By using AWS re:Post, you agree to the Terms of Use

Best practice of using Keypair, in EC2

0

Created an EC2 instance, with Amazon Linux AMI. Also generated a keypair.

Later I created few Linux level users.

When I place the pubic key, in those Linux user's "~/.ssh/authorized_keys" file, I'm able to connect as any of those Linux level users, just with syntax "ssh -i /path/my-key-pair.pem my-instance-user-name@my-instance-public-dns-name".

Doesn't this looks like vulnerable, as I can connect as any Linux user I want, without their passwords.

What are the best practices, on using Keypair?

asked 8 months ago92 views
2 Answers
2

Hello, You ve got a direct Link to the answer that is in one of the FAQ's. Link- https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ssh-best-practices/ Link2- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html Few of the summarized Do's are as below:

  • Rotate SSH keys regularly.
  • Create Key Pairs Using Passphrase.
  • Enable Google Authenticator based MFA for SSH.
  • Change SSH from port 22 to a non standard port.
  • Do not keep private keys in temp or home directories.
  • Do not keep unused EC2 key pairs.
  • Create individual IAM users using unique credentials. Thanks and hopefully this will help you achieve the best practices with respect to AWS-EC2-Key pair.
SUPPORT ENGINEER
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions