Sentinels of Data: Securing Your AWS EC2 for PostgreSQL with Password Authentication and Key Removal
Table of contents
Overview:
When deploying EC2 instances on AWS, password authentication isn't the default. Typically, connecting to your EC2 instance requires the use of a private key. However, in scenarios where frequent testing in short-lived environments is necessary, password authentication might be more practical, although it's not always recommended for security reasons. This blog will guide you through the step-by-step process of launching an EC2 instance and enabling password authentication
Prerequisites:
Ensure you have already launched an EC2 instance using the AWS console GUI mode.
Getting Started:
Step 1. Login to AWS EC2 instance using putty using a private key
For Linux Users:
Use the following command to connect to your EC2 instance:
ssh -i /path/to/private-key-file.pem ec2-username@public-endpoint
Replace /path/to/private-key-file.pem
with the path to your private key file.
Step 2: Set Up Password
Next, set up a password for the admin user using the passwd command.
ec2-username@public-endpoint $ sudo passwd ec2-user
Follow the prompts to enter and confirm your password
Step 3: Modify sshd_config
Edit the sshd_config
file to enable password authentication.
sudo vi /etc/ssh/sshd_config
Locate the 'PasswordAuthentication'
parameter and change its value from 'no' to 'yes'
PasswordAuthentication yes
Step 4: Restart SSH Service
Restart the SSH service for the changes to take effect.
sudo systemctl restart sshd
Note: For 'root' login, find the 'PermitRootLogin' parameter and set its value to 'yes'.
PermitRootLogin yes
Save the file and exit.
Step 5: Disable SELinux
To rule out any SELinux-related issues, disable SELinux.
sudo vi /etc/selinux/config
Step 6: Validate Login
Ensure successful login to your EC2 instance with the username and newly set password.
ssh ec2-user@IP
Step 7: Change System Hostname
Modify the system hostname as needed.
sudo vi /etc/cloud/cloud.cfg
Add the following line if it doesn't exist.
preserve_hostname: true
To change the system hostname without a public DNS name, use the appropriate commands based on your OS.
For Amazon Linux 2:
sudo hostnamectl set-hostname your-desired-hostname
For Amazon Linux AMI:
Open the /etc/sysconfig/network
file and change the HOSTNAME
entry
sudo vi /etc/sysconfig/network
HOSTNAME=your-desired-hostname.localdomain
Finally, open the /etc/hosts
file and make any necessary adjustments.
Reboot the instance:
sudo reboot
Additional PostgreSQL Installation (Version 13):
sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
sudo dnf -qy module disable postgresql
sudo dnf install -y postgresql16-server
sudo /usr/pgsql-16/bin/postgresql-16-setup initdb
sudo systemctl enable postgresql-16
sudo systemctl start postgresql-16
This comprehensive guide ensures your EC2 instance is not only fortified for PostgreSQL use but also provides the flexibility of password authentication, meeting diverse security requirements.