How to set up a new user on your Amazon AWS server
I recently set up a free Amazon AWS server. As I experimented with it, I installed a GUI desktop. Then I encountered some issues that I eventually resolved by creating a new user with its own password and then using that user for the rest of my activities.
For my own reference, and in the hope others will find it useful, here is the procedure I followed:
- Create a new userid, with password
- Add the new user to the sudoers file
- Install the AWS server’s public key for the new user
- Log in as the new user
I posted the details in my blog post, below.
Why do we need a password?
The default ubuntu userid does not have a password. The Amazon AWS documentation on managing users recommends creating new users with password disabled. So, why set up a new user with a password?
After installing a GUI desktop, you need to a use a password to authenticate operations performed by GUI software such as Ubuntu Software Center. I did not see any problems caused by configuring a user password. I found it was best to work in a “normal” Linux user account that has a password.
Create a new userid, with password
We will create a new account with userid brian. If you run into any trouble, consult the Amazon AWS documentation. To create the new account, first login to your AWS server with a command similar to:
Laptop:$ ssh -i ~/Documents/Ubuntu-2-keypair.pem [email protected]
Then create the new user brian (or your choice) using the command:
[email protected]:$ sudo adduser brian
Follow the prompts to enter the password and other optional user information. I filled in my full user name and left all other user information fields blank.
Add the new user to the sudoers file
Next, add the new user to the sudoers file. Use the visudo command:
[email protected]:$ sudo visudo
We add the following line after the comment line, “User privilege specification”:
brian ALL=(ALL:ALL) ALL
Then, save the file.
Execute the following command to ensure that the user brian is in the sudo groups, and so is an administrator:
[email protected]:$ sudo adduser brian sudo
Install the public key for the new user
We cannot log into the new user account via SSH until the public key from the AWS instance’s key pair is installed for the new user. We must copy the public key installed for the ubuntu user and paste it into the right file in the new user account, brian.
The public key in in the file, ~/.ssh/authorized_keys.
[email protected]:$ cat ~/.ssh/authorized_keys ssh-rsa AEEAB3NzaC1yc2EEEAADAQABAAABAQDXXrlN+I5j4g5Am/lBviKhhA2XDUaeU6DlD1qz4C2+cv0eax8lXxS0YdOIA+ioyrhGy/2Y3O+jsb54JE6Z/5u1MiX5RkX/3XayGE2Vrxa+ZstxQFgEolqNn96s6tghxQm9sjhU4r6S98XLR+Hg6xqh4COdHnANu1mlyIAW9YEfdPvFl4FnoyBSFHBvLPQZy4JLIwYeKwiGS/Esh8N5f8WQJUjIhwT3i/MgfhYhRGQdbGKIVWrL0sPwOv9gTT1H9HExyUH3G6KBhfD5Zm3R+TVe0vuUaodLcnPf4EAJZZVky/Fnbg6aLFQWf1iWjY+fa7Jev+Nnpsn9DEXAMPLE Ubuntu-2-keypair
Select the public key (omit the name of the key pair at the end) and then copy it to your clipboard. Optionally, you may also paste it into a text editor running on your laptop (just as a temporary parking spot — in case you accidentally clear your clipboard before you need to past the key to the new user).
NOTE: There are also other ways to get the public key. See the Amazon AWS documentation for more ways to retrieve the public key of the instance.
Now, switch to the new user account, brian:
[email protected]:$ sudo su brian [email protected]:$
Ensure you are in the new user’s home directory:
[email protected]:$ cd [email protected]:$ pwd /home/brian
Create the SSH directory and authorized users file, with the correct permissions:
[email protected]:$ mkdir .ssh [email protected]:$ chmod 700 .ssh [email protected]:$ touch .ssh/authorized_keys [email protected]:$ chmod 600 .ssh/authorized_keys
Edit the authorized_keys file with a text editor.
[email protected]:$ nano .ssh/authorized_keys
Paste in the public key you previously copied to the clipboard. Now the authorized_keys file will have the following contents:
Save the file.
Exit the system:
[email protected]:$ exit [email protected]:$ exit Laptop:$
Log in as the new user
You should now be able to log into the new user brian on the remote Amazon AWS server using the same keypair. On your laptop, use the SSH command:
Laptop:$ ssh -i ~/Documents/Ubuntu-2-keypair.pem [email protected] [email protected]:$
We now are logged in as user brian.