Logging In and Adding New Users

By default, the image that we're using in our instance (ami-ccf615a5 ) only allows SSH logins with valid certificates. This means that users defined on the instance cannot SSH log in using usernames and passwords; they must have the appropriate certificates available. 

The configuration of SSH access is controlled by the file /etc/ssh/sshd_config

First Time Login

Locate the .pem file that you downloaded when creating the instance. See this post for information on creating an instance. Next, follow these instructions to create a PuTTY Private Key (.ppk) to use to log in using PuTTY.

  1. Run PuTTYgen. It can be downloaded here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html 
  2. At the top of the window, go to Conversions > Import Key. Browse to the .pem file
  3. Create a blank .txt document called "authorized_keys.txt". Paste the text from the field at the top of the PuTTYgen window into this file, save it and close it.
  4. Remove the .txt extension from the authorized_keys file. You may need this file later - keep it safe!
  5. Back in PuTTYgen, you'll next generate a private key. If you'd like, give it a passphrase and a custom comment before clicking "Save Private Key" in the lower right. After that you're donw with PuTTYgen
Now, use your .ppk file to create a login session in PuTTY.
  1. In the tree on the left, go to Connection > SSH > Auth
  2. In the text box in the middle of the window, specify the path to the .ppk file, or browse to it by clicking "Browse..."
  3. In the tree on the left, go back to Session
  4. Specify the Host Name (or IP address), give the session a name in the text box in the middle of the window beneath "Saved Sessions", then click the "Save" button.
  5. Click "Open" on the lower right to connect
  6. The SSH terminal window opens, and prompts you for a username. Type "root" and hit Enter.
    1. This is the OS-level username to which the certificate you are using is bound. If you are trying to log in as a different user, see below.
  7. If you specified a passphrase for your private key, it will prompt you for it. Type it in and hit Enter. Now you're logged in.
Adding a New User, Allowing The User to Log In
  1. First, make sure that a key-pair is created for the user using the EC2 Web Console.
  2. Download the .pem file and follow the above directions to generate a .ppk file for the new key-pair.
  3. Log in to the instance using a different certificate than the one you just made. Make sure you're logging in as a user who has permission to create new users (i.e. root).
  4. Once you're logged in, type adduser <username> where <username> is the name of the new user you wish to create. You may wish to add the user to a group in order to control permission effectively using the useradd command (See Helpful Commands).
  5. Log in to WinSCP using your root certificate. Place the authorized_keys file you generated into /home/<username>/.ssh. You'll have to create the .ssh folder.
  6. Within WinSCP, adjust the permissions as follows
    1. authorized_keys file: 0600
    2. .ssh folder: 0700 and change the group and ownership to <username>.
  7. Back in PuTTY, still logged in as root, change the ownership of the authorized_keys file by typing the following command: 
    1. chown <username>:<username> /home/<username>/.ssh/authorized_keys
  8. Now you can use the .ppk file you generated to log in as the new user.