When you create a key in AWS you can download it one time in PEM format. To use it in PuTTY, the free SSH and Telnet client, you have to convert it to PPK format.
To install PuTTY, see the Terminal Emulator section in Recommended utilities for your workstation
To convert a PEM file to PPK
- Open a terminal window in the folder of the PEM file
- Execute the following
puttygen MYKEY.pem -o MYKEY.ppk
To secure Artifactory repositories follow the steps below
- Log into Artifactory as an administrator
- On the left select Admin
- In the Security menu select Users
- In the upper right select New
- Create users for admin, writer, and reader. Make sure the Can Update Profile checkbox is NOT checked, so if someone logs in with the service account credentials cannot change the account settings.
Create security groups and add the new users to the groups
- In the Admin menu select Security and Groups
- On the Group Management page select New
- Create groups for admins, writers, and readers. Add “s” to the name of the group to differentiate it from the user.
- In the Users section add the appropriate user to the group
Create permissions and add the groups to the permissions
- In the Security menu select Permissions
- In the upper right corner select New
- Create permissions to administer, write, and read the repository
- Select the repository, click the green arrow to add the repository to the Selected Repositories list, and click Next
- Click the arrow next to the name of the group to add it to the list of groups
- Select the appropriate check boxes
- For writers select Delete/Overwrite, Deploy/Cache, Annotate, and Read
- Click the Save & Finish button.
To allow anonymous read access to the repository
To allow everyone to read the repository without authentication, add the anonymous user to the REPOSITORY-NAME_readers group.
When you install Jenkins, the default settings allow anyone to sign up and administer it. There are many ways to secure Jenkins, the simplest is to disable the user sign up and require login to administer the server.
- Click sign up in the upper right corner and create an account for yourself
- On the Jenkins Dashboard select Manage Jenkins
- On the Manage Jenkins page select Configure Global Security
- Make sure the circled items are set according to the picture below.
The Microsoft Active Directory is a great system to manage the security of servers and workstations. One of the fundamental security tools is the password expiration policy.
To set the password expiration policy in an Active Directory domain follow the steps below
- Remote desktop into the domain controller
- Start the Active Directory Users and Computers snap in
- Right click the root domain name and select Properties
- Select the Group Policy tab
- In the middle select the Default Domain Policy Group Policy Object Link
- Click the Edit button
- On the left side expand Computer Configuration > Windows Settings > Security Settings > Account Policies
- Select the Password Policy and Account Lockout Policy keys to set the desired values
All new and existing user accounts will inherit these settings, and the password of existing user accounts will immediately expire where the “Password never expires” option is not set.