Amazon Elastic Compute Cloud Developer Guide, API Version 2007-03-01 page 18

Document Details Browse Titles Browse Authors

This Document All Documents

Amazon Elastic Compute Cloud Developer Guide, API Version 2007-03-01 Page 18 (18 of 164)

Zoom In
Zoom Out
Contents
Extract
Help
Printable

Share

Amazon Elastic Compute Cloud Page 2
What's New Page 6
Introduction Page 7
Working with AMIs Page 8
Launching and Using Instances Page 23
Using and Securing the Network Page 35
Using the APIs Page 42
API Reference Page 48
Command Line Tools Reference Page 119
Technical FAQ Page 154
Glossary Page 161
- Glossary Page 161
- Page 161
Document Conventions Page 162

Extracted Text (may have errors)

Amazon Elastic Compute Cloud Developer Guide Install Public Key Credentials. #PermitRootLogin yes to PermitRootLogin without-password The location of this configuration file may differ for your distribution, or if you're not running OpenSSH. Consult the relevant documentation if this is the case. Randomizing the root password is also pretty simple. Add the following to your boot process. if [ -f "/root/firstrun" ] ; then dd if=/dev/urandom count=50|md5sum|passwd --stdin root rm -f /root/firstrun else echo "* Firstrun *" && touch /root/firstrun fi Once again, you may need to consult the relevant documentation if you're using a distro other than Fedora. Install Public Key Credentials. Now that we've done a pretty thorough job of ensuring that no one can log into instances of our AMI using a password, we need to make sure they can login using some other mechanism. EC2 allows users to specify a public-private keypair name when launching an instance. When a valid keypair name is provided to the RunInstances API call (or through the command line API tools) the following happens behind the scenes: The public key (the only portion of the keypair EC2 retains on the server after a call to CreateKeyPair) is made available to the instance through two methods 1. an HTTP query 2. a file on the instance's ephemeral store (/dev/sda2). This file is named openssh_id.pub and its format is compatible with the OpenSSH authorized_keys file. Note The HTTP request is the preferred method of retrieving the public key. The second method is deprecated and will be phased out in future versions of the service. This means at boot, all your AMI need do is retrieve the key value and append it to /root/.ssh/authorized_keys (or the equivalent for any other user account on the AMI) and users will be able to launch instances of your AMI with a keypair and log in without requiring a root password. if [ ! -d /root/.ssh ] ; then mkdir -p /root/.ssh chmod 700 /root/.ssh fi # Fetch public key using HTTP curl http://169.254.169.254/2007-03-01//meta-data/public-keys/0/openssh-key > /tmp/my-key if [ $? -eq 0 ] ; then cat /tmp/my-key >> /root/.ssh/authorized_keys API Version 2007-03-01 13

Help

The new reader is still in beta!

Amazon Elastic Compute Cloud Developer Guide, API Version 2007-03-01 page 18

Powered by Tizra® Publisher | Terms of Service | Privacy | Contact Us

Source: