Add new users with SSH access to EC2 instance
How do you deal with situations such as when you need to provide somebody else with SSH access to your EC2 instance? You can create a new user and add a new keypair for that user. This guide will show you how to do that.
Pre-requisites
You need an EC2 instance running with SSH access. You can create a new EC2 instance through the AWS Console or the AWS CLI.
Login to the EC2 instance
You can login to the EC2 instance using the SSH keypair you created when launching the instance. For example, if you created a keypair named my-key-pair
, you can login to the instance using the following command:
ssh -i <my-key-pair.pem> <username>@<public-ip-address>
Replace <my-key-pair.pem>
with the path to your keypair file, <username>
with the username of the instance (e.g., ec2-user
for Amazon Linux, or ubuntu
for Ubuntu), and <public-ip-address>
with the public IP address of your EC2 instance.
Create a new user
Once you are logged in to the EC2 instance, you can create a new user using the following command:
sudo adduser <new-username>
Replace <new-username>
with the desired username for the new user. For example, if you want to create a user named john
, you would run:
sudo adduser john
Create a new SSH keypair
- First, let's create a folder for the new user to store their SSH keys. You can do this by running the following command:
sudo mkdir /home/<new-username>/.ssh
- Next, set the owner of the
.ssh
directory to the new user:
sudo chown <new-username>:<new-username> /home/<new-username>/.ssh
- Next, set the correct permissions for the
.ssh
directory:
sudo chmod 700 /home/<new-username>/.ssh
- You can create a new SSH keypair for the new user using the following command:
sudo ssh-keygen -t rsa -b 2048 -f /home/<new-username>/.ssh/id_rsa
Replace <new-username>
with the username you created in the previous step. This command will create a new SSH keypair with a 2048-bit RSA key and save it to the specified location. The private key will be saved as /home/<new-username>/.ssh/id_rsa
and the public key will be saved as /home/<new-username>/.ssh/id_rsa.pub
. You can change the file name and location as needed.
Add public key to the authorized_keys file
- Next, you need to add the public key to the
authorized_keys
file for the new user. You can do this by running the following command:
sudo cp /home/<newuser>/.ssh/id_rsa.pub /home/<newuser>/.ssh/authorized_keys
- Set the correct ownership for the
authorized_keys
file:
sudo chown <newuser>:<newuser> /home/<newuser>/.ssh/authorized_keys
- Set the correct permissions for the
authorized_keys
file:
sudo chmod 600 /home/<newuser>/.ssh/authorized_keys
Ensure correct permissions for the .ssh directory
- Set the owner of the
.ssh
directory to the new user:
sudo chown -R <newuser>:<newuser> /home/<newuser>/.ssh
- Set the correct permissions for the
.ssh
directory:
sudo chmod 700 /home/<newuser>/.ssh
Get the private key
The private key is saved in the file /home/<newuser>/.ssh/id_rsa
. You can download this file to your local machine using scp
or any other file transfer method. Make sure to keep the private key secure and do not share it with anyone else.