Give Access to EC2 Server without PEM FILE or IAM ROLE .

Jira Ticket :

AS an SRE you have been asked to give a developer or manager or a client EC2 access without creating IAM ROLE or with out sharing PEM file .

solution :

If a user wants to log on to a server rather than giving them our pem key, create a local user with their public key.Ask the user to generate public key and share it with you .

step1:

Ask the user to send their public key.

Step2:

log onto the server where you want to grant the user access.

step3:

Create a local Linux user on a server.

1. sudo useradd -m <username>
2. Change to the newly created folder :
3. cd /home/<username>
4. Create a .ssh folder
5. sudo mkdir .ssh
6. Create a file called authorized_keys which will contain their public key
7. sudo touch auth_keys
8. Edit the file
9. sudo vi auth_keys
10. Now paste in the public key, make sure all of the file copies across.
11. Exit the file
12. Locked down permission to auth_keys
13. chmod 400 auth_keys
14. Go back a directory, to the users home
15. cd ..
16. Set the owner of the .ssh folder and contents to the user.
17. sudo chown -R <username>:<username> .ssh
18. Set the password for the user
19. sudo passwd <username>

You will be prompted to enter a password. Make a note of this and send in a secure way to the user like pwpush.com.

1. If the user needs to have admin rights to the server you can add them to the sudo group.
2. sudo usermod -aG sudo <username>
3. Contact the user saying the account has been created and what his sudo password is.
4. For a user to connect to the EC2 they will need to point to their private key in the ssh connection string.
5. ssh -i /path/to/private_key.pem username@priv_ip_address

Once the user has finished needing access to the remove their account