By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Best practice of using Keypair, in EC2

0

Created an EC2 instance, with Amazon Linux AMI. Also generated a keypair.

Later I created few Linux level users.

When I place the pubic key, in those Linux user's "~/.ssh/authorized_keys" file, I'm able to connect as any of those Linux level users, just with syntax "ssh -i /path/my-key-pair.pem my-instance-user-name@my-instance-public-dns-name".

Doesn't this looks like vulnerable, as I can connect as any Linux user I want, without their passwords.

What are the best practices, on using Keypair?

Topics
Compute
Tags
Linux ProvisioningAmazon EC2
Language
English
Boopalan
asked 2 years ago1597 views
2 Answers
2

Hello, You ve got a direct Link to the answer that is in one of the FAQ's. Link- https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ssh-best-practices/ Link2- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html Few of the summarized Do's are as below:

  • Rotate SSH keys regularly.
  • Create Key Pairs Using Passphrase.
  • Enable Google Authenticator based MFA for SSH.
  • Change SSH from port 22 to a non standard port.
  • Do not keep private keys in temp or home directories.
  • Do not keep unused EC2 key pairs.
  • Create individual IAM users using unique credentials. Thanks and hopefully this will help you achieve the best practices with respect to AWS-EC2-Key pair.
profile pictureAWS
SUPPORT ENGINEER
Chirag_R
answered 2 years ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
0

Also consider Replacing SSH access to reduce management and security overhead with AWS Systems Manager.

profile pictureAWS
EXPERT
kentrad
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content