Add new user to EC2 Instance

Connect to Your EC2 Instance

Make sure you have the private key (.pem file) that matches the EC2 instance. Connect to your instance using SSH:

ssh -i /path/to/your-key.pem admin@your-ec2-ip-address

Note: For Debian-based AMIs, the default username is often admin or debian. Adjust as needed.

Create a New User

Once you're logged into the machine, you can create a new user using the adduser command:

sudo adduser username

Replace username with the desired user name. Follow the prompts to set a password and other details for the new user.

Add the New User to the Sudo Group

On Debian systems, users that are members of the sudo group are allowed to execute commands with superuser privileges. Add your new user to the sudo group:

sudo usermod -aG sudo username

Again, replace username with the name of the user you created.

Verify the Sudo Permissions

To ensure that your new user has sudo access, switch to that user and try executing a command with sudo:

su - username
sudo ls -la /root

If everything was set up correctly, the ls command should list the contents of the root user's home directory without any errors. It will prompt for the password of username.

if you want the new user to authenticate with an SSH key pair (which is a good practice for EC2 instances), you should set that up as well. Here's how to do it:

On Your Local Machine

Generate an SSH key pair for the new user:

ssh-keygen -t rsa -b 4096 -f /path/to/new_key

This command will generate two files: /path/to/new_key (the private key) and /path/to/new_key.pub (the public key). Ensure the private key is kept secure.

Back on the EC2 Instance

Switch to the new user:

su - username

Create the .ssh directory and set its permissions:

mkdir ~/.ssh
chmod 700 ~/.ssh

Create or edit the ~/.ssh/authorized_keys file:

nano ~/.ssh/authorized_keys

Paste the contents of /path/to/new_key.pub (from your local machine) into this file. Save and close the file.

Set the appropriate permissions for the authorized_keys file:

chmod 600 ~/.ssh/authorized_keys

Exit back to the original user:

exit

Connect as the New User from Your Local Machine

Now, you should be able to SSH into the EC2 instance as the new user using the new private key:

ssh -i /path/to/new_key username@your-ec2-ip-address

By following these steps, the new user will authenticate using their private key (new_key) rather than a password. This method is more secure for remote connections.

PreviousExporting AWS WAF Logs to Splunk via S3 NextZero Trust in Database Security - Overview and Key Considerations

Last updated 1 year ago

Was this helpful?

Add new user to EC2 Instance

Connect to Your EC2 Instance

Make sure you have the private key (.pem file) that matches the EC2 instance. Connect to your instance using SSH:

ssh -i /path/to/your-key.pem admin@your-ec2-ip-address

Note: For Debian-based AMIs, the default username is often admin or debian. Adjust as needed.

Create a New User

Once you're logged into the machine, you can create a new user using the adduser command:

sudo adduser username

Replace username with the desired user name. Follow the prompts to set a password and other details for the new user.

Add the New User to the Sudo Group

On Debian systems, users that are members of the sudo group are allowed to execute commands with superuser privileges. Add your new user to the sudo group:

sudo usermod -aG sudo username

Again, replace username with the name of the user you created.

Verify the Sudo Permissions

To ensure that your new user has sudo access, switch to that user and try executing a command with sudo:

su - username
sudo ls -la /root

If everything was set up correctly, the ls command should list the contents of the root user's home directory without any errors. It will prompt for the password of username.

if you want the new user to authenticate with an SSH key pair (which is a good practice for EC2 instances), you should set that up as well. Here's how to do it:

On Your Local Machine

Generate an SSH key pair for the new user:

ssh-keygen -t rsa -b 4096 -f /path/to/new_key

This command will generate two files: /path/to/new_key (the private key) and /path/to/new_key.pub (the public key). Ensure the private key is kept secure.

Back on the EC2 Instance

Switch to the new user:

su - username

Create the .ssh directory and set its permissions:

mkdir ~/.ssh
chmod 700 ~/.ssh

Create or edit the ~/.ssh/authorized_keys file:

nano ~/.ssh/authorized_keys

Paste the contents of /path/to/new_key.pub (from your local machine) into this file. Save and close the file.

Set the appropriate permissions for the authorized_keys file:

chmod 600 ~/.ssh/authorized_keys

Exit back to the original user:

exit

Connect as the New User from Your Local Machine

Now, you should be able to SSH into the EC2 instance as the new user using the new private key:

ssh -i /path/to/new_key username@your-ec2-ip-address

By following these steps, the new user will authenticate using their private key (new_key) rather than a password. This method is more secure for remote connections.

PreviousExporting AWS WAF Logs to Splunk via S3 NextZero Trust in Database Security - Overview and Key Considerations

Last updated 1 year ago

Was this helpful?