-
-
Save sebsto/6441df09e97c4cbbd22b8ba313b8d642 to your computer and use it in GitHub Desktop.
# Download the VDI from https://cdn.amazonlinux.com/os-images/latest/ | |
# Doc is at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/amazon-linux-2-virtual-machine.html | |
# Be sure you have config/meta-data and config/user-data ready as per the below | |
# change ec2-user's password to your password | |
$ cat config/meta-data | |
local-hostname: amazonlinux.onprem | |
# eth0 is the default network interface enabled in the image. You can configure | |
# static network settings with an entry like below. | |
#network-interfaces: | | |
# iface eth0 inet static | |
# address 192.168.1.10 | |
# network 192.168.1.0 | |
# netmask 255.255.255.0 | |
# broadcast 192.168.1.255 | |
# gateway 192.168.1.254 | |
$ cat config/user-data | |
#cloud-config | |
# vim:syntax=yaml | |
users: | |
# A user by the name ec2-user is created in the image by default. | |
- default | |
# Following entry create user1 and assigns password specified in plain text. | |
# Please not use of plain text password is not recommended from security best | |
# practises standpoint | |
# - name: user1 | |
# groups: sudo | |
# sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
# plain_text_passwd: < plain text password here > | |
# lock_passwd: false | |
# Following entry creates user2 and attaches a hashed passwd to the user. Hashed | |
# passwords can be generated with: | |
# python -c 'import crypt,getpass; print crypt.crypt(getpass.getpass())' | |
# - name: user2 | |
# passwd: < hashed password here > | |
# lock_passwd: false | |
# Following entry creates user3, disables password based login and enables an SSH public key | |
# - name: user3 | |
# ssh-authorized-keys: | |
# - < ssh public key here > | |
# lock_passwd: true | |
chpasswd: | |
list: | | |
ec2-user:password | |
# On Mac OS, you can use hdiutil instead of genisoimage | |
hdiutil makehybrid -o init.iso -hfs -joliet -iso -default-volume-name cidata config | |
## Then attach the init.iso file to the virtual machine before to boot the VDI. | |
## Cloud-init configuration happens ar first boot only, you do not need the ISO file for subsequent boots | |
## If you need to retry, re-try from the originally downloaded VDI | |
## Keep a copy of the downloaded VDI if you need to make changes to your root disk image. |
What is the syntax to set SSH keys for the default user, i.e. ec2-user? I tried the following, but it doesn't work:
users:
- default:
ssh-authorized-keys:
- <ssh key>
I've also tried:
users:
- default:
- name: ec2-user
ssh-authorized-keys:
- <ssh key>
I just end up with an empty authorized_keys file. It works for any other user, though. I've looked but can't find an example of how to do this.
@swampf0etus check the sample config here https://cdn.amazonlinux.com/os-images/2.0.20190612/README.cloud-init
@sebsto Thanks, but I can see where in that example that it applies an ssh key to the ec2-user, I only see one for user3
According to the example I shared, it Looks like you have the indentation incorrect in your second example.
- name
line must be indented one level below - default
Using OS X Catalina and the latest VirtualBox (6.1.6) here. I followed the AWS instructions line by line. I changed the VM network adapter from NAT to Bridged and updated the /etc/ssh/sshd_config to allow password login so I can connect from terminal.
Uncomment line 63: PasswordAuthentication yes
Then restart ssh daemon: sudo service ssd restart
In my case, I did not notice that I had created the metadata files with a .TXT extension!!!
@swampf0etus I managed to set the ec2-user
ssh key like this
#cloud-config
# vim:syntax=yaml
users:
- default
- name: ec2-user
ssh-authorized-keys:
- ssh-rsa <key>
chpasswd:
list: |
ec2-user:amazon
ssh-authorized-keys:
How did you create/get the public key onto your host?
@icasnerd
In my case I've already had generated key pair in my ~/.ssh
host folder (it was convenient to me to reuse the existing key). I just pasted my public key instead of the <key>
in the provided YAML sample.
But you can generate new key pair on the host with OpenSSH
or PuTTY
on windows or ssh-keygen
on Linux/MacOS.
For those who want to have a static IP, the network adapter on the VM needs to be bridged and the network interfaces section needs an additional line to specify the DNS name servers:
network-interfaces: |
iface eth0 inet static
address 192.168.1.10
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254
dnsnameservers 192.168.1.254 8.8.8.8.8.4.4
Took me a long while to figure out, so sharing it here.
Got an error running the hdiutil command "-bash: $: command not found". However hdiutil makehybrid -help works fine. Any suggestions