Make an Amazon EC2 instance ask for sudoing password

I've launched an Amazon EC2 instance of Ubuntu Server 12.04 and it's all fine except, unlike with my local Ubuntu, the EC2 instance never asks for any passwords when I'm sudoing with the command line or become root. I tried

passwd
# asks for a new password, I supply one
sudo -i
# always makes me root right away
passwd
# asks for a new password, I supply one
passwd ubuntu
# asks for a new password, I supply one

(ubuntu is the default user the instance gets installed with.) So far, event after reboots, I haven't noticed any difference, it still never asks for any passwords.

It's not a biggie but I guess I've just used to how my local Ubuntu works.

1 Answer

EC2 does not have an easy way to provide you with a secure password for the ubuntu user, so the default is to allow passwordless sudo after you connect securely with the ssh private key.

If you add a password to the ubuntu user, you can require it for sudo by editing /etc/sudoers.d/90-cloud-init-users and changing:

ubuntu ALL=(ALL) NOPASSWD:ALL

to:

ubuntu ALL=(ALL) ALL

This command does that edit for you (assuming an untouched, default sudoers file):

sudo perl -pi -e 's%NOPASSWD:%%' /etc/sudoers.d/90-cloud-init-users

For safety, keep a separate shell logged in as root so that you can fix the file and recover if you edit it incorrectly and break sudo.

Adding a password for sudo increases the overall security of your system.

It is still recommended that you not allow the use of a password for ssh logins. Keep that limited to ssh private keys.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like