Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Best practice of using Keypair, in EC2

0

Created an EC2 instance, with Amazon Linux AMI. Also generated a keypair.

Later I created few Linux level users.

When I place the pubic key, in those Linux user's "~/.ssh/authorized_keys" file, I'm able to connect as any of those Linux level users, just with syntax "ssh -i /path/my-key-pair.pem my-instance-user-name@my-instance-public-dns-name".

Doesn't this looks like vulnerable, as I can connect as any Linux user I want, without their passwords.

What are the best practices, on using Keypair?

Argomenti
Computazionali
Tag
Provisioning di LinuxAmazon EC2
Lingua
English
Boopalan
posta 2 anni fa1625 visualizzazioni
2 Risposte
2

Hello, You ve got a direct Link to the answer that is in one of the FAQ's. Link- https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ssh-best-practices/ Link2- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html Few of the summarized Do's are as below:

  • Rotate SSH keys regularly.
  • Create Key Pairs Using Passphrase.
  • Enable Google Authenticator based MFA for SSH.
  • Change SSH from port 22 to a non standard port.
  • Do not keep private keys in temp or home directories.
  • Do not keep unused EC2 key pairs.
  • Create individual IAM users using unique credentials. Thanks and hopefully this will help you achieve the best practices with respect to AWS-EC2-Key pair.
profile pictureAWS
TECNICO DI SUPPORTO
Chirag_R
con risposta 2 anni fa
profile picture
ESPERTO
Giovanni Lauria
verificato un mese fa
0

Also consider Replacing SSH access to reduce management and security overhead with AWS Systems Manager.

profile pictureAWS
ESPERTO
kentrad
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente