Chris's picture

Hi all,

I'm using the LAMP stack provided for AWS, which is on Debian 6. By default, you ssh into the server with root access. I find this a bit dangerous, as it's possible to make accidental mistakes when running different commands. I would like to add another user that doesn't have root access by default. However, since this is an EC2 server running on AWS, this isn't exactly straightforward because AWS only allows one key per instance.

That said, I was wondering if there was some guide to help me get around this. Preferrably, I would like to add users with their own keys. If not this, then I at least want to log in with different users using the same key. I tried some of the guides I found searching, but none of them seem to apply perfectly to this situation.

Any help is much appreciated! Thanks!

Forum: 
Tags: 
Jeremy Davis's picture

Firstly, sorry for such a slow response...

Secondly I suggest that you use the newer TKL version 13 (which is based on Debian 7/Wheezy).

Next, TBH I am quite unfamiliar with AWS but from what I know of Linux, it shouldn't matter how many keys AWS allow you to register. AFAIK the ones registered with AWS are just for automatic installation in your guest(s). There is nothing stopping you from manually adding how ever many keys you want to each individual server... (This is probably a good overview/tutorial although you could probably skip straight to page 2).

You'll want to create the users first and if you don't want to use root at all then you'll need to install sudo too and create some sort of admin user (although IMO that isn't much different to using root really...)

Chris's picture

I completely forgot I posted this question until I revisted my problem last night.

First, I launched a few dummy "practice" intances to try and upgrade to Wheezy, but every time I ran into problems. In the end, I couldn't successfully upgrade and maintain the integrity of the server and/or web application. I am positive this due to my lack of administration experience, so I think I'll just stick with and updated version of Squeeze for now.

Regarding the second item, I have tried for hours to try and get this to work, yet I still can't get it to work. I guess I'm missing something. I was using the guide found on this page:

http://aws.amazon.com/articles/1233

but it just doesn't work for me. It's kind of frustrating. Anyway, thanks for the help!

Jeremy Davis's picture

Currently the v13.0 appliances don't appear to be available via the AWS Marketplace. I'm not sure why that is, but currently if you want v13.0 (based on Debian Wheezy) then you'll need to use the TKL Hub. Upgrading from Squeeze to Wheezy (as you tried) should be possible, but it still won't be v13.0 as some of the components of TKL aren't installed via package management. Also it's not formally supported by TKL (although like I say it should work fine).

FYI the AWS page you link to isn't completely relevant to TKL appliances. Firstly, the AWS firewall is already preconfigured to block all but the ports that are preconfigured for TKL - depending on the appliance these are commonly 22 (SHH/SFTP), 80 (HTTP), 443 (HTTPS), 12320 (Webshell - a web based shell), 12321 (Webmin - Web Admin UI) and in some appliances 12322 (phpMyAdmin/phpPgAdmin - MySQL/PostgreSQL web admin UI; depending on DB backend included). The keys section is relevant but from what I can gather (and congruent with your OP) AWS only let you configure one key pair per server (more on that below). And as for security updates, TKL already has automatic security updates configured, so these will install every night (at a randomly selected time so as not to overload Debian servers - and obviously only if/when they are available).

Now to adding additional keys: as per above; AFAIK AWS don't allow you to use/manage more than one set of keys. This means that you can automatically use the initial keys to login as root (the key pair managed by AWS). But beyond that you will need to manage keys for additional users yourself. You will probably not find instructions on how to do that within AWS docs (as it is OS specific). Have a look through the thread that I linked to above. Otherwise have a google and you may find a tutorial that suits you better. There should be plenty about, but like I said you will need to add the users first and do this within each new user account.

Chris's picture

Thanks for your very detailed reply! I appreciate it. I did look for the latest version of TKL on the AWS marketplace, but it wasn't available as you said. We are signed up to the TKLHUB, but I never thought to try and launch an instance from there. It's probably a lower priority at the moment, but I'll definitely look into transferring everything over to TKL 13 when possible.

Regarding the AWS firewall, I have already tweaked the security groups to meet my needs, so that's not an issue.

I did use your link to attempt to create additional keys for managing users. I was unsuccessful, but let me try again next week. Otherwise, I'll keep searching until I figure it out. As long as password logins are turned off and I am very strict in my security group access, I shouldn't run into problems. Really, the biggest problem with defaulting to root is me messing something up on the server myself. :)

Thanks again!

Add new comment