UBUNTU EC2: Add new admin user « Blog SofaSurfer | WWW-Artist

I’m sure there are plenty of articles describe how to add/create a new user on a UBUNTU EC2 instance.

Unfortunately I couldn’t find a simple one so i decided to create this post more for my own reference.

I assume you already have a UBUNTU EC2 instance (in my case 10.04.2 LTS ami-6afa8438 ) with a valid key file for the default user ubuntu and wish to grant access to an additional user.

My domain name is sofasurfer.ch and the new user i will add is kib.
So let’s get started.

1. Login to server with default user ubuntu and the original key-file ubuntu.pem (which has to be in the same directory as you run the command from).

1
ssh -i ubuntu.pem ubuntu@sofasurfer.ch

2. Add new user and insert the requested user information

1
sudo adduser kib

3. Add new user to admin group, which also grants you sudoer rights

1
sudo adduser kib admin

4. If you don’t want to enter the password each time you use sudo you can set this in the /etc/sudoers file.

1
sudo visudo

5. And add the following line below the ubuntu user  (for security reasons not recommended)

1
kib     ALL=(ALL) NOPASSWD:ALL

3. Switch to new user

1
su kib

4. Switch to home directory for new user

1
cd /home/kib

5. Create new rsa key and fill in the requested information (can keep all default but make sure to set a password)

1
ssh-keygen -t rsa

6. Change owner premission

1
chmod 700 .ssh

7. Rename new key files so they match new username

1
2
mv .ssh/id_rsa .ssh/id_kib_rsa
mv .ssh/id_rsa.pub .ssh/id_kib_rsa.pub

8. Combine the files to generate the authorized_keys file

1
cat .ssh/id*.pub > .ssh/authorized_keys

9. Change permission so only the new user can access

1
chmod 600 .ssh/*

10. Copy keys to tmp folder, to download later from the client, make sure they are readable by the default user.

1
2
cp .ssh/id* /tmp
chmod 644 /tmp/id*

11. Logout from EC2 server

1
2
exit
exit

12. Download new key with original ubuntu user

1
scp -i ubuntu.pem ubuntu@sofasurfer.ch:/tmp/id_kib_rsa ./

13. Change right for new key so they can only be accessed from current user/machine

1
chmod 400 id_kib_rsa

14. Login with new user

1
ssh -i id_kib_rsa kib@sofasurfer.ch

15. Delete keys from /tmp directory

1
rm -rf /tmp/id*

Done

Not sure if this is the perfect way to do so, but it worked for me

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注