Manage Multiple Linux Users on One EC2 Instance

amazon-workspaces-cartoon

 

 

In an organization of say 5, some times you need to give many people access to the same EC2 Instance. Sharing the private key and the password between 5 users is definitely not a good idea!

So, how do you fix this problem? You create multiple accounts on the Linux EC2 instance and generate keys for every individual accounts, here is how you do it:

 

1. Login by default user

ssh -i my_key.pem ec2-user@111.111.11.111

2. Create a new user
sudo adduser john

3. Set Password for user
passwd john

4. Add user to sudoer’s list by
visudo

and add this line
username   ALL = (ALL)    ALL

Alright! We have our new user created, now you need to generate the key file which will be needed to login, like we have my_key.pem in Step 0.

Now, exit and go back to ec2-user, out of root.

5. Create the public and private key

su john

cd /home/john/
ssh-keygen -b 1024 -f username -t rsa
mkdir .ssh
chmod 700 .ssh
cat username.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
sudo chown username:ec2-user .ssh

6. In the above step, john is the user we created and ec2-user is the default user group.

sudo chown username:ec2-user .ssh/authorized_keys

7. You will still need to copy the file using ec2-user, since you only have the key for that user name. So, you will need to move the key to ec2-user folder and chmod it to 777
sudo cp username /home/ec2-user/
sudo chmod 777 /home/ec2-user/username

8. Now come to local machine’s terminal, where you have my_key.pem file and do this:

scp -i my_key.pem ec2-user@111.111.11.111:/home/ec2-user/username username

9. The above command will copy the key “username” to the present working directory on your local machine. Once you have copied the key to your local machine, you should delete “/home/ec2-user/username”, since it’s a private key.

Now, one your local machine chmod john to 600.

chmod 600 username

10. Time to test

ssh -i username username@111.111.11.111


114 Comments

Add a Comment

Your email address will not be published. Required fields are marked *