AWS How To Create A New User With SSH Access For An EC2 Instance
How To Create A New User With SSH Access For An EC2 Instance
Each Linux EC2 instance is provided with a default Linux system user account. This default user name is determined by the AMI selected when you launched the instance. For Linux Ubuntu this user is called “ubuntu”.
You can also add and delete user accounts for your instance.
By default for security reasons, password authentication and root logins are disabled, and sudo is enabled.
Thus to log in to your instance, you need to use an SSH key pair.
You can allow password authentication and root login for your instance but this is not recommended.
To create a new user on the instance, do:
root@ip-172-31-24-137:~# adduser kevin
Adding user `kevin’ …
Adding new group `kevin’ (1001) …
Adding new user `kevin’ (1001) with group `kevin’ …
Creating home directory `/home/kevin’ …
Copying files from `/etc/skel’ …
Retype new password:
passwd: password updated successfully
Changing the user information for kevin
Enter the new value, or press ENTER for the default
Full Name : Kevin
Room Number :
Work Phone :
Home Phone :
Is the information correct? [Y/n] Y
Then we create the .ssh directory for kevin:
root@ip-172-31-24-137:/home/kevin# mkdir .ssh
Next we are going to deploy the same private/public key pair for this new user kevin as we have for the user ubuntu. (user ubuntu is a standard EC2 user which is automatically created for logins to the instance when creating the instance).
So, we copy the /home/ubuntu/.ssh/authorized_keys to /home/kevin/.ssh/
and then modify the permissions so they are correct for this user:
chown -R kevin.kevin .ssh; chmod 700 .ssh; touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys
Then, you can login to the instance from outside AWS by using:
root@gemini:/home/kevin/DATAVOLUME/DATA/AWS/LOGINSANDKEYS/EC2_KevinVM1_created.17.11.22# ssh firstname.lastname@example.org -i ./KevinVM1.pem
Note that you must be in the correct local folder to reference the KevinVM1.pem ssh private key file
Keep this file confidential and secure at all times!
and also note the kevin@ – this is essential.
Troubleshooting the SSH
If you cannot connect via ssh, then login to the EC2 instance using the AWS Instance Connect web console,
and check that the sshd service is running on the instance:
systemctl status sshd
if not started, start with
systemctl start sshd
root@ip-172-31-24-137:/home/kevin# systemctl status sshd
● ssh.service – OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-11-24 14:54:34 UTC; 44min ago
Process: 760 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 762 (sshd)
Tasks: 1 (limit: 1143)
if the system
This is a security group issue. Any timeout (not just for SSH) is related to security groups or firewall issues.
Make sure your security group is correctly assigned to your EC2 instance and allows inbound connections from all IPs or the IP you are trying to connect from on port SSH 22.
If you still cannot connect receiving a time out message, then this means a firewall is blocking the connection.
So this will need to be modified first.
If SSH does not work on Windows and replies with “ssh command not found” then you need to use or install Putty
If you get “connection refused” this means the instance is reachable, but no SSH client service is running on the instance
Try to restart the instance and if SSH still does not work, terminate the instance and create a new one. Make sure you’re using Amazon Linux 2 for the EC2 instance.
If you get “Permission denied (publickey,gssapi-keyex,gssapi-with-mic)”
This means you are using the wrong security key or not using a security key at all. Check the EC2 instance configuration to ensure you have assigned the correct key to it.
Alternatively permission refused can happen if you are using the wrong user. Check that you have started an Amazon Linux 2 EC2 instance, and ensure you are using the user ec2-user. This is speficied as ec2-user@<public-ip> (ex: email@example.com) in your SSH command.
As a workaround you can connect to the instance by using EC2 Instance Connect.
If you could connect yesterday, but not today then this can be because you have stopped your EC2 instance and then started it again today.
When you do this, the public IP of that EC2 instance changes.
Be sure that you are trying to connect using the correct current public IP for the instance.
You can access your EC2 instance using AWS EC2 Instance Connect as a workaround while you fix the problem.