Managing User Accounts on Your Linux Instance
Each Linux instance type launches with a default Linux system user account. For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user
. For Centos, the user name is centos
. For Debian, the user name is admin
or root
. For Fedora, the user name is ec2-user
or fedora
. For RHEL, the user name is ec2-user
or root
. For SUSE, the user name is ec2-user
or root
. For Ubuntu, the user name is ubuntu
. Otherwise, if ec2-user
and root
don't work, check with your AMI provider.
NOTE: Linux system users should not be confused with AWS Identity and Access Management (IAM) users. For more information, see IAM Users and Groups in the IAM User Guide.
Best Practice
Using the default user account is adequate for many applications, but you may choose to add user accounts so that individuals can have their own files and workspaces. Creating user accounts for new users is much more secure than granting multiple (possibly inexperienced) users access to the default user account, because that account can cause a lot of damage to a system when used improperly. For more information, see Tips for Securing Your EC2 Instance.
Creating a User Account
First create the user account, and then add the SSH public key that allows the user to connect to and log into the instance.
Prerequisites
- Create a key pair or use an existing key pair.For more information, see Creating a Key Pair Using Amazon EC2.
- Retrieve the public key from the key pair.For more information, see Retrieving the Public Key for Your Key Pair on Linux or Retrieving the Public Key for Your Key Pair on Windows.
To add a user account
Use the /etc/passwd
newuser
sudo adduser newuser
[Ubuntu] When adding a user to an Ubuntu system, include --disabled-password
sudo adduser newuser --disabled-password
Switch to the new account so that the directory and file that you will create will have the proper ownership.
Add the SSH public key to the user account.
Create a .ssh
directory in newuser
700
(only the owner can read, write, or open the directory).
[newuser ~]$
mkdir .ssh
[newuser ~]$
chmod 700 .ssh
Important: Without these exact file permissions, the user will not be able to log in.
Create a file authorized_keys
.ssh
600
(only the owner can read or write to the file).
[newuser ~]$
touch .ssh/authorized_keys
[newuser ~]$
chmod 600 .ssh/authorized_keys
Important: Without these exact file permissions, the user will not be able to log in.
Open authorized_keys
[newuser ~]$ nano .ssh/authorized_keys
Paste the public key for the key pair into the file and save the changes. For
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE
The user should now be able to log into newuser
authorized_keys
Removing a User Account
If a user account is no longer needed, you can remove that account so that it may no longer be used.
To remove a user from the system
Use the -r
-r
[ec2-user ~]$ sudo userdel -r olduser
Credit: https://amzn.to/2HoQN36 ( This article is copied from AWS document server). I have presented here only as know how.