Quote:
Originally Posted by unclesamcrazy
Can I make this pem file for my local CentOS server so I do not need to give password to each user. I will give the pem file and user will be inside centOS in their account.
Please comment.
|
Under NO conditions would I do this. You compromise your entire server by exposing your AWS .pem file to each user.
What I do is create a new ssh key for each user and stick the contents of each user's key.pub into
each users home/.ssh directory in .ssh/authorized_keys
You may have to make this directory and file.
NEVER give out that .pem file. EVER.
NEVER give out your aws_access_key OR aws_secret_key contents to anyone you don't trust either.
You can generate keys for each "user" on any machine using
Code:
ssh-keygen -f /path/to/safe/directory/user1-id_rsa -t rsa -N '' -q
where
user1-id_rsa can be Bob, Carol, Ted, or Alice usernames on the Amazon instance.
then copy the
[Bob,Carol,Ted.Alice].pub contents of each user's key to each user's home/$user/.ssh/authorized_keys file
Make sure that authorized_keys is owned by each user and is chmod'd 600
You can even do this for root. I would, just to
keep the .pem file safe.
Give [Bob,Carol,Ted.Alice] key (not the .pub extension) to Bob,Carol,Ted and Alice and they stick the key in their local machine's .ssh directory and use it in a similar manner as the pem you shown here...
Code:
ssh -qi /path/to/key user@ip_of_instance
IF you have an EIP associated with the instance and you'll need one for public assess.
or
Code:
ssh -i /path/to/key user@ec2-xx-xxx-xxx-xx.compute-1.amazonaws.com
It's good practice and you'll need the experience if you're going to have "users".
You'll need to understand
SecurityGroups also.
If you get stuck, you should read and bookmark
http://docs.aws.amazon.com/gettingst...tro/intro.html
You can also send me an email to
lq at cirrhus9 dot com
that is el que, NOT eye queue
or I am subscribed with interest...