Help CenterBecause Amazon does not set a password on Linux images, and requires users to use an SSH key to authenticate to deployed instances, we can NOT enable password-based re-authentication for Sudo sessions out of the box. You can, however, enable this on your own by following these steps:
Set a password for the ec2-user account. It is recommended to use the passwd command as ec2-user, to ensure password expiration rules are enforced.
Run the command "sudo su -" to become root.
Run "sudoedit" to edit the /etc/sudoers file.
Find the lines that contain "NOPASSWD: ALL" within this file
Remove the keyword "NOPASSWD" and the trailing colon
Save the file (the vi command "ZZ" will do this)
DO NOT LEAVE YOUR ROOT SESSION.
Open a new terminal window, and login to your server as ec2-user
Try running "sudo su -"
Confirm that you are prompted for your password.
Once these steps are completed, your system will be compliant with V-71949.