Task 1 stated the EC2 instance was not created. The instance was created EIP associated and created as requested. Task 4 VPC Peering was created, security groups rules created to allow communication between the Default and Private Networks. See the attached screenshots.
Question 1
I don’t see any requirement in the question to create or associate an EIP.
- Create the EC2 instance as required
- Copy content of
~/.ssh/id_rsa.puband paste on end ofauthorized_keysfile forrootuser of the EC2 instance. - Test it from lab terminal with
ssh <public-ip-of-ec2>
Question 4.
Did you complete part 7 of this question correctly? To test the ping you must go in this way
~ on ☁️ (us-east-1) ➜ ssh ec2-user@<public-ip-of-nautilus-public-ec2-t4q1>
[ec2-user@ip-172-31-21-53 ~]$ ping <private-ip-of-nautilus-private-ec2-t4q1>
That is the route the grader will take.Alistair,
If the ssh security credentials for the root user of (aws_client) is copied to the ec2-user authorized_keys directory. This will only allow ssh access for the root user not ec2-user.
If the ssh-keygen is created on the public instance as ec2-user it will still create credentials for the root user. Please clarify, because this parts is confusing to me; thanks.
Thinking about it now (Question 4). I guess I’ll need to modify and change the ownership of the files to ec2-user in order for this to work. I’ll give that shot; thanks.
authorized_keys is a file, not a directory.
It will allow the root user on aws_client to log in as ec2-user on the instance. The root user must explicitly do
ssh ec2-user@<public ip>
If you run ssh-keygen at the EC2 instance command line while logged in as ec2-user, it will create a keypair that ec2-user can use to get to any host as any user where the public key has been added to an authorized_users file for that target user (provided the host is reachable from the EC2 instance).
Alistair,
You stated it would allow the root user to log in as ec2-user. The screenshot below shows ec2-user is denied access. However logging in as root user is permited. In addition I created a key using ssh and was still unable to login as ec2-user. Lastly, even though 75% was correct the lab test didn’t show this lab as being completed. Please advise.
It depends which user’s authorized_keys file on the EC2 instance you are appending the public key to.
- If you put it in
/root/.ssh/authorized_keysthen it permits you to log in directly asroot. - If you put it in
/home/ec2-user/.ssh/authorized_keysthen it permists you to log in asec2-user. - If you put it in both, you can log in as either user.
Aw man, stupid mistake on my part. Thanks for your help.