Anyone who knows the port and host of a HBase Thrift server, and who has access to the network, can access HBase. This is a security risk. How can the client access to the HBase Thrift server be made secure?
You could secure HBase Thrift server setting up authentication via kerberos and then setting this property in hbase-site.xml
<name>hbase.thrift.security.qop</name>
<value>auth</value>
http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hbase_authentication.html
My sysadmin told me that in theory he could install an HBase Thrift Server on one of the Hadoop edge nodes that are blocked off, and only open the port to my server via ACLs. He however has no intention of doing this (and I do not either). As this is not a suitable answer I'll leave the question open.
Related
I'm trying to forward a Kerberos ticket over SSH connection to keep using an authenticated session in Hive/Beeline.
I already do this by PuTTy, but I couldn't with Paramiko.
Someone knows if is possible to forward a Kerberos ticket over SSH using Paramiko? And how can I do that?
PS: Windows 10 client connected to a Linux Server.
I want to connect to a Kerberos secured HBase database via HappyBase (python).
The connection worked for another unsecured cluster with this settings:
import happybase
connection = happybase.Connection("host1.domain.de", port=9090)
connection.open()
print(connection.tables())
Now I want to connect to my secured database via the Zookeeper quorum (let's say host2.domain.de) and the port 2181. The zookeper node is /hbase-secured
I try to connect to my db with the same code as shown above (after making a kinit via console). But I can't connect. It seems to be a problem with the changed /hbase-secured zookeeper node.
Is there a possibility to change this zookeeper node setting? Or can't HappyBase connect to a Kerberized cluster yet? Do I need to make the Kerberos settings in another way?
I'm using HBase 1.1.2 in a Hortonworks Data Platform 2.6 environment, trying to connect with HappyBase 1.1.0.
It's not supported.
In https://happybase.readthedocs.io/en/latest/api.html#connection
The host and port arguments specify the host name and TCP port of the HBase Thrift server to connect to.
I am using the Azure IoT Hub Client SDK for Python. I am using a slightly modified version of the sample script from the github repo to upload files to the IoT Hub. Everything works fine as long as I do not have to use a proxy for outgoing connections.
I tried to understand how to configurate a proxy for this, but I did not find anything for the Python SDK. I searched also in the other SDKs and found some ProxySettings in the iothub_client_options.h of the C SDK. But I do not know how to set these settings in the python client (in case the settings are actually working).
I also found an issue that the connection over websockets needs some special format of the Linux environment variables. But I do not use websockets.
I tried to run my script both in Windows and Linux environments where the proxy system settings are correctly configured (Win: Internet settings, Linux: environment variables).
Is there any documentation on this topic? Does anybody how to configure a proxy either on windows or on linux?
Per my experience, I think you can run the python script using Azure IoTHub Client SDK without any proxy settings to communicate with Azure IoT Hub if the OS configured correctly the proxy.
However, there are some notes which need to be focused by using different protocol (such as HTTP, Socks, etc) configured in proxy server, as below.
Normally, the proxy server was configured for working on HTTP protocol which only allow the HTTP communication. So if using IoTHub Client within HTTP mode, the script will works fine, but not works within AMQP/MQTT mode.
If the proxy server was configured for working on Socks protocol, such as Socks4/Socks5, the script within any mode will works fine, because the Socks protocol just transmit datagram, not check the protocol type.
So please check which protocols be supported in your proxy server, then to use HTTP mode or configure Socks protocol for proxy to make the script works.
I have a remote development Linux machine (with own IP address) in a VPS provider. I also have my machine that connects to internet via a router. I want a Django process in the server to connect to a pydev debug server on my machine.
I use pydev debugger, this configuration tells django at any host to connect to the given host/port where the debugger is running.
pydevd.settrace('localhost', port=5678, suspend=False)
How to connect to the VPS from my desktop? NAT is impossible since the router and DHCP is not in my control. VPN seems feasible but complicated.
I think the best way to resolve it in this case would be doing a port forwarding through ssh -- I don't have any specific instructions for that, but google has plenty ;)
I'm being trying to
Log into a server using SHH (with Paramiko)
Use that connection like a proxy and route network traffic through it and out to the internet. So say I could set it as my proxy in Urllib2, Mechanize, Firefox, etc.).
Is the second part possible or will I have to have some sort of proxy server running on the server to get this to work?
You could implement a SOCKS proxy in the paramiko client that routes connections across the SSH tunnel via paramiko's open_channel method. Unfortunately, I don't know of any out-of-the-box solution that does this, so you'd have to roll your own. Alternatively, run a SOCKS server on the server, and just forward that single port via paramiko.