Generate New Key Pair For Ec2 Instance

Security can be easily overlooked when building a product, especially when working with an outsourced engineering team. You want to trust them, so you give them access to your servers. But then you discover fraudulent activity, and, well, you start to panic.

Key

In hindsight, you realize you never should have shared your Secure Shell (SSH) key, instead storing it in a vault with restricted user access. If, however, someone has a private SSH key to your Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance and you’re worried about a malicious attack, you have two options to revoke their access:

Select create a new key pair and set a name for it. Click the download button to save it in your local machine. Click the Launch button to start provision the instance. On the bottom right corner, you can see a button to view the instance, click on it to view the instance. It may take a few minutes to complete the instance initialization.

  • Mar 31, 2017  In this Recreate a lost Private Key process what I did have I created a new public-private key pair by generating one locally then uploading the key pair to AWS. In that way when I create a new EC2 instance I can assign the key pair I just created and access the boxes via SSH.
  • Jul 21, 2017 The key pair that you create is specific to that region. If you change the AWS region, you have to create another key pair for that new region. Create key pair. In the left navigation pane of EC2 console, choose the key pair under NETWORK & SECURITY. Click Create Key Pair button. Enter the key pair name of your choice.
  • It’s necessary to have a key pair on Amazon EC2 in order to access the instances we run. Here we talk about how to create these key pairs. For these examples, we will need the AWS CLI or ec2-api-tools. A key pair is just an SSH key pair that we have registered with AWS, and it is necessary to have them even when running Microsoft Windows instances.
  • Generate a New Private Key Login to the AWS EC2 console and select Key Pairs in the left sidebar On the next page, click the Create Key Pair button Give the new key a name, then click the create.
  1. Create a new key-pair in the AWS console and boot up a new instance (assuming the attacker is removed from IAM users). This requires configuring the instance, which can be time-consuming — especially when you have several of them.
  2. Replace the public key in ~/.ssh/authorized_keys on your existing instance so the attacker can no longer unlock it with their private key.

Here’s a summary of how to replace the keys mentioned in option No. 2 above:

(For more, DigitalOcean has a great tutorial on setting up SSH keys.)

Generate New Key Pair For Ec2 Instance 2017

  1. On your local machine in the terminal, generate a new key pair: ssh-keygen -t rsa
  2. When prompted to save the file, hit Enter for the default location or choose your own path.
  3. When prompted for a passphrase, you can leave the field empty. Although it does not hurt to have more security, if the key pair is used elsewhere for CI or automation, you will need to leave the passphrase empty — machines cannot guess passphrases.
  4. Copy the public key you just saved on your machine to your EC2 authorized keys file:
    cat ~/.ssh/id_rsa.pub ssh user@123.45.56.78 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys where ~/.ssh/id_rsa.pub is the new key on your machine and user@123.45.56.78 is the username and IP address of your EC2 instance.
  5. At this point, your new public key should be on your EC2 instance in the authorized_keys file, and all you have to do is remove the old one. Make sure you can SSH into your EC2 instance with the new key first.
  6. Once you’re in, you can remove the old key using vim ~/.ssh/authorized_keys Just go to the line with the old key and remove it: dd Note: If you tried editing the file and didn’t save it, or the connection was interrupted, an .authorized_keys.swp file will be created, and the next time you try to edit your authorized_keys, you will get a nasty message. Just delete the .swp file, and you should be good to edit.
  7. Save the file.

Make sure to update the key if you’re using it elsewhere, like on a continuous integration (CI) server. Otherwise you’ll be scratching your head when none of your builds are working.

In AWS, when you launch any EC2 Linux instance, you should select a key pair for that particular instance.

AWS key pair will be in the standard private key format with .pem file extension

But if you are using PuTTY on your Windows laptop to login to AWS instance, you have a problem.

PuTTY doesn’t support PEM format. PuTTY understands only it’s own PPK format.

Aws Create Ssh Key Pair

PPK stands for Putty Private Key.
So, you should convert your .pem file to .ppk file.

For this conversion, putty provides a tool called PuTTYgen.

1. Download AWS PEM file

In AWS, when you first create a key pair file, that you want to use for your EC2 instances, AWS will allow you to download the PEM file to your local machine. Save this PEM file somewhere on your machine.

In this example, the .pem file I have is called thegeekstuff.pem, which is under C drive.

We’ll be converting this thegeekstuff.pem file to thegeekstuff.ppk and use the .ppk to login to EC2 instance using PuTTY.

BTW, the steps to convert pem to ppk for putty is exactly the same for all the Linux AMI images, including CentOS, RedHat, Ubuntu, SuSE, Fedora, Amazon Linux, etc.

Add Public Key To Ec2

2. Download PuTTYGen

Download PuTTYgen from here.

If you’ve used the PuTTY MSI installer, then all the PuTTY utilities comes with it including puttygen.

This software product allows not only to optimize the computer. System mechanic.

If you are already using only putty.exe as a standalone, then you can also download the standalone puttygen.exe

Launch PuTTYgen by double clicking on it.

PuTTYGen is a RSA and DSA key generation utility. But, in our case, we’ll be using this to convert the pem to ppk file.

The main PuTTYGen screen will have the following three sections:

Key Section: This will display the current key that is loaded. i.e The key that you are currently working on. When you first launch the puttygen, this section will say “No Key”.

Actions Section: This section will display all the possible actions that you can perform inside PuTTYGen. The following are the available actions:

  1. Generate – This will let you generate a brand new public/private key pair
  2. Load – If you already have an existing private key, you can use that by loading it here
  3. Save – Once you’ve generated a new key, or loaded an existing key, you can save either the public-key or the private-key to your local machine. Initially the save buttons will be disabled, as we have not loaded a key yet.

Parameters Section: Here you’ll specify the type of key to generate. You have three options here: SSH-1 (RSA), SSH-2 (RSA), SSH-2 DSA. You can also set the value of number of bits for the generated key. By default the type will be SSH-2 (RSA) and 2048-bit.

For our purpose of converting PEM to PPK, leave all the parameters at their default value. i.e SSH-2 (RSA) and 2048 bit.

See also: 10 Awesome PuTTY Tips and Tricks You Probably Didn’t Know

3. Load PEM file to PuTTYGen for Conversion

In the following PuTTYGen main screen, click on “Load” button, and select your AWS PEM file.

Please note that when you click on “Load”, in the file selection window, by default, it will show “PuTTY Private Key Files (*.ppk)” as the option. Click on this drop-down list and choose “All Files” as shown below. After this, you can browser to the directory where you *.pem file is located, and load it.

Once the *.pem file is loaded, you’ll get a pop-up message saying “Successfully imported foreign key (OpenSSH SSH-2 private key)”. Click on “OK” in this screen.

4. Save your Converted PPK Private Key

Now that we have the keys loaded, you’ll see in the top “Key” section, our key information will be displayed. This will display the key fingerprint, key comment. The key passphrase in this case will be empty, as we didn’t have any passphrase for our AWS PEM file in this example.

Also, in the action section, we’ll see the save button enabled.

Generate New Key Pair For Ec2 Instance List

Click on the “Save Private Key” button, to save our converted ppk private key.

This will display a warning message saying: “Are you sure you want to save this key without a passphrase to protect it?”. Click on “YES”.

Now, give a name to this file. In our case, I’ve named this converted file as thegeekstuff.ppk

5. Use the PPK File in PuTTY

Now, that we have the thegeekstuff.pem AWS PEM file converted to thegeekstuff.ppk PuTTY key file, we can use this to login to our AWS EC2 instance.

For this, launch the putty, and do the following:

First, in the “Host Name (or IP address)” field, enter the public-dns or ip of your AWS EC2 instance.

Second, in the “Saved Sessions” field, enter the name that you would like to give for this AWS-EC2-instance on your putty, and click on “Save” to save this sessions in your putty list.

Third, on the left-hand side panel, expand the “Connections” -> expand “SSH” -> select “Auth”. Click on “Browse”, and select your converted ppk file for the “Private key file for authentication” as shown below.

Fourth, at this stage you can click on “Open” to start the connection, but you’ll lose the values that you just entered. So, on the left-panel click on “Sessions” again, and click on “Save” again. This will save the information about the private key that you provided to the putty-session that you saved earlier.

6. PEM and PPK File Formats

Once you’ve converted the file, you can view the content of PEM and PPK file in a text editor, and you’ll see that the content looks different, as they are of different formats.

PEM Key File from Aamazon EC2 (e.g: thegeekstuff.pem)

The PPK file format (e.g: thegeekstuff.pem). This is the file that we converted using PuTTYGen tool. This is the keyfile format that will work on your PuTTY to login to your Amazon AWS EC2 Linux instance using SSH protocol as shown above.

> Add your comment

If you enjoyed this article, you might also like.



Next post: 8 PostgreSQL Examples to Install, Create DB & Table, Insert & Select Records

Previous post: 8 Steps to Install MirthConnect with MySQL / MariaDB on Linux

Comments are closed.