[ec2-beta] /home on EBS and the ubuntu user

Eric Hammond ehammond at thinksome.com
Tue Apr 28 04:21:28 BST 2009


Since your instances launch without the EBS volume mounted, you have the
ability to ssh in to the ubuntu user with the EC2 keypair specified at
instance run time.

I don't see much of a problem with mounting an EBS volume over top of
/home while logged in as ubuntu, but you probably would want to cd to
the new /home pretty soon after so that you're not reading from and
writing to a directory that is not accessible through the file system.

This one of the few times where this nonsensical command makes sense:

  cd $(pwd)

Another option would be to pass in a user-data script which does the EBS
volume mounting for you.  This is run as root during startup.

As far as re-connecting through ssh after overwriting /home, there are a
couple options:

1. You could have copied the original /home/ubuntu/.ssh/authorized_keys
to a temporary place and then copied it back after /home was remounted.

2. You could simply have your own ssh public key already stored on the
EBS volume in authorized_keys, and use that for future connections to
ubuntu and other users.  This could either be the EC2 ssh keypair key,
or it could be your own personal ssh public key which you use to connect
to other hosts.

Eric Hammond
ehammond at thinksome.com

Steven Marcus wrote:
> Hello all!
> My co has been using the alestic images since September08 and they've
> been great.
> Given that there are now "official" AMIs I thought I'd look at switching.
> The first issue for us in switching is that I can't simply mount an EBS
> volume with /home as we have been doing.
> This is because the official AMIs disable root and require login via the
> ubuntu user.
> The ubuntu user is scripted on instance start to enable ssh via
> /home/ubuntu/.ssh/authorized_keys -- so we can't simply create a
> "static" ubuntu user in our /home on EBS.
> Is keeping /home on EBS a reasonable thing to do with the official AMIs,
> and if so, how?
> It seems that mounting /home while logged in as anything other than root
> is not a good idea.
> Thanks in advance!
> S

More information about the Ec2-beta mailing list