My Experiments for Truth.

In some cases we couldn't use public ip address not even an elastic ip for your ec2 instance , for example PCI audit related situations. But you should give internet access to your ec2 app servers to sent notification or alert mails to outside. In that case you can use the NAT Gateway for doing this. 1. First Create a NAT gateway in VPC section.          While creating the NAT Gateway, you should give the subnet as the Public Subnet having route table target as an "Internet Gateway". 2. Now edit your route table associated with your private EC2's subnet and make the target as "Nat gateway ID" That is all , now you will get internet access to your private EC2 instance, without public ip or elastic ip and having only Private ip in the instance description session.

First Make sure that the server time and the mobile time as same. root@ip-xx-xx-xx-xx:~# apt-get update root@ip-xx-xx-xx-xx:~# apt-get upgrade ubuntu@ip-xx-xx-xx-xx:~ sudo apt-get install libpam-google-authenticator ubuntu@ip-xx-xx-xx-xx:~ sudo vi /etc/pam.d/sshd At the start of the file, add the following line, then save and exit. auth required pam_google_authenticator.so nullok This will mean that users who don’t run Google Authenticator initialization won’t be asked for a second authentication. ubuntu@ip-xx-xx-xx-xx:~$ sudo vi /etc/ssh/sshd_config PasswordAuthentication yes ChallengeResponseAuthentication yes wq! ubuntu@ip-xx-xx-xx-xx:~$ google-authenticator Do you want authentication tokens to be time-based (y/n) y This will give a link like this , you can scan the QR code with the mobile. https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/ubuntu@xx.xx.xx.xx Do you want me to update your "/home/ubuntu/.google_authenticato