How to set password authentication with ec2-user of AWS
In fact, it would be problem to change instances of AWS to invalidate pem file(s) when one or some of system administrators or server side programmers / engineers leaves your group or company.
But managing all of pem files by only one authorized person, it would be risky and tedious to do the job when the number of servers grows.
For this situation, the traditional password authentication is the way to be acceptable.
There are some articles and sites about adding a new user with password to LINUX (or UNIX) server operated on AWS, or just dealing with pem file of ec2-user.
But it is not easy to find the related things about applying password authentication with ec2-user clearly, although it is easy to do.
And the most articles end with just creating the password for ec2-user, but it may not work for asking password whenever doing login.
So, I'm writing how to apply the password authentication to ec2-user (default user) of AWS (LINUX / UNIX).
Please do the following commands keeping another logged in console for the unexpected situation (error, system faults, etc.).
Open your an AWS console and login with pem first, and then,
1. Create password for ec2-user
sudo passwd ec2-user
2. Change the configuration of sshd
sudo vi /etc/ssh/sshd_config
(Caution! there is also ssh_config file, don't be confused with that file.)
3. With the sshd_config, find and edit 'PasswordAuthentication no' to 'PasswordAuthentication yes'
(Caution! there may be more than one PasswordAuthentication lines, so make the other one(s) as a commend with #, or edit properly, so that just one option could be effective.)
4. Restart ssh demon
sudo /etc/init.d/sshd restart
5. (Important! if you omit this, the console will be passed with the pem file, even after creating password for ec2-user) Change authorized_keys file to another file to prevent from being passed with pem file.
mv ~/ssh/authorized_keys ~/ssh/authorized_keys_backup
That's all. :)
Now you have the traditional password authentication way with AWS servers.
Thanks!
But managing all of pem files by only one authorized person, it would be risky and tedious to do the job when the number of servers grows.
For this situation, the traditional password authentication is the way to be acceptable.
There are some articles and sites about adding a new user with password to LINUX (or UNIX) server operated on AWS, or just dealing with pem file of ec2-user.
But it is not easy to find the related things about applying password authentication with ec2-user clearly, although it is easy to do.
And the most articles end with just creating the password for ec2-user, but it may not work for asking password whenever doing login.
So, I'm writing how to apply the password authentication to ec2-user (default user) of AWS (LINUX / UNIX).
Please do the following commands keeping another logged in console for the unexpected situation (error, system faults, etc.).
Open your an AWS console and login with pem first, and then,
1. Create password for ec2-user
sudo passwd ec2-user
2. Change the configuration of sshd
sudo vi /etc/ssh/sshd_config
(Caution! there is also ssh_config file, don't be confused with that file.)
3. With the sshd_config, find and edit 'PasswordAuthentication no' to 'PasswordAuthentication yes'
(Caution! there may be more than one PasswordAuthentication lines, so make the other one(s) as a commend with #, or edit properly, so that just one option could be effective.)
4. Restart ssh demon
sudo /etc/init.d/sshd restart
5. (Important! if you omit this, the console will be passed with the pem file, even after creating password for ec2-user) Change authorized_keys file to another file to prevent from being passed with pem file.
mv ~/ssh/authorized_keys ~/ssh/authorized_keys_backup
That's all. :)
Now you have the traditional password authentication way with AWS servers.
Thanks!