Reputation: 1889
changed password for ubuntu user does not survive making a new AMI from instance
I am working on an Ubuntu AMI on Amazon EC2.
On a running instance, I changed the password of the ubuntu user to (let's say) 'foobar'.
(I know user passwords are not generally needed in EC2 because of ssh with public/private keys, but I'm setting up a web application that authenticates using unix usernames/passwords, so I need to make sure this works.)
I tried several ways of setting the password:
- sudo passwd ubuntu
- echo "ubuntu:foobar" | chpasswd
- Setting it with chef's 'user' resource
In all cases, if I then make a new image from the running instance, and then create an instance of that image, the ubuntu user will NOT have the password 'foobar'.
I can set the password and reboot a running instance and the correct password will still be set, but after making a new image from the instance, no such luck.
This has worked for me before. Not sure why it's not working now. It's an EBS image.
EDIT: Adding the exact steps to reproduce the problem.
- Launch an instance of the public AMI
ami-1a05fa72 - ssh to the instance and set ubuntu's password with
sudo passwd ubuntu - set the password to
foobar - create an image based on this instance
- launch an instance based on the image you just created
- Test whether
ubuntu's password isfoobarby ssh'ing to the instance asubuntuand typingpasswd. It will first ask you for your current password. Typefoobarand when this is rejected, you have reproduced the problem.
Upvotes: 2
Views: 3602
Answers (3)
Reputation: 4506
Its' too late to answer, Still , Just for reference,
When launching an instance from an image, AWS will disbale the root and main account for password authentication.
- in case ubuntu [user : root,ubuntu]
- in case ami : [user : ec2-user]
It means , these account can not login through password authentication on a fresh launched ec2.
However, any other account, will be working. so let's suppose, you create an instance from ubuntu, set password authentication yes in ssh and setup password for ubuntu, along with this, you created another user for your self, then ,you launch one instance from the image of above configured ec2.
then password authentication for ubuntu user will not work , hwoever, password authentication for another user will work.
Upvotes: 2
Reputation: 1889
The answer, according to Hugh MacMullan on the Starcluster list, is:
"Have a look at /etc/cloud/cloud.cfg, particularly the 'default_user' section. Notice the 'lock_passwd: True'. You could change that to False ... OR better would be to create a different user (say, rlogin), which will NOT be locked by default on init, so you should be good to go."
I changed lock_passwd to False and my password change survived a reboot. No need for insecure crontab hacks.
Upvotes: 0
Reputation: 3152
Not to sound belittling, but this has happened to me before when I realized my AMI was created before I made the change to the password.
If that's not it, you might want to modify the sshd_config file as well. After changing the password with 'sudo passwd ubuntu', add the following line to your /etc/ssh/sshd_config:
PasswordAuthentication yes
This should enable password login. Reload your ssh with:
sudo reload ssh
and subsequently create a new AMI.
Upvotes: 0
Related Questions
- Unable to get password for the instance created from AMI
- AWS EC2 forgot password and not able to use SSH
- How to create addition EC2 user in linux AMI via UserData with ssh permission
- Windows Amazon Machine Image (AMI) doesn't remember password for new instances?
- No user on ubuntu aws instance
- generated new ssh key on aws instance and now i'm locked out (can't ssh in)
- Amazon EC2 - Prompted for Password when Switching to Passwordless User
- SSH login failed after setting up password for Same ssh user
- Unable to create user on Ubuntu on Amazon EC2