How to Add New User with Key Pair in AWS EC2. Learn how to create new user with new key pair and provide separate access to developers. Instead of using the default private key for all operations you can create additional users and share the corresponding private key to access the instance.
In this guide you are going to learn how to create new SSH key pair with public key and private key and add it to your EC2 instance.
Prerequisites
Pem key file to access the instance SSH that you downloaded while creating the instance.
Create New Key Pair
Login to your AWS console and navigate to EC2 >> NETWORK & SECURITY >> Key Pairs.
Click Create Key pair.
For Name enter a name to identify your key.
For File Format choose pem which is the default format used by EC2. You can also use ppk format if you wish to use PUTTY to access the instance.
Click Create key pair.
Now the private key will be downloaded to your browser. Save the key safely.
Note: This is the only time you get the key pair. You cannot download the key pair if you lost it.
To use the .pem
key you need to setup correct permissions, otherwise you cannot use it to connect to the instance.
chmod 400 key_pair_name.pem
Retrieve the Public Key from the Private Key
Once you get the private key, you can retrieve the public key easily using the following command.
ssh-keygen -y -f key-pair-name.pem
This command returns the public key similar to the one below.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo4D7e4OZnk2RbXHJjJIZNtyH6lpOW6FYPbD2Z9coosHqDTur0d482hzf58cO/0KDEGVRiSdUIj5wlUVlE+a//HCW8FQZBdZxVcfaua5uhAgUjnjUJwCJD+a/dHgyUFxXfQQSRCgv9rtREcbGn5NuXx/ZceWhQvgrnBVV5PI8dwXcc2qOx0w+1xp3gE2l1HLa7r0sI6ikiGrjNPkbFcbOawGW1F+K49hKfFlRqgCfmDnYkIiv9aEv5crUeQhpU5ChwYVJBV6VY8jeKee+17Ozcop4S4pHYbOrTBDt0Cz9jo50lS4JuoF2WWFCwk3yTcN+8fnykcEHEB02T1IXDtd4b
Copy the public key.
Create New User
SSH to your EC2 instance and perform the below steps to add user.
Use the adduser
command to create new user.
For Ubuntu users use the following command.
sudo adduser username --disabled-password
This command will create a user with the specified username without password.
For Amazon Linux or Amazon Linux 2 users use the following command.
sudo adduser username
Add the Public Key to New User
Once the user is created you need to add the retrieved public key to the new user account.
Switch to the new user.
sudo su - username
This command switches from the default ubuntu
or ec2-user
to the new user you created in the previous step.
Navigate to the home
directory of the new user.
cd ~/
Create a new .ssh
directory.
mkdir .ssh
Setup appropriate permissions.
chmod 700 .ssh
Create a file named authorized_keys
in the .ssh
directory and change its file permissions to 600
(only the owner can read or write to the file).
touch .ssh/authorized_keys
Setup appropriate permissions for the file.
chmod 600 .ssh/authorized_keys
Edit the authorized_keys
file.
nano authorized_keys
Add the retrieved public key to this file.
Note: The public key should be pasted in a single line. It should not be split over multiple lines.
Hit CTRL + X
followed by Y
and ENTER
to save and exit the file.
Now you can login to your EC2 instance SSH using the corresponding private key.
Remove User
If you wish to remove the user, you can easily remove it using the userdel
command.
Specify the -r
option to remove the home directory. You can also skip this option if you wish to keep the home directory.
sudo userdel -r username
Conclusion
Now you have learned how to create new user with public key and private key on your AWS EC2 instance.
2 Comments
It worked perfectly. Thank you very much!
Very welcome