Recently, Linux server's log in details are given to me. The server was Amazon Linux AMI(Amazon Machine Image) - ec2 - AWS (Amazon Web Services). They did not provide me password. They provided me a username and a pem file. I had to log into server using these details. The log in was successful. I used following command.
I didn't need to put my public file in the server's ssh directory(ssh-copy-id) as well as I didn't need to know the password of the server. Just one pem file like a key and I was inside the server.

Can I make this pem file for my local CentOS server so I do not need to give password to each user. I will give the pem file and user will be inside centOS in their account.

Please comment.

Under NO conditions would I do this. You compromise your entire server by exposing your AWS .pem file to each user.
What I do is create a new ssh key for each user and stick the contents of each user's key.pub into each users home/.ssh directory in .ssh/authorized_keys
You may have to make this directory and file.

NEVER give out that .pem file. EVER.
NEVER give out your aws_access_key OR aws_secret_key contents to anyone you don't trust either.

You can generate keys for each "user" on any machine using
where user1-id_rsa can be Bob, Carol, Ted, or Alice usernames on the Amazon instance.

then copy the [Bob,Carol,Ted.Alice].pub contents of each user's key to each user's home/$user/.ssh/authorized_keys file
Make sure that authorized_keys is owned by each user and is chmod'd 600
You can even do this for root. I would, just to keep the .pem file safe.

Give [Bob,Carol,Ted.Alice] key (not the .pub extension) to Bob,Carol,Ted and Alice and they stick the key in their local machine's .ssh directory and use it in a similar manner as the pem you shown here...
IF you have an EIP associated with the instance and you'll need one for public assess.
or It's good practice and you'll need the experience if you're going to have "users".
You'll need to understand SecurityGroups also.

If you get stuck, you should read and bookmark http://docs.aws.amazon.com/gettingst...tro/intro.html
You can also send me an email to

lq at cirrhus9 dot com
that is el que, NOT eye queue

or I am subscribed with interest...

Thanks for this prompt reply.
Actually right now we use this authorized_keys method using ssh-copy-id and store user's pub files on the server as authorized_keys.

But the server is home network local server. So there is no security threat because there is no static ip as well as port 22 is not opened for outsiders.I want to see that how user can get access into server just using pem file and withou saving any of it's details on the server.

I am not getting how you gave hint to make pem files. I am not able to make it. I have client system's pub and private key file as well as server's pub and private key file now how can i make pem file so client system can log into server.

Please explain in easy words. Thanks.

I will NOT quote myself.
I will NOT quote myself.
I will NOT quote myself.

Process is identical for any host you are wishing to provide access to.

You can generate keys for each "user" on any machine using

where user1-id_rsa can be Bob, Carol, Ted, or Alice usernames on the CentOS instance.

then copy the [Bob,Carol,Ted.Alice].pub contents of each user's key to each user's /home/$user/.ssh/authorized_keys file
Make sure that authorized_keys is owned by each user and is chmod'd 600
and give the key (not the key.pub) to the user needing access.

Real-life example:
creates
unclesamcrazy
unclesamcrazy.pub

cat unclesamcrazy.pub > /home/unclesamcrazy/.ssh/authorized_keys
chmod 600 /home/unclesamcrazy/.ssh/authorized_keys

Now give unclesamcrazy file to the user that uses it.
I don't use ssh-copy-id, sorry.

Sorry, If I was unclear earlier.

1 members found this post helpful.

The question is still same.
This is the exact same problem of mine but solution is not working for me.
http://serverfault.com/questions/546...for-my-servers
The final pem file is asking passphrase for me too.

Please help me to generate a pem file for server login.

Never give the .pem file for the EC2 host to any "user" of the EC2 host.
Instead make them their own ssh-key to connect to the EC2 host using the technique described here.
If you have further questions on the steps outlined there, post them here.

Yes, but I am learning Linux on my Home system. I want to know the method to generate valid pem file.
I have found hundreds of method to generate pem files, yes it is generated too but I can not log in to the server using it. either it asks pass phrase or password. There is no passphrase. I haven't set any. not even for my dsa/rsa key pair.

I want to log into the server like amazon ec2. I do not want to use authorized_keys method or ssh-copy-id.

I am not going to give AWS pem file to any other user. I am trying to generate pem file for my HOME system so I can log in to another system from one system in my home. I have two in my home network.

Please help.

Remove a passphrase from a private key

http://centos.tips/ssh_nopw

Now it does not ask for passphrase but it asks for password.

I have tried using rsa and dsa both keys but not able to login without using password.

Try running ssh in verbose mode. Make sure the public key is in the user's ~/.ssh/authorized_keys files and that permissions on the ~/.ssh are set to 0700. If permissions are too loose, sshd will refuse to recognize the key based login.

I do not want to use authorized_keys method.
I want to login directly through private key or pem file.

The keys that Amazon EC2 uses are 1024-bit SSH-2 RSA keys.
Without uploading their public counterparts to the server, this cannot be done. Sorry.