제목 : AWS-CentOS use not user 'root'
내용 :
CentOS allows SSH access for the user root. Following security best practices it is
advisable to disable SSH access for the user root and access SSH using accounts other
than root and use the sudo command when root privileges are required.
This document describes how to manually replace the root user with a new user. The
following steps assume you have installed a CentOS AMI [Amazon Machine Image]
Data contained in is user defined
Commands are in italic
This example creates ec2-user as both the group and the new user, this is not required
you are free to use any naming convention.
1. Add a new Group and user
ssh to your newly launched EC2 CentOS Instance using the default root user
Create a new group
groupadd –g <500>
Create a new user
useradd
Add user to the new group
useradd -g ec2-user ec2-user
2. Create the .ssh dir
When your user has been created you will need to add the .ssh directory, to store the
authentication_keys file.
mkdir /home/ec2-user/.ssh
3. Add the new group and user to sudoers file
sudo visudo
add the following lines to the sudoers file
PLEASE NOTE: Changes to sudoers MUST be carried out using visudo to avoid errors.
Usage notes: when editing a file using vim: i = insert mode, use this to enter text. Once
you have entered the entire text; exit insert mode by hitting escape key. To save the file
use :wq
add to user section
ALL=(ALL) ALL
add to the group section
%ec2-user ALL=(ALL) ALL
then add, typically just below group
%ec2-user ALL=(ALL) NOPASSWD: ALL
save the file, and exit
4. Copy ssh public key from root
cp /root/.ssh/authorized_keys /home//.ssh/authorized_keys
5. Set permissions
The new user needs permission to authorized_keys
chown -R ec2-user:ec2-user /home/ec2-user/
Test that your new user works as expected, login and try a sudo command
6. Clean up
Remove /root/.ssh/authorized_keys
Sudo rm /root/.ssh/authorized_keys
출처 : https://awsmp-usageinstructions.s3.amazonaws.com/CentOS_User_Add_Instructions.pdf
CentOS_User_Add_Instructions.pdf