On ssh to root@ instruct user to try ubuntu@ instead
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on EC2 |
Fix Released
|
Wishlist
|
Unassigned | ||
ec2-init (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The official Ubuntu beta2 AMI will prevent ssh to root@ and allow ssh to ubuntu@ so that the image follows the normal Ubuntu standards for security (allowing user "ubuntu" to sudo).
Existing EC2 users are familiar with ssh to root@ given that most existing AMIs allow this, the EC2 documentation describes this, and tools like Elasticfox and the EC2 console provide commands to that effect. Given this, we need to help point users in the right direction when they try to ssh to root@ and the best approach (right message at the right time) seems to be to output a message when the user connects with ssh to root incorrectly.
The following steps are one way to accomplish this message while only showing it to somebody who has the correct key and not increasing security risks of letting users get in as root.
At first boot, when /home/ubuntu/
command="echo;echo 'Please ssh to the \"ubuntu\" user on this host instead of \"root\"';echo"
So, the entire /root/.
command="echo;echo 'Please ssh to the \"ubuntu\" user on this host instead of \"root\"';echo" ssh-rsa AAAAB3N[...] KEYPAIRNAME
This results in an ssh attempt that looks like:
user@localhost:~$ ssh -i KEYPAIR.pem <email address hidden>
Please ssh to the "ubuntu" user on this host instead of "root"
Connection to ec2-174-
user@localhost:~$
I actually like this idea.