I'm not able to add passwordless entry to a new user on EC2

Question

I'm trying to add a deploy user to a EC2 instance to work with capistrano. I've been able to add passwordless entry for user ubuntu, but it's not working with "deploy". I'm setting up this user as follows:

adduser --system --home /home/deploy --shell /bin/bash --ingroup nogroup deploy
chmod u+w /etc/sudoers
echo "deploy  ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
chmod u-w /etc/sudoers

I then copy the authorized keys

cp /root/.ssh/authorized_keys /home/deploy/.ssh/authorized_keys

and restart ssh

/etc/init.d/ssh restart

But then when I try to sign in from my local machine like:

 ssh -v -i ec2-keypair deploy@domain.com

I still get a request for a password. Any ideas?

Output of `ssh -vv`. Show the permissions of .ssh, and the authorized_keys. — Zoredache, Sep 15 '11 at 22:36

score 1 · Answer 1 · answered Sep 16 '11 at 09:22

You would probably be safer generating a new keypair for your deploy user rather than reusing the root one.

As you don't mention it, the first thing to check is the ownership & permissions of the authorized_keys file, if it is not owned by the deploy user or has w for group/other then ssh will fall back on Password authentication.

You can disable PasswordAuthentication in your /etc/ssh/sshd_config

PasswordAuthentication=no

You can try this manually with

ssh -v -o PasswordAuthentication=no -i ec2-keypair deploy@domain.com

before making changes to your configuration.

I'm not able to add passwordless entry to a new user on EC2

1 Answers1