2

I've recently set up a AWS EC2 instance (using an Ubuntu AMI) for a web project. I of course created a public/private pem key which I sued to log in a and set up the instance. Now I have a new developer who needs to be able SSH into the instance as well. I created a user account on instance but when they try to log in they get a "Permission denied (publickey)."

What gives?

PBI

Showcaselfloyd
  • 425
  • 1
  • 5
  • 7

2 Answers2

1

You need to create them a public/private key pair which they can then use to log into the box.

see the following from the EC2 documents.

Scroll down to Key Generation and Distribution you will need to read the WHOLE document to ensure you dont lock yourself out.

Steve
  • 342
  • 2
  • 10
1

AWS EC2 instances allow only public key authentication for ssh during initial setup. That is more secure than password based authentication. So you need to ask your developer to send you their public key and add it to the authorized_keys in their home directory. For instance, if the developer public key is developer_rsa.pub and developer's username is dev1 -

   cat developer_rsa.pub >> /home/dev/.ssh/authorized_keys

This is better than you generating the private/public key combination and sending them the private key. The private key MUST NOT traverse any network.

Daniel t.
  • 9,291
  • 1
  • 33
  • 36
  • Cool. I also have a another related question like this. If I have a private key like in my .ssh dir like id_rsa can I use that for multiple sites? Meaning take my id_rsa.pub and use it on other servers. Or does each one need it's own. – Showcaselfloyd Jan 31 '13 at 17:15
  • Of course. As long as your public key is added to the authorized_keys file in the remove server. – Daniel t. Jan 31 '13 at 17:21
  • I don't understand you answer Daniel. I guess what I'm asking is can I just keep using the same public and private ssh key or goes each server require it's own set. – Showcaselfloyd Jan 31 '13 at 18:44
  • each server needs to have its own private key. http://www.debian-administration.org/articles/530 – Daniel t. Jan 31 '13 at 19:10
  • Okay. But There doesn't seem to be a way for me to do this on my local machine that I know of. – Showcaselfloyd Jan 31 '13 at 21:20