1

I have an ec2 instance using elastic beanstalk (in production). I am looking to have multiple users ssh into the ec2 instance without sharing the same keys.

I came across this answer Multiple Keys for EB instance. This solution has people ssh using different keys, however, the problem is that they all ssh into ec2-user.

My question is, can people directly ssh into their particular linux user without having to go to the ec2-user first? If so, how could i set this up?

I am new using AWS EB and ssh in general. Please let me know if i am misunderstanding anything.

Community
  • 1
  • 1
Chinsky
  • 55
  • 9
  • 1
    Does this help - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html? – Prabhu Oct 09 '16 at 02:16
  • You just need to create the users on the server and they can ssh directly into those accounts. However setting this up on Elastic Beanstalk sounds like a really terrible idea unless you are creating all these users through your EB configuration somehow. – Mark B Oct 09 '16 at 02:24
  • Hi @Prabhu, this is exactly what I did to add the new users. And it works fine, except for the fact that I have to ssh into my ec2-user before i can access the other users. I want to access the other users without going through ec2-user – Chinsky Oct 09 '16 at 20:30
  • Thanks for the reply @MarkB, do you have any ideas as to how i could add these users to my EB configuration? – Chinsky Oct 09 '16 at 20:33

1 Answers1

1

First off, it's not really recommended having users remote into instances in AWS. When working in AWS (or really any other IAS) you want things to be repeatable. If you need users SSH'ing in then it may indicate a problem with the design of your system(s). As this question isn't really about that I'll move on....

You can customize your ec2 instances using .ebextensions. With the ebextensions you can create users, groups, copy file from S3 (ssh keys if you wanted to use them). BUT users that are created this way are noninteractive system users with a shell of /sbin/nologin.

If you use the ebextensions to create and mod files like the answer is you question you'll need to make sure the users account are created correctly.

So you could spin up an instance, config it to your liking, make an IAM image of it, and then use it as our ec2 instance for beanstalk. This is a bit less flexible as you'll have to create a new image every time keys or users change.

You could create the base image then use ebextesions to add in the keys during deployment if you want to change keys on deployment but keep the user list static.

Jenya Y.
  • 2,980
  • 1
  • 16
  • 21
denov
  • 11,180
  • 2
  • 27
  • 43