The default AWS Linux EC2 instances come up with one user account such as centos, ubuntu etc with sudo privileges.
However in complex environment you may be needed add more users to EC2 instance with different privileges. Here we are going to discuss
how to adding users to Linux EC2 instance and give SSH access to the accounts. At the end of the tutorial we give you a trick to make the user
into sudo user.
1) Create new user account
1 |
#sudo adduser newuser |
2) Switch into new user account
1 |
#su newuser |
3) Generate new private key from AWS Account.
Log into AWS Account, then Goto “EC2” , next select “Key Pairs” under “NETWORK & SECURITY” which can find from left hand side.
4) How to obtain public key ??
i) Copy *.pem file into Linux machine.
ii) Run following command
1 |
ssh-keygen -y |
This will will be asked to enter private key, then enter previously copied *.pem file
iii) Copy output file
example output :-
1 2 3 4 5 |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE |
5) Create a .ssh directory for the authorized_keys file.
you may need to switch into “newuser”
1 2 |
[root ~]$su newuser [newuser ~]$ mkdir .ssh |
6) Change the file permissions of the .ssh directory
1 |
[newuser ~]$ chmod 700 .ssh |
7) Copy public key into authorized_keys and set permission to file
1 2 |
[newuser ~]$vim .ssh/authorized_keys [newuser ~]$chmod 600 .ssh/authorized_keys |
8) Log into server with .pem file
[root ~]$ssh -i your_private_key.pem newuser@remote.server.ip.address
ex :- ssh -i user.pem newuser@192.168.5.20
9) how to make new user into root or sudo user
this will require password, so we are going to disable this
log into remote server
type
#visudo
1 2 3 |
find this commented line ## Allow root to run any commands anywhere root ALL=(ALL) ALL |
add following
1 |
newuser ALL = (ALL) NOPASSWD: ALL |
Reference :- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html