Enable Root User On AWS EC2 Ubuntu AMI

Enable Root User On AWS EC2 Ubuntu AMI

Enable Root User On AWS EC2 Ubuntu AMI

Problem: Enable Root User On AWS EC2 Ubuntu AMI

Solution: Edit .ssh/authentication_keys and delete text in front of public key.

Something happened the other day… I went to install an Ubuntu image in the AWS Asia Pacific region, but I couldn’t find the AMI we needed. The AWS Marketplace listed Ubuntu AMIs for every server size/type, except for the one I needed – an m3.medium on plain EBS (not HVM). So I checked the Ubuntu Amazon EC2 AMI Locator and found the one I needed. Great. Problem solved.

Finished installing updates and Automated NGINX Hosts with EasyEngine and WordPress. But when I got to copying the backup from the old server, I couldn’t get any files to upload to the /var/www/webroot. FileZilla would act like it was transferring files, but there was no progress bar on each file and when it finished “transferring” the last file, the webroot was still empty.

Obviously, I had a permissions issue, right? Well, sort of. When you provision an Ubuntu image on DigitalOcean, you get full root access. But when you provision Ubuntu on AWS, the root user is disabled. In theory, this is a good idea for security reasons. But in practice, it can wreak havoc on group permissions preventing you from transferring files over SFTP, etc.

So I wasted a bunch of time messing with groups and permissions, and no matter what I did, still couldn’t upload files to the webroot. Thankfully, kossboss already had me covered! Here’s what finally worked!

NOTE: You acknowledge that you are doing this at your own risk and understand the security implications.

SSH in with the default “ubuntu” user and elevate your permissions:

Enable root and give it a strong password:

Now, unlock root:

Edit the following file:

Before you edit, the file will look something like this:

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command=”echo ‘Please login as the user \”ubuntu\” rather than the user \”root\”.’;echo;sleep 10″ ssh-rsa AAAAB3NzaC1yc2E0000DAQABAAABAQC9+9P2K0Fxa/tWoelrsCOgZt5lt2hjgwhPzCZG49eyWaTYYhMGLYOnj0rdzlEHk997HpZ2piF9Ftfdx5Hx71dMryv0FqOITvRay/hFCVMXd6diStSHp9eWKx0iULWy0aaaSpWazlgdvJUr6C7Aolt2TU9Gcj+bIxH4lv3RCTpLLLtlqhBhv8wb24xKSw+khpDuy83zWKkzRsZpIpYXVVEslUZD491yTC9xTg0tn2XRVeC82fWCdmR6bwYMbPY/EhTnTjJCwLirRX3123+hWahddyYD6brfE8yX6liRLLFPlBsxHNkAreisFO3EzBqwKNEqQH1EvMWyHLJx9v672Z YourKeyName

Look for the following and delete everything up to, but excluding ssh-rsa.

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command=”echo ‘Please login as the user \”ubuntu\” rather than the user \”root\”.’;echo;sleep 10″

Your public key file should now begin with “ssh-rsa” without the quotes and remove any leading spaces before ssh-rsa.

CTRL+O to save, ENTER to confirm and CTRL+X to exit nano.

If all went well, your public key will resemble this:

ssh-rsa AAAAB3NzaC1yc2E0000DAQABAAABAQC9+9P2K0Fxa/tWoelrsCOgZt5lt2hjgwhPzCZG49eyWaTYYhMGLYOnj0rdzlEHk997HpZ2piF9Ftfdx5Hx71dMryv0FqOITvRay/hFCVMXd6diStSHp9eWKx0iULWy0aaaSpWazlgdvJUr6C7Aolt2TU9Gcj+bIxH4lv3RCTpLLLtlqhBhv8wb24xKSw+khpDuy83zWKkzRsZpIpYXVVEslUZD491yTC9xTg0tn2XRVeC82fWCdmR6bwYMbPY/EhTnTjJCwLirRX3123+hWahddyYD6brfE8yX6liRLLFPlBsxHNkAreisFO3EzBqwKNEqQH1EvMWyHLJx9v672Z YourKeyName

Now, try logging in as root and uploading, editing files, etc. If you can’t login, you may need to reboot.

To disable the Root account and restore the previous setting:

First lock your account

SSH in as ubuntu:

  • -d deletes the password, so that we are back where we started with root not having a password
  • -l locks the account so that we are back where we started with a locked account (That’s a lower case L)

 

You can simply lock the root user without disabling it:

Go back and edit the public key file:

Append the public key with the following: