Specifications of Mid 2010 MacBook Pro 15″
The Amazon AWS Management console allows you to generate an SSH key for your account, however, since Amazon’s AWS eco-system is broken into geographic regions, you cannot generate a single key to be used in all regions, in addition to this, the security minded amongst you, may not be comfortable having AWS generate the private key that you will be using in your SSH key-pair.
To address both of these issues, you can generate your own SSH key-pair offline, and then upload only the public key to AWS. You still have to upload the same public key to each region in which you wish to launch instances, but you will be able to use the same key in all regions after you have done this once. From a security perspective, if you generate your own keys, then AWS will never see your private key, as you only have to upload your public key to AWS.
AWS SSH specification
Amazon allow you to upload your public key in a number of different formats, however, your SSH key must meet each of the following criteria to be accepted:
- It is an RSA SSH-2 key (DSA Keys, and SSH-1 keys are not supported)
- Amazon only support 1024, 2048 and 4096 key-lengths
- The key must be in OpenSSL format, Base-64 encoded DER format or SSH public key file format as defined in RFC4716
Generating your own SSH key
Generating your own SSH key is very straight forward, especially if you are using an Apple OSX machine, or a Linux machine, as the tools to do so are already on the operating system. On Windows it is slight more complicated, as it requires you to download and install a tool capable of generating an SSH key, fortunately their is no cost to doing so.
Using Linux or OSX
On Linux or OSX, you simply open a terminal and follow these steps (I always make 4096 bit SSH keys as they are the strongest ones you can get, and modern computers have no problem generating private keys this long, or authenticating with long keys):
$ ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/Users/coltoncat/.ssh/id_rsa): aws_ssh-key Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in aws_ssh-key. Your public key has been saved in aws_ssh-key.pub. The key fingerprint is: 89:b6:55:6a:f4:52:bf:a0:8a:92:21:d0:27:53:9a:67 coltoncat@MacBookPro.local The key's randomart image is: +--[ RSA 4096]----+ | | | . | | . + . o | |. * E o * . | |. * o S o . | |. . . + o . . | | . o . . . | | o . . | | .. . | +-----------------+ $
In this example, you are prompted for a name of your new private key. I named mine
aws_ssh-key, and you will see from the output above that the ssh-keygen program automatically names your public key, which you will upload to AWS
During this process you are prompted for an optional passphrase for your private key. It is a very good idea to include one, the private key will then be encrypted and you would need to provide the passphrase each time you use it to SSH to an AWS instance at a later time. This protects you in the event that someone else has access to your computer, and can find your private key and use that to get access to your ec2 instances.
If you are using Windows, you would need to obtain a piece of software to generate your private an public SSH key. By far the most commonly used, almost to the point of ubiquity, is Putty. Grab Putty from the Putty Download Page, to generate an SSH key you only need to download
puttygen.exe, however, you may as well download
putty.exe as well as it is a great SSH client.
Once you have dowloaded puttygen, run it, and you will be presented with the following screen:
On this screen, under the “parameters” section at the bottom of the screen, make sure that you have select “SSH-2 RSA” and that you set the “Number of bits in generated key” option to 4096. Once you have done this, click “Generate”, and you will be prompted to move your mouse around the blank part of the screen for a minute or so to create some entropy. Eventually, you will see that the key is being generated and putty will present you with the following screen:
Give the key a meaningful name in the “Key Comment” field — for example I called mine aws_ssh-key, and then be sure to specify a pass-phrase for your private key. You can save the private key by clicking the “Save Private Key” button. This will save a file with a .ppk extension, which is the format that Putty will use later on when you wish to connect to an instance using SSH.
As for the public key. That is displayed in the section “Key” and you can copy it from there and paste it somewhere safe to import into AWS, or you can use the “Save Public Key” function to save it to a file.
Importing the key
Login to the AWS Management Console and navigate to EC2 and then “Keypairs” under “Networking & Security” in the left menu panel. Click on the “Import Key Pair” button, and you can either load the public key from the file you saved it in, or you can give it a name and paste it into the “Public Key Contents” area in the popup screen.
You need to do this for each region in which you would like your key to be used, I just did it for each of the AWS regions, it only takes a few minutes, and then I know it will be ready for when I need to use it in the future.
Now you only need to make sure that you guard your private key file, make a copy onto USB media and keep is safe, as this is the only way that you will be able to login to your instances. If you lose this key, gaining access to your instance on AWS will result in downtime, and some possible dangerous file-system manipulation — you have been warned.
I wanted to know how to force my WordPress installs to display a message that the site was in maintenance mode (as WordPress does when you are upgrading plugins and so on). Googling around for the answer only yielded various plugins to achieve this, and I really did not want to go and install yet another plugin for something this simple and which is obviously built into WordPress. [Read more…]
Microsoft have been making no secret of the fact that they do not want to continue having public folders in their flagship messaging server. With Exchange 2010, public folders are actively discouraged, with much of the Microsoft documentation suggesting that Sharepoint is a preferred alternative to public folders, this aside, if you still have legacy Outlook 2003 MAPI clients that need to connect to Exchange 2010 (or Exchange 2007 for that matter) you have no option, but to create and activate a public folder database on an Exchange 2010 server.
Having done created a public folder database on Exchange 2010 you may still, rather unexpectedly notice that Outlook 2003 clients cannot connect to the new Exchange 2010 mailbox server with Outlook producing an error indicating that it is unable to connect to the Exchange 2010 server due to a suspected network issue.
I have seen more than one version of this error, but unfortunately neglected to get some screen grabs at the time, if I find a machine exhibiting the error, I will update this post.
In Exchange 2010 MAPI connections are no longer handled directly by the Exchange server as they were in Exchange 2007, rather all MAPI connections to a Mailbox Server are handled by the CAS (Client Access Service) Server, and specifically by the new Exchange RPC Client Access Service. The reason for the sudden inability to connect to your new server via MAPI is caused by the fact that Exchange 2010 by default expects MAPI connections to be encrypted, while Outlook 2003 does not encrypt them by default.
You therefore have two potential solutions to this problem.
- Reconfigure Outlook 2003 to use an encrypted MAPI when communicating with the server
- Configure Exchange 2010 to globally disable encrypted MAPI connections
I would suggest the first method, as disabling encrypted MAPI connections by default just seems like a Bad Thing, however, read on if you want to know how to do this.
Configuring Outlook 2003 to use Encrypted MAPI Connections
First make sure that Outlook 2003 is not running. Then open the Control Panel and find the Mail applet, and double-click that:
On this page, click the “E-Mail Accounts” button:
Check the radio button beside “View or change existing e-mail accounts” and click next:
Highlight your Exchange account and Click the “change” button to re-configure that account:
Click the “More Settings” button, and then select the “Security” tab:
Make sure that you have a check mark in the check-box in the Encryption section, hit OK, next, finish and close, and fire up Outlook and it should connect as before.
Configuring Exchange 2010 to use Unencrypted Mapi Connections
Much of what happens in Exchange 2010 is configured through the Exchange Management Shell. To obtain information about the RPC CAS service, open a management Power Shell session and execute the following command:
Get-RpcClientAccess | fl
Notice the line that reads “EncryptionRequired” is set to “True”. This indicates the default of the MAPI RPC CAS Service on the Exchange 2010 CAS server. To global set this to false, you should execute
Set-RpcClientAccess –server CAS-Server –EncryptionRequired $false in the EMS.
Again, in my opinion, this is a bad idea. I haven’t checked this, but I would be pretty sure you would be able to use Group Policy to update the connection settings on your legacy Outlook 2003 clients to use an encrypted MAPI connection by default. This would be a much better plan.
Thesis makes adding social integration to your template really simple through the provision of an abundance of “hooks” that allow you to attach custom functions to them. Using these hooks you are able to customize certain parts of your theme without digging around in the actual theme files. In this how to, I will show you how to add a Facebook Share button using the Facebook Share Widget. Best of all, there are no plug-ins involved anywhere — so only your own code to maintain.