Allowing SSH password access Amazon EC2


If you use the standard Amazon Linux AMI images and why would you not!!!! there is a work around needed if you want to give third part access via ssh to the server, using username and password authentication.

 

PLEASE BE CAREFUL WITH THIS AS IF YOU DO THIS WRONG YOU WILL LOCKED OUT OF YOUR SERVER

It is also not the recommendation of Amazon to do this, but sometime you have to, such is life. Just make sure that you choose a kick ass hard password and it mitigates the security concerns a little bit.

 

Make sure that you always have a couple of active ssh sessions open before you start this, once there is a session open if this do not work it is easy to undo them.

 

Create a user with a very strong password to start with. I am not going into how to do this, as if your messing around with ssh configuration I am presuming creating a user is child’s play to you.

cd /etc/ssh

vi sshd_config

Find the following lines

 

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# EC2 uses keys for remote access
PasswordAuthentication no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

 

Change the lines to read

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# EC2 uses keys for remote access
#PasswordAuthentication no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no

 

service shd restart

Ensure that you can still make a connection using the key method as you have been doing.

Then try a connection using the username and password.

You should have a successful connection, if at any time there is a failure change the file back to the original restart the sshd service and ensure that you can still connect.

I am afraid that I can not help you if this does not work as it has always worked for me.

 

The last thing that you may need to do is make the new user access the sudo functions.

visudo

At the bottom of the file is

 

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
ec2-user ALL = NOPASSWD: ALL

new-user ALL = NOPASSWD: ALL

Add the user that you want to give access, in my case I wanted them to have ALL access, there are other restrictions I am sure. This is an area that I have never had to read up on, one day I am sure that I will need to 🙂

 

Anyway that’s all for this one, good luck and becareful

 

 

 

 

Advertisements

One Comment on “Allowing SSH password access Amazon EC2”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s