AWS How To Create A New User With SSH Access For An EC2 Instance

You are here:
< All Topics

How To Create A New User With SSH Access For An EC2 Instance

Each Linux EC2 instance is provided with a default Linux system user account. This default user name is determined by the AMI selected when you launched the instance. For Linux Ubuntu this user is called “ubuntu”.

 

You can also add and delete user accounts for your instance.

 

By default for security reasons, password authentication and root logins are disabled, and sudo is enabled.

 

Thus to log in to your instance, you need to use an SSH key pair.

 

You can allow password authentication and root login for your instance but this is not recommended.

 

To create a new user on the instance, do:

 

 

adduser <username>

eg

adduser kevin

root@ip-172-31-24-137:~#
root@ip-172-31-24-137:~# adduser kevin
Adding user `kevin’ …
Adding new group `kevin’ (1001) …
Adding new user `kevin’ (1001) with group `kevin’ …
Creating home directory `/home/kevin’ …
Copying files from `/etc/skel’ …
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for kevin
Enter the new value, or press ENTER for the default
Full Name []: Kevin
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
root@ip-172-31-24-137:~#

 

Then we create the .ssh directory for kevin:

 

root@ip-172-31-24-137:/home/kevin# mkdir .ssh
root@ip-172-31-24-137:/home/kevin#

 

Next we are going to deploy the same private/public key pair for this new user kevin as we have for the user ubuntu. (user ubuntu is a standard EC2 user which is automatically created for logins to the instance when creating the instance).

 

So, we copy the /home/ubuntu/.ssh/authorized_keys to /home/kevin/.ssh/

 

and then modify the permissions so they are correct for this user:

 

chown -R kevin.kevin .ssh; chmod 700 .ssh; touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys

 

Then, you can login to the instance from outside AWS by using:

 

root@gemini:/home/kevin/DATAVOLUME/DATA/AWS/LOGINSANDKEYS/EC2_KevinVM1_created.17.11.22# ssh kevin@ec2-3-85-124-194.compute-1.amazonaws.com -i ./KevinVM1.pem

 

Note that you must be in the correct local folder to reference the KevinVM1.pem ssh private key file

 

Keep this file confidential and secure at all times!

 

and also note the kevin@ – this is essential.

 

 

Troubleshooting the SSH

 

If you cannot connect via ssh, then login to the EC2 instance using the AWS Instance Connect web console,

 

and check that the sshd service is running on the instance:

 

systemctl status sshd

 

if not started, start with

 

systemctl start sshd

 

root@ip-172-31-24-137:/home/kevin# systemctl status sshd
● ssh.service – OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/ssh.service.d
└─ec2-instance-connect.conf
Active: active (running) since Thu 2022-11-24 14:54:34 UTC; 44min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 760 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 762 (sshd)
Tasks: 1 (limit: 1143)
root@ip-172-31-24-137:/home/kevin#

 

if the system

 

Connection timeout

 

This is a security group issue. Any timeout (not just for SSH) is related to security groups or firewall issues.

 

Make sure your security group is correctly assigned to your EC2 instance and allows inbound connections from all IPs or the IP you are trying to connect from on port SSH 22.

 

If you still cannot connect receiving a time out message, then this means a firewall is blocking the connection.

 

So this will need to be modified first.

 

If SSH does not work on Windows and replies with “ssh command not found” then you need to use or install Putty

 

If you get “connection refused” this means the instance is reachable, but no SSH client service is running on the instance

 

Try to restart the instance and if SSH still does not work, terminate the instance and create a new one. Make sure you’re using Amazon Linux 2 for the EC2 instance.

 

If you get “Permission denied (publickey,gssapi-keyex,gssapi-with-mic)”

 

This means you are using the wrong security key or not using a security key at all. Check the EC2 instance configuration to ensure you have assigned the correct key to it.

Alternatively permission refused can happen if you are using the wrong user. Check that you have started an Amazon Linux 2 EC2 instance, and ensure you are using the user ec2-user. This is speficied as ec2-user@<public-ip> (ex: ec2-user@35.180.242.162) in your SSH command.

 

As a workaround you can connect to the instance by using EC2 Instance Connect.

 

If you could connect yesterday, but not today then this can be because you have stopped your EC2 instance and then started it again today.

 

When you do this, the public IP of that EC2 instance changes.

 

Be sure that you are trying to connect using the correct current public IP for the instance.

 

 

You can access your EC2 instance using AWS EC2 Instance Connect as a workaround while you fix the problem.

 

Table of Contents