-
-
Save sebsto/6441df09e97c4cbbd22b8ba313b8d642 to your computer and use it in GitHub Desktop.
| # Download the VDI from https://cdn.amazonlinux.com/os-images/latest/ | |
| # Doc is at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/amazon-linux-2-virtual-machine.html | |
| # Be sure you have config/meta-data and config/user-data ready as per the below | |
| # change ec2-user's password to your password | |
| $ cat config/meta-data | |
| local-hostname: amazonlinux.onprem | |
| # eth0 is the default network interface enabled in the image. You can configure | |
| # static network settings with an entry like below. | |
| #network-interfaces: | | |
| # iface eth0 inet static | |
| # address 192.168.1.10 | |
| # network 192.168.1.0 | |
| # netmask 255.255.255.0 | |
| # broadcast 192.168.1.255 | |
| # gateway 192.168.1.254 | |
| $ cat config/user-data | |
| #cloud-config | |
| # vim:syntax=yaml | |
| users: | |
| # A user by the name ec2-user is created in the image by default. | |
| - default | |
| # Following entry create user1 and assigns password specified in plain text. | |
| # Please not use of plain text password is not recommended from security best | |
| # practises standpoint | |
| # - name: user1 | |
| # groups: sudo | |
| # sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
| # plain_text_passwd: < plain text password here > | |
| # lock_passwd: false | |
| # Following entry creates user2 and attaches a hashed passwd to the user. Hashed | |
| # passwords can be generated with: | |
| # python -c 'import crypt,getpass; print crypt.crypt(getpass.getpass())' | |
| # - name: user2 | |
| # passwd: < hashed password here > | |
| # lock_passwd: false | |
| # Following entry creates user3, disables password based login and enables an SSH public key | |
| # - name: user3 | |
| # ssh-authorized-keys: | |
| # - < ssh public key here > | |
| # lock_passwd: true | |
| chpasswd: | |
| list: | | |
| ec2-user:password | |
| # On Mac OS, you can use hdiutil instead of genisoimage | |
| hdiutil makehybrid -o init.iso -hfs -joliet -iso -default-volume-name cidata config | |
| ## Then attach the init.iso file to the virtual machine before to boot the VDI. | |
| ## Cloud-init configuration happens ar first boot only, you do not need the ISO file for subsequent boots | |
| ## If you need to retry, re-try from the originally downloaded VDI | |
| ## Keep a copy of the downloaded VDI if you need to make changes to your root disk image. |
Got an error running the hdiutil command "-bash: $: command not found". However hdiutil makehybrid -help works fine. Any suggestions
What is the syntax to set SSH keys for the default user, i.e. ec2-user? I tried the following, but it doesn't work:
users:
- default:
ssh-authorized-keys:
- <ssh key>
I've also tried:
users:
- default:
- name: ec2-user
ssh-authorized-keys:
- <ssh key>
I just end up with an empty authorized_keys file. It works for any other user, though. I've looked but can't find an example of how to do this.
@swampf0etus check the sample config here https://cdn.amazonlinux.com/os-images/2.0.20190612/README.cloud-init
@sebsto Thanks, but I can see where in that example that it applies an ssh key to the ec2-user, I only see one for user3
According to the example I shared, it Looks like you have the indentation incorrect in your second example.
- name line must be indented one level below - default
Using OS X Catalina and the latest VirtualBox (6.1.6) here. I followed the AWS instructions line by line. I changed the VM network adapter from NAT to Bridged and updated the /etc/ssh/sshd_config to allow password login so I can connect from terminal.
Uncomment line 63: PasswordAuthentication yes
Then restart ssh daemon: sudo service ssd restart
In my case, I did not notice that I had created the metadata files with a .TXT extension!!!
@swampf0etus I managed to set the ec2-user ssh key like this
#cloud-config
# vim:syntax=yaml
users:
- default
- name: ec2-user
ssh-authorized-keys:
- ssh-rsa <key>
chpasswd:
list: |
ec2-user:amazon
ssh-authorized-keys:
How did you create/get the public key onto your host?
@icasnerd
In my case I've already had generated key pair in my ~/.ssh host folder (it was convenient to me to reuse the existing key). I just pasted my public key instead of the <key> in the provided YAML sample.
But you can generate new key pair on the host with OpenSSH or PuTTY on windows or ssh-keygen on Linux/MacOS.
For those who want to have a static IP, the network adapter on the VM needs to be bridged and the network interfaces section needs an additional line to specify the DNS name servers:
network-interfaces: |
iface eth0 inet static
address 192.168.1.10
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254
dnsnameservers 192.168.1.254 8.8.8.8.8.4.4
Took me a long while to figure out, so sharing it here.
I doubt anyone is as lame as I am, but I created the text files using NOTEPAD under Windows Cygwin, and I am pretty sure the non-standard line terminators did bad things.
I deleted the NOTEPAD files and recreated using vi and everything worked as expected.