername>:~/ <localdirname> #copies all files in directory from server to local directory Option 3: use Filezilla (https://filezilla-project.org) or Winscp (https://winscp.net/eng/do wnload.php) Directory Commands mkdir <directory name> #create new folder cd <directory name> #change directory pwd #tells you current directory ls #list files in directory ls –l #list all files in directory with details (e.g.
    [Show full text]
  • CA Workload Automation Agent for UNIX, Linux, Or Windows
    CA Workload Automation Agent for UNIX, Linux, or Windows Implementation Guide r11.3 SP4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the “Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This Documentation is proprietary information of CA and may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. If you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy. The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
    [Show full text]