< personal stuff not needed to solve your problem >
I've lost a couple of days on this so I'll be quick.
For some reason, manually copying and pasting a
authorized_keys file from a place to another didn't work for me. Perhaps a character went missing from one of the files or they didn't get copied exactly, I don't know.
After a few days trying to make this work (trying to setup the keys myself) I've resorted to doing a few things to be able to use Ubuntu's
ssh-copy-id facility which I've come to regard as the best way to do these things. Even on Amazon EC2 Servers.
I still don't know why the manual way of doing things didn't work. If you have any suggestions, please look at this link and see my failed attempts at getting it to work. This approach I've found may not be optimal but hey, it gets the job done nicely.
< /personal stuff not needed to solve your problem>
I'll assume you've just created your instance (Ubuntu server for example's sake but other distros should also work if you make the necessary changes like the username to use and so on) and are, until now, logging into it using the
pem file Amazon has provided you. To add another user and manage to log in with it via regular id_rsa and id_rsa.pub private/public key pair, this is what you should do. (Other types of key like
dsa should work as well.)
Log into your Amazon Instance via the
pem identity file you were given:
ssh -i <location_of_your_identity_file> ubuntu@<your_ip>
create the new user on your remote server:
sudo useradd <other_username>
set a password for your user on your remote server:
open the file
sshd_config) for editing:
sudo vim /etc/ssh/sshd_config
change the line where it says:
then restart the ssh service:
sudo /etc/init.d ssh restart
now back at your local machine, create a key pair and send it over to your server as explained here
on your remote server, disable password authentication again; change back that line you edited from:
restart the ssh service:
sudo /etc/init.d/ssh restart
Done. You will be able to log into you server with a unpassworded account, which is useful if you have a git server sitting on your machine, for instance.