Go to Qiita Advent Calendar 2024 Top
LoginSignup
9
9

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@otappi(kenshiro ota)

EC2にrootでsshする

Last updated at Posted at 2018-11-22

目的

Ansibleのデバッグや検証でrootでsshしたかった。(ansible_ssh_user=root)
セキュリティホールになるので普通はadminやec2-userでsshしてsudo su -するべし。

やり方

ec2にrootでsshしようとすると怒られてしまうので

ssh -i "key.pem" root@ec2-55-190-222-191.ap-northeast-1.compute.amazonaws.com
Please login as the user "admin" rather than the user "root".

Connection to ec2-55-190-222-191.ap-northeast-1.compute.amazonaws.com closed.

rootにスイッチして/root/.ssh/authorized_keysを編集

admin@ip-172-13-10-8:~$ sudo su -
root@ip-172-13-10-8:~# cat /root/.ssh/authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"admin\" rather than the user \"root\".';echo;sleep 10" 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZyYt7/aV7s+X7y3qzABJ6fFV3FitBr3NlDijEEuQT/aBA83L1fOKqjPxD41J0DVYt6yLO9Dmnce8ckXDy/2PM6DPwb8z65/8g5ITEwxq3mcTdmNDAul5zdLnfuDHeOeiEYhCaYetpHqf2gGo65ubVjQc8tl5NLkaX6l7NfUND/fuTxpPoYrhFK2SncdIyh4NUyR71yIWE1kxCTNCTBwMbC0Q5rP7n0Jyb/VPQW15LOdvXcWM7j3+k62uxcc8ZAg5FHdsHlY+qpDr3JYSAbJCew5a1YbbgNW4rqvkYUpooHZXRoYTOXN1a8FEv74kViSSI/zOrZoY2Vn6uKwZoel7H key

ssh-rsa以前のこの部分を削除

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"admin\" rather than the user \"root\".';echo;sleep 10"

こうなればOK

root@ip-172-13-10-8:~# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZyYt7/aV7s+X7y3qzABJ6fFV3FitBr3NlDijEEuQT/aBA83L1fOKqjPxD41J0DVYt6yLO9Dmnce8ckXDy/2PM6DPwb8z65/8g5ITEwxq3mcTdmNDAul5zdLnfuDHeOeiEYhCaYetpHqf2gGo65ubVjQc8tl5NLkaX6l7NfUND/fuTxpPoYrhFK2SncdIyh4NUyR71yIWE1kxCTNCTBwMbC0Q5rP7n0Jyb/VPQW15LOdvXcWM7j3+k62uxcc8ZAg5FHdsHlY+qpDr3JYSAbJCew5a1YbbgNW4rqvkYUpooHZXRoYTOXN1a8FEv74kViSSI/zOrZoY2Vn6uKwZoel7H key

以後rootでsshできるようになる

ssh -i "key.pem" root@ec2-55-190-222-191.ap-northeast-1.compute.amazonaws.com
Linux ip-172-13-10-8 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov 22 10:16:13 2018 from 103.2.251.130
root@ip-172-13-10-8:~#
9
9
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
9
9

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?