I like SSHing into things. So I went ahead and setup my own AWS EC2 instance. Under the free tier, you can get good mileage out of an instance and use it to do whatever you please.
But it took me awhile to get the thing up and running properly. Here are the things I wanted to have:
If that experience sounds good to you, keep reading. I've pulled together the assorted posts that I used to setup my EC2 instance and assembled The Idiot-Proof Guide.
For those interested, 'EC2' stands for Elastic Cloud Compute. The service itself allows users to rent out virtual computers on which they can boot up their own images. Basically, we're booting onto some random CPU in some Amazon-owned datacenter somewhere in America.
Now that our instance is up and running, we need to make one more step before we can SSH in. That is, we need to set the file permissions of your_keyname.pem. To do that, use the following command:
chmod 600 /path/to/your_keyname.pem
Get your EC2 name (something of the form *.compute.amazonaws.com). It'll look like this:
Now, we can go ahead and SSH in. Issue the following command:
ssh -i /path/to/your_keyname.pem ubuntu@your_instance.compute.amazonaws.com
In my case, for example, that looks like:
ssh -i ~/Desktop/my_key.pem email@example.com
Success! (I hope...)
First, we should setup password authentication so that when we add users, our instance is secure. To do so:
sudo vi /etc/ssh/sshd_config # Change the line "PasswordAuthentication no" to "PasswordAuthentication yes"
Notice that we need to use sudo.
Next, we'll add our user as follows:
sudo useradd -d /home/charlie -m charlie sudo passwd charlie # Enter password, twice
That's great! But charlie still isn't sudo. If you don't know what that means: in short, a sudo user is able to access files reserved for admins. We want our account to have these admin privileges. So to provide that, we type the following (still on ubuntu):
sudo visudo # After line "root ALL=(ALL:ALL) ALL", add "charlie ALL=(ALL:ALL) ALL"
Note: if you don't want to be prompted to enter your password, then use "charlie ALL = NOPASSWD:ALL" instead.
At this point, we can SSH in as charlie! Let's give it a try. Before closing our current instance, lets reload the SSH file for good measure. Still as ubuntu, type:
sudo /etc/init.d/ssh restart logout
Now back in the terminal, we can go ahead and login:
(Some readers have had trouble with this step, and reported that editing sshd_config as described here was also necessary. I'm told that you'll need to add the "ubuntu" user, as well as your own, when following these steps.)
We're in! Last thing (for now): when I created my new user account, it didn't default to the bash shell. So I lacked tab-to-autocomplete, up-arrow-for-last-command, etc. To fix that:
sudo chsh -s /bin/bash
Logout and login. You'll know you're successful if you see:
If this method doesn't work, you can also manually edit the /etc/passwd file and change "/bin/sh" to "/bin/bash" for charlie.
Now we'll make this login flow much smoother.
To avoid the need to enter our password, we need to take some careful steps and create a public-private key pair. If you already have a private key that you want to use, continue to the next step. Otherwise, we first create a private-public key pair on our local machine in ~/.ssh:
cd /Users/crmarsh/.ssh/ ssh-keygen -t rsa # Name your key. Add a password, if you want.
If you didn't use the default key name, you need to add the private key (the version without the .pub extension) to your keychain as follows:
ssh-add -K keyname
Next, we need to move the public key to our server. Note that I'm assuming this is still your fresh EC2 instance; it should still be okay if you have an existing setup, but I can't make any promises. We proceed as follows:
scp keyname.pub firstname.lastname@example.org: # SSH in ssh email@example.com # Add key to list of authorized keys mkdir .ssh touch .ssh/authorized_keys cat keyname.pub >> .ssh/authorized_keys # Set permissions chmod 700 .ssh chmod 0640 .ssh/authorized_keys rm keyname.pub
Logout, and you should be able to SSH in without having to enter your password.
To create the alias, go to your bash_profile (emacs ~/.bash_profile) or wherever you configure your local bash settings. Add the following two lines (with your arguments substituted):
export AWS='ec2-54-245-139-10.us-west-2.compute.amazonaws.com' alias aws='ssh crmarsh@$AWS'
Why both? Well, if you ever need the address of your instance (it comes in handy), you can just type 'echo $AWS'. And when you want to login, you can just type 'aws' on its own. Try it for yourself.
As a final note: if you're like me and you love Sublime Text, I highly recommend using Sublime SFTP. It lets you edit files on your remote server using Sublime Text over SFTP.
However, there were still some things I wanted: emacs, git, make, etc. Obviously, preferences will vary from developer to developer. Here are some commands you might want to use, for your convenience:
sudo apt-get install emacs sudo apt-get install git sudo apt-get install make ...
Posted on June 19, 2013.