🔐 Secure Multi-User Access to EC2 Instances Without Sharing Private Keys! 🚀

When managing an Amazon EC2 instance, giving multiple users secure access without compromising security is a common challenge. Generally, access is provided by sharing a private key between users. However, sharing the same private key among multiple people is a potential security risk. If one person loses their private key or access needs to be revoked for one user, all users might be affected.

So, how do we securely grant access to multiple users without sharing the same private key?

Solution: Creating and Managing Separate SSH Key Pairs for Each User

A better approach is to give each user their own SSH key pair. By creating individual SSH key pairs and adding each user's public key to the authorized_keys file on the EC2 instance, you ensure that:

1. Each user has a private key, which they keep secure.

2. The public key is the only thing you add to the server.

3. If a user no longer needs access, you can easily remove their public key from the authorized_keys file without affecting other users.

This approach ensures security and flexibility.

How to Implement This Solution:

Step 1: Create an SSH Key Pair for Each User

Each user needs their own SSH key pair. This can be done on the user’s local machine or generated by an admin.

To create a key pair (on Linux, macOS, or Windows using Git Bash), use the following command:

ssh-keygen -t rsa -b 4096 -C "user@example.com"

This will prompt the user to:

1. Enter a filename for the private key (e.g., ~/.ssh/id_rsa_user).

2. Set a passphrase for extra security (optional).

The output will be two files:

• Private Key: ~/.ssh/id_rsa_user

• Public Key: ~/.ssh/id_rsa_user.pub

Step 2: Add the Public Key to the EC2 Instance

For each user, the admin must add the public key (from the .pub file) to the authorized_keys file on the EC2 instance.

1. SSH into the EC2 instance:

    ssh -i "your-private-key.pem" ec2-user@ec2-public-ip
   

2. Switch to the .ssh directory:

    cd ~/.ssh
   

3. Edit the authorized_keys file:

    vi authorized_keys
   

4. Add the user's public key: Copy the contents of the user's public key file (e.g., id_rsa_user.pub) and paste it into the authorized_keys file. Each public key should be on a new line.

5. Save and exit.

Step 3: Grant Access to Multiple Users

Once the public key has been added to the authorized_keys file, the user can log in to the EC2 instance using their private key:

ssh -i "~/.ssh/id_rsa_user" ec2-user@ec2-public-ip

Each user logs in with their private key, and they don’t need access to anyone else’s private key.

How to Create and Add a Key Pair on AWS EC2 (via AWS Console)

1. Create a New Key Pair:

   • In the AWS Management Console, navigate to EC2 > Key Pairs.

   • Click Create Key Pair.

   • Name the key pair and choose the format (PEM or PPK).

   • AWS will automatically download the private key.

2. Add Public Key to EC2:

   • Once you’ve created the key pair, you can extract the public key from the PEM file using the following command:

       ssh-keygen -y -f your-private-key.pem
     

   • Add the resulting public key to the authorized_keys file on your EC2 instance, as described in Step 2 above.

Advantages of Using Individual Key Pairs

1. Increased Security: Each user has their private key. If one key is compromised, you can revoke access for just that user by removing their public key from the authorized_keys file.

2. Access Control: You can grant or revoke access for individual users without disrupting other users' access. This is especially useful when managing large teams.

3. Auditability: Since each user has their own private key, actions can be tied to individual users rather than shared keys, enhancing accountability.

4. No Need to Share Sensitive Information: Users secure their private keys, reducing the risk of exposing private credentials.

Conclusion: Securing Access with Multiple Users

By creating individual key pairs for each user and adding their public key to the EC2 instance, you avoid the security risks of sharing private keys. This approach provides a scalable, secure, and flexible way to manage access for multiple users to a single EC2 instance.

Happy Learning 😊