Are password authentication and root login on Amazon EC2 instance disabled by default?
From Manage system users on your Amazon EC2 Linux instance - Amazon Elastic Compute Cloud:
By default, password authentication and root login are disabled, and sudo is enabled. To log in to your instance, you must use a key pair. For more information about logging in, see Connect to your Linux instance using SSH.
You can allow password authentication and root login for your instance. For more information, see the documentation for your operating system.
On a standard Amazon EC2 Linux instance, both are disabled by default, and SSH key-based login with a non-root user is required.
Default SSH access
By default, you connect to an EC2 Linux instance using a non-root account such as ec2-user (Amazon Linux) or ubuntu (Ubuntu) with an SSH key pair, not a password. This design enforces public key authentication and avoids exposing password-based logins on the internet.
Password authentication
Password authentication over SSH is disabled by default on EC2 Linux instances, so you cannot log in with a username and password until you explicitly enable it in sshd_config. To log in initially, you must use the key pair specified when the instance was launched.
Root login
Direct root SSH login is also disabled by default; you are expected to log in as the default user and then use sudo to gain root privileges. Root login can be enabled later by changing PermitRootLogin in sshd_config, but this is discouraged from a security standpoint.
To verify the current settings, checkout out the /etc/ssh/sshd_config and look for these settings (their value can be yes or no):
- PermitRootLogin
- PasswordAuthentication
