Load all PuTTY PPKs into Pageant

 

I use PuTTY a lot, and with the proliferation of cloud, that means I have lots of SSH keys to manage.  One thing that has always annoyed me is how PuTTY Pageant doesn't have a nice UI to load all your keys automatically.  It does, however, have a CLI which allows you to script it, but there is no sample script and the syntax is a little cumbersome, so here is another gift to the Internet:

Code

@echo off
setlocal EnableDelayedExpansion
:: Set the path to the directory containing the .ppk files
set PPK_DIR=%USERPROFILE%\my_ssh_keys
:: Set the full path to the Pageant executable
set PAGEANT_PATH="C:\Program Files\PuTTY\pageant.exe"
:: Check if Pageant executable exists
if not exist %PAGEANT_PATH% (
    echo Pageant not found at %PAGEANT_PATH%.
    echo Please install PuTTY and update the PAGEANT_PATH variable in this script.
    exit /b 1
)
:: Check if there are .ppk files in the directory
if not exist "%PPK_DIR%\*.ppk" (
    echo No .ppk files found in %PPK_DIR%.
    exit /b 1
)
:: Gather all .ppk files into a single command
set "PPK_FILES="
for %%F in ("%PPK_DIR%\*.ppk") do (
:: echo Adding %%F ...
    SET "PPK_FILES=!PPK_FILES! %%F"
)
echo
echo Loading all PPKs into Pageant... %PPK_FILES%
:: Load all .ppk files into Pageant in one call
start "Pageant Title" /B %PAGEANT_PATH% %PPK_FILES%
echo All .ppk files loaded into Pageant.

Instructions

1. Save the code above as "load-ssh-keys.bat" someplace, like c:\bin
2. Edit the code where it sets the PPK_DIR to point to the folder where you keep all your SSH keys
3. Open Windows File Explorer, go to c:\bin
4. Verify it works
1. Double click on the BAT file.  You will see a black window open for a second and disappear.  That is normal.
2. On the bottom of the screen, click on the "^" icon.  You should see the Pageant icon (looks like a computer wearing a hat).
3. Right click on it, and choose View Keys.
4. If it worked correctly, you should see a list of all your keys.
5. Make it run when you start your computer
1. Right click on "load-ssh-keys.bat" and Create a Shortcut to it.  This creates a file called "load-ssh-keys.lnk"
2. Right click on "load-ssh-keys.lnk" and choose Cut.
3. In the Windows File Explorer, click on the "+" to open a second tab
4. In the path field (the text field under the tab bar), enter this:
   %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
5. Paste "load-ssh-keys.lnk" in the Startup folder
6. Rejoice  ;)

Problem - "too many authentication failures"

Problem - "too many authentication failures"

I ran into a strange situation today.  I was trying to SSH into a partner's Ubuntu server in their lab over VPN from my laptop.  When I used PuTTY, I kept getting "too many authentication failures" immediately upon entering the username (no password given yet).  

The partner insisted they were able to access the server and verified the credentials.  But then I noticed they were using OpenSSH client.  I tried it, and it worked.  

Huh, this only affects PuTTY?  

Well, now I had access to the server's sshd logs, and I could see:

Dec 31 18:26:13 xxxxxxx sshd[1022]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedAlgorithms [preauth]

Dec 31 18:26:14 xxxxxxx sshd[1022]: error: maximum authentication attempts exceeded for admin from 192.168.101.254 port 57881 ssh2 [preauth]

Dec 31 18:26:14 xxxxxxx sshd[1022]: Disconnecting authenticating user admin 192.168.101.254 port 57881: Too many authentication failures [preauth]

Solution

Apparently, they've turned-off support for older DSS keys.  Makes sense, DSS has been obsolete for a while now.

So now I knew were to go look.  And low and behold, my PuTTY Pageant key agent had some old DSS keys loaded.  So I removed the old keys from Pageant, and now it works.  

That is odd though, you would expect sshd to fallback to password auth if none of the keys worked, but apparently it triggered the "too many authentication failures" logic.

I spent two days trying to figure this out.  Google searches were useless, so I thought I should add this pearl of wisdom to the vast sea of Internet knowledge, and hopefully save someone some time.

Java System.getProperties() on various platforms

Here is a handy comparison of Java System.getProperties() on various platforms, in case you are ever trying to detect what OS you are running on.  What is interesting is how Android reports itself as Linux, but it looks like there are some other candidate properties that will give you a clue that it is Android.

Windows 7	Linux	Android
file.encoding.pkg=sun.io file.encoding=ANSI_X3.4-1968 file.separator=/ java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.awt.printerjob=sun.print.PSPrinterJob java.class.path=./bin:./lib/jmxtools.jar:./lib/common... java.class.version=49.0 java.endorsed.dirs=/usr/java/jre1.5.0_06/lib/endorsed java.ext.dirs=/usr/java/jre1.5.0_06/lib/ext java.home=/usr/java/jre1.5.0_06 java.io.tmpdir=/tmp java.library.path=/usr/java/jre1.5.0_06/lib/i386/client... java.runtime.name=Java(TM) 2 Runtime Environment, Stand... java.runtime.version=1.5.0_06-b05 java.specification.name=Java Platform API Specification java.specification.vendor=Sun Microsystems Inc. java.specification.version=1.5 java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport... java.vendor.url=http://java.sun.com/ java.vendor=Sun Microsystems Inc. java.version=1.5.0_06 java.vm.info=mixed mode java.vm.name=Java HotSpot(TM) Client VM java.vm.specification.name=Java Virtual Machine Specification java.vm.specification.vendor=Sun Microsystems Inc. java.vm.specification.version=1.0 java.vm.vendor=Sun Microsystems Inc. java.vm.version=1.5.0_06-b05 line.separator= os.arch=i386 os.name=Linux os.version=2.4.21-37.ELsmp path.separator=: sun.arch.data.model=32 sun.boot.class.path=./lib/mx4j.jar:./lib/mx4j-remote.jar:... sun.boot.library.path=/usr/java/jre1.5.0_06/lib/i386 sun.cpu.endian=little sun.cpu.isalist= sun.io.unicode.encoding=UnicodeLittle sun.jnu.encoding=ANSI_X3.4-1968 sun.management.compiler=HotSpot Client Compiler sun.os.patch.level=unknown user.country=US user.dir=/root/proto/sa user.home=/root user.language=en user.name=root user.timezone=America/Los_Angeles	file.encoding.pkg=sun.io file.encoding=ANSI_X3.4-1968 file.separator=/ java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.awt.printerjob=sun.print.PSPrinterJob java.class.path=./bin:./lib/jmxtools.jar:./lib/common... java.class.version=49.0 java.endorsed.dirs=/usr/java/jre1.5.0_06/lib/endorsed java.ext.dirs=/usr/java/jre1.5.0_06/lib/ext java.home=/usr/java/jre1.5.0_06 java.io.tmpdir=/tmp java.library.path=/usr/java/jre1.5.0_06/lib/i386/client... java.runtime.name=Java(TM) 2 Runtime Environment, Stand... java.runtime.version=1.5.0_06-b05 java.specification.name=Java Platform API Specification java.specification.vendor=Sun Microsystems Inc. java.specification.version=1.5 java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport... java.vendor.url=http://java.sun.com/ java.vendor=Sun Microsystems Inc. java.version=1.5.0_06 java.vm.info=mixed mode java.vm.name=Java HotSpot(TM) Client VM java.vm.specification.name=Java Virtual Machine Specification java.vm.specification.vendor=Sun Microsystems Inc. java.vm.specification.version=1.0 java.vm.vendor=Sun Microsystems Inc. java.vm.version=1.5.0_06-b05 line.separator= os.arch=i386 os.name=Linux os.version=2.4.21-37.ELsmp path.separator=: sun.arch.data.model=32 sun.boot.class.path=./lib/mx4j.jar:./lib/mx4j-remote.jar:... sun.boot.library.path=/usr/java/jre1.5.0_06/lib/i386 sun.cpu.endian=little sun.cpu.isalist= sun.io.unicode.encoding=UnicodeLittle sun.jnu.encoding=ANSI_X3.4-1968 sun.management.compiler=HotSpot Client Compiler sun.os.patch.level=unknown user.country=US user.dir=/root/proto/sa user.home=/root user.language=en user.name=root user.timezone=America/Los_Angeles	android.icu.library.version = 4.8.1.1 android.icu.unicode.version = 6.0 android.openssl.version = OpenSSL 1.0.1c 10 May 2012 android.zlib.version = 1.2.6.f-codeaurora-mods-v1 file.encoding = UTF-8 file.separator = / http.agent = Dalvik/1.6.0 (Linux; U; Android 4.1.2; SAMSUNG-SGH-I547 Build/JZO54K) java.boot.class.path = /system/framework/core.jar:... java.class.path = . java.class.version = 50.0 java.compiler = java.ext.dirs = java.home = /system java.io.tmpdir = /data/data/com.demo.android.simple/cache java.library.path = /vendor/lib:/system/lib java.runtime.name = Android Runtime java.runtime.version = 0.9 java.specification.name = Dalvik Core Library java.specification.vendor = The Android Project java.specification.version = 0.9 java.vendor = The Android Project java.vendor.url = http://www.android.com/ java.version = 0 java.vm.name = Dalvik java.vm.specification.name = Dalvik Virtual Machine Specification java.vm.specification.vendor = The Android Project java.vm.specification.version = 0.9 java.vm.vendor = The Android Project java.vm.vendor.url = http://www.android.com/ java.vm.version = 1.6.0 line.separator = os.arch = armv7l os.name = Linux os.version = 3.0.31-1371191 path.separator = : user.dir = / user.home = user.language = en user.name = user.region = US

Cisco CP-DX650 USB driver for Android ADB

Grrr!  Why doesn't Cisco make their documentation easier to find?  After days of searching, I finally found the solution.  See

https://developer.cisco.com/site/tech/communication-collaboration/endpoints/dx600/overview/

Apparently, there is a developer kit called the "Cisco DX650 Add-on".  More importantly, it has instructions on how to install the USB driver.  In case that link goes stale in the future, let me highlight the salient points:

1. Install Android SDK (duh)
2. Install the Google USB Driver (duh)
3. Edit ...\android-sdk-windows\usb_driver\android_winusb.inf
4. Add the following lines under [Google.NTx86] and [Google.NTamd64]
   ;Cisco DX650
   %SingleAdbInterface% = USB_Install, USB\VID_0451&PID_D109
   %CompositeAdbInterface% = USB_Install, USB\VID_0451&PID_D109&MI_01
   %CompositeAdbInterface% = USB_Install, USB\VID_0451&PID_D109&MI_02
5. Save and close it
6. Connect the device to your PC
7. You may need to specify the location of the driver as
   ...\android-sdk-windows\usb_driver\
8. Enjoy!

Resumes and Interviews

As a software team leader in Silicon Valley, I am responsible for interviewing a lot of candidates. Let me give you some advice if you are applying for a Java/Web developer position:

Things NOT to put on your resume:

• Microsoft Office (Really?  Unless you are a fresh graduate, you are applying for a experienced software development position, so it is assumed you are familiar with basic software.)
• 6502 Assembly/FORTRAN/LEX/YACC or other tools you used 10+ years ago in your undergrad CS courses.  (If you put it on your resume, I might ask you a hard question in that area.)
• Rule of thumb: If XYZ doesn't apply to the position you are applying for, it probably should be left out. (e.g. not many web servers run FORTRAN)
• Don't lie.  If you say you're a published author, or hold XYZ patents, I will check.  Assume my Google-fu is quite powerful and your feeble attempt at deception will be your doom.  ;-)
• Your resume should be 1-2 pages.  A 10 page resume tells me either you are insecure, unable to make decisions, or you are so bad you can't hold a job for more than a week.
• Be very careful about calling yourself an "expert" in something.  You are challenging the interviewer to a duel of wits, and you are probably not as experienced. 

Things you SHOULD put on your resume:

• Past experience.  Please indicate if this was a full-time or contract position.  If you worked less than 12 months at that place, be prepared to discuss it.  If you worked less than 6 months at that place, consider if it is even worth mentioning?  Frankly, I don't want to have to hire you if you look like you have a history of jumping ship at every opportunity.
• Please give an objective statement.  What is your ideal position?  "Making money" is not a good objective statement.
• A link to your home page or LinkedIn page.  Include on that page things such as: 
• A photo to help me remember who you are.
• This is also a good place to put pages 8-10 of that long resume I told you to chop
• Or someplace to highlight your hobbies and interests to help you seem more "well adjusted".

Phone Interview Advice:

• Please don't cheat.  I have excellent hearing, and I can hear you turning pages of the textbook, typing Google searches and your friend next to you whispering in your ear.  It won't get you very far because I will start asking "why" questions next.
• When answering a question, be concise and to the point.  It is OK to ask for clarification.  If you do not know, just say so.  Ask for the answer so you are better prepared next time.  If she/he refuses, write it down so you can study later.
• Don't expect to get every question right.  I am just probing to see what areas are your strengths.

On-Site Interview Advice:

• Attitude is often as important as technical skills.  You want to be confident, but not arrogant. Passionate, but not fanatical.  I can fix ignorance, but I can't fix a jerk.
• Be on-time.  Better yet, be 5 minutes early.  If you are going to be late, call your recruiter or contact person.
• Show some respect: Bathe and wear clean clothes.  Shorts and flip-flops might be acceptable in rare companies, but not many, and not mine.  Jeans are probably OK, but no t-shirts.  A suit and tie might be a bit overboard, but if you like to dress up, then go for it.
• Act like you give a $#@ about working here.  Demonstrate you have a pulse instead of just sitting there like a blob expecting me to hire you.  Ask some questions, such as "Can you tell me about the project?", "How big is the development team?", "How long is your typical release cycle?", "How does your team manage the development schedule?  Do you use water-fall, or Agile?"
• When answering a question, be concise and to the point.  It is OK to ask for clarification.  If you can't explain it, give an example and talk about it.  But in general, responses should be less than 1 minute.  More than that makes you look like you are fishing for the right answer because you do not know.
• Do a little homework.  Visit the company's web-site before the interview so you know something about the business. 
• Make yourself stand-out from the crowd.  Tell a joke or something funny (to a nerd at least), like if the interviewer asks if you know Algol, you can say "No, but I am familiar with the binary language of moisture evaporators" (a lame Star Wars reference).  Your mileage may vary with that one, but you get the point.
• On-site interviews can be intimidating because you don't know what to expect.  Will they make you write code?  Will they give you one of those brain puzzles?  Interview committee, or one at a time?  One strategy is to bet that the interviewer is overworked and just got your resume 5 minutes ago.  Instead of waiting for him/her to remember the hardest interview question they ever heard, or ask you how to solve his current task, take control of the situation.  Make it a dialog.  Ask that person about their product, and then get up and start drawing on the whiteboard about your last project.  If possible, highlight any similarities.  This way the interviewer relaxes and asks you questions about your project that you know about.  But be careful not to ramble on an on, because the interviewer may think you are trying to waste time.  The point is to influence the questions they ask you, not filibuster.  However, if the company has a strict interview playbook, this little Jedi mind trick won't work.
• If the interview is not going well, for example, they keep asking about areas you are not familiar with, it is OK to stop the interview.  You'll both be happier to end the ordeal and save some time.  (Sometimes the job description you got from the recruiter or job search web site isn't really what the company is looking for.  Usually caused by a manager recycling an old job description, or the manager's underlings are saying "find us a DBA" and all he hears is "find us a warm body who will work for peanuts".)

After the Interview

• Be a statistical anomaly, and send a thank-you to the people who interviewed you.  It will make you stand-out.
• If you get an offer letter, then consider your response carefully.  It is very poor form to accept an offer, show up at work for a day, and then take another offer the next day. I will never hire you again.  It is a small world, and I never forget a face!
• If the interview didn't go so well, don't be too hard on yourself.
  
  • Frequently, I am just looking for particular skills and a certain amount of experience.  You probably are a wonderful person and very good at what you do, just not what I needed at this time, or our schedule is so tight, I don't have time to train you to get you up to speed.
  • You might be too expensive (or perceived to be over-qualified) for our given budget.
  • The opening was closed early due to the bad economy, and nobody got the job.
  • The company gives preferential treatment to insiders, so your chances were slim even before you walked in the door.
  • Sometimes the reasons are not rational or fair. Interviewers sometimes have big egos and feel threatened by strong candidates, or feel they must prove they are smarter than you. Others let their personal feelings and prejudices get in the way. Its OK, you probably would have hated working with the jerk anyways. ;-)

Believe me, I've been on both sides of the table.  I've had interviews that I thought went great, and I didn't get the job.  Sometimes I felt I bombed it, but got called back for a second interview.  Who knows what is going through the hiring manager's head? But hopefully my advice will help you land a sweet gig!

Good luck!

openssl error:0906D064:PEM routines:PEM_read_bio:bad base64 decode

I had a problem today where Java keytool could read a X509 certificate file, but openssl could not. Immediately, I thought, "Oh, it must be in DER instead of PEM," but it was in PEM (plain text). Then I remembered something I stumbled upon months ago: openssl is picky about PEM certificate formatting.

1. The file must contain:
-----BEGIN CERTIFICATE-----
on a separate line (i.e. it must be terminated with a newline).
2. Each line of "gibberish" must be 64 characters wide.
3. The file must end with:
-----END CERTIFICATE-----
and also be terminated with a newline.
4. Don't save the cert text with Word. It must be in ASCII.
5. Don't mix DOS and UNIX style line terminations.

So, here are a few steps you can take to normalize your certificate:
1. Run it through dos2unix
dos2unix cert.pem
2. Run it through fold
fold -w 64 cert.pem

I hope that helps some poor soul out there pulling his/her hair out wondering what that error message means!

Pre-req's:
* OpenSSL 0.9.7a Feb 19 2003
* RHEL5