0

We have an AWS EC2 instance running Linux (Amazon Linux release 2 (Karoo)) and Wordpress. Currently everyone at our company SSH's to this server with a wordpress.pem file (the below line is just saved in a batch file we connect with):

ssh -i %userprofile%\documents\ssh\wordpress.pem ec2-user@55.123.123.55

We have a contractor who needs access to both our Wordpress site AND SSH access to the Linux box. I am not very familiar with Linux, so I am wondering if anyone knows of a website or video that explains (hopefully with explicit instructions) how to set up access for a user so we don't have to give them our .pem file. At the moment I have no idea what to do. Adding a user in the Wordpress GUI is self-explanatory... not so much on the Linux side though.

If I open Putty and try to connect to the IP, it will ask for a username but when I enter ec2-user, I get this:

enter image description here

Thanks in advance!

00fruX
  • 123
  • 1
  • 9
  • You contractor should be able to generate their own PEM file, and then send you the matching public key to be trusted by your EC2 instance. I look forward to someone writing an answer with details of this process for EC2 :) – axus May 21 '21 at 18:58
  • " I look forward to someone writing an answer with details of this process for EC2 :) " -- ME TOO! :) Almost sounds too easy, if you know what to do anyway. – 00fruX May 21 '21 at 19:14
  • Create the contractor their own user, give them a key to SSH in. – Tim May 22 '21 at 21:25
  • @Tim, do you have any webpage with a how-to for this? That's kind of what I was hoping for. I appreciate the tip/hint though. – 00fruX May 24 '21 at 16:10

3 Answers3

1

You can add the contractor's public key to the authorized_keys file on your server. The exact location might vary on your EC2 machine but normally you can find it at ~/.ssh/authorized_keys.

The public key will look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrm+fRzQxElsN7ahKCHSymLpkLkW58d01ot3dsx4iIMQqLXuS2nS/yK2uWSYYt1Hrb3aBxJ8WDI+icq049wPIfehG1ew8KufWyFiAtYMKE4AB7VPM7seVvr4Q6ySl3MTbNhNN+Z9a5uSeGeD3ioje37SKyFiFlTeaXcE6SFvV1m5hoIHLJOBWy7j7e1Bbmp5BxfzOu3436L4vfl8LjTM2RRtCv9A0345x0kOM7fBctUpEiVXbSiMEZoZB+ALqnKDY7R1kccLjGJR19m/Pnm3lggVWevLu0zdURJ+HGdXzNOUpUMSgftROlzPtSpDf66WKoCUrlliK/t6qiSoYZzbERoGjWzguEk8tw50ynGf+jLs/fz/jvngZWfecPiqud9FgEQLu4+acJKneKkWbULjYoTlsTfvgNadoR0gbfhpTnGenNRgDI0JFM3uP4UXmXVQruDopPEkev6xicjLZSS8Kim53KO0owmsfVqjk2e1k2lukjX+BNa8lakEqU+UAvX/M= contractor

Then you just need to open a text editor (e.g. nano, vim) on your EC2 machine and paste in the public key into the authorized_keys file I mentioned above.

pokgak
  • 11
  • 1
1

I would create the contractor a new Linux user and set them up with an ssh key. I documented how I did this in Amazon Linux1 here, but once you understand the concept I suggest you search for a more recent resource that is meant for AL2.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • Well, ten tries later I can't figure out how to make it so the lines of code I paste in this comment section don't garble into one ugly paragraph, so I'll just say I ran into an issue at step 5 when I issued the `ssh-keygen -f rsa` command, with: Saving key "rsa" failed: Permission denied :*( Thank you for posting the link though! – 00fruX May 27 '21 at 18:11
  • That probably means the user you are currently using doesn't have permission to write to the folder you're currently in. That's an old tutorial, find another one that's made for AL2. – Tim May 27 '21 at 19:57
1

Well, I think I finally figured it all out. The only thing I anticipate having to do now is make the test-user an admin of the instance so they can install stuff. Here are the steps.

After you've created your Amazon Linux instance and downloaded the original .pem file for it...

In AWS EC2, go to Key Pairs and click Create Key Pairs, give it a name and choose pem format can click Create key pair button. It will automatically download the pem file. SAVE IT!

Then, SSH to your new Amazon Linux instance with the original .pem file you downloaded when you created the instance. To do so, open CMD prompt and enter the following and press ENTER (replacing /path/new_key_pair.pem with the path of your pem file, and 54.123.123.123 with your actual public IP):

ssh -i /path/new_key_pair.pem ec2-user@54.123.123.123

Then issue the following commands:

sudo su

sudo adduser test-user

sudo su - test-user

mkdir .ssh

chmod 700 .ssh

touch .ssh/authorized_keys

chmod 600 .ssh/authorized_keys

Since the video (https://youtu.be/khPGZYh73fo)assumes everyone's on a Mac or Linux, I had to find out how to obtain public key on Windows:

  1. Download Putty
  2. Open PuTTYgen
  3. Click Load
  4. Change file type to All Files (.)
  5. Browse to .pem file

Copy everything in the output window (except for "imported-openssh-key" at the very end).

Back in your SSH session, open the authorized_keys file and past in the public key you copyied from PuTTYgen:

nano .ssh/authorized_keys

Paste public key (by right-clicking anywhere in the window) and save file (CTRL+X then Y then ENTER)

Send .pem file to contractor. They can now open a CMD prompt and enter the following to SSH in as the new user:

ssh -i /path/new_key_pair.pem test-user@54.123.123.123

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/new-user-accounts-linux-instance/

00fruX
  • 123
  • 1
  • 9