Thursday, May 3, 2012

Root Login to the Amazon EC2 Linux instance

By default Amazon EC2 Linux machine configured in a such way, so you can only login as ec2-user. And to run command as root, required prefix the command with sudo. To avoid such complexity  security restrictions we propose to configure root, generate public/private key pair and store into the key repository and reconfigure SSH client to be able to login as root by default.


Create public/private key

1. Initiate SSH session (as 'ec2-user') and connect to the Amazon Linux instance by it public DNS name.
2. Change the root password:
 sudo passwd root  
3. Login as root:
 su root  
4. Create a public/private key pair:
 ssh-keygen -t rsa  
This will create two files in (hidden) ~/.ssh directory called id_rsa and id_rsa.pubid_rsa is a private key and id_rsa.pub is a public key.
5. Set permissions on a private key:
 chmod 700 ~/.ssh  
 chmod 600 ~/.ssh/id_rsa  
6. Copy the public key (id_rsa.pub) to the server and install it to the authorized_keys list:
 cat id_rsa.pub >> ~/.ssh/authorized_keys  
7. Set file permissions on the server:
 chmod 700 ~/.ssh  
 chmod 600 ~/.ssh/authorized_keys  
8. Update /etc/ssh/sshd_config configuration file to read:
 PermitRootLogin yes  
 # EC2 uses keys for remote acc  
 PasswordAuthentication no  
9. Copy private key id_rsa from Amazon EC Linux instance to the local file system using WinSCP tool.

Convert private key into PuTTY format

1. Download and install PuTTY on your Windows machine.
2. Start PuTTYgen, click Load button and browse for the location of the private key on the system.
3. Select  id_rsa file and click Open button.


4. Click Save private key (don't press Generate button) and press Yes within warning dialog.

Initiate SSH session as root

1. Open PuTTY and in the Host Name fields type Public DNS of the instance.

2. Set previously generated private key in the Category menu under Connection>SSH>Auth.

3. Click Open and press Yes within security warning dialog.
4. In the SSH session window login with root.


4 comments:

  1. What you call "complexity" most people would call security

    ReplyDelete
    Replies
    1. Yes, I agree with you. But setting 'root' for default login to the Amazon EC2 instance instead of 'ec2-user' simplify process of installing different software. This configuration could be applied only for the testing needs, but not for production environment.

      Delete
  2. hi...Im student from Informatics engineering nice article,
    thanks for sharing :)

    ReplyDelete
  3. Hi! this is tutorial version 2016:
    How to login Root SSH Linux Server Amazon VPS (Amazon Web Services EC2) Elastic Compute Cloud
    https://www.youtube.com/watch?v=KoKhLbkCX5g&index=4&list=PLbAauqV4HwDTc8OA58KjzbWFECap-E0u_

    ReplyDelete