Home > aws, ec2 > Create user for ssh access to aws ec2 instance

Create user for ssh access to aws ec2 instance

September 28th, 2015 Leave a comment Go to comments

Creating a user in an amazon ec2 instance in my case ubuntu:

sudo adduser <new_user>
# Next step gives access level
sudo adduser <new_user> sudo 

Create the folder .ssh for the user just created:

cd /home/<new_user>
mkdir .ssh

On your local computer:

    • Generate a key using strong encription:
ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "optional comment about key"
    • Then check that .ssh directory and the files have right permissions:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
    • Next, upload the public key to your server:
cat ~/.ssh/id_rsa.pub | ssh ubuntu@<public_ip> 'cat - >> ~/.ssh/authorized_keys'

In the remote server:

    • Copy the authorized_keys from the ubuntu user to the newly created .ssh folder of the new user.
cp ~/.ssh/authorized_keys /home/<new_user>/.ssh/
    • Change the owner of the folder and files to the user newly created:
sudo chown <new_user>:<new_user> /home/<new_user>/.ssh/
sudo chown <new_user>:<new_user> /home/<new_user>/.ssh/authorized_keys
    • Finally login as the user you just created and ensure that the .ssh folder and authorized_keys have the right permissions.
chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/

At this point you should be able to login using the default amazon key to both users. But in order to login from your computer with the key and the you just created, it is necessary to remove the id_rsa.pub from your local .ssh/ folder.
In the authorized_keys from the you would need to remove the first entry so the can not login using the amazon default initial key.

Categories: aws, ec2 Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.