Saturday, August 11, 2012

Creating multiple user login in Amazon ec2


We know we can login in Amazon ec2 linux instances with our .ppk/.pem keys. But it is restricted to a single root user. How to create more normal users and let them also login to the instance? of course they cant use root users key. so we have to create new login keys for them. This post is also applicable for normal systems. We will see how to create key based authentication for normal users.

We will add a normal user randeep and set password for him.
[root@server ~]# adduser randeep
[root@server ~]# passwd randeep
Changing password for user randeep.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

Now we will create a ssh key for him and set the permissions.
[root@server ~]# cd /home/randeep/
[root@server randeep]# mkdir .ssh
[root@server randeep]# ls -a
.  ..  .bash_logout  .bash_profile  .bashrc  .mozilla  .ssh
[root@server randeep]# chmod 700 .ssh
[root@server randeep]# ssh-keygen -b 1024 -f randeep -t dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in randeep.
Your public key has been saved in
The key fingerprint is:
[root@server randeep]# ls -a
.  ..  .bash_logout  .bash_profile  .bashrc  .mozilla  randeep  .ssh
[root@server randeep]# cat > .ssh/authorized_keys
[root@server randeep]# chmod 600 .ssh/authorized_keys
[root@server randeep]# chown -R  randeep:randeep .ssh

Now checking the login from the command line itself
[root@server randeep]# ssh -i randeep randeep@localhost
The authenticity of host 'localhost (' can't be established.
RSA key fingerprint is 63:6d:4a:08:b4:b4:19:3c:d0:58:f3:60:8a:ec:7a:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
[randeep@server ~]$

Now you can transfer this key to any windows machine and convert the key to .ppk using puttygen for login through putty of scp.
Install puttygen and load the key.
Loading key for creating .ppk key
create a private key of the loaded key.
Click yes and proceed to create .ppk key
thats it. now you can use the key for login.

if you want to disable password authentication and restrict only to key authentication,
open ssh configuration file /etc/ssh/sshd_config
edit as
PasswordAuthentication no
save it and restart ssh
[root@server randeep]# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                              [  OK  ]
[root@server randeep]#

Recommended Reading

1. Amazon Elastic Compute Cloud (EC2) User Guide
2. Getting Started Guide: Analyzing Big Data with AWS
3. Getting Started Guide: AWS Free Usage Tier
4. Getting Started with AWS
5. AWS Computing Basics for Linux

1 comment:

Be nice. That's all.