LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-26-2013, 07:04 AM   #1
unclesamcrazy
Member
 
Registered: May 2013
Posts: 121

Rep: Reputation: 1
Amazon Linux AMI(Amazon Machine Image) - ec2 server - query about pem file


Recently, Linux server's log in details are given to me. The server was Amazon Linux AMI(Amazon Machine Image) - ec2 - AWS (Amazon Web Services). They did not provide me password. They provided me a username and a pem file. I had to log into server using these details. The log in was successful. I used following command.
Code:
ssh -i /path/of/pem-file.pem ec2-user@ec2-207-81-13-106.compute-1.amazonaws.com
I didn't need to put my public file in the server's ssh directory(ssh-copy-id) as well as I didn't need to know the password of the server. Just one pem file like a key and I was inside the server.

Can I make this pem file for my local CentOS server so I do not need to give password to each user. I will give the pem file and user will be inside centOS in their account.

Please comment.
 
Old 07-26-2013, 08:01 AM   #2
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,472
Blog Entries: 6

Rep: Reputation: Disabled
Quote:
Originally Posted by unclesamcrazy View Post
Can I make this pem file for my local CentOS server so I do not need to give password to each user. I will give the pem file and user will be inside centOS in their account.

Please comment.
Under NO conditions would I do this. You compromise your entire server by exposing your AWS .pem file to each user.
What I do is create a new ssh key for each user and stick the contents of each user's key.pub into each users home/.ssh directory in .ssh/authorized_keys
You may have to make this directory and file.

NEVER give out that .pem file. EVER.
NEVER give out your aws_access_key OR aws_secret_key contents to anyone you don't trust either.

You can generate keys for each "user" on any machine using
Code:
ssh-keygen -f /path/to/safe/directory/user1-id_rsa -t rsa -N '' -q
where user1-id_rsa can be Bob, Carol, Ted, or Alice usernames on the Amazon instance.

then copy the [Bob,Carol,Ted.Alice].pub contents of each user's key to each user's home/$user/.ssh/authorized_keys file
Make sure that authorized_keys is owned by each user and is chmod'd 600
You can even do this for root. I would, just to keep the .pem file safe.

Give [Bob,Carol,Ted.Alice] key (not the .pub extension) to Bob,Carol,Ted and Alice and they stick the key in their local machine's .ssh directory and use it in a similar manner as the pem you shown here...
Code:
ssh -qi /path/to/key user@ip_of_instance
IF you have an EIP associated with the instance and you'll need one for public assess.
or
Code:
ssh -i /path/to/key user@ec2-xx-xxx-xxx-xx.compute-1.amazonaws.com
It's good practice and you'll need the experience if you're going to have "users".
You'll need to understand SecurityGroups also.

If you get stuck, you should read and bookmark http://docs.aws.amazon.com/gettingst...tro/intro.html
You can also send me an email to

lq at cirrhus9 dot com
that is el que, NOT eye queue

or I am subscribed with interest...

Last edited by Habitual; 07-26-2013 at 08:08 AM.
 
Old 07-26-2013, 02:44 PM   #3
unclesamcrazy
Member
 
Registered: May 2013
Posts: 121

Original Poster
Rep: Reputation: 1
Thanks for this prompt reply.
Actually right now we use this authorized_keys method using ssh-copy-id and store user's pub files on the server as authorized_keys.

But the server is home network local server. So there is no security threat because there is no static ip as well as port 22 is not opened for outsiders.I want to see that how user can get access into server just using pem file and withou saving any of it's details on the server.

I am not getting how you gave hint to make pem files. I am not able to make it. I have client system's pub and private key file as well as server's pub and private key file now how can i make pem file so client system can log into server.

Please explain in easy words. Thanks.
 
Old 07-26-2013, 03:13 PM   #4
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,472
Blog Entries: 6

Rep: Reputation: Disabled
I will NOT quote myself.
I will NOT quote myself.
I will NOT quote myself.

Process is identical for any host you are wishing to provide access to.

You can generate keys for each "user" on any machine using

Code:
ssh-keygen -f /path/to/safe/directory/user1-id_rsa -t rsa -N '' -q
where user1-id_rsa can be Bob, Carol, Ted, or Alice usernames on the CentOS instance.

then copy the [Bob,Carol,Ted.Alice].pub contents of each user's key to each user's /home/$user/.ssh/authorized_keys file
Make sure that authorized_keys is owned by each user and is chmod'd 600
and give the key (not the key.pub) to the user needing access.

Real-life example:
Code:
ssh-keygen -f unclesamcrazy -t rsa -N '' -q
creates
unclesamcrazy
unclesamcrazy.pub

cat unclesamcrazy.pub > /home/unclesamcrazy/.ssh/authorized_keys
chmod 600 /home/unclesamcrazy/.ssh/authorized_keys

Now give unclesamcrazy file to the user that uses it.
Code:
ssh -i /path/to/unclesamcrazy unclesamcrazy@centos_ip
I don't use ssh-copy-id, sorry.

Sorry, If I was unclear earlier.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible to create Slackware AMI image for amazon AWS? kite Slackware 4 02-19-2013 02:19 PM
LXer: Ubuntu 12.04 ARM Server AMI for Amazon EC2 LXer Syndicated Linux News 0 05-28-2012 05:51 PM
How to built an amazon ec2 slackware AMI from scratch fietske Slackware 0 01-18-2010 04:55 PM
LXer: Amazon EC2 Image Released for opentaps Open Source ERP + CRM LXer Syndicated Linux News 0 11-14-2009 03:00 AM


All times are GMT -5. The time now is 05:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration