Make an Amazon EC2 instance ask for sudoing password
EC2 does not have an easy way to provide you with a secure password for the ubuntu
user, so the default is to allow passwordless sudo
after you connect securely with the ssh private key.
If you add a password to the ubuntu
user, you can require it for sudo
by editing /etc/sudoers.d/90-cloud-init-users
and changing:
ubuntu ALL=(ALL) NOPASSWD:ALL
to:
ubuntu ALL=(ALL) ALL
This command does that edit for you (assuming an untouched, default sudoers file):
sudo perl -pi -e 's%NOPASSWD:%%' /etc/sudoers.d/90-cloud-init-users
For safety, keep a separate shell logged in as root so that you can fix the file and recover if you edit it incorrectly and break sudo
.
Adding a password for sudo
increases the overall security of your system.
It is still recommended that you not allow the use of a password for ssh logins. Keep that limited to ssh private keys.
Desmond Hume
Updated on September 18, 2022Comments
-
Desmond Hume over 1 year
I've launched an Amazon EC2 instance of Ubuntu Server 12.04 and it's all fine except, unlike with my local Ubuntu, the EC2 instance never asks for any passwords when I'm sudoing with the command line or become root. I tried
passwd # asks for a new password, I supply one sudo -i # always makes me root right away passwd # asks for a new password, I supply one passwd ubuntu # asks for a new password, I supply one
(
ubuntu
is the default user the instance gets installed with.) So far, event after reboots, I haven't noticed any difference, it still never asks for any passwords.It's not a biggie but I guess I've just used to how my local Ubuntu works.
-
Simon Woodside almost 8 yearsIf you use
sed
you won't have to installperl
. Trysudo sed -re 's/NOPASSWD://' -i.`date -Iseconds` /etc/sudoers.d/90-cloud-init-users
(this will make a backup file as well).