musings from the sleep deprived

Getting the EC2 instance keypairs to work with the various types of SSH clients out there seems to be somewhat of an issue. I had trouble with it when I first started out, and I’ve had a few friends request help on that. I just got home, started fresh, and documented my steps with all three clients below (linux command line ssh, putty and SecureCRT). Hopefully, this will save a few of you trouble where I had some initially…

Before I get into specific instructions, I should note that there *are* certainly other ways to get the specifics of this to work. This is one method. You may find others, your mileage may vary, all rights wronged, all wrongs reversed, world peace in our lifetimes, etc etc ad nauseum.

On AWS:

• Using the AWS web administration, select the EC2 tab. Select “Key Pairs” on the left menu
• “Create Key Pair” on Top Bar
• Name the pair, in my example, I named it “TestKeyPair”
• This will download a PEM file. Save it somewhere you will remember.

• Now on the “Instances” panel (from the left menu), select “Launch Instance” from the top bar
• I selected the “Basic 64-bit Amazon Linux AMI 2011.09 (AMI Id: ami-1b814f72)” AMI
• I chose a micro instance in my zone (us-east-1b)
• Advanced Instance Options – stayed with all default values
• Instance Details – named the server TestServer
• Create Key Pair – I selected “Use Existing KeyPair” and selected the key pair created above
• Configure Firewall – used the quick-start Security Group
• Review – Launch.

Wait until the new instance is running… find the “Public DNS” field in its properties page, you will be using that to connect.
In my case, it was ec2-50-19-133-144.compute-1.amazonaws.com

Now, for each client, again, same caveat as above… there may, in fact, be other ways to get this working. I just tried to get to a working configuration as quickly as possible.

SecureCRT Instructions :
I’m using build 6.7.2 (x64 build 229). I believe these instructions will only apply to recent builds, since the ability to use
the PEM file directly was only added recently. Older versions will probably still work, but will likely require extra steps to
convert the PEM file to the native SecureCRT format (or another format that it can use)

1. Create New Session
   • Connect : Name – I used “test server”
   • : Protocol : SSH2
   • : SSH2 : Hostname (use the DNS name above) : ec2-50-19-133-144.compute-1.amazonaws.com
   • : Port : 22 (default)
   • : Username : ec2-user
   • : Authentication : PublicKey
   • Select the method, click on Properties
   • Select “Use session public key setting”
   • Select “Use identity or certificate file”
   • Click on “…” to browse for the downloaded PEM file
   • Click “OK”
   • All other values should be at defaults
2. Connect
• You will be prompted to accept the key exchange details. I clicked “Accept & Save”.
• I was, at that point, logged in to the ec2-user
• “sudo -i” got me to the root account

PuTTY instructions : (version 0.6.1)

There are other ways to do this (for example, using Pageant), but this is just to get the connection. Presumably, if you can get this working, you can get the other methods as well…

1. Run the “puttygen” key generation program
• Conversions menu -> Import key
• Browse to the saved PEM file
• You should see all the key details on the screen, including fingerprint, comment, type of key and number of bits
• Click on “Save private key”
• Save the file with the PPK file type, I named mine TestKeyPair.ppk
2. Create new session. I named it “testserver”
• Host Name (or ip IP address) : use the DNS name above, including the username : ec2-user@ec2-50-19-133-144.compute-1.amazonaws.com
• Port : 22
• Connection : Logical Name : I used the DNS name : ec2-50-19-133-144.compute-1.amazonaws.com
• : Data : Auto-login username : ec2-user
• : SSH : Auth : Private key file for authentication ->
• Browse to the file saved in Step 1 above
• Save your session
3. Open the connection
• You will be prompted that the key pair is not yet saved in putty’s cache. Click “Yes” to save the key exchange and continue
• At this point, I was connected to the server, logged in as “ec2-user”
• “sudo -i” got me to root login

linux ssh instructions
Linux version (uname -a) :

Linux pebkac 2.6.29.6-smp-pebkac #1 SMP Sat Feb 27 17:55:36 MST 2010 i686 AMD Athlon(tm) 64 Processor 3800+ AuthenticAMD GNU/Linux)

OpenSSH and OpenSSL versions :

OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009

This is perhaps easiest. You can use the PEM file directly to connect without additional modification. I transfered the PEM file to my linux server (using SCP) and then executed instructions as you can see below:

jio::/home/jio>>> ssh -i TestKeyPair.pem ec2-user@ec2-50-19-133-144.compute-1.amazonaws.com
	The authenticity of host 'ec2-50-19-133-144.compute-1.amazonaws.com (50.19.133.144)' can't be established.
	RSA key fingerprint is c2:b2:5c:1e:12:4d:55:73:a2:f3:3d:c6:09:d3:9c:cc.
	Are you sure you want to continue connecting (yes/no)? yes
	Warning: Permanently added 'ec2-50-19-133-144.compute-1.amazonaws.com,50.19.133.144' (RSA) to the list of known hosts.
	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
	@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
	Permissions 0644 for 'TestKeyPair.pem' are too open.
	It is recommended that your private key files are NOT accessible by others.
	This private key will be ignored.
	bad permissions: ignore key: TestKeyPair.pem
	Permission denied (publickey).
jio::/home/jio>>> chmod 400 TestKeyPair.pem 
jio::/home/jio>>> ssh -i TestKeyPair.pem ec2-user@ec2-50-19-133-144.compute-1.amazonaws.com
	Last login: Tue Nov 29 04:30:03 2011 from home.trippy.org
			   __|  __|_  )
			   _|  (     /   Amazon Linux AMI
			  ___|\___|___|

	See /usr/share/doc/system-release/ for latest release notes.
	There are 14 security update(s) out of 18 total update(s) available
	[ec2-user@ip-10-194-110-99 ~]$ sudo -i
	[root@ip-10-194-110-99 ~]# ls -al
		total 36
		dr-xr-x---  3 root root 4096 Nov 29 04:19 .
		dr-xr-xr-x 24 root root 4096 Nov 29 04:08 ..
		-rw-------  1 root root   24 Nov 29 04:31 .bash_history
		-rw-r--r--  1 root root   18 Jan 15  2011 .bash_logout
		-rw-r--r--  1 root root  176 Jan 15  2011 .bash_profile
		-rw-r--r--  1 root root  176 Jan 15  2011 .bashrc
		-rw-r--r--  1 root root  100 Jan 15  2011 .cshrc
		drwx------  2 root root 4096 Nov 29 04:08 .ssh
		-rw-r--r--  1 root root  129 Jan 15  2011 .tcshrc
	[root@ip-10-194-110-99 ~]# exit
		logout
	[ec2-user@ip-10-194-110-99 ~]$ exit
		logout
	Connection to ec2-50-19-133-144.compute-1.amazonaws.com closed.
jio::/home/jio>>>

Enjoy!

Ok, so this is awesome. Yeah, sure, we all get spam email all the time. This one, however, caught my eye for no good reason I can think of. Once I read it all the way through, I saved it for posterity’s sake. Also, this is probably only going to be funny to those who know of TrippyMUSH. Here is the email, with bits knocked out to protect … well, me, probably.

Greetings,

My name is xxxxxx xxxxxxx, and I would like to present you with a business opportunity that offers the potential for considerable earnings.

I work for a privately held manufacturing company, which currently purchases a specific product vital to its processing operations at a price significantly above the manufacturing cost. In my proposed business venture, you would act as a stand-in supplier, providing this key material while retaining the same profit margins. My role would be to introduce you to my company as the supplier and to obtain a contract between you and my employer.

I understand that your experience with TrippyMUSH Inc doesn’t directly relate to my field. However, this venture is more in line with your personal capabilities rather than your professional experience.

I would like to confirm your current phone number xxx-xxx-xxxx. Please send a return email to verify your contact number and to schedule the most convenient time to discuss these possibilities in detail. I look forward to speaking with you soon.

Kindest Regards,

Awesomesauce. Pure … awesomesauce. Ok, maybe its only funny to me. Who knows.

I had a conversation last weekend reminding me that we all too often spend our mental energy on all the wrong sorts of anxieties. I don’t mean our passions or interests… I mean the things we choose to stress or worry about.

So, due to circumstances that are often out of our own control, we sometimes find ourselves separated from our loved ones, sometimes for extended periods of time. Imagine for a moment that loved one is your son (or daughter), and that you haven’t seen them in 15 years. And when you did, they were 14 years old. Yes, you might argue… that is perhaps an extreme case, and you’d be right. But uncommon? Unheard of? No… I think probably all too common, in fact. Anyway…

Now imagine that you head back to your hometown for a family gathering of some sort. You hear that your son is in town, but really have no way of knowing how to reach them or meet up. Imagine that you decide to hit the old haunts on a particular evening, and then, without any warning, you see your now 29 year old son sitting at the end of the bar, throwing back a beer. You approach, and the following conversation ensues…

him : Do I know you?
you : Yes, you do.
him : How long have I known you?
you : 29 years
him : Are you saying what I think you’re saying?

And then for the next several hours, you find yourselves picking up the pieces and learning about each other again, discovering and sharing.

Makes all of the other crap infesting my brain all seem rather trite by comparison. It also started another thread internally that I haven’t quite flushed out yet, but will post about soon.

Thanks for sharing, Tom. I won’t soon forget this.

Its been a fairly busy weekend, all told. Saturday we went down to Larkspur to get the FishTankFromHell(tm). Thanks to Geoff and Tom for their heroic assistance in that move. We got everything moved, including about 40 gallons of the existing water. I think there were a total of … 15 fish? Something like that. We lost one already, I think just due to the “shock” of the move. We will probably lose one more if my guess is on. But I think, given what they went through to get to my house, that is about as well a result as can be expected. The rest look great, their color has returned, swimming around well, etc etc.

We had our friend Simon come over this morning to try to get some pictures of us and the kids. They were well behaved, but didn’t sit still very well. We’ll see how they turn out. We will post pics once we have them, and of course provide Simon with some advertising for his trouble! Thanks Simon!

I left from DIA at 3:44 bound for Seattle and arrived relatively unscathed. Somewhere in the mix of security scanning and getting to my seat on the plane, I dropped my cash. I didn’t realize it. When we deplaned in Seattle, the lady sitting behind me passed me on the jetway, and handed me something, asking if it looked familiar. It was my billfold, all $150 or so it, plus receipts. I do believe at least some of my faith in honesty is restored. So thank you, nice lady sitting behind me. I do appreciate it.

Taxi to hotel, checked in. Dinner at Buckley’s. I also managed to get in touch with Johnny Rockstar, who I will be dining with on Wednesday evening. He is going to try and coerce Gamber to come along as well, who I haven’t seen in ages, so that would be great, of course. And I should be meeting Susan Ramsey and her beau for a drink or dinner or both tomorrow evening as well. Its good to be the king, is all I’ve gotta say.

Ah Seattle. I do like it here. I like the climate, could do with fewer hills. Could do with not being on a major fault line. But otherwise, I dig it. Now time to finish off my book and head for bed.