Logging In and Adding New Users
By default, the image that we're using in our instance (ami-ccf615a5 ) only allows SSH logins with valid certificates. This means that users defined on the instance cannot SSH log in using usernames and passwords; they must have the appropriate certificates available.
The configuration of SSH access is controlled by the file /etc/ssh/sshd_config
First Time Login
Locate the .pem file that you downloaded when creating the instance. See this post for information on creating an instance. Next, follow these instructions to create a PuTTY Private Key (.ppk) to use to log in using PuTTY.
- Run PuTTYgen. It can be downloaded here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- At the top of the window, go to Conversions > Import Key. Browse to the .pem file
- Create a blank .txt document called "authorized_keys.txt". Paste the text from the field at the top of the PuTTYgen window into this file, save it and close it.
- Remove the .txt extension from the authorized_keys file. You may need this file later - keep it safe!
- Back in PuTTYgen, you'll next generate a private key. If you'd like, give it a passphrase and a custom comment before clicking "Save Private Key" in the lower right. After that you're donw with PuTTYgen
Now, use your .ppk file to create a login session in PuTTY.
- In the tree on the left, go to Connection > SSH > Auth
- In the text box in the middle of the window, specify the path to the .ppk file, or browse to it by clicking "Browse..."
- In the tree on the left, go back to Session
- Specify the Host Name (or IP address), give the session a name in the text box in the middle of the window beneath "Saved Sessions", then click the "Save" button.
- Click "Open" on the lower right to connect
- The SSH terminal window opens, and prompts you for a username. Type "root" and hit Enter.
- This is the OS-level username to which the certificate you are using is bound. If you are trying to log in as a different user, see below.
- If you specified a passphrase for your private key, it will prompt you for it. Type it in and hit Enter. Now you're logged in.
Adding a New User, Allowing The User to Log In
- First, make sure that a key-pair is created for the user using the EC2 Web Console.
- Download the .pem file and follow the above directions to generate a .ppk file for the new key-pair.
- Log in to the instance using a different certificate than the one you just made. Make sure you're logging in as a user who has permission to create new users (i.e. root).
- Once you're logged in, type adduser <username> where <username> is the name of the new user you wish to create. You may wish to add the user to a group in order to control permission effectively using the useradd command (See Helpful Commands).
- Log in to WinSCP using your root certificate. Place the authorized_keys file you generated into /home/<username>/.ssh. You'll have to create the .ssh folder.
- Within WinSCP, adjust the permissions as follows
- authorized_keys file: 0600
- .ssh folder: 0700 and change the group and ownership to <username>.
- Back in PuTTY, still logged in as root, change the ownership of the authorized_keys file by typing the following command:
- chown <username>:<username> /home/<username>/.ssh/authorized_keys
- Now you can use the .ppk file you generated to log in as the new user.