Setting up User Accounts, Password Authentication, and SSH Keys on a New EC2 Instance

18 thoughts on “Setting up User Accounts, Password Authentication, and SSH Keys on a New EC2 Instance”

  1. Great instructions, very clear and concise.
    One point: at the line “Just to show you that you can, enable password authentication”. I skipped this as it seemed it wasn’t essential, but of course it is essential because you need temporary password auth so you can get the public key onto the server. Very useful instructions though – thanks!

  2. Thanks Luc! You actually don’t need a temporary password because you can continue to ssh in using your keyfile. Also as a side node, enabling password authentication makes your server less secure. You can copy the public key into the new user’s .ssh directory even while logged in as the superuser.

  3. I have an instance previously setup, now I want to add a user with limited rights. After I create the user and set the passwords, I try logging in, but keep getting this error:

    Permission denied (publickey,gssapi-with-mic).

    How should I fix this?

    Thanks

  4. Hi Raju and apprentice–

    I think this means that the permissions on your private key are off. Try setting those to 600 using

    chmod 600 my_private_key

    Mine is at ~/.ssh/id_rsa

  5. Thanks, this is what I was looking for!

    To reload the sshd_config, after I changed the password authentication to yes, I had to add a “d” at the end of the script (before the reload).

    sudo /etc/init.d/sshd reload

  6. Thank you! I was struggling with this all afternoon. None of the directions out there are very straight forward. This was simple and I followed it to a T. Worked perfect.

  7. If you connect from a lot of machines, you’ll want to have all their public keys in your authorized_keys file. So instead of:
    mv id_rsa.pub .ssh/authorized_keys
    I always append them to the end of the file:
    cat id_rsa.pub >> .ssh/authorized_keys
    Thanks for the tutorial!

Leave a Reply