Whenever you spin up a virtual machine either on EC2 or somewhere else, the first thing you should do is configuring the sshd server. There are thousands of bots out in the wild who systematically scan entire IP ranges and try logging in with common user:pass combos.

So for fast configuring, after copying your public key to the ~/.ssh/authorized_keys on the remote machine, try logging in without having to enter your password (chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys is usually needed for password-less login).

Then proceed to configure /etc/sshd/sshd_configure and make following changes:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no
PubkeyAuthentication yes
AllowUsers user1 user2

These are rather self-explanatory options, but to make it clear, these options deny login using password and allow login only using public key; deny login for root user and allow login for users user1 and user2.

Don’t forget to put your own username to the last line, otherwise you will lock yourself out of the machine.

As the final step, just restart the sshd server (e.g. sudo service ssh restart).

tags: security ssh