Hello all, However in practice we always need to create a new user into aws servers and perform several operations. Like
ssh is a basic operation that we do on servers to do anything. However
aws provide the
.pem authentication for ssh.
In this example we gone learn how to make an instance over
aws, create a new user into that instance in sudo group and
ssh to the user without a
pem file. For this several steps have be follow:
1. Create an instance
- First go to console.aws.amazon.com.
- Click on EC2.
- Click launch instance.
- Select a machine image type. For this example I have taken
ubuntu free tier machine.
- Create a new pem file and download it.
- Review security groups and change if you want to do any changes into security groups.
- Review all configurations and launch instance.
2. SSH to root user by pem file
Now you have to ssh to root user by using
pem file. Run following commands.
chmod 400 /path_to_pem/you_pem_file_name.pem
ssh -i /path_to_pem/you_pem_file_name.pem USER_NAME@ec2-SOME_IP_SEPRATED_BY_(-).compute-1.amazonaws.com. Like
ec2-52-23-186-83.compute-1.amazonaws.com#=> Here USER_NAME is the name of root user for ubuntu machine it “ubuntu” and for AMI(Amazon Machine Instances) is “ec2”.
3. Add a new user in sudo group:
follow these steps to add a new user in sudo group:
sudo adduser NEW_USER_NAME#=> Here NEW_USER_NAME is new user’s name say ‘deploy’.
- Add user to
sudoersfile by running
sudo visudoand add the following line:
NEW_USER_NAME ALL=(ALL:ALL) ALL
- If you want to enable password authentication for the user. You can enable password authentication by:
sudo nano /etc/ssh/sshd_configand change
sudo su - NEW_USER_NAME. Give a strong password while creating a new user.
4. Add id_rsa to the server:
For ssh from local machine just add you
id_rsa.pub file to server’s
.ssh/authorized_keys file. For this you have to follow these steps:
chmod 700 .ssh
- Paste you
id_rsa.pubfile here and save it.
chmod 600 .ssh/authorized_keys
5. Restart ssh:
- sudo /etc/init.d/ssh restart
Now you will be able to ssh to the
USER_NAME@ec2-SOME_IP_SEPRATED_BY_(-).compute-1.amazonaws.com without pem file.
Thanks for reading this blog post!!