Multiple users connecting to AWS EC2 via SSH
Here's how to add new users/developers to an AMAZON EC2 linux instance and give them unique SSH Key access:
Say you are creating "user": Create a key on your own machine by entering the following:
ssh -keygen -b 1024 -f user -t dsa
Don't use a paraphrase -- just hit enter.
You should now have two files compiled: user and user.pub
chmod 600 user.pub
Now transfer the public key file (user.pub) from your computer to the server. For example let us use the /tmp/ directory.
Now SSH into your server using an account with root access, you will now need to create the user and also create the necessary files and ownership for you to use the key you just created:
# sudo su (if needed)
# useradd -c "firstname lastname" user
# cd /home/user
# mkdir .ssh
# chmod 700 .ssh
# chown user:user .ssh
# cat /tmp/user.pub >> .ssh/authorized_keys
# chmod 600 .ssh/authorized_keys
# chown user:user .ssh/authorized_keys
Once you've done this, exit out back to your own machine, then try to SSH using the new credential and user account you've created:
ssh -i user.pem user@ec2-your-instance-name.compute-1.amazonaws.com
Can a server have more than one SSH key pair?
When an Amazon EC2 instance is launched from an Amazon Linux AMI (and several other Linux AMIs, too), the public half of the keypair selected at launched will automatically be copied to:
/home/users/ec2-user/.ssh/authorized_keys
When you later attempt to login to the ec2-user by providing the private half of the keypair, the two halves will be compared and, if they match, you will be permitted to login as that user.
You can allow another person to login to the ec2-user by either:
- Giving them the same private keypair (bad for security), OR
- By creating a keypair for them (via
ssh-keygen) and adding the public half of that keypair to the above file
Alternatively, you could create a new user on the machine for them, then add the keypair to the above file within their user directory.
See: Add New User Accounts with SSH Access to a Linux Instance
So, to login to that EC2 instance from a different computer, you will need the private keypair on that different computer. It's just like a password.
Or, you could create a new keypair on that computer and copy the public keypair to the authorized_keys file on the target instance.
All of this is really Linux stuff, rather than something specific to Amazon EC2.
How to manage EC2 key pairs for multiple users?
Try to avoid giving the PEMs for the instances to everyone, keep these with the Administrators in a tool such as a password vault.
Remember that to rotate these PEMs you would need to manually replace the authorized_keys on any Linux instance, and for Windows instances where you use this PEM to get the Windows password you would need to replace and launch with the new PEM.
AWS has a couple of solutions that help make secure access to your Linux instances easier:
- If you do not require to actually SSH to the host, but just need terminal access you can make use of Session Manager. Using this tool you can access a terminal within the AWS console or connect via the CLI. Interactions with the terminal can be scoped to allow only specific commands with functionality for auditing built in.
- If you would like to connect to a terminal, you can use EC2 instance connect. Using this option you can generate a temporary key and then provide this via the CLI to allow temporary access using this PEM. Once this command is run (and is successful) you will be able to connect to the instance temporarily using the SSH terminal with your temporary PEM.
connecting to multiple instances of EC2 with ssh
You can ssh to any ec2 instance by running this on terminal:
ssh -i path_to_pem_file ubuntu@<HostIP_or_NAME>
eg.
ssh -i /temp/root1.pem ubuntu@54.23.122.34
How do I set up SSH access for an Amazon EC2 instance?
Basically, you need a private-key file to login into your EC2 via SSH. Follow these steps to create one:
- Go https://console.aws.amazon.com/ec2/home & sign in to your existing Amazon account.
- Click on "Key Pairs" on LHS or https://console.aws.amazon.com/ec2/home?region=us-east-1#s=KeyPairs.
- You should see the list of KEYs generated by you (or during EC2 creation process).
- Click on "Create Key Pair" if you don't see any or you lost your private-key.
- Enter a unique name and hit enter.
- A download panel will appear for you to save the private-key, save it.
- Keep it somewhere with the file permission "0600"
- Click on "Instances" on LHS or https://console.aws.amazon.com/ec2/home?region=us-east-1#s=Instances
- You should see the list of ec2-instances, if you don't see any, then please create one.
- Click on the EC2 machine and note down the Public DNS address.
- Open your Terminal (in Linux) and type the following command
ssh -i /path/to/private-key root@<ec2-public-dns-address>- the root username has been avoided in the latest releases, based on your distribution selectec2-userorubuntuas your username.- hit Enter
- That's it.
Using multiple SSH keys for different hosts with Ansible EC2 Inventory Plugin
The answer was to use group variables as suggested in the comments. SSH key names returned from the inventory plugin prepend an underscore so the group names need to be of the form _SSHkey.
Related Topics
Graphics Card Memory Usage in Linux
How to Modify The Linux Kernel to Change The Version String That Uname Returns
Linux Mail Adding Content Type Headers Not Working
Bash Script with User Defined Functions in Autocomplete
How to Avoid Sigchld Error in Bash Script That Uses Gnu Parallel
How to Display Nc Return Value in Linux Shell Script
How to Change The Desktop Wallpaper on Linux from Within a Shell/Bash Script
Setting Path to Shared Library Inside a Makefile for Compile
How to Link a Linux's Thread Tid and a Pthread_T "Thread Id"
Tensorflow Recommended System Specifications
Wmctrl: Moving a Fullscreen Window
Windows <Sys/File.H> Equivalent
List of Available Wireless Networks with Golang (Under Linux)
Ansible - Winrm or Requests Is Not Installed
Find Installation Path in Linux