To copy 5 Linux users along with their SSH keys from one EC2
instance to another, follow these steps:
1. Prepare the New EC2 Instance
- Ensure
you have root or sudo access to the new EC2 instance.
- SSH
into the new EC2 instance.
2. Export User Details and Keys from the Source Instance
- Backup
User Information: Run the following commands on the source instance to
gather details for the required users (ram1, ra2, ke3, rt4, and yu6):
bash
for user in ram1 ra2 ke3 rt4 yu6; do
grep "^${user}:"
/etc/passwd >> users_info.txt
grep "^${user}:"
/etc/shadow >> shadow_info.txt
sudo tar czf ${user}_ssh_keys.tar.gz
/home/${user}/.ssh
done
- users_info.txt:
Contains the /etc/passwd entries.
- shadow_info.txt:
Contains the /etc/shadow entries.
- ${user}_ssh_keys.tar.gz:
Archive of .ssh directories.
- Transfer
the Backup Files to the New Instance: Use scp to copy these files to the
new EC2 instance:
bash
scp users_info.txt shadow_info.txt *_ssh_keys.tar.gz
ec2-user@<new-ec2-ip>:/tmp/
3. Import Users and Keys to the New Instance
- Recreate
User Accounts: On the new EC2 instance, run:
bash
sudo bash -c 'cat /tmp/users_info.txt >> /etc/passwd'
sudo bash -c 'cat /tmp/shadow_info.txt >> /etc/shadow'
This will add the users to the system.
- Restore
SSH Keys: For each user, extract and place the .ssh directory in the
correct location:
bash
for user in ram1 ra2 ke3 rt4 yu6; do
sudo tar xzf /tmp/${user}_ssh_keys.tar.gz
-C /home/${user}/
sudo chown -R ${user}:${user}
/home/${user}/.ssh
sudo chmod 700
/home/${user}/.ssh
sudo chmod 600
/home/${user}/.ssh/authorized_keys
done
4. Test SSH Access
- Ensure
that each user can log in using their existing SSH key.
- Verify
permissions:
bash
ls -ld /home/*/.ssh
ls -l /home/*/.ssh/authorized_keys
5. Cleanup (Optional)
- Remove
temporary files:
bash
rm -f /tmp/users_info.txt /tmp/shadow_info.txt
/tmp/*_ssh_keys.tar.gz
This approach ensures that user data, permissions, and SSH
keys are properly copied and set up on the new instance.
_______________________________________________________
If the SSH keys are RSA keys (e.g., stored in .ssh/authorized_keys
for each user), the process remains mostly the same. RSA keys are typically
stored in a user's ~/.ssh/authorized_keys file. Here's how you can specifically
manage RSA keys during the migration.
1. Verify RSA Key Setup on the Source Instance
- On
the source instance, check each user's ~/.ssh/authorized_keys file to
confirm the presence of RSA keys:
bash
cat /home/ram1/.ssh/authorized_keys
Ensure this file contains the RSA public key (lines starting
with ssh-rsa).
2. Export User Details and RSA Keys
Run the following commands to back up only the user details
and RSA key files:
bash
for user in ram1 ra2 ke3 rt4 yu6; do
grep "^${user}:"
/etc/passwd >> users_info.txt
grep "^${user}:"
/etc/shadow >> shadow_info.txt
sudo tar czf ${user}_ssh_rsa_keys.tar.gz
/home/${user}/.ssh/authorized_keys
done
3. Transfer Backup Files to the New Instance
Use scp to transfer the backup files to the new EC2
instance:
bash
scp users_info.txt shadow_info.txt *_ssh_rsa_keys.tar.gz
ec2-user@<new-ec2-ip>:/tmp/
4. Recreate Users and Restore RSA Keys
On the new EC2 instance:
- Add
User Accounts:
bash
sudo bash -c 'cat /tmp/users_info.txt >> /etc/passwd'
sudo bash -c 'cat /tmp/shadow_info.txt >> /etc/shadow'
- Restore
RSA Keys: Extract and set up the RSA keys for each user:
bash
for user in ram1 ra2 ke3 rt4 yu6; do
sudo mkdir -p
/home/${user}/.ssh
sudo tar xzf /tmp/${user}_ssh_rsa_keys.tar.gz
-C /home/${user}/.ssh/ --strip-components=2
sudo chown -R ${user}:${user}
/home/${user}/.ssh
sudo chmod 700
/home/${user}/.ssh
sudo chmod 600
/home/${user}/.ssh/authorized_keys
done
5. Test RSA Key Access
- Ensure
that users can log in using their RSA keys.
- Check
permissions for the .ssh directory and authorized_keys file:
bash
ls -ld /home/*/.ssh
ls -l /home/*/.ssh/authorized_keys
6. Optional: Validate SSH Keys
If you want to verify that the keys match on the new
instance:
- Compare
the ~/.ssh/authorized_keys file on both instances for each user:
bash
diff /home/ram1/.ssh/authorized_keys <(ssh
ec2-user@<new-ec2-ip> "cat /home/ram1/.ssh/authorized_keys")
This ensures the RSA keys are correctly migrated.
Do I have to create user in new EC2?
Yes, you need to create the users (ram1, ra2, ke3, rt4, yu6)
on the new EC2 instance because user accounts are not automatically transferred
between systems. Each Linux user must exist on the new system to ensure their
home directories and permissions are correctly assigned. Here's how you can do
it:
Steps to Create Users in the New EC2
- Create
the Users with the Same UID and GID (Recommended)
- Check
the user IDs (UID) and group IDs (GID) on the source instance using:
bash
grep "^ram1:" /etc/passwd
Example output:
ruby
ram1:x:1001:1001:Ram User:/home/ram1:/bin/bash
- Use
the same UID and GID when creating the users on the new EC2 instance:
bash
sudo useradd -u 1001 -g 1001 -m -s /bin/bash ram1
sudo useradd -u 1002 -g 1002 -m -s /bin/bash ra2
sudo useradd -u 1003 -g 1003 -m -s /bin/bash ke3
sudo useradd -u 1004 -g 1004 -m -s /bin/bash rt4
sudo useradd -u 1005 -g 1005 -m -s /bin/bash yu6
- If
you don't need to preserve UID and GID, you can simply run:
bash
sudo useradd -m -s /bin/bash ram1
sudo useradd -m -s /bin/bash ra2
sudo useradd -m -s /bin/bash ke3
sudo useradd -m -s /bin/bash rt4
sudo useradd -m -s /bin/bash yu6
- Set
Home Directory Permissions: Ensure each user owns their home directory:
bash
sudo chown -R ram1:ram1 /home/ram1
sudo chown -R ra2:ra2 /home/ra2
sudo chown -R ke3:ke3 /home/ke3
sudo chown -R rt4:rt4 /home/rt4
sudo chown -R yu6:yu6 /home/yu6
Copy SSH Keys to the New EC2
After creating the users, transfer their SSH keys as
follows:
- Transfer
the .ssh/authorized_keys Files: On the source instance, archive the .ssh
directories for these users:
bash
for user in ram1 ra2 ke3 rt4 yu6; do
sudo tar czf ${user}_ssh.tar.gz
-C /home/${user}/ .ssh
done
Use scp to copy these archives to the new EC2 instance:
bash
scp *_ssh.tar.gz ec2-user@<new-ec2-ip>:/tmp/
- Extract
and Set Permissions on the New EC2: On the new EC2 instance, restore the .ssh
directories:
bash
for user in ram1 ra2 ke3 rt4 yu6; do
sudo mkdir -p
/home/${user}/.ssh
sudo tar xzf /tmp/${user}_ssh.tar.gz
-C /home/${user}/
sudo chown -R ${user}:${user}
/home/${user}/.ssh
sudo chmod 700
/home/${user}/.ssh
sudo chmod 600
/home/${user}/.ssh/authorized_keys
done
Test and Verify
- Verify
users can log in using their SSH keys:
bash
ssh -i <private-key> ram1@<new-ec2-ip>
- Ensure
.ssh directory and file permissions are correct:
bash
ls -ld /home/*/.ssh
ls -l /home/*/.ssh/authorized_keys
Optional: Automate User Creation and Key Setup
You can write a script to automate these steps if you need
to repeat this process for multiple EC2 instances. Let me know if you'd like
help creating a script!
automation script for Steps to Create Users in the New EC2
Here’s an automation script to create users in a new EC2
instance, set up their home directories, and copy their SSH keys. Save this
script as setup_users.sh and execute it on the new EC2 instance.
Create Users Ec2
Steps to Use the Script
- Prepare
SSH Key Archives: Ensure SSH key archives (<username>_ssh.tar.gz)
for each user are transferred to /tmp on the new EC2 instance.
- Run
the Script:
- Save
the script as setup_users.sh on the new EC2 instance.
- Make
it executable:
bash
chmod +x setup_users.sh
- Execute
the script:
bash
sudo ./setup_users.sh
- Verify
Setup:
- Ensure
the users are created by listing them:
bash
cat /etc/passwd | grep -E 'ram1|ra2|ke3|rt4|yu6'
- Check
the .ssh/authorized_keys files for each user.
This script automates the process of creating users,
preserving UIDs/GIDs, and setting up RSA keys. Let me know if you need further
modifications!
If you done need - remove UIDs and GIDS
I've removed the UID and GID references from your script.
Let me know if you need any further modifications!
I am little confuse. give me step by step with autmation to
migrate users with RSA to new EC2 instance using posible automation
Here is a step-by-step guide for automating the migration of
users with their RSA SSH keys to a new EC2 instance, utilizing the provided
script.
Step 1: Prepare the Source System
- Archive
SSH Keys for Each User:
- On
the source system, archive the .ssh directory of each user:
bash
for user in ram1 ra2 ke3 rt4 yu6; do
sudo tar czf /tmp/${user}_ssh.tar.gz
-C /home/${user} .ssh
done
- This
creates compressed .tar.gz files in /tmp.
- Transfer
Archives to the New EC2 Instance:
- Use
scp to copy the .tar.gz files to the /tmp directory on the new EC2
instance:
bash
scp /tmp/*_ssh.tar.gz ec2-user@<new-ec2-ip>:/tmp/
Step 2: Execute the Automation Script on the New EC2
Instance
- Copy
the Script to the New EC2 Instance: Save the provided script (setup_users.sh)
on your local machine and copy it to the new EC2 instance:
bash
scp setup_users.sh
ec2-user@<new-ec2-ip>:/home/ec2-user/
- Log
in to the New EC2 Instance:
bash
ssh -i <private-key> ec2-user@<new-ec2-ip>
- Make
the Script Executable: Once logged in, set executable permissions for the
script:
bash
chmod +x /home/ec2-user/setup_users.sh
- Run
the Script: Execute the script with sudo to create users and restore their
SSH keys:
bash
sudo /home/ec2-user/setup_users.sh
Step 3: Verify the Setup
- Check
Users: Ensure the users are created:
bash
cat /etc/passwd | grep -E 'ram1|ra2|ke3|rt4|yu6'
- Verify
SSH Key Setup: Confirm each user has their .ssh/authorized_keys file:
bash
for user in ram1 ra2 ke3 rt4 yu6; do
echo "Checking
SSH keys for $user"
sudo ls -l /home/$user/.ssh/authorized_keys
done
- Test
SSH Access: Test logging in for one of the migrated users:
bash
ssh -i <private-key> ram1@<new-ec2-ip>
How the Script Works
- User
Creation:
- Checks
if the user exists using id -u. If not, creates the user with useradd.
- Restore
SSH Keys:
- Looks
for the corresponding .tar.gz archive in /tmp.
- Extracts
the archive into the user’s .ssh directory.
- Sets
proper ownership and permissions:
- .ssh:
700
- authorized_keys:
600
- Validation:
- Confirms
the user and SSH key setup at the end.
Step 4: Cleanup
- Remove
the archives from /tmp on the new EC2 instance:
bash
sudo rm -f /tmp/*_ssh.tar.gz
This step-by-step guide ensures that your users and their
SSH keys are successfully migrated to the new EC2 instance. Let me know if you
need further clarification!
setup_users.sh
#!/bin/bash
# List of users to create
USERS=("ram1" "ra2" "ke3"
"rt4" "yu6")
# Path to SSH key archives (assumes archives are already
transferred to /tmp)
SSH_KEY_ARCHIVE_PATH="/tmp"
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "Please
run as root or use sudo."
exit 1
fi
# Create users and set up SSH keys
for USERNAME in "${USERS[@]}"; do
echo "Creating
user: $USERNAME"
# Create user if it
doesn't already exist
if ! id -u
"$USERNAME" > /dev/null 2>&1; then
useradd -m -s
/bin/bash "$USERNAME"
else
echo "User
$USERNAME already exists. Skipping creation."
fi
# Restore SSH keys
SSH_ARCHIVE="$SSH_KEY_ARCHIVE_PATH/${USERNAME}_ssh.tar.gz"
if [ -f
"$SSH_ARCHIVE" ]; then
echo
"Restoring SSH keys for $USERNAME from $SSH_ARCHIVE"
mkdir -p
"/home/$USERNAME/.ssh"
tar xzf
"$SSH_ARCHIVE" -C "/home/$USERNAME/.ssh"
--strip-components=2
chown -R
"$USERNAME:$USERNAME" "/home/$USERNAME/.ssh"
chmod 700
"/home/$USERNAME/.ssh"
chmod 600
"/home/$USERNAME/.ssh/authorized_keys"
else
echo "SSH
archive for $USERNAME not found at $SSH_ARCHIVE. Skipping key
restoration."
fi
done
# Verify setup
echo "User creation and SSH key setup complete.
Verifying setup..."
for USERNAME in "${USERS[@]}"; do
if id -u
"$USERNAME" > /dev/null 2>&1; then
echo "User
$USERNAME exists. Home directory: $(eval echo ~$USERNAME)"
if [ -f
"/home/$USERNAME/.ssh/authorized_keys" ]; then
echo "SSH
keys for $USERNAME are set up."
else
echo "No
SSH keys found for $USERNAME."
fi
else
echo "User
$USERNAME does not exist."
fi
done
No comments:
Post a Comment