How do I get AWS EC2 to not reset my sshd_config file?

Asked 20/8, 2013 at 20:27 Answered 13/1, 2016 at 16:22

Solved amazon-web-services amazon-ec2 sshd

I want to allow password logins to my EC2 instances. I know which line it is that controls this in /etc/ssh/sshd_config and what it should be set to. Specifically:

PasswordAuthentication yes

However, even when I've set this on a master image that I keep, whenever I restore it to a new instance, the value on the line keeps getting reset to 'no'. Which means that every time I launch a new instance I have to yet again manually change this file. This has made the automation of my instances one step away from being fully automated.

What do I need to do to my master image so that every instance I create from it leaves my sshd_config file the way I like?

This is a Fedora 16 image fully configured with proprietary and other software.

Eustace answered 20/8, 2013 at 20:27 Comment(0)

If you used an old AMI as the basis for your images, that option used to be changed by the kickstart file, but as far as I know that option was removed some time ago.

These days the AMI is most likely configured by cloud-init and if that is the case you should find and change the ssh_pwauth option in /etc/cloud/cloud.cfg

Friend answered 20/8, 2013 at 20:55 Comment(4)

This will change every PasswordAuthentication line to yes, so it breaks the Match User construct. – Newspaperman 20/6, 2016 at 22:20

in my AMI I needed to change /etc/cloud/cloud.cfg.d/00_defaults.cfg – Ordination 18/7, 2016 at 7:33

As of June 2022, this works for me – Urticaria 8/6, 2022 at 21:35

And how to reload?! – Reld 25/1 at 2:39

Edit file /etc/cloud/cloud.cfg (needs root permission, e.g. sudo)
Look for the ssh_pwauth key
Change its value from 0 to true. Not 1, but true!

ssh_pwauth: true

Valeric answered 13/1, 2016 at 16:22 Comment(0)

Recommended topics

Hot tags