Amazon EC2 Server instance: adding a second user to access your instance

Last updated:

< personal stuff not needed to solve your problem >

I've lost a couple of days on this so I'll be quick.

For some reason, manually copying and pasting a authorized_keys file from a place to another didn't work for me. Perhaps a character went missing from one of the files or they didn't get copied exactly, I don't know.

After a few days trying to make this work (trying to setup the keys myself) I've resorted to doing a few things to be able to use Ubuntu's ssh-copy-id facility which I've come to regard as the best way to do these things. Even on Amazon EC2 Servers.

I still don't know why the manual way of doing things didn't work. If you have any suggestions, please look at this link and see my failed attempts at getting it to work. This approach I've found may not be optimal but hey, it gets the job done nicely.

< /personal stuff not needed to solve your problem>

I'll assume you've just created your instance (Ubuntu server for example's sake but other distros should also work if you make the necessary changes like the username to use and so on) and are, until now, logging into it using the pem file Amazon has provided you. To add another user and manage to log in with it via regular id_rsa and private/public key pair, this is what you should do. (Other types of key like dsa should work as well.)

Log into your Amazon Instance via the pem identity file you were given:

ssh -i <location_of_your_identity_file> ubuntu@<your_ip>

create the new user on your remote server:

sudo useradd <other_username>

set a password for your user on your remote server:

open the file sshd_config) for editing:

sudo vim /etc/ssh/sshd_config

change the line where it says:

PasswordAuthentication no


PasswordAuthentication yes

then restart the ssh service:

sudo /etc/init.d ssh restart

now back at your local machine, create a key pair and send it over to your server as explained here

on your remote server, disable password authentication again; change back that line you edited from:

PasswordAuthentication yes


PasswordAuthentication no

restart the ssh service:

sudo /etc/init.d/ssh restart

Done. You will be able to log into you server with a unpassworded account, which is useful if you have a git server sitting on your machine, for instance.

Dialogue & Discussion