Adding a New Admin User on AWS EC2 Ubuntu Instance

Posted on February 20, 2014 in Development

If you can already SSH into your Ubuntu based AWS EC2 instance with the default ubuntu user and and the default key file you generated in AWS, but need to add another admin user with their own private key, here’s how to do it:

1) Let’s assume the IP address of your instance is 123.456.789.123 and the default key file is named default_key.pem. SSH into your instance with the default user and key:

ssh -2 -i default_key.pem ubuntu@123.456.789.123

2) Once in, add a new user:

sudo adduser pixelninja

3) Add the created user into the admin group:

sudo adduser pixelninja admin

If you don’t want to have to type in a password every time you use sudo under the new user, do:

sudo vi /etc/sudoers

And add the following under the root user in the “User privilege specification” section:

# User privilege specification
root ALL=(ALL:ALL) ALL
pixelninja ALL=(ALL) NOPASSWD:ALL

Just a note: it’s worth considering whether you want to do this because of security reasons, but it does make life easier.

4) Switch to the new user and navigate to the .ssh folder in your home directory:

su pixelninja
cd ~/.ssh

5) Generate a new RSA key pair:

ssh-keygen -t rsa

You can name your key pair and add a password if you want. For the sake of this tutorial, let’s assume you used the default name. If you now do ls -l , you should see two files: id_rsa and id_rsa.pub.

6) Copy the public key into authorized_keys:

cat id_rsa.pub > authorized_keys

7) Change permissions on the directory and the files:

cd..
chmod 700 .ssh
chmod 600 .ssh/*

Also make sure that the new user is the owner of the .ssh directory and everything that’s inside. It probably will, but just in case:

chown -R pixelninja:pixelninja .ssh

8) Copy the private key into the /tmp folder, so that you can download it to your local machine. Make sure it’s readable by the default user.

cp .ssh/id_rsa /tmp
chmod 644 /tmp/id_rsa

9) On your local computer download the private key file with the default user and key file:

scp -i default_key.pem ubuntu@123.456.789.123:/tmp/id_rsa ./

and change the file permissions to read-only:

chmod 400 id_rsa

10) Test that you can log in with the new user:

ssh -2 -i id_rsa pixelninja@123.456.789.123

and if all is good, delete the private key from the /tmp folder:

rm /tmp/id_rsa

11) Kick back, relax, and enjoy your new user account.

Enjoyed this post? Share it with others.
Share on email
Email
Share on facebook
Facebook
Share on google
Google
Share on twitter
Twitter

Leave a reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.