Generate New Key Pair For Ec2 Instance
Php key generation and authentication class nulled. Security can be easily overlooked when building a product, especially when working with an outsourced engineering team. You want to trust them, so you give them access to your servers. But then you discover fraudulent activity, and, well, you start to panic.
In hindsight, you realize you never should have shared your Secure Shell (SSH) key, instead storing it in a vault with restricted user access. If, however, someone has a private SSH key to your Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance and you’re worried about a malicious attack, you have two options to revoke their access:
- Select Choose an Existing Key Pair in the first field. Select MyKeyPair in the second field. Select the check box to acknowledge that you have access to the private key and then click Launch Instances. AWS starts your EC2 instance. A dialog box provides additional information about your instance.
- Is it possible to generate a new SSH key pair for an existing instance? What are the steps to generate a new SSH key pair for an existing instance (without stoping or deleting the existing instance) if that is possible.
- Create a new key pair and save the private key file. You can create a key pair using the console, AWS Command Line Interface (AWS CLI), or AWS Tools for Windows PowerShell. For more information, see Creating a Key Pair Using Amazon EC2. Note: To give the new key pair the same name as the lost key pair, you must first delete the lost key pair.
- Sometimes we get the requirement to change the key-pair for some security reasons. In this article, we will be changing the key pair of running EC2 instances. Create a new key pair from AWS Console. Generate Public key from newly created key pair ( Private Key ).
Instead of using Amazon EC2 to create your key pair, you can create an RSA key pair using a third-party tool and then import the public key to Amazon EC2. For example, you can use ssh-keygen (a tool provided with the standard OpenSSH installation) to create a key pair.
- Create a new key-pair in the AWS console and boot up a new instance (assuming the attacker is removed from IAM users). This requires configuring the instance, which can be time-consuming — especially when you have several of them.
- Replace the public key in ~/.ssh/authorized_keys on your existing instance so the attacker can no longer unlock it with their private key.
Here’s a summary of how to replace the keys mentioned in option No. 2 above:
(For more, DigitalOcean has a great tutorial on setting up SSH keys.)
- On your local machine in the terminal, generate a new key pair:
ssh-keygen -t rsa
- When prompted to save the file, hit Enter for the default location or choose your own path.
- When prompted for a passphrase, you can leave the field empty. Although it does not hurt to have more security, if the key pair is used elsewhere for CI or automation, you will need to leave the passphrase empty — machines cannot guess passphrases.
- Copy the public key you just saved on your machine to your EC2 authorized keys file:
cat ~/.ssh/id_rsa.pub ssh user@123.45.56.78 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys
where ~/.ssh/id_rsa.pub is the new key on your machine and user@123.45.56.78 is the username and IP address of your EC2 instance. - At this point, your new public key should be on your EC2 instance in the authorized_keys file, and all you have to do is remove the old one. Make sure you can SSH into your EC2 instance with the new key first.
- Once you’re in, you can remove the old key using
vim ~/.ssh/authorized_keys
Just go to the line with the old key and remove it:dd
Note: If you tried editing the file and didn’t save it, or the connection was interrupted, an .authorized_keys.swp file will be created, and the next time you try to edit your authorized_keys, you will get a nasty message. Just delete the .swp file, and you should be good to edit. - Save the file.
Make sure to update the key if you’re using it elsewhere, like on a continuous integration (CI) server. Otherwise you’ll be scratching your head when none of your builds are working.
In AWS, when you launch any EC2 Linux instance, you should select a key pair for that particular instance.
AWS key pair will be in the standard private key format with .pem file extension
But if you are using PuTTY on your Windows laptop to login to AWS instance, you have a problem.
PuTTY doesn’t support PEM format. PuTTY understands only it’s own PPK format.
PPK stands for Putty Private Key.
So, you should convert your .pem file to .ppk file.
For this conversion, putty provides a tool called PuTTYgen.
1. Download AWS PEM file
In AWS, when you first create a key pair file, that you want to use for your EC2 instances, AWS will allow you to download the PEM file to your local machine. Save this PEM file somewhere on your machine.
In this example, the .pem file I have is called thegeekstuff.pem, which is under C drive.
We’ll be converting this thegeekstuff.pem file to thegeekstuff.ppk and use the .ppk to login to EC2 instance using PuTTY.
BTW, the steps to convert pem to ppk for putty is exactly the same for all the Linux AMI images, including CentOS, RedHat, Ubuntu, SuSE, Fedora, Amazon Linux, etc.
2. Download PuTTYGen
Download PuTTYgen from here.
If you’ve used the PuTTY MSI installer, then all the PuTTY utilities comes with it including puttygen.
If you are already using only putty.exe as a standalone, then you can also download the standalone puttygen.exe
Launch PuTTYgen by double clicking on it.
PuTTYGen is a RSA and DSA key generation utility. But, in our case, we’ll be using this to convert the pem to ppk file.
The main PuTTYGen screen will have the following three sections:
Key Section: This will display the current key that is loaded. i.e The key that you are currently working on. When you first launch the puttygen, this section will say “No Key”.
Actions Section: This section will display all the possible actions that you can perform inside PuTTYGen. The following are the available actions:
- Generate – This will let you generate a brand new public/private key pair
- Load – If you already have an existing private key, you can use that by loading it here
- Save – Once you’ve generated a new key, or loaded an existing key, you can save either the public-key or the private-key to your local machine. Initially the save buttons will be disabled, as we have not loaded a key yet.
Parameters Section: Here you’ll specify the type of key to generate. You have three options here: SSH-1 (RSA), SSH-2 (RSA), SSH-2 DSA. You can also set the value of number of bits for the generated key. By default the type will be SSH-2 (RSA) and 2048-bit.
For our purpose of converting PEM to PPK, leave all the parameters at their default value. i.e SSH-2 (RSA) and 2048 bit.
See also: 10 Awesome PuTTY Tips and Tricks You Probably Didn’t Know
Generate New Key Pair For Ec2 Instance 2017
3. Load PEM file to PuTTYGen for Conversion
Add Public Key To Ec2
In the following PuTTYGen main screen, click on “Load” button, and select your AWS PEM file.
Ec2 Generate New Key Pair
Please note that when you click on “Load”, in the file selection window, by default, it will show “PuTTY Private Key Files (*.ppk)” as the option. Click on this drop-down list and choose “All Files” as shown below. After this, you can browser to the directory where you *.pem file is located, and load it.
Once the *.pem file is loaded, you’ll get a pop-up message saying “Successfully imported foreign key (OpenSSH SSH-2 private key)”. Click on “OK” in this screen.
4. Save your Converted PPK Private Key
Now that we have the keys loaded, you’ll see in the top “Key” section, our key information will be displayed. This will display the key fingerprint, key comment. The key passphrase in this case will be empty, as we didn’t have any passphrase for our AWS PEM file in this example.
Also, in the action section, we’ll see the save button enabled.
Download now the serial number for Warcraft The Frozen Throne CD Key Works 100%. All serial numbers are genuine and you can find more results in our database for Warcraft software. Updates are issued periodically and new results might be added for this applications from our community. Frozen throne cd key generator. Nov 02, 2007 Warcraft 3 + The Frozen Throne CD Keys Not sure which forum to put this, sorry if it's the wrong one. The Frozen Throne cd key both 10euro. By Ownedcore in forum General MMO Buy Sell Trade Replies: 0 Last Post:, 10:54 AM Trading Warcraft 3 The Frozen Throne CD key for a Diablo 2 Classic CD key. By Miyagism in forum General.
Click on the “Save Private Key” button, to save our converted ppk private key.
This will display a warning message saying: “Are you sure you want to save this key without a passphrase to protect it?”. Click on “YES”.
Now, give a name to this file. In our case, I’ve named this converted file as thegeekstuff.ppk
5. Use the PPK File in PuTTY
Now, that we have the thegeekstuff.pem AWS PEM file converted to thegeekstuff.ppk PuTTY key file, we can use this to login to our AWS EC2 instance.
For this, launch the putty, and do the following:
First, in the “Host Name (or IP address)” field, enter the public-dns or ip of your AWS EC2 instance.
Second, in the “Saved Sessions” field, enter the name that you would like to give for this AWS-EC2-instance on your putty, and click on “Save” to save this sessions in your putty list.
Third, on the left-hand side panel, expand the “Connections” -> expand “SSH” -> select “Auth”. Click on “Browse”, and select your converted ppk file for the “Private key file for authentication” as shown below.
Fourth, at this stage you can click on “Open” to start the connection, but you’ll lose the values that you just entered. So, on the left-panel click on “Sessions” again, and click on “Save” again. This will save the information about the private key that you provided to the putty-session that you saved earlier.
6. PEM and PPK File Formats
Once you’ve converted the file, you can view the content of PEM and PPK file in a text editor, and you’ll see that the content looks different, as they are of different formats.
PEM Key File from Aamazon EC2 (e.g: thegeekstuff.pem)
The PPK file format (e.g: thegeekstuff.pem). This is the file that we converted using PuTTYGen tool. This is the keyfile format that will work on your PuTTY to login to your Amazon AWS EC2 Linux instance using SSH protocol as shown above.
If you enjoyed this article, you might also like.
Next post: 8 PostgreSQL Examples to Install, Create DB & Table, Insert & Select Records
Previous post: 8 Steps to Install MirthConnect with MySQL / MariaDB on Linux