By default an EC2 instance has only a single user other than
root. For example, on a Ubuntu instance, that user is
ubuntu. If there will be multiple people accessing the instance then it’s generally necessary for each of them to have their own account. Setting this up is pretty simple, it just requires sorting out some authentication details.
Creating User Accounts
First connect to the EC2 host. Authenticate with the PEM file that you downloaded when you created the instance. Obtain the URL from the AWS Management Console (in this case it’s
ssh -i ec2-ubuntu.pem firstname.lastname@example.org
Suppose that we are creating a new user account for Harold. Add the account.
sudo useradd harold -m -s /bin/bash
That will create a home folder at
/home/harold/ and set the account’s login shell to BASH.
Sorting Out Authentication Keys
You’ve got (at least) two options for providing authentication credentials for the new user.
Using Existing Public Key
If Harold uses SSH then he will already have both a private and a public key. Ask him to send you a copy of his public key (
~/.ssh/id_rsa.pub). He should have no qualms about doing this since it is his public key.
Creating a PEM File
If Harold is not already a SSH user then you can create a key pair from the EC2 Dashboard. Select “Key Pairs” from the menu on the left and then click the “Create Key Pair” button. A PEM file will be created and download automatically. Next you’ll need to
- Extract the corresponding public key from the PEM file.
chmod 0600 ec2-harold.pem ssh-keygen -y -f ec2-harold.pem
- Pass the PEM file (securely) on to Harold. Tell him not to lose it or share it!
In Harold’s newly created home folder create a
.ssh folder which will hold his public key.
sudo mkdir --mode 0700 /home/harold/.ssh
authorized_keys and copy the public key obtained above.
sudo vim /home/harold/.ssh/authorized_keys
The contents of that file should look something like this:
Finally sort out ownerships.
sudo chown -R harold.harold /home/harold/.ssh/
Setting the Authorised Key
Harold should now be able to login to the EC2 host. Depending on whether or not he needed a PEM file he would connect using either
ssh -i ~/Downloads/ec2-harold.pem email@example.com