Reputation: 618
Multiple users connecting to AWS EC2 via SSH
I was trying to organize how a developer could connect via SSH to an AWS instance that I had launched as an administrator. I notice in the documentation that it says:
you'll need the fully-qualified path of the .pem file for the key pair that you specified when you launched the instance.
Does this mean one can only SSH into an instance that one had launched ? I'd like to just leave the instance running and have others able to SSH in to install software and configure.
Upvotes: 4
Views: 4917
Answers (3)
Reputation: 41
One way to setup user management is
- Ask all the users to create their own public-private key.
- Everyone shares/copy/checkin their public key at some location where we can run rsync server to expose all the public keys
- On the server, fetch all these keys from rsync server and run a usercreate command.
Another way is, have a base image in AWS with users already created with their public key in authorized_keys. And use this image to create new instances.
Upvotes: 0
Reputation: 37460
When you create an instance, you can specify a key at launch time. What ends up happening is that AWS takes the public key associated with the key pair you created, and puts it into authorized_keys in /home/ec2-user/.ssh/.
So, if this is a one-time thing, you could provide the private key (the .pem file you downloaded when you created the key) to the user that needs access.
If this is an on-going issue - i.e. you will be creating lots of instances and having lots of different people who need to access them - then you need a better solution, but you'll have to figure out what your requirements are.
Some potential solutions would be to get public keys from your users, add them to an instance, and then create an AMI from that instance. Use that AMI to launch future instances. You could also put users public keys into S3, and have a script that pulled them down when the instance was created & either added them to authorized_keys or created individual users. You could pull users keys from IAM if all your users have IAM accounts. Or you could use a directory & configure your instance to use that for authentication.
Upvotes: 0
Reputation: 14523
Here's how to add new users/developers to an AMAZON EC2 linux instance and give them unique SSH Key access:
Say you are creating "user": Create a key on your own machine by entering the following:
ssh -keygen -b 1024 -f user -t dsa
Don't use a paraphrase -- just hit enter. You should now have two files compiled: user and user.pub
chmod 600 user.pub
Now transfer the public key file (user.pub) from your computer to the server. For example let us use the /tmp/ directory. Now SSH into your server using an account with root access, you will now need to create the user and also create the necessary files and ownership for you to use the key you just created:
# sudo su (if needed)
# useradd -c "firstname lastname" user
# cd /home/user
# mkdir .ssh
# chmod 700 .ssh
# chown user:user .ssh
# cat /tmp/user.pub >> .ssh/authorized_keys
# chmod 600 .ssh/authorized_keys
# chown user:user .ssh/authorized_keys
Once you've done this, exit out back to your own machine, then try to SSH using the new credential and user account you've created:
ssh -i user.pem [email protected]
Upvotes: 6
Related Questions
- How can I use ssh with AWS ssm sessions and multi profiles?
- Allowing additional users to access and EC2 instance
- How do you give access to several users to one EC2 instance?
- elastic beanstalk ssh - multiple users
- aws each person needs to create new key pair to access EC2?
- How do I configure multiple ssh access to an EC2 instance
- AWS EC2: SSH access for new user to existing VMs
- Creating EC2 Access w/ PEM Keys For Other Users
- SSH to EC2 instance started/stopped by different users
- Can multiple people SSH into an Amazon Server instance simultaneously?