Logging In and Adding New Users

By default, the image that we're using in our instance (ami-ccf615a5 ) only allows SSH logins with valid certificates. This means that users defined on the instance cannot SSH log in using usernames and passwords; they must have the appropriate certificates available. 

The configuration of SSH access is controlled by the file /etc/ssh/sshd_config

First Time Login

Locate the .pem file that you downloaded when creating the instance. See this post for information on creating an instance. Next, follow these instructions to create a PuTTY Private Key (.ppk) to use to log in using PuTTY.

  1. Run PuTTYgen. It can be downloaded here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html 
  2. At the top of the window, go to Conversions > Import Key. Browse to the .pem file
  3. Create a blank .txt document called "authorized_keys.txt". Paste the text from the field at the top of the PuTTYgen window into this file, save it and close it.
  4. Remove the .txt extension from the authorized_keys file. You may need this file later - keep it safe!
  5. Back in PuTTYgen, you'll next generate a private key. If you'd like, give it a passphrase and a custom comment before clicking "Save Private Key" in the lower right. After that you're donw with PuTTYgen
Now, use your .ppk file to create a login session in PuTTY.
  1. In the tree on the left, go to Connection > SSH > Auth
  2. In the text box in the middle of the window, specify the path to the .ppk file, or browse to it by clicking "Browse..."
  3. In the tree on the left, go back to Session
  4. Specify the Host Name (or IP address), give the session a name in the text box in the middle of the window beneath "Saved Sessions", then click the "Save" button.
  5. Click "Open" on the lower right to connect
  6. The SSH terminal window opens, and prompts you for a username. Type "root" and hit Enter.
    1. This is the OS-level username to which the certificate you are using is bound. If you are trying to log in as a different user, see below.
  7. If you specified a passphrase for your private key, it will prompt you for it. Type it in and hit Enter. Now you're logged in.
Adding a New User, Allowing The User to Log In
  1. First, make sure that a key-pair is created for the user using the EC2 Web Console.
  2. Download the .pem file and follow the above directions to generate a .ppk file for the new key-pair.
  3. Log in to the instance using a different certificate than the one you just made. Make sure you're logging in as a user who has permission to create new users (i.e. root).
  4. Once you're logged in, type adduser <username> where <username> is the name of the new user you wish to create. You may wish to add the user to a group in order to control permission effectively using the useradd command (See Helpful Commands).
  5. Log in to WinSCP using your root certificate. Place the authorized_keys file you generated into /home/<username>/.ssh. You'll have to create the .ssh folder.
  6. Within WinSCP, adjust the permissions as follows
    1. authorized_keys file: 0600
    2. .ssh folder: 0700 and change the group and ownership to <username>.
  7. Back in PuTTY, still logged in as root, change the ownership of the authorized_keys file by typing the following command: 
    1. chown <username>:<username> /home/<username>/.ssh/authorized_keys
  8. Now you can use the .ppk file you generated to log in as the new user.
Related Community Groups
CSW Debug Blog | 17 Posts | Join
A group blog to discuss metadata Catalog Service for the Web (CSW) implementation experiences
Building a GeoSciML WFS Server | 11 Posts | Join
Development, testing and implementation of a WFS service that returns GeoSciML documents
ETL Debug Blog | 12 Posts | Join
A group blog on implementing and debugging Extract-Transform-Load (ETL) efforts.
Presentations and Posters | 12 Posts | Join
Post your posters and presentations related to USGIN topics.
Metadata interest group | 13 Posts | Join
group for general posting on metadata content, standards, tools
USGIN Amazon Virtual Server Development | 18 Posts | Invite only
Documenting the process of development of a Web Server in the Amazon EC2 environment. Software installations tailored to the requirements for USGIN
GeoNetwork configuration and development | 7 Posts | Join
Discussion on GeoNetwork setup, configuration, and development.
Student Projects | 0 Posts | Join
Discussion of student projects related to USGIN
Drupal Development | 6 Posts | Join
All about bending Drupal to your needs
Geoportal on an Amazon Virtual Machine | 3 Posts | Closed
Installation, configuration, etc.
Using Django for USGIN | 7 Posts | Request membership
Thought and ideas about using Django to accomplish USGIN-related... things.
ArcGIS Server and OGC Services | 3 Posts | Join
Tips on using ArcGIS Server to provide OGC web services
Content model discussion | 0 Posts | Request membership
Community site for comments on development of content models and encoding for information intechange
Making Web Maps | 2 Posts | Request membership
For information about the myriad of mechanisms for showing service data on a web page.
Troubleshooting Web Service Deployment - Blog | 5 Posts | Join
This blog is for documenting our group's experiences with web service deployment.
Best Practices for USGIN Web Service Hosting | 10 Posts | Join
Tips, techniques, and frequently asked questions for hosting AASG Geothermal Data Web Map Services and Web Feature Services
Hub Disaster Recovery | 0 Posts | Request membership
Discussions around how to harden a distributed federated system against disaster; setting up a system to mirror hub VMs at other hubs.