ok this might seem like something silly to post about but when i forget how to do it again.. i’ll be thanking me
during the process of spinning up an ec2 vm, aws gives you a .pem file. you gotta save this to your local machine somewhere, probably ~/.ssh is best.
then to log on you have to use the .pem file like this:
$ chmod 400 ~/.ssh/file.pem $ ssh -i ~/.ssh/file.pem [email protected]
now you’re in. on the stock redhat6 image you’re using, the os firewalls are enabled and rsa key auth is disabled.
you’re too lazy to always specify the location of the pem file & you want to use a non ec2-user, so disable the firewall, enable rsa key authentication & create a user with a home dir.
up down arrow keys to move up down, space bar to on/off stuff, left right arrow keys for the bottom menu, enter to enter
$ sudo vim /etc/ssh/sshd_config
uncomment these lines
#RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys
reload the ssh daemon config
$ sudo /etc/init.d/sshd reload
create the user
$ sudo useradd -m myuser
now on your local host, generate some keys and push them to the ec2 host. remember, you need to use the pem file one last time for this copy
(this is the step you always forget, then have a panic attack that you’ve locked yourself out of the host by breaking the ssh config file…)
$ ssh-keygen -t rsa $ scp -i ~/.ssh/file.pem ~/.ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys
now you can login to the ec2 host with your own user, using your own keys. dont worry about the os firewall, just use ec2’s security groups.
if you already have some keys that you want to push up, the way that works that seems stupid is:
$ scp -i ~/.ssh/file.pem ~/.ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys $ ssh -i ~/.ssh/file.pem [email protected] $ sudo cp /home/ec2-user/.ssh/authorized_keys /home/myuser/.ssh/ $ sudo chown myuser:myuser /home/myuser/.ssh/authorized_keys $ sudo chmod 600 /home/myuser/.ssh/authorized_keys
because for some reason doing this
$ scp -i ~/.ssh/file.pem ~/.ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys
results in this
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).