Best practice of using Keypair, in EC2

Question

Created an EC2 instance, with Amazon Linux AMI. Also generated a keypair.

Later I created few Linux level users.

When I place the pubic key, in those Linux user's "~/.ssh/authorized_keys" file, I'm able to connect as any of those Linux level users, just with syntax "ssh -i /path/my-key-pair.pem my-instance-user-name@my-instance-public-dns-name".

Doesn't this looks like vulnerable, as I can connect as any Linux user I want, without their passwords.

What are the best practices, on using Keypair?

Answer

Hello,
You ve got a direct Link to the answer that is in one of the FAQ's.
Link- https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ssh-best-practices/
Link2- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
Few of the summarized Do's are as below:
- Rotate SSH keys regularly.
- Create Key Pairs Using Passphrase.
- Enable Google Authenticator based MFA for SSH.
- Change SSH from port 22 to a non standard port.
- Do not keep private keys in temp or home directories.
- Do not keep unused EC2 key pairs.
- Create individual IAM users using unique credentials.
Thanks and hopefully this will help you achieve the best practices with respect to AWS-EC2-Key pair.

Answer

Also consider [Replacing SSH access to reduce management and security overhead with AWS Systems Manager](https://aws.amazon.com/blogs/mt/vr-beneficios-session-manager/).

Best practice of using Keypair, in EC2

Contenido relevante