Public–key cryptography uses a public key to encrypt a piece of data, such as a password, then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair. When you export a Linux or Unix Lightsail instance to EC2, the new EC2 instance will contain residual keys from the Lightsail service. However in complex environment you may be needed add more users to EC2 instance with different privileges. Here we are going to discuss how to adding users to Linux EC2 instance and give SSH access to the accounts. At the end of the tutorial we give you a trick to make the user into sudo user. 1) Create new user account.
May 01, 2015 This video shows how to use Putty Gen to create a Key Pair, upload Public Key into AWS Cloud, use that Public Key to launch an instance, and use the private key to access the VM instance.
In AWS, when you launch any EC2 Linux instance, you should select a key pair for that particular instance.
Private Key Bitcoin
AWS key pair will be in the standard private key format with .pem file extension
But if you are using PuTTY on your Windows laptop to login to AWS instance, you have a problem.
PuTTY doesn’t support PEM format. PuTTY understands only it’s own PPK format.
PPK stands for Putty Private Key.
So, you should convert your .pem file to .ppk file.
For this conversion, putty provides a tool called PuTTYgen.
1. Download AWS PEM file
In AWS, when you first create a key pair file, that you want to use for your EC2 instances, AWS will allow you to download the PEM file to your local machine. Save this PEM file somewhere on your machine.
In this example, the .pem file I have is called thegeekstuff.pem, which is under C drive.
We’ll be converting this thegeekstuff.pem file to thegeekstuff.ppk and use the .ppk to login to EC2 instance using PuTTY.
BTW, the steps to convert pem to ppk for putty is exactly the same for all the Linux AMI images, including CentOS, RedHat, Ubuntu, SuSE, Fedora, Amazon Linux, etc.
2. Download PuTTYGen
Download PuTTYgen from here.
If you’ve used the PuTTY MSI installer, then all the PuTTY utilities comes with it including puttygen.
If you are already using only putty.exe as a standalone, then you can also download the standalone puttygen.exe
Launch PuTTYgen by double clicking on it.
PuTTYGen is a RSA and DSA key generation utility. But, in our case, we’ll be using this to convert the pem to ppk file.
The main PuTTYGen screen will have the following three sections:
Key Section: This will display the current key that is loaded. i.e The key that you are currently working on. When you first launch the puttygen, this section will say “No Key”.
Actions Section: This section will display all the possible actions that you can perform inside PuTTYGen. The following are the available actions:
Parameters Section: Here you’ll specify the type of key to generate. You have three options here: SSH-1 (RSA), SSH-2 (RSA), SSH-2 DSA. You can also set the value of number of bits for the generated key. By default the type will be SSH-2 (RSA) and 2048-bit.
For our purpose of converting PEM to PPK, leave all the parameters at their default value. i.e SSH-2 (RSA) and 2048 bit.
![]()
See also: 10 Awesome PuTTY Tips and Tricks You Probably Didn’t Know
3. Load PEM file to PuTTYGen for Conversion
In the following PuTTYGen main screen, click on “Load” button, and select your AWS PEM file.
Please note that when you click on “Load”, in the file selection window, by default, it will show “PuTTY Private Key Files (*.ppk)” as the option. Click on this drop-down list and choose “All Files” as shown below. After this, you can browser to the directory where you *.pem file is located, and load it.
Once the *.pem file is loaded, you’ll get a pop-up message saying “Successfully imported foreign key (OpenSSH SSH-2 private key)”. Click on “OK” in this screen.
4. Save your Converted PPK Private Key
Now that we have the keys loaded, you’ll see in the top “Key” section, our key information will be displayed. This will display the key fingerprint, key comment. The key passphrase in this case will be empty, as we didn’t have any passphrase for our AWS PEM file in this example.
![]()
Also, in the action section, we’ll see the save button enabled.
Click on the “Save Private Key” button, to save our converted ppk private key.
This will display a warning message saying: “Are you sure you want to save this key without a passphrase to protect it?”. Click on “YES”.
Now, give a name to this file. In our case, I’ve named this converted file as thegeekstuff.ppk
5. Use the PPK File in PuTTY
Now, that we have the thegeekstuff.pem AWS PEM file converted to thegeekstuff.ppk PuTTY key file, we can use this to login to our AWS EC2 instance.
For this, launch the putty, and do the following:
First, in the “Host Name (or IP address)” field, enter the public-dns or ip of your AWS EC2 instance.
Second, in the “Saved Sessions” field, enter the name that you would like to give for this AWS-EC2-instance on your putty, and click on “Save” to save this sessions in your putty list.
Third, on the left-hand side panel, expand the “Connections” -> expand “SSH” -> select “Auth”. Click on “Browse”, and select your converted ppk file for the “Private key file for authentication” as shown below.
Fourth, at this stage you can click on “Open” to start the connection, but you’ll lose the values that you just entered. So, on the left-panel click on “Sessions” again, and click on “Save” again. This will save the information about the private key that you provided to the putty-session that you saved earlier.
6. PEM and PPK File Formats
Once you’ve converted the file, you can view the content of PEM and PPK file in a text editor, and you’ll see that the content looks different, as they are of different formats.
PEM Key File from Aamazon EC2 (e.g: thegeekstuff.pem)
The PPK file format (e.g: thegeekstuff.pem). This is the file that we converted using PuTTYGen tool. This is the keyfile format that will work on your PuTTY to login to your Amazon AWS EC2 Linux instance using SSH protocol as shown above.
> Add your comment
If you enjoyed this article, you might also like..
Next post: 8 PostgreSQL Examples to Install, Create DB & Table, Insert & Select Records
Previous post: 8 Steps to Install MirthConnect with MySQL / MariaDB on Linux
I want to add new user accounts that can connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using SSH. How do I do that?
Short Description
Every Amazon EC2 Linux instance launches with a default system user account with administrative access to the instance. If multiple users require access to the instance, it's a security best practice to use separate accounts for each user.
You can expedite these steps by using cloud-init and user data. For more information, see How can I give a user permissions to connect to my EC2 Linux instance using SSH?
Generate New Private Key Ec2 Instance MapResolution
Create a key pair for the new user account
Add a new user to the EC2 Linux instance
1. Connect to your Linux instance using SSH.
2. Use the adduser command to add a new user account to an EC2 instance (replace new_user with the new account name). The following example creates an associated group, home directory, and an entry in the /etc/passwd file of the instance:
Note: If you add the new_user to an Ubuntu instance, include the --disabled-password option to avoid adding a password to the new account:
3. Change the security context to the new_user account so that folders and files you create have the correct permissions:
Note: When you run the sudo su - new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of your shell session.
4. Create a .ssh directory in the new_user home directory:
5. Use the chmod command to change the .ssh directory's permissions to 700. Changing the permissions restricts access so that only the new_user can read, write, or open the .ssh directory.
6. Use the touch command to create the authorized_keys file in the .ssh directory:
7. Use the chmod command to change the .ssh/authorized_keys file permissions to 600. Changing the file permissions restricts read or write access to the new_user.
Retrieve the public key for your key pair
Retrieve the public key for your key pair using the method that applies to your configuration:
Verify your key pair's fingerprint
After you import your own public key or retrieve the public key for your key pair, follow the steps at Verifying Your Key Pair's Fingerprint.
Update and verify the new user account credentials
After you retrieve the public key, use the command shell session that is running under the context of the new user account to confirm that you have permission to add the public key to the .ssh/authorized_keys file for this account:
1. Run the Linux cat command in append mode:
2. Paste the public key into the .ssh/authorized_keys file and then press Enter.
Note: For most Linux command line interfaces, the Ctrl+Shift+V key combination pastes the contents of the clipboard into the command line window. For the PuTTY command line interface, right-click to paste the contents of the clipboard into the PuTTY command line window.
3. Press and hold Ctrl+d to exit cat and return to the command line session prompt.
(Optional) Allow the new user to use sudo
Note: If you don't want to allow the new user to use sudo, proceed to Verify that the new user can use SSH to connect to the EC2 instance.
1. Use the passwd command to create a password for the new user:
Note: You're prompted to reenter the password. Enter the password a second time to confirm it.
2. Add the new user to the correct group.
For Amazon Linux, Amazon Linux 2, RHEL, and CentOS:
Use the usermod command to add the user to the wheel group.
For Ubuntu:
Use the usermod command to add the user to the sudo group.
Verify that the new user can use SSH to connect to the EC2 instance
1. Verify that you can connect to your EC2 instance when using ssh as the new_user by running the following command from a command line prompt on your local computer:
To connect to your EC2 Linux instance using SSH from Windows, follow the steps at Connecting to Your Linux Instance from Windows Using PuTTY.
2. After you connect to your instance as the new_user by using SSH, run the id command from the EC2 instance command line to view the user and group information created for the new_user account:
The id command returns information similar to the following:
Generate New Private Key Ec2 Instance Download
3. Distribute the private key file to your new user.
Related Information
Anything we could improve?
Need more help?
Related Videos
Joel shows you how to manage user accounts on your Amazon EC2 Linux instance (5:47)
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |