I recently set up a free Amazon AWS server. As I experimented with it, I installed a GUI desktop. Then I encountered some issues that I eventually resolved by creating a new user with its own password and then using that user for the rest of my activities.
For my own reference, and in the hope others will find it useful, here is the procedure I followed:
- Create a new userid, with password
- Add the new user to the sudoers file
- Install the AWS server’s public key for the new user
- Log in as the new user
I posted the details in my blog post, below.
Why do we need a password?
The default ubuntu userid does not have a password. The Amazon AWS documentation on managing users recommends creating new users with password disabled. So, why set up a new user with a password?
After installing a GUI desktop, you need to a use a password to authenticate operations performed by GUI software such as Ubuntu Software Center. I did not see any problems caused by configuring a user password. I found it was best to work in a “normal” Linux user account that has a password.
Create a new userid, with password
We will create a new account with userid brian. If you run into any trouble, consult the Amazon AWS documentation. To create the new account, first login to your AWS server with a command similar to:
Laptop:$ ssh -i ~/Documents/Ubuntu-2-keypair.pem [email protected]
Then create the new user brian (or your choice) using the command:
ubuntu@AWS:$ sudo adduser brian
Follow the prompts to enter the password and other optional user information. I filled in my full user name and left all other user information fields blank.
Add the new user to the sudoers file
Next, add the new user to the sudoers file. Use the visudo command:
ubuntu@AWS:$ sudo visudo
We add the following line after the comment line, “User privilege specification”:
brian ALL=(ALL:ALL) ALL
Then, save the file.
Execute the following command to ensure that the user brian is in the sudo groups, and so is an administrator:
ubuntu@AWS:$ sudo adduser brian sudo
Install the public key for the new user
We cannot log into the new user account via SSH until the public key from the AWS instance’s key pair is installed for the new user. We must copy the public key installed for the ubuntu user and paste it into the right file in the new user account, brian.
The public key in in the file, ~/.ssh/authorized_keys.
ubuntu@AWS:$ cat ~/.ssh/authorized_keys
ssh-rsa AEEAB3NzaC1yc2EEEAADAQABAAABAQDXXrlN+I5j4g5Am/lBviKhhA2XDUaeU6DlD1qz4C2+cv0eax8lXxS0YdOIA+ioyrhGy/2Y3O+jsb54JE6Z/5u1MiX5RkX/3XayGE2Vrxa+ZstxQFgEolqNn96s6tghxQm9sjhU4r6S98XLR+Hg6xqh4COdHnANu1mlyIAW9YEfdPvFl4FnoyBSFHBvLPQZy4JLIwYeKwiGS/Esh8N5f8WQJUjIhwT3i/MgfhYhRGQdbGKIVWrL0sPwOv9gTT1H9HExyUH3G6KBhfD5Zm3R+TVe0vuUaodLcnPf4EAJZZVky/Fnbg6aLFQWf1iWjY+fa7Jev+Nnpsn9DEXAMPLE Ubuntu-2-keypair
Select the public key (omit the name of the key pair at the end) and then copy it to your clipboard. Optionally, you may also paste it into a text editor running on your laptop (just as a temporary parking spot — in case you accidentally clear your clipboard before you need to past the key to the new user).
NOTE: There are also other ways to get the public key. See the Amazon AWS documentation for more ways to retrieve the public key of the instance.
Now, switch to the new user account, brian:
ubuntu@AWS:$ sudo su brian
brian@AWS:$
Ensure you are in the new user’s home directory:
brian@AWS:$ cd
brian@AWS:$ pwd
/home/brian
Create the SSH directory and authorized users file, with the correct permissions:
brian@AWS:$ mkdir .ssh
brian@AWS:$ chmod 700 .ssh
brian@AWS:$ touch .ssh/authorized_keys
brian@AWS:$ chmod 600 .ssh/authorized_keys
Edit the authorized_keys file with a text editor.
brian@AWS:$ nano .ssh/authorized_keys
Paste in the public key you previously copied to the clipboard. Now the authorized_keys file will have the following contents:
ssh-rsa AEEAB3NzaC1yc2EEEAADAQABAAABAQDXXrlN+I5j4g5Am/lBviKhhA2XDUaeU6DlD1qz4C2+cv0eax8lXxS0YdOIA+ioyrhGy/2Y3O+jsb54JE6Z/5u1MiX5RkX/3XayGE2Vrxa+ZstxQFgEolqNn96s6tghxQm9sjhU4r6S98XLR+Hg6xqh4COdHnANu1mlyIAW9YEfdPvFl4FnoyBSFHBvLPQZy4JLIwYeKwiGS/Esh8N5f8WQJUjIhwT3i/MgfhYhRGQdbGKIVWrL0sPwOv9gTT1H9HExyUH3G6KBhfD5Zm3R+TVe0vuUaodLcnPf4EAJZZVky/Fnbg6aLFQWf1iWjY+fa7Jev+Nnpsn9DEXAMPLE
Save the file.
Exit the system:
brian@AWS:$ exit
ubuntu@AWS:$ exit
Laptop:$
Log in as the new user
You should now be able to log into the new user brian on the remote Amazon AWS server using the same keypair. On your laptop, use the SSH command:
Laptop:$ ssh -i ~/Documents/Ubuntu-2-keypair.pem [email protected]
brian@AWS:$
We now are logged in as user brian.
Conclusion
We set up a new user on our Amazon AWS Server, set up administrator privileges, and saved the SSH public key required to access the server with the new user account.
We will use this account for all future software installations and experiments.
Pingback: Amazon EC2 Ubuntu Server with GUI – N7IHQ Blog
Doesn’t this mean that all users can log in as each other because they each have the SAME key pair?
YES – so if you are looking to do this on a shared server don’t do it…
+1 +1 +1 +1 +1 +1 +1 +1
Thanks for the help! ! ! 😉
Pingback: RDP from Ubuntu into AWS Ubuntu | AJG-Develop
Hi! this is tutorial version 2016:
How to create Linux Server and login SSH Amazon VPS (Amazon Web Services EC2) Elastic Compute Cloud
And now I have no password to login, marvelous
sudo adduser name didn’t ask me to set a password…
I’ve set it by login in the old way then sudo passwd testuser then set a new pass
Permission denied (publickey)
Hope I could use GCE for GPU, use to be up and running in a half hour now two days to get this **** going.
Great job