The documented solution on AWS’s pages are not easy to follow, so here’s a step by step guide!
NB it is assumed you have already created the user fred on the EC2/lightsail instance with ‘adduser’ or similar, and it already has a ~/.ssh directory with the appropriate the user permissions. I have also outlined which host you have to be on for each step [desktop] is your own computer, [lightsail] for the AWS lightsail (or EC2 instance).
Step 1: Create SSH Key Pair (if not already created)
[desktop]
Open your terminal on your own desktop. Generate a new SSH key pair (or use an existing one). To generate a new key, execute something like:
ssh-keygen -t rsa -b 2048 -f ~/.ssh/fred_lightsailNB: When prompted for a passphrase, you can choose to leave it empty for password-less logins.
Ensure your private key (fred_lightsail) is secure:
chmod 600 ~/.ssh/fred_lightsailStep 2: Upload Public Key to AWS Lightsail
Next, the magic-aws-sauce! You need to upload the public key (fred_lightsail.pub) to your Lightsail instance. You have to do this via the AWS Lightsail console (still on your desktop).
- Go to the Lightsail Management Console (https://lightsail.aws.amazon.com) / or navigate to the Lightsail section from main AWS Management console.
- Ensure SSH is enabled in firewall: Click on your instance, then go to the Networking tab. Under Firewall, make sure that SSH (port 22) is allowed.
- Add SSH key: Go to the Account page from the Lightsail home, and under SSH keys, upload your public key (fred_lightsail.pub).
Step 3: Set up User and Permissions on Lightsail
[lightsail / ec2]
SSH into your Lightsail / EC2 instance using the default ‘ubuntu’ user.
ssh -i /path/to/default/ubuntu-key ubuntu@your-instance-ipAdd the public key to the new user’s authorized keys:
echo "your-public-key-contents" | sudo tee /home/fred/.ssh/authorized_keys
sudo chmod 600 /home/fred/.ssh/authorized_keys
sudo chown -R fred:fred /home/fred/.ssh(you could alternatively scp/sftp the pubkey to your ubuntu user and just mv the file into /home/fred and change the perms)
Step 4: Log in and enjoy!
[desktop]
Now on your desktop, you should be able to SSH into your Lightsail instance as ‘fred’ using:
ssh -i ~/.ssh/fred_lightsail fred@your-instance-ipI hope that this helps what are surely loads of frustrated ‘normal’ Linux users out there. The AWS documentation on this step is inaccurate at best!
