Enable password authentication on cloud images

The cloud images bundled by various linux distributions have password authentication disabled by default for security reasons. The only possible way to login to an instance launched using one of these images is by specifying a security key during boot and using the key to ssh. Often you would want to enable password authentication like say to login through VNC console for debugging. This post will take you through the steps involved for enabling password authentication.

  1. First you login using the pem key
    ssh -i key_pair-name.pem user@floatingip
    

    You should create key-pair before you boot any instance using it. On an openstack setup you can create key-pairs under ‘Project-> Compute-> Access&Security-> Key Pairs’.
    As soon as you create one you would be prompted to download and save it to your disk. Later you can use the ‘key-pair-name.pem’ file to ssh into your instance.
    Depending on the distribution of your image you have a default user to login as. For example on an Ubuntu image the default user is ‘ubuntu’.
    You can replace the floatingip with the FloatingIP/ElasticIP/publicIP address of your instance.

  2. Elevate your privileges
    sudo su -

    On all cloud images the default user will have password less sudo enabled.

  3. Then create a new user
    useradd -G sudo -U -m username
    

    Replace ‘username’ with the name of your choice. The above command adds the newly created user to the ‘sudo’ group. This is necessary because in most cloud images all members of ‘sudo’ group have password-less ‘sudo’ access. Without this you might not be able to elevate your privileges after login. On certain systems that do not have ‘sudo’ group ‘admin’ group will have ‘sudo’ access and you can replace ‘sudo’ with ‘admin’ in the above command.

  4. Set the password for the new user
    passwd username

    Enter the new password for the user and confirm the same.

  5. Open ‘/etc/ssh/sshd_config’ and set the following parameters
    ChallengeResponseAuthentication yes
    PasswordAuthentication yes
    
  6. Additionally if you want to enable root login you can set the below param too
    PermitRootLogin yes

    Then set a password for root user too.

    passwd

    and enter the new password for root user and confirm the same.

  7. Restart sshd
    service ssh restart
    

Voila! You can now login without your pem key.

Warning

You simple should not do this on the public cloud unless you are inviting trouble.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s