How can I securely share SSH access to an EC2 instance?

0

Hi! I'm fairly new to AWS and devops in general. I have EC2 instances that are connected to my account. I created and set up both instances and the keys I use to SSH into them. Since I am working on this project with other people, I want to give them SSH access to the instances. However, sharing the .pem files doesn't seem to work. I've already added their IPs to the security group inbound rules for port 22. I can SSH just fine though.

KaylaLe
posta 5 mesi fa297 visualizzazioni
4 Risposte
1

Hello.

What kind of error are you getting when connecting?
Do you and other members use the same SSH connection method?
Is there any difference, for example, other members are using PuTTY but you are connecting using SSH client commands?

Also, have you checked the SSH logs?
I think the log is output to the file below, so please check it.
If there are no problems with the EC2 security group, the SSH connection log should remain, so I think the error will be recorded when it fails.

/var/log/secure

In some cases, it may be a good idea to connect using Systems Manager Session Manager instead of SSH.
This method requires a little setup on EC2, but it allows you to connect without having to allow SSH in a security group or using an SSH key.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-prerequisites.html

profile picture
ESPERTO
con risposta 5 mesi fa
profile picture
ESPERTO
verificato 5 mesi fa
1

You're best off not sharing the key for the ec2-user (I'm presuming that's what the default user is called, though it could be ubuntu or centos depending on the version of Linux), and instead create individual user accounts for everybody, including yourself https://linuxize.com/post/how-to-create-users-in-linux-using-the-useradd-command/

Each user can generate their own keypair, and provide the public key to you, and you can load it on the EC2 instance https://unix.stackexchange.com/questions/630186/how-to-add-ssh-keys-to-a-specific-user-in-linux

Instead of SSH keys you could enable password login, it's probably not recommended on an EC2 that is interent-facing as it leaves you vulnerable to brute-force attacks, so I'm just mentioning it for completeness https://repost.aws/questions/QUE9_NBn5MQ5KgpjVyyy3ISA/unable-to-login-with-username-and-password-in-redhat-machine-created-in-aws

profile picture
ESPERTO
Steve_M
con risposta 5 mesi fa
profile picture
ESPERTO
verificato 5 mesi fa
profile pictureAWS
ESPERTO
verificato 5 mesi fa
1

To troubleshoot ssh on ec2 you can try out this guide: https://repost.aws/knowledge-center/ec2-linux-ssh-troubleshooting or in general just use the search functionality in repost

profile picture
ESPERTO
con risposta 5 mesi fa
1

Sounds like it’s going to be user error if you can get in but your friends can’t.

Make sure they are using th correct user name.

Make sure they are using the correct ssh key for the correct instance.

Have them relay the error message back to you.

profile picture
ESPERTO
con risposta 5 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande