Updated 20-Sep-2023
On a new Amazon Linux AMI installation, there is a useful ec2-user account configured. However, in order to make it more useful, there is a need to edit some .bashrc files, as well as create a new user for sftp and scp, as those will produce errors using login scripts that we will set for ec2-user.
First off, know that .bashrc is the best thing to use since it functions when using sudo su and executes every time, vs. .bash_profile which (I think) does not.
Second, both the ec2-user and root need .bashrc configurations, and my preference is that the first has sudo su invoked and runs right into root.
Third, the sftp/scp user will need sudo rights added to the cloud-init file.
Steps to Adjust Login Environments
- Edit
.bashrcfiles forec2-userandroot - Create new user (for sftp/scp), grant rights, and deal with access keys
.bashrc for ec2-user
nano /home/ec2-user/.bashrc
Use this file
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias lx='ls -la --color=auto'
alias rx='rm -rf'
alias ban='fail2ban-client set apache-badbots banip'
# Set the interrupt keystroke to ctrl-e
stty sane
stty intr ^E
# Pathing
PATH=$PATH:$HOME/bin:~/.local/bin:/usr/local/bin
export PATH
export EDITOR=nano
clear
echo ""
echo "************************************************"
echo " NEW LOGIN PROCESSED - WELCOME TO server, $USER"
echo "************************************************"
echo ""
sudo su
.bashrc for root
nano /root/.bashrc
Use this file
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias lx='ls -la --color=auto'
alias rx='rm -rf'
alias ban='fail2ban-client set apache-badbots banip'
PATH=$PATH:$HOME/bin:~/.local/bin:/usr/local/bin
export PATH
export EDITOR=nano
cd /root/temp
clear
echo ""
echo "************************************************"
echo " NEW LOGIN PROCESSED - WELCOME TO server, $USER"
echo "************************************************"
echo ""
htop
Create New User and Grant Rights
something missing here
Grant SUDO Rights
nano /etc/sudoers.d/cloud-init
duplicate the ec2-user rights for the new user
Adjust PATH
Edit the PATH in ~/.bash_profile
nano /root/.bash_profile
Use the following:
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin:~/.local/bin:/usr/local/bin
Then load that profile
source ~/.bash_profile
Also add some helpful shortcuts lx and rx
nano /etc/profile
add to end of file:
alias lx='ls -la --color=auto'
alias rx='rm -rf'
User and SSH Cert
- Download, move, and rename cert
chmod 400 ~/.ssh/key.pem
ssh -v -i ~/.ssh/key.pem [email protected]
sudo su
yum -y update
useradd newuser
passwd newuser
usermod -aG wheel newuser
su - newuser
mkdir .ssh
chmod 700 .ssh
exit
cp /home/ec2-user/.ssh/authorized_keys /home/newuser/.ssh/authorized_keys
chown newuser:newuser /home/newuser/.ssh/authorized_keys
nano /etc/sudoers.d/cloud-init
replace ec2-user with newuser