Aug 06

Adding users to Linux EC2 instance and give SSH access

The default AWS Linux EC2 instances come up with one user account such as centos, ubuntu etc  with sudo privileges.
However in complex environment you may be needed add more users to EC2 instance with different privileges. Here we are going to discuss
how to adding users to Linux EC2 instance and give SSH access to the accounts. At the end of the tutorial we give you a trick to make the user
into sudo user.

1) Create new user account

2) Switch into new user account

3) Generate new private key from AWS Account.

Log into AWS Account, then Goto “EC2” , next select “Key Pairs” under “NETWORK & SECURITY” which can find from left hand side.

EC2 key pair generator

4) How to obtain public key ??

i) Copy *.pem file into Linux machine.

ii) Run following command

This will will be asked to enter private key, then enter previously copied *.pem file

iii) Copy output file

example output :-

5) Create a .ssh directory for the authorized_keys file.

you may need to switch into “newuser”

6) Change the file permissions of the .ssh directory

7) Copy public key into authorized_keys and set permission to file

8) Log into server with .pem file

[root ~]$ssh -i your_private_key.pem newuser@remote.server.ip.address

ex :- ssh -i user.pem newuser@192.168.5.20

9) how to make new user into root or sudo user

this will require password, so we are going to disable this

log into remote server
type
#visudo

add following

Reference :- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html

Jul 06

Remotely change local Administrator password on all domain computers

Even computer is joined with domain controller, Sysadmins are used to keep local Administrator account as a backup login account to log into the computer when domain controller is not available. However it is really important to change local Administrator password periodically to comply with company security standards.

Manually changing the local Admin password is very hard process, you can use GPOs but server 2012 and on wards this option is not available as passwords are stored on clear text without encrypting it, so in GPOs password field should be grey out if you are already checked that . If you are  using domain controller prior to server 2012 you can try GPO option methods read this for more details .However there are  lots of third party tools are available to make this process automate. Even Microsoft also introduce tool called  local administrator password solution (laps) which can be integrated with Group policies, but need to modify domain schema, however it will not discuss here, if you are interest about LAPS please follow this article of official Microsoft resource.

 

Here I’m going to shows you how to remotely change local Administrator password on all domain computers automatically without installing additional software or making no modification to domain controller. below is the our lab environment.

Domain controller :- WIndows server 2012 R2
Domain computers :- Windows 7,8,and 8.1

 

01) Get domain PCs

i) log into domain controller and open Powershell.

ii) type following command to get all client PCs managed by domain controller.

Copy output into notepad and save it as txt ex:- domainpc.txt

02) Download PSTools

Download latest tool set from here and extract it. Don’t forget to copy domainpc.txt into extract folder of PSTools.

03) Change Local Administrator password on computers

i) Open command prompt and go to extract PSTools folder.

ii) Type following command

[YOURDOMAIN] :- Active Directory domain Name
[REMOTE ADMIN ACCOUNT] :- this most probably ‘Administrator’ if you need to change other local account, specify it here
[NEW PASSWORD] :- New password for the account

ex:-

Once you enter the command it will ask Domain Administrator password, type the password and press enter if you need to get output into file, you need to append following to above command

ex:-

 

 

Jul 02

Limit YouTube traffic with Sophos UTM QoS

Sophos UTM has the capability of providing Quality Of Service (QoS) for the traffic that passes through it. So you can limit bandwidth allocation for  non productive YouTube streaming for your employees while allocating more bandwidth for other productive browsing for them. Let’s look at how to limit YouTube traffic with Sophos UTM QoS feature. To make this tutorial simple, I have divided it into 3 steps.

 

1) Enable QoS on interface

log into Sophos UTM web interface with admin credentials.
goto “Interface & Routing” then select “Quality of Service (QoS)
then enable QoS on both LAN and WAN (internet) interface from toggle switch.

Enable qos on interface

2) Create YouTube traffic selectors.

click on “Traffic Selectors” tab and open “Edit Traffic Selector” window.
Fill or select following values.

YouTube traffic selector.

Name :- YouTube application selector
Selector type :- choose  “Application selector” from drop down
Source :-Any

Destination :- Any
Control by :- choose “Applications” from drop down

then add “Youtube” as Control These Application section.
finally click “save“.

3) Set Download Throttling.

Goto “Download Throttling” tab
select your internal interface (this example “internal“) from drop down at “Bound to Interface” section. then Click on “New Download Throttling Rule” to add new rule.

Fill the following values.

Name :- Youtube Limit.
Interface :- it’s gray out with interface called “internal” (it’s already before adding new rule)
Position :- which you preferred. here put it to top (1)

Limit (kbit/s) :- limit bandwidth
Limit :- select limit type
you can set Throttling limit speed and type . here use “shared” which means 100 kbits/s is shared with all users on the LAN.

Traffic selector :- make sure to select correct “Traffic Selector” which was created on step 2.
this example it is “YouTube application selector

Add YouTube throttling rule

 

That’s it . I would like to here about  thoughts and comment about this tut. see you next time :)

Older posts «

Fetch more items