e-Zest members share technology ideas to foster digital transformation.

How to add SSH users in Amazon Linux

Written by Priya Benade | May 20, 2013 8:54:28 AM

What Is SSH?

Secure shell (SSH) is the secure method of remotely connecting to another server. By default SSH listens for connections on port 22 and demon service of SSH is sshd. The ssh configuration file is located at /etc/ssh/sshd.config and is used for any additional configurations regarding listening port, location of keys exchanging between the two sessions of the client and server and vice versa etc.

Whenever you have to configure the SSH user on Amazon Linux just follow the following steps:

  1. Install the openssh package by using yum command
    yum install openssh
  2. Start and enable sshd service
    service sshd restart
    chkconfig sshd on
  3. open port 22 for all IP addresses
    /sbin/iptables –A INPUT –n state --state NEW –n tcp –p tcp --dport 22 –j ACCEPT

Steps to create SSH user in AWS Linux machine:

  1. Create a new Linux user with the useradd command.
    The following command creates a new user and adds it into the ec2-user security group.
    (You need to run this command using sudo to obtain root permission)
    sudo useradd -g ec2-user newuser
  2. Create a new Linux group with the groupadd command with the same as created user
    Sudo groupadd newuser
  3. Log in as newuser using the sudo and su commands.
    sudo su newuser
  4. Go to newuser's home directory.
    cd /home/newuser
  5. Generate a new public/private key pair for this user using with the ssh-keygen command.
    ssh-keygen -b 1024 -f newuser -t dsa

    It will ask for passphrase then hit ‘ENTER’ key

    After you execute this command two files will be created as shown below

    • newuser
    • newuser.pub

  6. Create the .ssh/.authorized_keys file with the appropriate ownership and permissions.


    $ mkdir .ssh
    $ chmod 700 .ssh
    $ cat newuser.pub > .ssh/authorized_keys
    $ chmod 600 .ssh/authorized_keys
    $ chown newuser:newuser .ssh
    $ chown newuser:newuser .ssh/authorized_keys

  7. Move newuser to /tmp directory and assign proper permissions for downloading.
    Then download the private key file (named newuser) using WinSCP (or a similar SFTP application), and convert the private key to a PuTTY.ppk

Now you can log in directly as the user newuser to your Amazon EC2 instance.
View full post