Create a passwordless user with .pem file for ubuntu: AWS EC2

Photo by Caspar Camille Rubin on Unsplash

Ec2 is the backbone if you are using AWS cloud infrastructure. by default, you get ubuntu as a user which initially you might have to share with developers to let them access account.

However when your team expand, you should create individual user for each of them with their own keyfile, in case of any compromise, you can terminate user instead updating public and private keyfile for default user.

Lets get into the steps how you can create new user, add key file, and make passwordless login to you aws ec2 server.

1. Create new user

$ sudo adduser new_user

If you want to create a user without password, use the following command

sudo adduser new_user — disabled-password

2. Log in as a new user

$ sudo su  new_user

3. Create public-private key files

Issue following command in your home directory

$ ssh-keygen -b 2048 -f filename -t rsa

This will create two files

1. filename
2. filename.pub

Rename filename to filename.pem

Run command & display content of the private key file.

$ cat filename.pem

Copy its content, on your local system, create newkeyfile.pem and paste the same, this will be used to login to the server using SSH.

Create directory .ssh in your home directory

$ mkdir .ssh

Create a file named authorized_keys in .ssh directory

$ touch .ssh/authorized_keys

Now, copy the content of filename.pub(Public key), and paste in authorized_keys.

4. Add user to sudo group

To add a user to sudo group, run following command

$ sudo usermod -aG sudo new_user

5. Restart SSH service to load new keys

$ sudo service ssh restart

Your user is now part of sudo group, you can now log out to the system, and log in as a new user by ssh,

You can use following command to login

$ ssh -i “filename.pem” new_user@hostname

6. Making user passwordless to use sudo

Do make your new_user perform sudo operation without a password, you should do following simple steps.

Login to the ubuntu server as ubuntu user.

Run the following command

$ sudo visudo

in the file you see, add the following line

$USER ALL=(ALL:ALL) NOPASSWD: ALL 

Replace $USER with username in the above line

Save this file, Now your new user should able to perform sudo operations as well, without a password.

Hope it helps you to quickly create additional user whenever you want.

Bonus

To delete any of the users except root/ubuntu, you can simply run the command

deluser newuser

You should delete this user from the system and thus you can protect their login.

Your suggestions are welcome to further improve the article, please share if you find it useful.