How do I setup passwordless ssh on AWS

Question

How do I setup passwordless ssh between nodes on AWS cluster

Answer 1

How Did I Setup Password-Less Authentication between two Instances is the following:

1. Launch two EC2 Instances from AWS Console(also create new access key for each instance. Assume instances as server_instance and target instance).
2. Now your goal is to setup Password-Less Authentication so, you can Log in to target_instance from server_instance without entering the password.
3. Now Log in to the server_instance(through any teminal).
4. Now go to the location cd ~/.ssh and create a file vim target_instance_key.pem and paste the contents of target_instance access key (which is created during launch of target_instance in AWS console) inside target_instance_key.pem and save the file.
5. Now don't forget to change the permission of target_instance_key.pem i.e chmod 600 target_instance_key.pem
6. Now create rsa keys by ssh-keygen -t rsa
7. Now execute the command ssh-copy-id -f "-o IdentityFile ~/.ssh/target_instance_key.pem" ubuntu@<TARGET_INSTANCE-PUBLIC-IP> and for fingerprint type yes and enter.
8. So Password-Less Authentication is done.
9. Execute the command ssh ubuntu@<TARGET_INSTANCE_PUBLIC-IP-ADDRESS> and you have Logged in to the target_instance from server_instance through Password-Less Authentication.

NOTE : server_instance can be any machine(i.e, EC2 instance (or) your local machine).

Answer 2

how I made Paswordless shh work between two instances is the following:

• create ec2 instances – they should be in the same subnet and have the same security group

• Open ports between them – make sure instances can communicate to each other. Use the default security group which has one rule relevant for this case:

  • Type: All Traffic
  • Source: Custom – id of the security group

• Log in to the instance you want to connect from to the other instance

• Run: 1 ssh-keygen -t rsa -N "" -f /home/ubuntu/.ssh/id_rsa to generate a new rsa key.

• Copy your private AWS key as ~/.ssh/my.key (or whatever name you want to use)

• Make sure you change the permission to 600 1 chmod 600 .ssh/my.key

• Copy the public key to the instance you wish to connect to passwordless 1 cat ~/.ssh/id_rsa.pub | ssh -i ~/.ssh/my.key ubuntu@10.0.0.X "cat >> ~/.ssh/authorized_keys"

• If you test the passwordless ssh to the other machine, it should work. 1 ssh 10.0.0.X

Answer 3

Following steps to setup password less authentication are tested thoroughly for Centos and Ubuntu.

Assumptions:

1. You already have access to your EC2 machine. May be using the pem key or you have credentials for a unix user which has root permissions.
2. You have already setup RSA keys on you local machine. Private key and public key are available at "~/.ssh/id_rsa" and "~/.ssh/id_rsa.pub" respectively.

Steps:

1. Login to you EC2 machine as a root user.

2. Create a new user

   useradd -m <yourname> 
   sudo su <yourname>
   cd 
   mkdir -p ~/.ssh
   touch ~/.ssh/authorized_keys
   

   Append contents of file ~/.ssh/id_rsa.pub on you local machine to ~/.ssh/authorized_keys on EC2 machine.

   chmod -R 700 ~/.ssh
   chmod 600 ~/.ssh/*
   

3. Make sure sshing is permitted by the machine. In file /etc/ssh/sshd_config, make sure that line containing "PasswordAuthentication yes" is uncommented. Restart sshd service if you make any change in this file:

   service sshd restart # On Centos
   service ssh restart # On Ubuntu
   

4. Your passwordless login should work now. Try following on your local machine:

   ssh -A <yourname>@ec2-xx-xx-xxx-xxx.ap-southeast-1.compute.amazonaws.com
   

5. Making yourself a super user. Open /etc/sudoers. Make sure following two lines are uncommented:

   ## Allows people in group wheel to run all commands
   %wheel ALL=(ALL)       ALL
   
   ## Same thing without a password
   %wheel ALL=(ALL)       NOPASSWD: ALL
   

   Add yourself to wheel group.

   usermod -aG wheel <yourname> 
   

Answer 4

This may help someone

Copy the pem file on the machine then copy the content of pem file to the .ssh/id_rsa file you can use bellow command or your own

cat my.pem > ~/.ssh/id_rsa

try ssh localhost it should work and same with the other machines in the cluster

Answer 5

you can use ssh keys like described here: http://pkeck.myweb.uga.edu/ssh/