Amazon EC2 Server instance: adding a second user to access your instance

Amazon EC2 Server instance: adding a second user to access your instance

Last updated:

I've lost a couple of days on this so I'll be quick.

For some reason, manually copying and pasting a authorized_keys file from a place to another didn't work for me. Perhaps a character went missing from one of the files or they didn't get copied exactly, I don't know.

After a few days trying to make this work (trying to setup the keys myself) I've resorted to doing a few things to be able to use Ubuntu's ssh-copy-id facility which I've come to regard as the best way to do these things. Even on Amazon EC2 Servers.

I still don't know why the manual way of doing things didn't work. If you have any suggestions, please look at this link and see my failed attempts at getting it to work. This approach I've found may not be optimal but hey, it gets the job done nicely.

I'll assume you've just created your instance1 and are, until now, logging into it using the pem file Amazon has provided you.

To add another user and manage to log in with it via regular id_rsa and private/public key pair, this is what you should do.2

On the remote machine

  • 1) Log into your Amazon Instance via the pem identity file you were given:

    ssh -i <location_of_your_identity_file> ubuntu@<your_ip>
  • 2) create the new user on your remote server:

    sudo useradd <other_username>
  • 3) set a password for your user on your remote server:

  • 4) open the file sshd_config for editing (sudo vim /etc/ssh/sshd_config)

    • change the line where it says PasswordAuthentication no to PasswordAuthentication yes
  • 5) restart the ssh service:

    sudo /etc/init.d ssh restart

Back at your local machine

  • create a key pair and send it over to your server as explained here

Again on the remote machine

  • 1) disable password authentication again. Open sshd_config (sudo vim /etc/ssh/sshd_config)

    • change back that line you edited from PasswordAuthentication yes to PasswordAuthentication no
  • 2) restart the ssh service:

    sudo /etc/init.d/ssh restart

Done. You will be able to log into you server with a unpassworded account, which is useful if you have a git server sitting on your machine, for instance.

1: Ubuntu server for example's sake but other distros should also work if you make the necessary changes like the username to use and so on

2: Other types of key like dsa should work as well.

Dialogue & Discussion