I want to log in to my Amazon Elastic Compute Cloud (Amazon EC2) instance by SSH with a password rather than by using a key pair file (.pem). How do I do that?

To enable a password authentication, you create a password, update the /etc/ssh/sshd_config file, and then restart the SSH service. The following procedure is tested on Amazon Linux, RHEL, SUSE, and Ubuntu.

Note: Using a password-based login rather than key pair authentication has security implications. Therefore, password-based login isn't recommended. Also, it's a best practice to minimize the source IP addresses of the security group rules associated with your instance to prevent an SSH attack.

1. From an SSH client, log in to your EC2 instance.

Use one of the following user names:

  • For Amazon Linux, the user name is ec2-user.
  • For RHEL 5, the user name is either root or ec2-user.
  • For Ubuntu, the user name is ubuntu.
  • For SUSE Linux, the user name is either root or ec2-user.

If ec2-user or root doesn't work, check with your AMI provider.

2. Set a password for user. The example below uses ec2-user as the user:

$ sudo passwd ec2-user
Changing password for user ec2-user.
New password:
Retype new password:

For example, a successful response looks like this:

passwd: all authentication tokens updated successfully.

3. Update the PasswordAuthentication parameter in the /etc/ssh/sshd_config file:

PasswordAuthentication yes

4. Restart the SSH service.
For Amazon Linux, RHEL 5, and SUSE Linux, use this command:

sudo service sshd restart

For Ubuntu, use this command:

sudo service ssh restart

5. Exit the SSH client, and then log in to test the password authentication. 


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-07-19