AWS EC2 instance Users Creation based on file based authentication

Question

I have a requirement of creating a Separate users in AWS EC2 Instance. As per my knowledge initially while spinning up an ec2 instance we get the .PEM file which will be converted to .PPK for logging into EC2 Linux Machine through putty. After logging into ec2 instance with default User. Is there any possibilities to create multiple users with there own private key file instead of using default .PPK file.

(Note: We don't want users with password based authentication. We only want to create the users with file based authentication)

Is there anyway to do it.

Thanks.

Answer 1

To add a user account

1. Use the following adduser command to add the newuser account to the system (with an entry in the /etc/passwd file). This command also creates a group and a home directory for the account.

   sudo adduser newuser

2. Switch to the new account so that newly created files have the proper ownership.

   sudo su - newuser

   Notice that the prompt changes from ec2-user to newuser to indicate that you have switched the shell session to the new account.

3. Create a .ssh directory in the newuser home directory and change its file permissions to 700 (only the owner can read, write, or open the directory).

   mkdir .ssh

   chmod 700 .ssh

   Important Without these exact file permissions, the user will not be able to log in.

4. Create a file named authorized_keys in the .ssh directory and change its file permissions to 600 (only the owner can read or write to the file).

   touch .ssh/authorized_keys

   chmod 600 .ssh/authorized_keys

   Important Without these exact file permissions, the user will not be able to log in.

5. Open the authorized_keys file using your favorite text editor. Paste the public key for your key pair into the file.

For example:

`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V
hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr
lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ
qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb
BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE`

The user should now be able to log into the newuser account on your instance using the private key that corresponds to the public key that you added to the authorized_keys file.

For Retrieving and Creating Key Pairs and also refer to this AWS Documentation

Answer 2

I have created below script for ec2 instances to create Key based sudo user. Kindly try this.

note: below script works for all linux OS like redhat, ubuntu, suse, kali, centos, fedora, amazon linux 1/2, debain......etc

#!/bin/bash
#author: bablish jaiswal
#purpos: a sudo pem based user creation
clear
#echo "Hi, I am a function to create a sudo user with pem file. Kindly share following information"
echo -e "\n\n\n"
printf "\e[6;33mHi, I am a function to create sudo user with pem file. Kindly share following information\e[0m";echo
read -p "user name:- " name #input your name
read -p "complete path for $name home directory:- " home #user home directory
sudo useradd  -m -d $home $name -s /bin/bash #create user by given input
sudo -u $name cat /dev/zero | sudo -u $name ssh-keygen  -q -N "" #generating pem 
sudo -u $name  mv $home/.ssh/id_rsa.pub $home/.ssh/authorized_keys #permission
sudo chmod 700 $home/.ssh #permission again
sudo chmod 600 $home/.ssh/authorized_keys #permission again and again
echo " "
#echo "-------Copy below pem file text---------"
printf "\e[6;33m-----------------------------Copy below text-------------------------\e[0m";echo
sudo cat $home/.ssh/id_rsa
echo " "
#echo "-------Copy above text---------"
#svalue=$(cat /etc/sudoers |grep -i root |grep -i all|tail -n1 |awk '{$1=""}1') 
svalue=$(cat /etc/sudoers |grep -i root |grep -i all|tail -n1 |awk '{print $2}') #sudo creation
echo "${name} ${svalue} NOPASSWD:ALL" >> /etc/sudoers && echo “Remark:- User $name is a sudo user” #sudo confirmation message