I read a few weeks ago that Amazon now allow you to import your own RSA keys into EC2, but at the time I couldn’t find anywhere that explained how to do it. However, I have now found out how thanks to an egyptian blogger.
It doesn’t look like it’s currently possible through the AWS management console, but you can do it through the command line tools. You have to upload your key to each availability zone separately, but thankfully this can be easily achieved with a one liner…
for r in us-east-1 us-west-1 ap-southeast-1 eu-west-1; do ec2-import-keypair --region $r paul-public-key --public-key-file ~/.ssh/id_rsa.pub ; done
Replace ~/.ssh/id_rsa.pub with the path to your public key, and paul-public-key with the name you would to appear in Amazon for your keys.
NB: You need the ec2 tools set up before you can run this. You will also need to have setup an x509 certificate pair. There’s some useful instructions for this here.
You can read more about the ec2-import-keypair command in the EC2 documentation.
I’ve been looking at the new SnomONE PBX tonight, and have set up a test installation on a virtual machine. I couldn’t see any instructions in their manual for installing on Linux, so I thought I’d blog about the steps I took as it might help someone else!
1. Install Centos 5.5 x86_64 system.
2. SSH into system, and download SnomONE Centos 64 bit version installer from Snom.
3. Make the installation script executable:
chmod +x snomone-CentOS5-2011-18.104.22.16850-x64.bin.sh
4. Run the installer script without any arguments to check the integrity of the file:
5. Run the installer in install mode
6. Setup firewall rules
# Generated by iptables-save v1.3.5 on Thu Oct 14 23:11:41 2010
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11875:1171187]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 22.214.171.124 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# SnomOne Rules
-A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 5060 -j ACCEPT
# SIP TLS
-A RH-Firewall-1-INPUT -p udp --dport 5061 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 5061 -j ACCEPT
# RTP Media Stream
-A RH-Firewall-1-INPUT -p udp --dport 49152:64512 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
# Completed on Thu Oct 14 23:11:41 2010' > /root/snom-firewall.txt
iptables-restore < /root/snom-firewall.txt
service iptables save
6. Access the admin interface in your web browser…. http://ipaddress-of-centos-box/