Create a passwordless user with .pem file for ubuntu: AWS EC2
Ec2 is the backbone if you are using AWS cloud infrastructure. by default, you get ubuntu as a user which initially you might have to share with developers to let them access account.
However when your team expand, you should create individual user for each of them with their own keyfile, in case of any compromise, you can terminate user instead updating public and private keyfile for default user.
Lets get into the steps how you can create new user, add key file, and make passwordless login to you aws ec2 server.
1. Create new user
$ sudo adduser new_user
If you want to create a user without password, use the following command
sudo adduser new_user — disabled-password
2. Log in as a new user
$ sudo su new_user
3. Create public-private key files
Issue following command in your home directory
$ ssh-keygen -b 2048 -f filename -t rsa
This will create two files
- filename
- filename.pub
Rename filename to filename.pem
Run command & display content of the private key file.
$ cat filename.pem
Copy its content, on your local system, create newkeyfile.pem and paste the same, this will be used to login to the server using SSH.
Create directory .ssh in your home directory
$ mkdir .ssh
Create a file named authorized_keys in .ssh directory
$ touch .ssh/authorized_keys
Now, copy the content of filename.pub(Public key), and paste in authorized_keys.
4. Add user to sudo group
To add a user to sudo group, run following command
$ sudo usermod -aG sudo new_user
5. Restart SSH service to load new keys
$ sudo service ssh restart
Your user is now part of sudo group, you can now log out to the system, and log in as a new user by ssh,
You can use following command to login
$ ssh -i “filename.pem” new_user@hostname
6. Making user passwordless to use sudo
Do make your new_user perform sudo operation without a password, you should do following simple steps.
Login to the ubuntu server as ubuntu user.
Run the following command
$ sudo visudo
in the file you see, add the following line
$USER ALL=(ALL:ALL) NOPASSWD: ALL
Replace $USER
with username in the above line
Save this file, Now your new user should able to perform sudo operations as well, without a password.
Hope it helps you to quickly create additional user whenever you want.
Bonus
To delete any of the users except root/ubuntu, you can simply run the command
deluser newuser
You should delete this user from the system and thus you can protect their login.
Your suggestions are welcome to further improve the article, please share if you find it useful.