Tuesday, 30 January 2018

Creating New User in Ubuntu / linux with PEM

ssh-keygen -t rsa -b 2048 -v

 Create pem file using the above.

 sudo adduser newuser

 sudo usermod -aG sudo newsier 

 
    

  • sudo visudo

    •
Traditionally, visudo opened /etc/sudoers in the vi editor, which can be confusing for inexperienced users. By default on new Ubuntu installations, it should instead use nano, which provides a more familiar text editing experience. Use the arrow keys to move the cursor, and search for the line that looks like this:
/etc/sudoers
root    ALL=(ALL:ALL) ALL
Below this line, copy the format you see here, changing only the word "root" to reference the new user that you would like to give sudo privileges to:
/etc/sudoers

root    ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL





Configure a new user account on the EC2 Linux instance to use the public key from the key pair



To enable remote access for a new user, you must create an .ssh directory in the new user's home directory and store the public key from the key pair in the file .ssh/authorized_keys.



1.    Run the following command from your EC2 Linux instance command line to switch context to the new user account:









sudo su - <newuser>











The name in the command line prompt should change to reflect the new user context of the shell session.



2.    Run the following commands from your EC2 Linux instance command line session:



Create a .ssh directory in the new user's home directory:









mkdir .ssh











Limit access to the .ssh directory so that only the new user can read, write, or open the directory.



Note: These permissions must be set before a user account can log in using SSH:









chmod 700 .ssh











Create the file "authorized_keys" in the .ssh directory:









touch .ssh/authorized_keys











Limit access to the authorized_keys file so that only the new user can read from or write to the file.



Note: These permissions must be set before a user account can log in using SSH:









chmod 600 .ssh/authorized_keys











Leave open the command line window with the active ssh connection to your EC2 Linux instance. Because you ran the sudo su - <new_user> command, you are currently connected to the EC2 Linux instance under the context of the new user account.



Update the authorized_keys file with the public key



To update the authorized_keys file, you must set appropriate permissions for the .PEM key-pair file that you created, retrieve the public key from the .PEM file, and then paste the public key into the authorized_keys file.



1.    From the command line of your local (client) Linux computer, run the following command to set the permission of the .PEM key-pair file that you have downloaded locally. This restricts read access specifically to the user account context of the command line session from which the command is run. In this example, <new_keypair> is a placeholder for the name of the keypair file that you have created:









chmod 400 <new_keypair>.pem











2.    Run the following command, which will prompt you for the location of the .PEM key-pair file that you created for the new user:









ssh-keygen -y











The ssh-keygen -y command reads the .pem file containing the public/private key pair and returns the public key. Copy the contents of the public key to the clipboard.



Note: For most Linux command line interfaces, the [Ctrl] + [Shift] + C key combination will copy the text selected in the terminal to the clipboard.



Note: On MacOS, run ssh-keygen -y -p with the .PEM key-pair file that you created for the new user.



3.    After you copy the public key to the clipboard, switch back to the command line window that has the active SSH connection to your EC2 Linux instance under the context of the new user account. Now you can run the cat command to update the authorized_keys file for the account. When you issue the cat command followed by two 'greater than' symbols (>>), you open the file in append mode. Now you can append the public key to the end of the file without overwriting any existing information. If the authorized_keys file is empty, the public key is appended&nbsp;to an empty file, which is the equivalent of running cat > .ssh/authorized_keys. By using append mode to open the file, you avoid inadvertently overwriting any existing information:









cat >> .ssh/authorized_keys











Paste the public key from the clipboard to the command window and press the [Enter] key, then press and hold the [Ctrl] and D keys simultaneously to exit cat and return to the normal command prompt.



Note: For most Linux command-line interfaces, the [Ctrl] + [Shift] + V key combination pastes the contents of the clipboard into the command line window.



Verify that you can use SSH to connect to your instance



You should now be able to connect to your EC2 Linux instance as via SSH from your local Linux or Mac computer. To verify that you can connect to your EC2 instance via SSH as <new_user>, run the following command from the command line on your local computer:









ssh -i /path/<new_keypair>.pem <new_user>@public_dns_name_of_EC2_Linux_instance











To connect to your EC2 Linux instance using SSH from Windows, follow the steps at Connecting to Your Linux Instance from Windows Using PuTTY.



After you have connected to your instance as via SSH, you can run the following command from the EC2 instance command line to view user and group information created for the 
sudo deluser --remove-home olduser
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)