Enable root access on Amazon EC2 Instance

According to Amazon Linux AMI User Guide, root access is disabled by default for security reason.

How do I get root SSH access on my Amazon Linux AMI instance?
The Amazon Linux AMI does not allow remote root SSH by default. You should specify a key pair at instance launch and login as ec2-user using your key pair to access the command line. This user has sudo access by default to allow you to run root actions. If you want to enable remote root login, please be aware that it is significantly less secure than relying on key pairs and a secondary user.

You are strongly recommended to use sudo to run root actions:

sudo yum upgrade

or getting root shell by running:

sudo -i

I understand the risk, what if I REALLY want it?

You can enable root access for SSH/SFTP if you want,
it’s especially useful when you want to overwrite some config files via SFTP.

Warning: You are STRONGLY RECOMMENDED to keep at least one console open,
in case you strewed up sshd config, you will not able to open new SSH session.
You have been warned, do at your own risk.

Step 1: Enable root login in sshd config

sudo vi /etc/ssh/sshd_config

Replace the line

PermitRootLogin forced-commands-only


PermitRootLogin without-password

then save the file and reload sshd config.

sudo /etc/init.d/sshd reload

Step 2: Disable blocking command for root account

sudo vi /root/.ssh/authorized_keys

You will see something like

command="echo 'Please login as the ec2-user user rather than rootuser.';echo;sleep10"    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTctyMQwAPXDqlOfZL5...[skipped]

Delete everything before “ssh-rsa”, the file should now look like

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTctyMQwAPXDqlOfZL5...[skipped]

Save the file and you are done.

You now have root access to SSH/SFTP with your private key.

Hint: Remember to test if you can still login to new SSH session before closing all consoles.

Reference: http://stackoverflow.com/questions/4230516/sshing-into-ec2-server-via-gives-error-please-login-as-the-ec2-user-user-rather

5 Replies to “Enable root access on Amazon EC2 Instance”

  1. One more step:

    Copy the authorized_keys from ec2-user’s .ssh folder to root’s .ssh folder and replace the ec2-user mention in that file to root.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.