On a few of my test servers, I am logging in with the root user by SSH key exchange. In moving some of my servers public, I wanted to be able to login with a secondary user account with an SSH key and disable SSH login entirely for the root user. This took me longer than expected, but a google search on the subject shows quite a few people have the same struggles. I am performing this on Ubuntu Server 12.04 LTS.
Below is how to, create a new user, add to sudo group, generate RSA public/private pair, and disable root login:
I like the adduser as it create the home directory and requests the password immediately.
Add the user to sudoers
Copy the root entry, just replacing “root” with “username_here”
Now you will need to give your user full ownership of its home directory and subdirectories, this is important otherwise you’ll be unable to generate the RSA key pair.
sudo chown -R username_here /home/username_here
Next, we need to allow this user to login via SSH:
You will need to add a line “AllowUsers username_here”.
You will also need to change the value of “PermitRootLogin” to no.
Now we need to logout or exit the ssh session. Then login with your new user. Then run this command and follow the prompts. A password is not required:
Next, you will need to identify your local machines’ id_rsa.pub key. If you don’t have an RSA key pair yet, you’ll need to generate one. Windows instructions here, Mac or Linux instructions here. You need to copy the contents of the id.rsa.pub file and add it to the following file on your server:
Issue a “reload ssh” for good measure, logout and then try to login as root. You should see permission denied. Then try to login as your new user, you should be automatically logged in without a password prompt. Since you are a member of sudoers you can run “su” and enter the root credentials to run all commands during your session as root.
This accomplishes several things for us on the security end of things:
You are no longer logging in as root. With or without a key, it is not recommended
Root cannot login to SSH session, sorry brute force hackers
If someone does happen to acquire your private id_rsa file, they still cannot have full root access to your server without the root sudo credential
Good luck and keep your servers safe! Hope you’ve found this helpful, thanks for reading.
This weekend while setting up RRAS as part of a blog post I am working on a blog posting for Cloudservers.com, I had an issue where an L2TP VPN worked from my Windows 8 PC, but not from my Mac. The GUI error was saying that the VPN was inaccessible, and after looking further in Console, I saw this:
raccoon: not acceptable Identity Protection Mode
The resolution was to edit the /etc/racoon/racoon.conf file. To do this, fire up Terminal or any app (I use iTerm2 it’s awesome), switch to su. Enter your password, and then type in “nano /etc/racoon/racoon.conf” and swap the exchange mode setting from aggressive,main to main,aggressive. Both of these entires were in my file, so I just commented out the second entry:
My connection to my Windows Server 2012 L2TP VPN from Mac OSX now works as expected!
Today, I’m taking the road less traveled (actually, never been traveled) on this blog, from the usual technical articles, to get a little personal. Yesterday was Thanksgiving Day here in the US. For many people it’s a day filled with football and beer, family (love ’em or hate ‘em, YMMV) and entirely too much food. Then there’s the Black Friday shopping holiday (which has encroached further in on Thanksgiving Day, a few hours at a time each year). Far too often, the real meaning of Thanksgiving Day is lost in this vast sea of distractions and chaos, just as it is on Christmas Day. Yeah, yeah, I’m another person using that cheesy refrain again, “Don’t lose the meaning of the day, blah blah blah”. Trust me, I’m the first one to be negative or soak my retorts in an awesome mix of dripping sarcasm and humor, but I seriously believe in taking time for reflection and giving thanks this time of year.
In my humble opinion, it is extremely important to take some time during the holidays to reflect and give thanks regardless of your religious beliefs, or lack thereof. Whatever your situation, taking a look back over the last year can be helpful in a variety of ways.
First, looking back over the past year can give you a sense of accomplishment. Did you have your first child earlier this year? Did you think the sleepless nights would never end? Now you’ve got it whooped and can truly know what you are capable of doing. Did you have a project at work that seemed insurmountable, that you completed after much time and effort? Did you earn a certification this year or simply complete a small project at home that has been on your list for some time? Maybe an accomplishment was being able to spend more time away from work and with your family. Regardless of your situation, the personal or professional goals, there is most likely something in the past year that you’ve accomplished that you can feel good about. Reflect on those accomplishments and celebrate them!
Second, take a look back at some of the things that did not go the way you had planned. It’s important to analyze these items, but don’t dwell here. Think about these situations and determine what went wrong, and then look for ways to improve them. One situation I can improve on is meal planning. Silly as this may sound, with a family of five, and two working parents, planning dinners beforehand is paramount. Too many times I’ve found myself in a position where I need to have dinner on the table, but have no plan! Solution – try to find some time each weekend to think about dinners and schedules for the following week and plan accordingly. Again, there are things in each of our personal and professional lives that could have gone more smoothly this past year. Pick out some of these “failures” and use the gift of hindsight to avoid or improve these situations in 2014.
Third, plan for the future. Once you have considered both your accomplishments and the need for improvement, you can start to look towards and plan for the future. Many times, especially in situations in the moment that are difficult, looking towards the future can be extremely inspirational and it boils down to a single word, hope. Here is an example. This past year, our home was on the market for six months and unfortunately did not sell. In order to apply what I’m preaching here, I took a look back on the accomplishment, the failure, and planned for the future. We accomplished fixing our floors and various small things throughout the home to list the property. We did not sell the home, which means this didn’t go as planned. Now we are analyzing and planning for the future by asking the question, why didn’t it sell? We are going to improve the bathroom floors and painting, along with adding some landscaping to the front yard to improve the curb appeal and plan to re-list this spring. With this, we can renew our hope in selling the property and moving into a new phase of life as a family.
The people who know me and are reading this are probably wondering, is Gabe really writing this? That guy would probably make fun of this sort of article. My wife would probably laugh and say, this is an article she would have me read on Facebook. The truth is, yes, I most definitely would, but this is Thanksgiving weekend so I’m trying something new. :) So now I’d like to share with the world some of the things I am most thankful for this year:
It’s no secret that I have the best wife and children on the planet, sorry everyone else ;) This past year has been challenging in many ways, but we’ve made it through. I’m thankful for the four people who love me unconditionally and understand me like no one else.
Addison turned 6 this year. He is very well-mannered thanks to his mother. :) He has come so far in his reading and writing, its amazing how quickly they learn. He’s breaking boundaries on new stages everyday, he just lost his second tooth today! He has also made dad proud with how much he enjoys playing baseball.
Maddox turned 4 this year. He is doing so well at pre-school and is so much fun. Though he spends more time in timeout than the others, his imagination and creative happy spirit are truly a joy. He loves his older brother and is Delaney’s friend and protector. His love for Tom and Jerry, Popeye, and other “old-school” cartoons is awesome!
Delaney, our LaneyBug turned 2 this year. Today she said the word, “Christmas Tree” perfectly and it made us a little sad. This year in “terrible two’s” she has had to learn how to share with two older brothers, and with her preschool classmates, where she just started the two year old class this fall. I love all of my children the same, but it’s true there is something special about raising this sweet little girl :)
Holly, my loving wife who puts up with living with me. She is the ultimate planner, mother, companion and friend. Without her love and care for our family, I honestly don’t know how we would make it. She works part time nights and sacrifices so much sleep to be the best she can be for our family. For her, I am thankful beyond words.
This year has been an amazing year professionally. First, having the ability to work from home is fantastic. It comes with its own set of challenges without a doubt, but the ability to see my family more and be stuck in traffic less cannot be overstated. The most thankful portion of work this past year is that I was a significant part of the Cloudservers.com architecture, build, beta/development, and release. Tons of planning went into this project and thanks to a team effort we’re excited with what the future holds there.
On the Orcsweb side, I’ve had some successes there and enjoyed yet another year. Completing a vCenter 5.1 > 5.5 upgrade on two separate environments (blog posts on the way) and I’ve enjoyed working with our fantastic support team on a variety of daily and weekly tasks and projects in between. I was fortunate to have been nominated for the Microsoft MVP award for my community work on System Center Configuration Manager 2012. Though not awarded MVP status, it was a great opportunity and I’ve enjoyed assisting others. I also attended Microsoft’s TechEd 2013 in New Orleans, which was a blast! Thanks to Orcsweb, I was able to meet new people like Brien Posey and open up some new opportunities. Thanks to new doors being opened, for the last few months I have been writing technical articles on Microsoft Certifications for Pearson that should be published soon.
So, my house didn’t sell this year, but boy do I have a lot to be thankful for in my life. Taking stock at the wonderful people and things in my life gives me lots of joy this Thanksgiving season. The best word to summarize this feeling is, I suppose, hope.
Are you’re running System Center Configuration Manager 2012 SP1 and you need to now support Windows 8.1 and Server 2012 R2 clients? Or, do you want to utilize new Server 2012 R2 machines as Configuration Manager site systems? You’ll need to download and install SCCM 2012 SP1 Cumulative Update 3.
Here is an example of what a Server 2012 R2 client will appear like in the System Center Admin Console if you attempt to manage it:
For more information about CU3 check out this blog post from Microsoft:
In this post, I will walk you through the installation with screenshots. Note – I ran this update in both a development and production environment, no issues have been encountered and a reboot is NOT required.
First, pickup the hotfix here (or take a shortcut and change the below from .fun to .exe):
From this point, I will provide screenshots of the installation, for security purposes, blurring out my hosts name. Note – Make sure that there are no SCCM admin consoles open before beginning the installation.
You can now manually go into the Configuration Manager admin console and manually push the agent update to any Server 2012 R2 servers you have or if you have enabled the automatic agent upgrade, see below, then your Server 2012 R2 machines will be managed within the time period configured:
Now you’ll see that the server I took a screenshot of in the beginning of this article, is now fully managed with the new client version 184.108.40.206:
Now that you’re able to manage your Server 2012 R2 and Windows 8.1 clients, its time to look ahead to System Center Configuration Manager 2012 R2! Check out the release notes here:
For the past few months, my MacBook Pro has been my daily driver. As a Systems Administrator, I work with both Linux and Windows Server systems on a daily basis. I usually have multiple tabbed RDP windows open for Windows Server in a Windows VM running on my Mac, with Remote Desktop Manager (highly recommend this product).
However, there are many times when I RDP to systems direct from my Mac with the “Windows Remote Desktop Connection for Mac” software. The first time I tried to RDP to a Windows Server, I got the following error when trying to connect:
After many tries and much searching around online I was unable to get it to work. You’ll find many forums and questions about this. None of those solutions worked for me. The fix that worked for me was due to the security settings of our domain for RDP sessions. We do not allow RDP sessions to remember passwords, as a security precaution; however, from the above screenshot I’d have no way of figuring it out.
Here’s what you do. Go to RDC > Preferences > Login tab. Make sure you do not check any of the boxes and the only information you have is your Username and Domain, like this:
Close the box and then try your RDP connection again. Just enter your password, again don’t check the boxes and it should work.
If you still have an issue connecting, go back into Preferences > Security and set the radio button to “Always connect, even if authentication fails”:
Here is the Group Policy setting that if ENABLED, will cause this issue for you:
It’s official, Windows 8.1 RTM is available. Microsoft’s original intention was to hold the RTM of Windows 8.1 until October General Release; however, the development and overall technical community outcry has somewhat forced them to relent and release the RTM build early, almost in a business-as-usual fashion. Using virtualization client software, I setup a test Windows 8.1 ENT edition VM. I have some suggestions about Windows Update settings, and I also join my HomeGroup and setup File History (think Time Machine for Windows). Below is a step-by-step guide and a look at the installation process. This guide utilizes the Microsoft Account login and not a traditional local account. Pro-Tip – If you are using a VM, make sure to not use NAT (share IP with host) and to use a Bridged connection. Otherwise features like HomeGroup and other network settings can be problematic in my experience. Here we go:
Today was my son Addison’s 6th birthday party, where we had an incredible setup by my wife utilizing a Skylanders theme. It’s amazing to think he’s already six! I told my wife that she is getting old, but she just reminded me to look in the mirror at my bald head (Wife – 1 Gabe – 0). My son’s party and the announcement of the Nokia Lumia 1020 device this week are springboards to my title thought and I’d like to share that with you.
When preparing for a big event in life (like your child’s birthday party), you always want to make sure you have all the tech essentials in order to capture life’s important moments. For most people this means preparation of and bringing along a digital camera and/or video camera. Last night I did my due diligence, since I am a system admin by trade “all things tech” fall under my purview at the Beaver home. I made sure our digital camera and video camera were properly charged and that we had replacement batteries, all extension cables, spare SD cards, etc so that we were ready for the big day. We packed everything up for the party today, including all of our tech essentials.
We spent our time at the party setting up food, entertaining guests, chasing down our other smaller children, and trying to take in the moments with our son in between it all. We played games, served and ate party food, sang happy birthday, and enjoyed some fun in the rain playing in the puddles and shooting silly string.
In all of the moments described above, our hands were always busy, we were on the move the entire time. There was no time to tell the kids playing games or being funny to, “Wait, I am going to go grab my video camera, do that again just like you did it before,” or “Hold on a sec, let me pick up my camera…ok lets go,” Kids move fast and technology needs to be available instantly to capture moments you’ll never have the opportunity to seize again. What does this mean? Every single picture and video we have was taken on our mobile devices. My Nokia Lumia 920 and my wife’s iPhone5. The digital camera and video camera, while great devices individually, were never removed from their bags.
A quick look at Facebook, Twitter, Instagram, et al these days will show that our situation tonight is a growing trend and becoming the norm. We’ve got these amazing devices in our pockets, micro-computers with cameras that maybe not best dedicated devices in quality, but they are available immediately in mere seconds. The unfortunate thing for many people is that their smart or feature phone is equipped with a sub-par camera that does not perform well in low-light or less than optimal situations, leading to grainy images or low quality videos that may not capture the essence of their memory in the way they would have liked.
My Nokia Lumia 920 has been responsible for capturing my oldest son’s kindergarten program, his first season of coaches pitch baseball, my younger son’s blossoming imagination and curiosity, and many of my daughter’s firsts, and precious random moments in between. The quality of video recording and pictures has been stellar, but I was intrigued to hear about the new 1020 device this week.
The Nokia Lumia 1020 is a Windows Phone 8 device, just as my Lumia 920 is, but this device will sport a 41 megapixel camera. That is not a typo, its a super-high resolution 41 megapixel camera. If you check out the link for the 1020 I posted, the first thing you will see is “Your moments captured like never before”. This to me is exactly what many, many people are using their smartphone for more and more these days. The smartphones in many people’s pockets can check email and browse the web at amazingly fast 4G speeds, can play some intense graphic games, and much more; however, pull them out to take a quick photo or video of your dog playing in the backyard at dusk and more than likely the result will be, meh.
We’ve got the smartphone spec wars with OEMs adding bigger, faster processors, improving battery life and graphics, and more. It’s great to see Nokia, and even Samsung has seen potential with its GS4 Zoom offering, pushing the smartphone market in a new direction with the focus on improving photography on mobile devices including both the hardware and software.
Anyone considering a new smartphone in the near-future and want to have a high-quality digital and video camera ready at all times should definitely give the Lumia 1020 device a serious look. In life’s special moments like, your child’s first steps, a surreal sunset, or even that new dish at your favorite restaurant you want to share with your followers on Instagram, you only have seconds to capture the moment, you need speed and just as importantly high-quality.
Is improving mobile photography important to you? Are you satisfied with your current smartphone’s camera? Any other thoughts on this topic? Let me know in the comments.
This past week, our managed services team at OrcsWeb ran into an issue with Remote Desktop Services 2012. We had a client setup request for RDS on their Windows Server 2012 machine. We were to install the Session Host, Web, and Service Broker roles. This server was to point to our existing 2008 R2 RDS Licensed server. This 2008 R2 server’s only job is to provide central point of management for RDS CALs.
A Windows Server 2012 box cannot point to anything but another Windows Server 2012 box for licensing. This was not an issue, we just stood up a Server 2012 box to replace our 2008 R2 RDS box, where its only role would be a license server.
Once the new server was up and running, RDS licensing role installed, configured and validated with CALs for our server versions, including Server 2012 RDS, we attempted to point our RDS session host installation to the new licensing server.
To do this, I launched Server Manager, selected Remote Deaktop Services from the left panel, in the Role section I selected Overview, then selected the tasks drop down in Deployment Overview and selected Edit Deployment Properties.
I then went to the RD Licensing section to add my license server. I added my licensing server via FQDN, and was promptly greeted with an error message.
“The license server specified is not valid. Verify the server name and specify a valid server name before saving the settings.”
This year I was given the opportunity to attend and experience TechEd North America in New Orleans June 2-6. This was my first time attending and I was not quite sure what to expect. Could the assembling of so many nerds in one city be a good idea? As it turns out, this is an awesome idea.
The trip didn’t get off to the smoothest start. On Sunday I was set to take a flight from Charlotte > Houston > New Orleans. Unfortunately the flight departing Charlotte was delayed for 30 minutes and ended up being about two hours delayed in total. When you’ve got a connecting flight, the last thing you want is a delay of your first flight; however, during this time I started making conversation with the only other person headed to New Orleans, who was also heading to TechEd. I was chatting with Brien Posey. I didn’t know it at the time, but he is a 10-time MVP and freelance technical writer. We had a nice conversation, he’s a great guy, and after looking around a bit I’ve read some of his articles I just didn’t place the name with the articles when we were talking.
The flight from Houston > New Orleans was also delayed, but when we landed I only had 20 minutes to catch the flight, no time for lunch! Once aboard I jumped in on a conversation between Brien and a Duke Energy employee, turns out the Duke Employee knows a good friend of mine who also works at Duke in Charlotte on the Active Directory team. It’s a small world. Before I knew it I was in New Orleans and getting dropped off at the Renaissance Pere Marquette. Continue reading
I replaced the Broadcom mezzanine quad-port card with an Intel quad-port card , due to a problem with Broadcom drivers and my application.
Most of my sysadm experience is working with Windows server and Windows to its credit handles this change very well; however with CentOS, especially the minimal installation server I have, it is not as intuitive. After some quick searching I found some information on how to do this. I did not find a guide per se and I have some iSCSI configuration as well which needed attention. Here is how I did this, hopefully someone will find my experience helpful.
I assume that you have replaced your NIC and are trying to set it up in CentOS.
The first thing you should do is take a look at all of your current ifcfg files and make backup notes on the interfaces before doing anything else.
# cd /etc/sysconfig/network-scripts
Take a look at all of the ifcfg-xxx files in the directory. The quickest way to get a backup of your text files would be to display the file and copy and paste the contents (listing the full path just in case): Continue reading