Enable Linux Password Authentication on Cloud Linux VPS - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Tuesday, June 23, 2020

Enable Linux Password Authentication on Cloud Linux VPS

Most Cloud Providers do not allow you to log in directly using Password. It will ask you to use public/private key to log in. This post is using AWS EC2 instance as an example to enable password authentication for your SSH session. This is not recommended and only for your testing purpose since this dramatically lows down your security configuration.






Here are all steps:

1.    From an SSH client, log in to your EC2 instance.

Use one of the following user names:
  • For Amazon Linux, the user name is ec2-user.
  • For RHEL 5, the user name is either root or ec2-user.
  • For Ubuntu, the user name is ubuntu.
  • For SUSE Linux, the user name is either root or ec2-user.
If ec2-user or root doesn't work, check with your AMI provider.

2.    Set a password for user. 

The example below uses ec2-user as the user:
$ sudo passwd ec2-user
Changing password for user ec2-user.
New password:
Retype new password:
For example, a successful response looks like this:
passwd: all authentication tokens updated successfully.

3.    Update the PasswordAuthentication parameter in the /etc/ssh/sshd_config file:

PasswordAuthentication yes

4.    Restart the SSH service.

For Amazon Linux, RHEL 5, and SUSE Linux, use this command:
sudo service sshd restart
For Ubuntu, use this command:
sudo service ssh restart

5.    Exit the SSH client, and then log in to test the password authentication.

Notes: It will enable your SSH Password Authentication method, original SSH key authentication method is still enabled.



6.    Create a New SSH User - test1

Following steps are to create a new user test1 and add it into root group. Also, it shows how to create a new group - network. 
Terminal Outputs Example:
[root@Linux01p ~]# useradd test1
[root@Linux01p ~]# passwd test1
Changing password for user test1.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

[root@Linux01p ~]# usermod -a -G root test
[root@Linux01p ~]# id test
uid=501(test) gid=501(test) groups=501(test),0(root) context=root:system_r:unconfined_t:s0-s0:c0.c1023
[root@Linux01p ~]# groups
root bin daemon sys adm disk wheel
[root@Linux01p ~]# users
root root
[root@Linux01p ~]# groupadd network

[root@Linux01p ~]# groups
root bin daemon sys adm disk wheel
[root@Linux01p ~]# cat /etc/group
root:x:0:root,test,test1
test:x:501:
test1:x:502:
network:x:503:
[root@Linux01p ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
test1:x:502:502::/home/test1:/bin/bash


root@test-ubuntu18:~# groups root1
root1 : root1 sudo
root@test-ubuntu18:~# usermod -aG network root1
root@test-ubuntu18:~# groups root1
root1 : root1 sudo network







No comments:

Post a Comment