SSH to AWS Instance without key pairs

Question

1  Is there a way to log in to an AWS instance without using key pairs  I want to set up a couple of sites users on a single instance  However  I don t want to give out key pairs for clients to log in   2  What s the easiest way to set up hosting sites users in 1 AWS instance with different domains pointing to separate directories

User · Answer

Recently  AWS added a feature called Sessions Manager to the Systems Manager service that allows one to SSH into an instance without needing to setup a private key or opening up port 22  I believe authentication is done with IAM and optionally MFA   You can find out more about it here   https   aws amazon com blogs aws new-session-manager

User · Answer

1  You should be able to change the ssh configuration  on Ubuntu this is typically in  etc ssh or  etc sshd  and re-enable password logins   2  There s nothing really AWS specific about this - Apache can handle VHOSTS  virtual hosts  out-of-the-box - allowing you to specify that a certain domain is served from a certain directory  I d Google that for more info on the specifics

User · Answer

Answer to Question 1 Here s what I did on a Ubuntu EC2  A  Login as root using the keypairs B  Setup the necessary users and their passwords with   sudo adduser USERNAME   sudo passwd USERNAME  C  Edit  etc ssh sshd config setting For a valid user to login with no key PasswordAuthentication yes Also want root to login also with no key PermitRootLogin yes D  Restart the ssh daemon with   sudo service ssh restart  just change ssh to sshd if you are using centOS Now you can login into your ec2 instance without key pairs

User · Answer

AWS added a new feature to connect to instance without any open port  the AWS SSM Session Manager  https   aws amazon com blogs aws new-session-manager   I ve created a neat SSH ProxyCommand script that temporary adds your public ssh key to target instance during connection to target instance  The nice thing about this is you will connect without the need to add the ssh 22  port to your security groups  because the ssh connection is tunneled through ssm session manager   AWS SSM SSH ProxyComand -  https   gist github com qoomon fcf2c85194c55aee34b78ddcaa9e83a1

User · Answer

su - root  Goto  etc ssh sshd config  vi sshd config  Authentication   PermitRootLogin yes  To enable empty passwords  change to yes  NOT RECOMMENDED   PermitEmptyPasswords no  Change to no to disable tunnelled clear text passwords  PasswordAuthentication yes   x   Then restart ssh service  root cloudera2  etc ssh  service ssh restart ssh stop waiting ssh start running  process 10978   Now goto sudoers files   etc sudoers    User privilege specification  root  ALL  ALL NOPASSWD ALL yourinstanceuser  ALL  ALL NOPASSWD ALL      This is the user by which you are launching instance

User · Answer

I came here through Google looking for an answer to how to setup cloud init to not disable PasswordAuthentication on AWS  Both the answers don t address the issue  Without it  if you create an AMI then on instance initialization cloud init will again disable this option   The correct method to do this  is instead of manually changing sshd config you need to correct the setting for cloud init  Open source tool used to configure an instance during provisioning  Read more at  https   cloudinit readthedocs org en latest    The configuration file for cloud init is found at       etc cloud cloud cfg  This file is used for setting up a lot of the configuration used by cloud init  Read through this file for examples of items you can configure on cloud-init  This includes items like default username on a newly created instance   To enable or disable password login over SSH you need to change the value for the parameter ssh pwauth  After changing the parameter ssh pwauth from 0 to 1 in the file  etc cloud cloud cfg bake an AMI  If you launch from this newly baked AMI it will have password authentication enabled after provisioning    You can confirm this by checking the value of the PasswordAuthentication in the ssh config as mentioned in the other answers

[ssh] SSH to AWS Instance without key pairs

Examples related to ssh

Examples related to amazon-ec2

Examples related to ssh-keys