Logging In and Adding New Users
By default, the image that we're using in our instance (ami-ccf615a5 ) only allows SSH logins with valid certificates. This means that users defined on the instance cannot SSH log in using usernames and passwords; they must have the appropriate certificates available.
The configuration of SSH access is controlled by the file /etc/ssh/sshd_config
First Time Login
Locate the .pem file that you downloaded when creating the instance. See this post for information on creating an instance. Next, follow these instructions to create a PuTTY Private Key (.ppk) to use to log in using PuTTY.
- Run PuTTYgen. It can be downloaded here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- At the top of the window, go to Conversions > Import Key. Browse to the .pem file
- Create a blank .txt document called "authorized_keys.txt". Paste the text from the field at the top of the PuTTYgen window into this file, save it and close it.
- Remove the .txt extension from the authorized_keys file. You may need this file later - keep it safe!
- Back in PuTTYgen, you'll next generate a private key. If you'd like, give it a passphrase and a custom comment before clicking "Save Private Key" in the lower right. After that you're donw with PuTTYgen
Now, use your .ppk file to create a login session in PuTTY.
- In the tree on the left, go to Connection > SSH > Auth
- In the text box in the middle of the window, specify the path to the .ppk file, or browse to it by clicking "Browse..."
- In the tree on the left, go back to Session
- Specify the Host Name (or IP address), give the session a name in the text box in the middle of the window beneath "Saved Sessions", then click the "Save" button.
- Click "Open" on the lower right to connect
- The SSH terminal window opens, and prompts you for a username. Type "root" and hit Enter.
- This is the OS-level username to which the certificate you are using is bound. If you are trying to log in as a different user, see below.
- If you specified a passphrase for your private key, it will prompt you for it. Type it in and hit Enter. Now you're logged in.
Adding a New User, Allowing The User to Log In
- First, make sure that a key-pair is created for the user using the EC2 Web Console.
- Download the .pem file and follow the above directions to generate a .ppk file for the new key-pair.
- Log in to the instance using a different certificate than the one you just made. Make sure you're logging in as a user who has permission to create new users (i.e. root).
- Once you're logged in, type adduser <username> where <username> is the name of the new user you wish to create. You may wish to add the user to a group in order to control permission effectively using the useradd command (See Helpful Commands).
- Log in to WinSCP using your root certificate. Place the authorized_keys file you generated into /home/<username>/.ssh. You'll have to create the .ssh folder.
- Within WinSCP, adjust the permissions as follows
- authorized_keys file: 0600
- .ssh folder: 0700 and change the group and ownership to <username>.
- Back in PuTTY, still logged in as root, change the ownership of the authorized_keys file by typing the following command:
- chown <username>:<username> /home/<username>/.ssh/authorized_keys
- Now you can use the .ppk file you generated to log in as the new user.
- Printer-friendly version
- Login to post comments
| Related Community Groups |
|---|
|
CSW Debug Blog | 17 Posts | Join A group blog to discuss metadata Catalog Service for the Web (CSW) implementation experiences |
|
Building a GeoSciML WFS Server | 11 Posts | Join Development, testing and implementation of a WFS service that returns GeoSciML documents |
|
ETL Debug Blog | 12 Posts | Join A group blog on implementing and debugging Extract-Transform-Load (ETL) efforts. |
|
Presentations and Posters | 12 Posts | Join Post your posters and presentations related to USGIN topics. |
|
Metadata interest group | 13 Posts | Join group for general posting on metadata content, standards, tools |
|
USGIN Amazon Virtual Server Development | 18 Posts | Invite only Documenting the process of development of a Web Server in the Amazon EC2 environment. Software installations tailored to the requirements for USGIN |
|
GeoNetwork configuration and development | 7 Posts | Join Discussion on GeoNetwork setup, configuration, and development. |
|
Student Projects | 0 Posts | Join Discussion of student projects related to USGIN |
|
Drupal Development | 6 Posts | Join All about bending Drupal to your needs |
|
Geoportal on an Amazon Virtual Machine | 3 Posts | Closed Installation, configuration, etc. |
|
Using Django for USGIN | 7 Posts | Request membership Thought and ideas about using Django to accomplish USGIN-related... things. |
|
ArcGIS Server and OGC Services | 3 Posts | Join Tips on using ArcGIS Server to provide OGC web services |
|
Content model discussion | 0 Posts | Request membership Community site for comments on development of content models and encoding for information intechange |
|
Making Web Maps | 2 Posts | Request membership For information about the myriad of mechanisms for showing service data on a web page. |
|
Troubleshooting Web Service Deployment - Blog | 5 Posts | Join This blog is for documenting our group's experiences with web service deployment. |
|
Best Practices for USGIN Web Service Hosting | 10 Posts | Join Tips, techniques, and frequently asked questions for hosting AASG Geothermal Data Web Map Services and Web Feature Services |
|
Hub Disaster Recovery | 0 Posts | Request membership Discussions around how to harden a distributed federated system against disaster; setting up a system to mirror hub VMs at other hubs. |
