Opening SSH to AWS-hosted Linux servers via mRemoteNG

mRemoteNGmRemoteNG is nice and lightweight tabbed session manager. It is a perfect fit to manage your remote server farm with both Windows and Linux machines, since it supports multiple connection protocols out of the box – including SSH and RDP (yet, you may need to update your older Windows client to run newer RDP version).

However, connecting to Linux instances that run on AWS requires a bit more than just SSH client. As you probably know, Linux EC2 instances have password authentication disabled by default to prevent brute-force attacks and want you to supply your private key instead. But there is no such field in mRemoteNG configuration pane! So, how can you configure it to send your private key instead of password?

It appears that mRemoteNG relies on embedded PuTTY to provide SSH support. In turn, PuTTY by itself is able to work with private keys authentication required by AWS. Here is the detailed explanation about the configuration steps.

Continue reading “Opening SSH to AWS-hosted Linux servers via mRemoteNG”

How to fix WebSphere 7.0 on Windows 2003 that hangs on startup

WebSphere Today I spent several hours troubleshooting the fresh install of WebSphere 7.0 on Windows 2003. The server passed all post-installation steps successfully, but refused to start after the OS reboot. The last line in the server logs was “Server launched. Waiting for initialization status.”, and the actual server state was unclear – any attempt to start it anew claimed that the service was running, but the server console was not available.

It appears that the Windows service installation, which happens by default during setup time, was problematic. Once you remove the service and reboot the system, you can start WebSphere manually without any trouble.

Here is how to remove the Windows service:

  1. Go to the “bin” folder under WAS installation directory (usually “C:\Program Files\IBM\WebSphere\AppServer\bin”)
  2. Execute the following command: “WASService –remove <name-of-server-node>”

Typically, the name of server node is composed from the computer name with “Node01” suffix.
For example, the node name on “was70-win.mycompany.com” will probably be “was70-winNode01”.

Hat tip to this IBM DeveloperWorks community post for the hints!

How to speed up SSL handshake in isolated environments

Opening an HTTPS URL in the environment that is not connected to the internet may take time. Fortunately, there is a way to speed up this process on the client side. It appears that Windows tries to retrieve fresh CRL (certificate revocation list) from own and third party servers. Obviously, this attempt times out when the client is not connected to the internet. There is no way to disable CRL retrieval completely, but it is possible to reduce retrieval timeout to the minimum allowed. The system will still attempt to contact CRL servers, but it will take less time to go through the whole list of servers.

In addition to SSL handshake, the settings above will speed up any process that involves certificate validation – for example, validation of code signing certificates.

So:

  1. Open Local Group Policy Editor (for example, search for “Edit Group Policy” in the Start Menu)
  2. Go down the tree from “Computer Configuration” => “Windows Settings” => “Security Settings” => “Public Key Policies”
  3. On the right side, double-click on “Certificate Path Validation Settings”
  4. Go to “Network Retrieval” tab
  5. Select “Define these policy settings” checkbox
  6. Change both timeout values under “Default retrieval timeout settings” to 1 second
  7. Click “OK”

For detailed instructions for clients that are part of Active Directory Domain, visit this TechNet topic (although it speaks about increasing timeout and decreasing it).

Retrieval Timeout Settings

The instructions above apply to Windows clients, but the same technique may be applicable for the other operating systems.