How to Create a Password-Based User for SSH Access on AWS EC2 Instance


8 views

When setting up a Git server on an EC2 instance, developers often need password-based authentication for tools like Eclipse that don't support SSH key authentication out of the box. While AWS EC2 instances typically use SSH key pairs for secure access, certain development workflows require traditional username/password credentials.

1. Connect to Your EC2 Instance

First, SSH into your instance using your existing key pair:

ssh -i /path/to/your-key.pem ec2-user@your-instance-public-dns

2. Create a New User

Create a new user account (let's call it 'gituser' as an example):

sudo adduser gituser

3. Set a Password

Configure a password for the new user:

sudo passwd gituser

You'll be prompted to enter and confirm the new password.

4. Configure SSH for Password Authentication

Edit the SSH configuration file:

sudo vi /etc/ssh/sshd_config

Find and modify these lines:

PasswordAuthentication yes
ChallengeResponseAuthentication yes

Then restart the SSH service:

sudo service sshd restart

5. Grant Necessary Permissions

If this user needs to access Git repositories, ensure proper permissions:

sudo usermod -a -G git gituser
sudo chmod -R g+rx /path/to/git/repositories

In Eclipse's Git perspective:

  1. Navigate to Window → Show View → Other → Git → Git Repositories
  2. Click "Clone a Git Repository"
  3. Enter the repository URL in format: ssh://gituser@your-instance-public-dns/path/to/repo.git
  4. When prompted, enter the password you set earlier

While this solution works, consider these security best practices:

  • Use strong, complex passwords
  • Implement fail2ban to prevent brute force attacks
  • Consider restricting password authentication to specific IP ranges
  • Regularly rotate passwords

Connection refused: Verify your EC2 security group allows inbound SSH (port 22) from your IP.

Permission denied: Double-check the username and password, and ensure PasswordAuthentication is enabled in sshd_config.

When setting up a Git server on an EC2 instance, you typically use SSH key pairs for authentication. However, some tools like Eclipse plugins may require traditional username/password authentication. This guide explains how to create a password-based user while maintaining security.

First, connect to your EC2 instance using your existing SSH key:

ssh -i your-key.pem ec2-user@your-instance-public-ip

Once logged in, create a new user with password authentication:

sudo adduser gituser
sudo passwd gituser

You'll be prompted to enter and confirm a password for the new user.

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and modify these lines:

PasswordAuthentication yes
ChallengeResponseAuthentication yes

Then restart the SSH service:

sudo service sshd restart

For the new user to access Git repositories:

sudo su - gituser
mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

While enabling password authentication, consider these security measures:

  • Use strong passwords (12+ characters with mixed types)
  • Limit login attempts with fail2ban
  • Regularly monitor auth logs

From your local machine, test the new credentials:

ssh gituser@your-instance-public-ip

You should be prompted for the password you set earlier.

In Eclipse, configure your Git plugin with:

  • Protocol: SSH
  • Host: your-instance-public-ip
  • User: gituser
  • Authentication: Password