search by tags

for the user

adventures into the land of the command line

ssh-ing into a rhel6.5 ec2 host after its just been created

ok this might seem like something silly to post about but when i forget how to do it again.. i’ll be thanking me

during the process of spinning up an ec2 vm, aws gives you a .pem file. you gotta save this to your local machine somewhere, probably ~/.ssh is best.

then to log on you have to use the .pem file like this:

$ chmod 400 ~/.ssh/file.pem
$ ssh -i ~/.ssh/file.pem [email protected]

now you’re in. on the stock redhat6 image you’re using, the os firewalls are enabled and rsa key auth is disabled.

you’re too lazy to always specify the location of the pem file & you want to use a non ec2-user, so disable the firewall, enable rsa key authentication & create a user with a home dir.

on redhat

$ system-config-firewall-tui

on centos

$ setup

up down arrow keys to move up down, space bar to on/off stuff, left right arrow keys for the bottom menu, enter to enter

$ sudo vim /etc/ssh/sshd_config

uncomment these lines

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

reload the ssh daemon config

$ sudo /etc/init.d/sshd reload

create the user

$ sudo useradd -m myuser

now on your local host, generate some keys and push them to the ec2 host. remember, you need to use the pem file one last time for this copy

(this is the step you always forget, then have a panic attack that you’ve locked yourself out of the host by breaking the ssh config file…)

$ ssh-keygen -t rsa
$ scp -i ~/.ssh/file.pem ~/.ssh/ [email protected]:~/.ssh/authorized_keys

now you can login to the ec2 host with your own user, using your own keys. dont worry about the os firewall, just use ec2’s security groups.

if you already have some keys that you want to push up, the way that works that seems stupid is:

$ scp -i ~/.ssh/file.pem ~/.ssh/ [email protected]:~/.ssh/authorized_keys
$ ssh -i ~/.ssh/file.pem [email protected]
$ sudo cp /home/ec2-user/.ssh/authorized_keys /home/myuser/.ssh/
$ sudo chown myuser:myuser /home/myuser/.ssh/authorized_keys
$ sudo chmod 600 /home/myuser/.ssh/authorized_keys

because for some reason doing this

$ scp -i ~/.ssh/file.pem ~/.ssh/ [email protected]:~/.ssh/authorized_keys

results in this

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).