How to set up a new user on your Amazon AWS server
I recently set up a free Amazon AWS server. As I experimented with it, I installed a GUI desktop. Then I encountered some issues that I eventually resolved by creating a new user with its own password and then using that user for the rest of my activities.
For my own reference, and in the hope others will find it useful, here is the procedure I followed:
- Create a new userid, with password
- Add the new user to the sudoers file
- Install the AWS server’s public key for the new user
- Log in as the new user
I posted the details in my blog post, below.
Why do we need a password?
The default ubuntu userid does not have a password. The Amazon AWS documentation on managing users recommends creating new users with password disabled. So, why set up a new user with a password?
After installing a GUI desktop, you need to a use a password to authenticate operations performed by GUI software such as Ubuntu Software Center. I did not see any problems caused by configuring a user password. I found it was best to work in a “normal” Linux user account that has a password.
Create a new userid, with password
We will create a new account with userid brian. If you run into any trouble, consult the Amazon AWS documentation. To create the new account, first login to your AWS server with a command similar to:
Laptop:$ ssh -i ~/Documents/Ubuntu-2-keypair.pem firstname.lastname@example.org
Then create the new user brian (or your choice) using the command:
ubuntu@AWS:$ sudo adduser brian
Follow the prompts to enter the password and other optional user information. I filled in my full user name and left all other user information fields blank.
Add the new user to the sudoers file
Next, add the new user to the sudoers file. Use the visudo command:
ubuntu@AWS:$ sudo visudo
We add the following line after the comment line, “User privilege specification”:
brian ALL=(ALL:ALL) ALL
Then, save the file.
Execute the following command to ensure that the user brian is in the sudo groups, and so is an administrator:
ubuntu@AWS:$ sudo adduser brian sudo
Install the public key for the new user
We cannot log into the new user account via SSH until the public key from the AWS instance’s key pair is installed for the new user. We must copy the public key installed for the ubuntu user and paste it into the right file in the new user account, brian.
The public key in in the file, ~/.ssh/authorized_keys.
ubuntu@AWS:$ cat ~/.ssh/authorized_keys ssh-rsa AEEAB3NzaC1yc2EEEAADAQABAAABAQDXXrlN+I5j4g5Am/lBviKhhA2XDUaeU6DlD1qz4C2+cv0eax8lXxS0YdOIA+ioyrhGy/2Y3O+jsb54JE6Z/5u1MiX5RkX/3XayGE2Vrxa+ZstxQFgEolqNn96s6tghxQm9sjhU4r6S98XLR+Hg6xqh4COdHnANu1mlyIAW9YEfdPvFl4FnoyBSFHBvLPQZy4JLIwYeKwiGS/Esh8N5f8WQJUjIhwT3i/MgfhYhRGQdbGKIVWrL0sPwOv9gTT1H9HExyUH3G6KBhfD5Zm3R+TVe0vuUaodLcnPf4EAJZZVky/Fnbg6aLFQWf1iWjY+fa7Jev+Nnpsn9DEXAMPLE Ubuntu-2-keypair
Select the public key (omit the name of the key pair at the end) and then copy it to your clipboard. Optionally, you may also paste it into a text editor running on your laptop (just as a temporary parking spot — in case you accidentally clear your clipboard before you need to past the key to the new user).
NOTE: There are also other ways to get the public key. See the Amazon AWS documentation for more ways to retrieve the public key of the instance.
Now, switch to the new user account, brian:
ubuntu@AWS:$ sudo su brian brian@AWS:$
Ensure you are in the new user’s home directory:
brian@AWS:$ cd brian@AWS:$ pwd /home/brian
Create the SSH directory and authorized users file, with the correct permissions:
brian@AWS:$ mkdir .ssh brian@AWS:$ chmod 700 .ssh brian@AWS:$ touch .ssh/authorized_keys brian@AWS:$ chmod 600 .ssh/authorized_keys
Edit the authorized_keys file with a text editor.
brian@AWS:$ nano .ssh/authorized_keys
Paste in the public key you previously copied to the clipboard. Now the authorized_keys file will have the following contents:
Save the file.
Exit the system:
brian@AWS:$ exit ubuntu@AWS:$ exit Laptop:$
Log in as the new user
You should now be able to log into the new user brian on the remote Amazon AWS server using the same keypair. On your laptop, use the SSH command:
Laptop:$ ssh -i ~/Documents/Ubuntu-2-keypair.pem email@example.com brian@AWS:$
We now are logged in as user brian.