3

I am VERY new to EC2 here, and I have set up everything under the free tier today. So , I loginto my ec2 using (assuming default user ubuntu):

ssh -i ~/.ssh/mykeypaid.pem ubuntu@<my ip address>

Now, I have edited my sudoers file as follows:

ubuntu ALL=(ALL:ALL) ALL

and then modified /etc/ssh/sshd_config as follows:

Protocol 2
PermitRootLogin no
AuthorizedKeysFile  %h/.ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication no

Now, when I try to ssh back in and try:

sudo su -

I get asked for an ubuntu password - which I do not really have. I have been trying to follow the instructions from here, but I am unsure what he means when he says:

Edit your ~/.ssh/authorized_keys and put your public key inside it. Make sure you can login without a password now once your key is in place.

what public key should I be including in ~/.ssh/authorized_keys? when I look at ~/.ssh/authorized_keys I already see keys starting with

ssh-rsa .....

I would appreciate any advice to sort this. Now, I am not able to go back to the sudoers file - since it asks me for a password for ubuntu which I think is strange(?)

Should I terminate my instance and start again? Thanks.

AJW
  • 5,569
  • 10
  • 44
  • 57

1 Answers1

9

I have edited my sudoers file as follows:
ubuntu ALL=(ALL:ALL) ALL

There's no need to edit sudoers on Ubuntu EC2 instances. It's already set up for passwordless sudo in /etc/sudoers.d/90-cloudimg-ubuntu

Should I terminate my instance and start again?

Yes, based on what you've said, I would recommend start with a fresh instance. By editing the sudoers file to require a password for an account that does not have a password, you have effectively locked yourself out. (I've written an article that describes how to recover from a broken sudoers, but in your situation starting fresh is much easier.)

what public key should I be including in ~/.ssh/authorized_keys?

You can simply leave authorized_keys alone and ssh in the same way that you did in the first place, using the ssh key you specified when you ran the instance. Or, you can add any other ssh keys you want to give access just like you normally would when managing an Linux box. Once the instance is started, there's nothing EC2-specific about ssh key management.

In general, I recommend uploading your personal public ssh key to EC2 and then specifying that name when starting new instances. This makes it easier to ssh in to new instances using your default ssh key. Here's an article I wrote about that: http://alestic.com/2010/10/ec2-ssh-keys

Eric Hammond
  • 22,089
  • 5
  • 66
  • 75
  • Thank you very much Eric for your very useful insights on this. You were right - I somehow locked myself (I am still unsure how tho!) out of the sudoers file - just terminated and relaunched the instance - followed your instructions and everything is now working just fine. Your posts on this topic is certainly enlightening! Thanks again - accepted your answer now. – AJW May 11 '13 at 12:47
  • I am trying to run an [installer](http://calibre-ebook.com/download_linux) that requires `sudo -v`, however that asks for a password which the ubuntu AWS user does not have. How can I run this pls? – Chris Jun 17 '15 at 14:31
  • 1
    @Chris You'ld probably have better luck opening a new question with more details about your setup and the results you are seeing. For systems questions, you might also try serverfault.com – Eric Hammond Jun 17 '15 at 20:55