How To Set-Up SSH Account On AWS Instance
1. Login to the server using root account. If you aren't logged in as root then you will have to use sudo before all scripts explicitly.
2. Create a user for whom you want to set-up SSH account.
adduser <new_user>
If above command not working then try with force command as below -
adduser --disabled-password --force-badname "sumit.pandey"
3. Now, user is added the machine. Switch user to new one.
sudo su - <new_user>
If above command doesn't work then simply go to newly created users directory using cd
cd /home/<new_user>
4. Create .ssh directory in new user's home directory.
mkdir .ssh
5. Change .ssh directory's permission to 700. Changing the permission restricts access so that only the <new_user> can read, write, or open the .ssh directory.
chmod 700 .ssh
6. Create authorized_keys file under .ssh directory.
touch .ssh/authorized_keys
7. Change the authorized_keys file permission to 600. It restricts file access to <new_user> only.
chmod 600 .ssh/authorized_keys
8. Open authorized_keys in edit mode and put the public key of the <new_user> in it.
cd .ssh/
vi authorized_keys
9. Save and quit.
10. It's done. Go back and try connecting from your machine using the private key file.
11. Hurray!! it's working.
12. If not working then execute below two commands after going to newly created user's directory -
cd /home/<new_user>
chown sumit.pandey:sumit.pandey .ssh
chown sumit.pandey:sumit.pandey .ssh/authorized_keys
Example - I tried to set-up SSH account for user pandey on my bastion host and then tried connecting it from my windows machine -
(a) Setting of account on Bastion server.
[root@ip-172-31-38-17 sumit]# adduser pandey
[root@ip-172-31-38-17 sumit]# sudo su - pandey
[pandey@ip-172-31-38-17 ~]$ mkdir .ssh
[pandey@ip-172-31-38-17 ~]$ chmod 700 .ssh/
[pandey@ip-172-31-38-17 ~]$ chmod 700 .ssh
[pandey@ip-172-31-38-17 ~]$ touch .ssh/authorized_keys
[pandey@ip-172-31-38-17 ~]$ chmod 600 .ssh/authorized_keys
[pandey@ip-172-31-38-17 ~]$ cd .ssh/
[pandey@ip-172-31-38-17 .ssh]$ vi authorized_keys
(b) Connected from the windows machine using putty. Don't forget to use .ppk file under Auth while accessing bastion host using putty.
Important Points::
1. If the end user is linux user then you can ask him to generate his /her private and public keys using ssh-keygen command on his machine. Take his public key (id_rsa.pub) and put in authorized_key file under his account on your bastion host.
2. If the end-user is windows user then ask him to generate the RSA keys using puttygen. The public key generated by puttygen won't be in ready format to provide access, hence, make sure to add it one line by prefixing ssh-rsa like below -
ssh-rsa AAAAB3XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==