AWS « b20c:c011:5:b109::/64

Access to AWS with a Private Key Pair

Posted on October 26, 2015 by cbroccoli

Comments off

So once I was able to login with the default user (in my case ubuntu) I set about trying to setup a local personal user. Again Amazon provides some decent documentation under “Managing User Accounts on Your Linux Instance” but in this documentation they forgot one important step which I also could not find in the standard Ubuntu documentation.

I setup the new user as described, added a .ssh directory under /home/username and then an authorized_keys file under that. I used puttygen to generate the public and private keys.

Using copy/paste, I copied the public key shown into the authorized_keys file.

ubuntu@ip-10-95-1-159:/home/cbroccoli-a$ sudo cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAxYjEb7s64YSpEWt4lHTByAEPq1+OYjTJ6V+9o
/3Wfm5kCtw0Qr9gaWsLyYgTwpiS2ZolnhGzJUSGDnXBWgJ3uoTaKjXM/H2ZnrOIr+FlFNCv+8
qgp18nQzfCXuwYWQNt8D0sprI+pwcslFCyl/gD7YjNLdlAqINmLzyNDIWnbSjoZe0gFBvjU9U
ZRjXNTzU9U8Mzv55YMzhz4MM5jQ++1xdj1qeJTtHWZt+SSKPW6To+q7D4IlNoK
+irCV8L6CnvnPL0BvcuuXcuzhttnJ4Rwl6CbHft87n7blJb7tJAaQTtYV/SNGsz2oVr5Ytje
O0Z8lDQmN/SKd+WY+Ft6I7uJw== cbroccoli-a-key-pair-local

Finally I set the permissions to 700 on .ssh and 600 on the authorized_keys file. All as described. But when I tried to login, I got the error that the server rejected my key.

After some troubleshooting, I noticed the owner of the new .ssh directory and the authorized_keys file was root. So for both I changed the owner to the new user and that finally solved the problem.

ubuntu@ip-10-95-1-159:/home/cbroccoli-a$ sudo ls -la
drwxr-xr-x 3 cbroccoli-a cbroccoli-a 4096 Oct 25 14:42 .
drwxr-xr-x 4 root        root        4096 Oct 25 14:28 ..
-rw-r--r-- 1 cbroccoli-a cbroccoli-a  220 Oct 25 14:28 .bash_logout
-rw-r--r-- 1 cbroccoli-a cbroccoli-a 3637 Oct 25 14:28 .bashrc
-rw-r--r-- 1 cbroccoli-a cbroccoli-a  675 Oct 25 14:28 .profile
drwx------ 2 root        root        4096 Oct 26 07:22 .ssh
ubuntu@ip-10-95-1-159:/home/cbroccoli-a$ sudo chown cbroccoli-a .ssh
ubuntu@ip-10-95-1-159:/home/cbroccoli-a$ sudo ls -la
total 24
drwxr-xr-x 3 cbroccoli-a cbroccoli-a 4096 Oct 25 14:42 .
drwxr-xr-x 4 root        root        4096 Oct 25 14:28 ..
-rw-r--r-- 1 cbroccoli-a cbroccoli-a  220 Oct 25 14:28 .bash_logout
-rw-r--r-- 1 cbroccoli-a cbroccoli-a 3637 Oct 25 14:28 .bashrc
-rw-r--r-- 1 cbroccoli-a cbroccoli-a  675 Oct 25 14:28 .profile
drwx------ 2 cbroccoli-a root        4096 Oct 26 07:22 .ssh
ubuntu@ip-10-95-1-159:/home/cbroccoli-a$ sudo ls -la .ssh
total 12
drwx------ 2 cbroccoli-a root        4096 Oct 26 07:22 .
drwxr-xr-x 3 cbroccoli-a cbroccoli-a 4096 Oct 25 14:42 ..
-rw------- 1 root        root         408 Oct 26 07:22 authorized_keys
ubuntu@ip-10-95-1-159:/home/cbroccoli-a$ sudo chown cbroccoli-a 
.ssh/authorized_keys
ubuntu@ip-10-95-1-159:/home/cbroccoli-a$ sudo ls -la .ssh
total 12
drwx------ 2 cbroccoli-a root        4096 Oct 26 07:22 .
drwxr-xr-x 3 cbroccoli-a cbroccoli-a 4096 Oct 25 14:42 ..
-rw------- 1 cbroccoli-a root         408 Oct 26 07:22 authorized_keys
ubuntu@ip-10-95-1-159:/home/cbroccoli-a$

Now I can login with a unique user, using a private key that only I know and possess.

Getting Started with AWS

Posted on October 24, 2015 by cbroccoli

Comments off

Having long ignored trying out AWS I have finally taken the plunge and activated an account. As a basic use case, I want to investigate how I can build a standard web site to support a WordPress blog. My plan would be to use an EC2 Ubuntu Linux instance to build a standard LAMP (Linux Apache MySQL PHP) server which I could install WordPress on. There is a standard tutorial on Amazon to walk you through the process of doing exactly this, since it is a very standard setup. Not only should this save me a lot of time blundering through the setup, along the way I hope to gain more insight into how AWS works.

As a first step I walked through the basic setup steps documented in “Setting Up with Amazon EC2” with the following customization:

I configured two IAM Groups, one for Administrators and one for Operators to better understand the RBAC concept. Of course I also needed to setup two users, one as admin and one as operator.
I configured a custom VPC with a public subnet. This is part of the tutorial but may not be necessary.

I added a standard security group as described in the tutorial as shown below.

Once this was done, I moved onto the guide, “Getting Started with Amazon EC2 Linux Instances.” I selected a Ubuntu t2.micro instance and configured it with my new VPC and Security Group. I used the key I generated in the tutorial as described and then launched the instance. It took less than a minute to show it was running.

Once it was up, I proceeded to connect via putty to the instance using the configuration below.

Which worked without any problems…

Since I logged in with the user Ubuntu using the ssh key for my user, the next step is to setup a local user with a real user name using a privately generated key pair unknown to Amazon and disable the ubuntu generic user.