Add new users with SSH access to EC2 instance

by Rehan Haider, Wed 30 April 2025 Category: Snippets

How do you deal with situations such as when you need to provide somebody else with SSH access to your EC2 instance? You can create a new user and add a new keypair for that user. This guide will show you how to do that.

Pre-requisites

You need an EC2 instance running with SSH access. You can create a new EC2 instance through the AWS Console or the AWS CLI.

Login to the EC2 instance

You can login to the EC2 instance using the SSH keypair you created when launching the instance. For example, if you created a keypair named my-key-pair, you can login to the instance using the following command:

ssh -i <my-key-pair.pem> <username>@<public-ip-address>

Replace <my-key-pair.pem> with the path to your keypair file, <username> with the username of the instance (e.g., ec2-user for Amazon Linux, or ubuntu for Ubuntu), and <public-ip-address> with the public IP address of your EC2 instance.

Create a new user

Once you are logged in to the EC2 instance, you can create a new user using the following command:

sudo adduser <new-username>

Replace <new-username> with the desired username for the new user. For example, if you want to create a user named john, you would run:

sudo adduser john

Create a new SSH keypair

  1. First, let's create a folder for the new user to store their SSH keys. You can do this by running the following command:
sudo mkdir /home/<new-username>/.ssh
  1. Next, set the owner of the .ssh directory to the new user:
sudo chown <new-username>:<new-username> /home/<new-username>/.ssh
  1. Next, set the correct permissions for the .ssh directory:
sudo chmod 700 /home/<new-username>/.ssh
  1. You can create a new SSH keypair for the new user using the following command:
sudo ssh-keygen -t rsa -b 2048 -f /home/<new-username>/.ssh/id_rsa

Replace <new-username> with the username you created in the previous step. This command will create a new SSH keypair with a 2048-bit RSA key and save it to the specified location. The private key will be saved as /home/<new-username>/.ssh/id_rsa and the public key will be saved as /home/<new-username>/.ssh/id_rsa.pub. You can change the file name and location as needed.

Add public key to the authorized_keys file

  1. Next, you need to add the public key to the authorized_keys file for the new user. You can do this by running the following command:
sudo cp /home/<newuser>/.ssh/id_rsa.pub /home/<newuser>/.ssh/authorized_keys
  1. Set the correct ownership for the authorized_keys file:
sudo chown <newuser>:<newuser> /home/<newuser>/.ssh/authorized_keys
  1. Set the correct permissions for the authorized_keys file:
sudo chmod 600 /home/<newuser>/.ssh/authorized_keys

Ensure correct permissions for the .ssh directory

  1. Set the owner of the .ssh directory to the new user:
sudo chown -R <newuser>:<newuser> /home/<newuser>/.ssh
  1. Set the correct permissions for the .ssh directory:
sudo chmod 700 /home/<newuser>/.ssh

Get the private key

The private key is saved in the file /home/<newuser>/.ssh/id_rsa. You can download this file to your local machine using scp or any other file transfer method. Make sure to keep the private key secure and do not share it with anyone else.

Need Help? Open a discussion thread on GitHub.
#aws#ec2

Related Posts

📄
Creating a 3-Tier Network Architecture VPC with AWS CDK in Python
📄
Running Lambda Functions in a VPC with AWS CDK in Python
📄
Using multiple environments AWS CLI and profiles with CDK
📄
Configure log retention and removal policy for Lambda function using AWS CDK in Python
📄
Granting Lambda function permission to access DynamoDB using AWS CDK in Python