# Simplifying Access: Configuring Password Authentication for AWS EC2 Instances

Enabling password authentication for AWS EC2 instances is a common requirement for users who prefer or need to use passwords instead of SSH key pairs for remote access. However, it's essential to note that using password authentication can introduce security risks, and AWS recommends using SSH key pairs for enhanced security. If you still need to enable password authentication, follow these steps carefully.

### Prerequisites

* An AWS account with access to EC2.
    
* An existing EC2 instance running a Linux-based operating system.
    
* SSH access to your EC2 instance using a key pair.
    

## Step-by-Step Guide

1. Connect to Your EC2 Instance
    
    First, you need to connect to your EC2 instance using SSH. Use the terminal (Linux/macOS) or an SSH client like PuTTY (Windows).
    
    ```bash
    ssh -i /path/to/your-key.pem ec2-user@your-instance-public-dns
    ```
    
    Replace `/path/to/your-key.pem` with the path to your SSH key, and `ec2-user` with your instance's appropriate username (e.g., `ubuntu` for Ubuntu instances).
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1721922870798/0b6b6d9e-6df1-4726-b339-ad82d799cfd3.png align="center")

2\. Switch to the Root User

Once logged in, switch to the root user to ensure you have the necessary permissions to make configuration changes.

```bash
sudo su -
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1721922987848/7c2f68e8-83d0-40eb-a599-45fe9c0ece8f.png align="center")

3\. Edit the SSH Configuration File

Open the SSH configuration file using a text editor like `vi` or `nano`.

```bash
nano /etc/ssh/sshd_config
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1721923034814/d8f3ab1c-e0c7-4040-80fd-343ef26b052c.png align="center")

4\. Modify SSH Configuration for Password Authentication

Find the following line in the `sshd_config` file:

```bash
PasswordAuthentication no
```

Change `no` to `yes`:

```bash
PasswordAuthentication yes
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1721923121442/d5b65a77-c27e-4f13-8e75-e0d630b3b948.png align="center")

Additionally, ensure that the following line is uncommented and set to `yes`:

```bash
ChallengeResponseAuthentication no
```

**5\. Set a Password for the User**

You need to set a password for the user you wish to enable password authentication for. For example, to set a password for the `ec2-user`, run:

```bash
passwd ec2-user
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1721923205386/d674dbcb-3e80-4f41-ad8e-ade45ee9891e.png align="center")

You'll be prompted to enter and confirm a new password.

6\. Restart the SSH Service

To apply the changes, restart the SSH service:

```bash
service sshd restart
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1721923282023/d68ddf67-9aea-46e9-b8de-82cb7a87cec5.png align="center")

7\. Update Security Groups (Optional)

Ensure your EC2 instance's security group allows inbound SSH (port 22) traffic. You can do this through the AWS Management Console:

1. Navigate to **EC2 Dashboard** &gt; **Instances**.
    
2. Select your instance and click on the **Security** tab.
    
3. Click on the **Security Groups** link.
    
4. Add or ensure an inbound rule exists for **SSH** with **Source** set to your preferred IP range.
    

8\. Test Password Authentication

Disconnect from the instance and attempt to reconnect using the password:

```bash
ssh ec2-user@your-instance-public-dns
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1721923402149/7109af02-c33e-4703-885f-e3b6c87bbcf8.png align="center")

Enter the password you set earlier when prompted.

## Important Security Considerations

* **Security Risks**: Enabling password authentication increases the risk of brute-force attacks. Consider using complex passwords and limit the source IP range for SSH access.
    
* **Alternative Authentication**: Consider using Multi-Factor Authentication (MFA) or a bastion host to improve security.
    
* **Logging and Monitoring**: Enable logging and monitoring to detect unauthorized access attempts.
    

## Conclusion

While enabling password authentication on AWS EC2 instances is straightforward, it is crucial to understand the security implications and follow best practices to mitigate potential risks. Whenever possible, prefer using SSH key pairs for secure and efficient authentication.

By following the steps outlined in this guide, you can enable password authentication on your EC2 instances and ensure you have proper security measures.
