In this post I will guide you how to create an Amazon EC2 Instance with CentOS 7. Login SSH by pem key pair in Windows using PuTTy/Bitvise. Connect it via FTPS with FileZilla. Set up root user. Enable password login to EC2 instead of a keypair if you prefer. Then set up VPSSIM and create a wordpress website using VPSSIM.
1. Create EC2 Instance running CentOS
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Choose Launch Instance to start
Step 1: Choose an Amazon Machine Image (AMI)
In Quick Start, you will see some option like:
- Amazon Linux 2 AMI (HVM), SSD Volume Type
- Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type
- Red Hat Enterprise Linux 7.5 (HVM), SSD Volume Type
- SUSE Linux Enterprise Server 15 (HVM), SSD Volume Type
Don’t select any of them, because we need a centos to install VPSSIM. You can’t install VPSSIM in Amazon Linux 2 or Red Hat…
So, Click to AWS Marketplace
If you only want to set up a WordPress website automatically, you can select WordPress Certified by Bitnami and Automattic. In this post, our purpose is Setup VPSSIM, so we need a fresh Centos. You can find “CentOS” and select one fresh Centos.
Make sure it’s fresh. Example, if you select “CentOS 7.4 Minimal with Webmin (HVM)”, you can’t install VPSSIM.
So, in my opinion, you can select “CentOS 7 (x86_64) – with Updates HVM”
You can read more about this image right here: https://aws.amazon.com/marketplace/pp/B00O7WM7QW
Just click Continue
Step 2: Choose an Instance Type
In this example, I will select t2 micro. It’s free tier eligible with 750 hours of Linux and Windows t2.micro instances each month for one year. You can readmore here: https://aws.amazon.com/ec2/?ft=n
With t2.micro, you have Variable ECUs, 1 vCPUs, 2.5 GHz, Intel Xeon Family, 1 GiB memory, EBS only.
Then, click Next: Configure Instance Details
Step 3: Configure Instance Details
Step 4: Add Storage
Default Size is 8 GiB. However, in Free tier eligible customers can get up to 30 GB of EBS General Purpose (SSD) or Magnetic storage.
Step 5: Add Tags
Click to Add Name tag. This is not required. In this example, I will set Name value is QuyetDoan
Step 6: Configure Security Group
In this example, I will change type to All traffic and Source to Anywhere. You will se a Warning about security setting. But don’t worry, we can also change this rule later.
Review and Launch
If in Step 4, you select Storage Size over 30 GiB, you will see a notice at this step like below:
Then you need to change Size to under 30GiB.
If everything’s ok. You will see this:
Then click Launch
Create a new key pair
After you finish configure the instance. You have to create new key pair or choose an existing one. DON’T select Proceed without a key pair if you don’t know what are you doing.
In this example, my Key pair name is ToanNguyen. Then click Download Key Pair
You have to download the private key file (*.pem file) before you can continue. Store it in a secure and accessible location. You will not be able to download the file again after it’s created. If you try to download file again, you will see an error:
After you download your pem file and save it in a secure place. Then you can click Launch Instances
Now you can view your instance:
2. Login SSH with key pair
Download and install PuTTY or Bitvise
We don’t need both to login SSH, you can select just one that you prefer:
- You can download PuTTY from from the PuTTY download page: http://www.chiark.greenend.org.uk/~sgtatham/putty/
- You also can download Bitvise from the Bitvisde download page: https://www.bitvise.com/ssh-client-download
Check out Public DNS (IPv4) and IPv4 Public IP, we need these info to login SSH
Important Note: When you stop, then restart your Instance. Amazon will release the public IPv4 address and assign a new one. That mean your IPv4 Public IP can be changed. So we have to create an Elastic IP, it’s a a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. So it will not change when you restart your Instance. You can read more about Elastic IP here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
In next part of this post, I will show you how to create and use an Elastic IP
Default user name for the AMI that you used to launch your instance
- For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
- For a Centos AMI, the user name is centos.
- For a Debian AMI, the user name is admin or root.
- For a Fedora AMI, the user name is ec2-user or fedora.
- For a RHEL AMI, the user name is ec2-user or root.
- For a SUSE AMI, the user name is ec2-user or root.
- For an Ubuntu AMI, the user name is ubuntu.
- Otherwise, if ec2-user and root don’t work, check with the AMI provider.
In this example, I use Centos AMI, so the user name is centos
2.2. Login with PuTTy
Step 1: Converting Your Private Key Using PuTTYgen
- Open PuTTYGen (not PuTTY):
From the Start menu, choose All Programs > PuTTY > PuTTYgen
- Under Type of key to generate, choose RSA.
If you’re using an older version of PuTTYgen, choose SSH-2 RSA
- Choose Load. By default, PuTTYgen displays only files with the extension .ppk. To locate your .pemfile, select the option to display files of all types.
- Select your .pem file for the key pair that you specified when you launched your instance, and then choose Open. Choose OK to dismiss the confirmation dialog box.
- Choose Save private keyto save the key in the format that PuTTY can use. PuTTYgen displays a warning about saving the key without a passphrase. Choose Yes.
- Save your ppk file
Step 2: Starting a PuTTY Session
1. Start PuTTY (from the Startmenu, choose All Programs > PuTTY > PuTTY).
2. In the Category pane, choose Session and complete the following fields:
- Host Name: enter user_name@public_dns_name.
- User name: centos
- Public DNS name: ec2-52-221-217-110.ap-southeast-1.compute.amazonaws.com (check it in instance description)
- Port: 22
- Conection type: SSH
In the Category pane, expand Connection, expand SSH, and then choose Auth. Complete the following:
- Choose Browse.
- Select the .ppk file that you generated for your key pair, and then choose Open.
- (Optional) If you plan to start this session again later, you can save the session information for future use. Choose Sessionin the Category tree, enter a name for the session in Saved Sessions, and then choose Save.
- Choose Open to start the PuTTY session.
4. If this is the first time you have connected to this instance, PuTTY displays a security alert dialog box that asks whether you trust the host you are connecting to.
2.3. Login with BitVise
Step 1: Import key
- Just launch Bitvise then click Client key manager
- In new window, select Import
- You change the option to All Files as below picture then select pem file we already downloaded before. Then click Open
- In new window appear, select Import
- So, now you can see new item Global 1 in Client Key Manager window. That’s fine. It’s mean we already import key succesful.
Bước 2: Login Bitvise
- Host: you fill out IPv4 Public IP or Elastic IP
- Port: 22
- Username: centos
- Initial method: publickey
- Client key: select Global 1 that we already created at previos step.
- Click Login. It’s done. ^-^
3. Elastic IP
Because IPv4 Public IP can be changed. So we have to create an Elastic IP:
Check Elastic IPs in left panel:
Click to choose Allocate new address
Click to Allocate
Close and Assoicate address
Select Your Instance and Private IP. Then click Asociate
So, your Associate address request succeeded
Now you can also login your SSH with host name: user_name@elastic_ip.
4. Enable Root login for EC2 Instance
By default, you have to login your EC2 instance as defaut user (centos for CentOS, ec2-user for Amazon Linux 2 or the Amazon Linux AMI)
If you try to login SSH with root user, you will see an error:
There are 2 ways to solve this problem that you can login SSH with root:
- Enable password login instead of a key pair: With this way, you can login your SSH, FTPS with root and the password you set.
- If you dont want enable password login, you can follow instruction below to enable root login when you login with Key Pair.
Step 1: Change to superuser:
Step 2: Edit Athorized keys
I will use Vi to edit file authorized_keys:
Press i to change to insert mode. Then delete the lines at the begining of the file until you get to the words ssh-rsa. Press ESC key when you’re done to go back to command mode. Then type :wq and press enter to write the file to disk and quit vi.
Step 3: Edit sshd_config
We need comment out the line “PermitRootLogin” in sshd_config.
We will use vi editor to edit this file
Press i to change to insert mode, then you can easily edit its content. Find “PermitRootLogin” and comment out.
When you done with editing. Press ESC to back to command mode. Then type :wq and press enter to write the file to disk and quit vi.
Step 4: Then restart the ssh service
Restart the ssh service in Centos 7+ with this command
/bin/systemctl restart sshd.service
Now you can Login EC2 Instance as root.
5. Connect to Amazon EC2 file directory using Filezilla and SFTP
1. Edit (Preferences) > Settings > Connection > SFTP, Click “Add key file”
2. Browse to the location of your .pem file and select it.
3. A message box will appear asking your permission to convert the file into ppk format. Click Yes, then give the file a name and store it somewhere.
If the new file is shown in the list of Keyfiles, then continue to the next step. If not, then click “Add keyfile…” and select the converted file.
File > Site Manager > Add a new site with the following parameters:
- Host: Your public dns name of ec2 instance, or Elastic IP
- Protocol: SFTP
- Logon Type: Normal
- User: centos or root
- Password: Password of user. Keep it blank if you have not set passwd for that user yet.
6. Enable password login instead of a key pair
This section is optional, you can ignore this part if you don’t want to enable password login. With instruction in section 4, 5 we’re already possible to login SSH & FTPS. If you don’t like solution I write in section 4 & 5, you can follow guide in this section, so you can also login SSH & FTPS with root user and password.
Step 1: Login SSH (via Key pair)
Step 2: Set password for user
Step 3: Update the PasswordAuthentication parameter
Edit file /etc/ssh/sshd_config with Vi:
Press i to change to insert mode. Comment out the line PasswordAuthentication yes. When you done with editing. Press ESC to back to command mode. Then type :wq and press enter to write the file to disk and quit vi.
Step 4: Restart the SSH service.
/bin/systemctl restart sshd.service
7. Setup VPSSIM
Before setup VPSSIM, you need a fresh VPS or dedicate server with centos 6.X (64 bit only) or 7.X.
This instruction can use to set up VPSSIM for any new VPS/ Server with Centos, not only for Amazon EC2 Instance.
Note: If you don’t like VPSSIM, you can choose any other scipts that you prefer like Hocvps, EasyEngine, Centmin Mod, RunCloud, Webinoly. Make sure it works on your current OS. Example: If you want to use easyengine, coz CentOS or any other Linux Distro is not currently supported, so you need select other image like Ubuntu version 12.04, 14.04, 16.04, 18.04 or Debian 7 & 8.
Command setup VPSSIM
curl http://get.vpssim.vn -o vpssim && sh vpssim
curl http://get.vpssim.com -o vpssim && sh vpssim