Logging into an AWS instance with a non-root user

0

It seems from the EC2 documentation that one must logon with the specific userid associated with the AMI:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

Use the ssh command to connect to the instance. You'll specify the private key (.pem) file and user_name@public_dns_name. For Amazon Linux, the user name is ec2-user. For RHEL5, the user name is either root or ec2-user. For Ubuntu, the user name is ubuntu. For Fedora, the user name is either fedora or ec2-user. For SUSE Linux, the user name is root. Otherwise, if ec2-user and root don't work, check with your AMI provider.

ssh -i my-key-pair.pem ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com

Now I have tried to logon with a different user - that was created via adduser:

adduser changsha

That user works on the system:

root@ip-10-151-25-94 ~]$ su - changsha
[changsha@ip-10-151-25-94 ~]$

However it is not (apparently) possible to logon to the AWS instance using that id. Notice: no "Enter Password" is returned. It just fails straightaway.

13:36:28/sparkup2 $ssh -i ~/.ssh/hwspark14.pem changsha@ec2-54-83-81-165.compute-1.amazonaws.com
Permission denied (publickey).

The only thing working presently is to logon with root! So then - how do we manage multiple users on the cluster?

Update David's answer works: here is some additional info

https://forums.aws.amazon.com/message.jspa?messageID=138588

You should find an authorized_keys file (I'm using Ubuntu 12.04, this might change with other distros, I guess).
Let's check what it is:
$ cat ~/.ssh/authorized_keys
Outuput:
ssh-rsa SAGsg43 (....) sd53ySGS aws_machines

And that is the corresponding public key.

javadba

Posted 2015-06-23T20:39:12.767

Reputation: 2 201

Answers

1

You need to create a .ssh directory under the home directory of the new user and copy your public key there. Make sure you also set the proper permissions for the authorized_keys file. Detailed instructions can be found here.

David Levesque

Posted 2015-06-23T20:39:12.767

Reputation: 521

Thx for the pointer. I only have the private key foo.pem . AWS changed their handling of key pairs couple years back: where is the public key now? – javadba – 2015-06-23T21:00:34.227

You can copy it from the .ssh directory of the ec2-user if you want to use the same key. Otherwise you can generate a private/public key pair locally and use that instead. It doesn't have to come from AWS. – David Levesque – 2015-06-23T21:03:16.320

Got it : an old aws post gives more details : I am updating the OP. – javadba – 2015-06-23T21:04:30.810

Asked: 2015-06-23T20:39:12.767

Viewed: 1 627 times

Active: 2015-06-23T21:06:19.577