- Aws Key Pair Import
- Generate Key Pair Linux From Pem For Aws Server
- Generate Key Pair Linux From Pem For Aws Mac
- Generate Key Pair Linux From Pem For Aws Free
- Generate Key Pair Linux From Pem For Aws Account
May 12, 2017 DOWNLOAD YOUR EC2 KEY PAIR FILE. If you have not already downloaded (or cannot locate) your key pair (i.e mykeypair.pem) you will need to create a new EC2 instance and download a new one. A key pair consists of a public key that AWS stores and a private key file that you store (downloaded as PEM file).
[ aws . ec2 ]
In this article, we take a look at how to create an Amazon AWS Key Pair that will be used to secure SSH access to a Linux EC2 instance. This tutorial will cover creating the AWS Key Pair, at which stage you can then use it for any newly created Linux EC2 instances. AWS doesn’t allow to connect to the EC2 Linux Instance directly using.pem file. You need to convert the.pem key pair file to.ppk format so that it can be used with PuTTY. You need to generate a.ppk file using the free Puttygen tool from the.pem key pair file of respective Linux machine instance.
Description¶
Creates a 2048-bit RSA key pair with the specified name. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If a key with the specified name already exists, Amazon EC2 returns an error.
You can have up to five thousand key pairs per Region.
The key pair returned to you is available only in the Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair .
For more information, see Key Pairs in the Amazon Elastic Compute Cloud User Guide .
See also: AWS API Documentation
See 'aws help' for descriptions of global parameters.
Synopsis¶
Options¶
--key-name (string)
A unique name for the key pair.
Constraints: Up to 255 ASCII characters
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
--tag-specifications (list)
Shorthand Syntax:
JSON Syntax:
--cli-input-json (string)Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.
--generate-cli-skeleton (string)Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.
See 'aws help' for descriptions of global parameters.
Examples¶
To create a key pair
This example creates a key pair named MyKeyPair.
Command:
The output is an ASCII version of the private key and key fingerprint. You need to save the key to a file.
For more information, see Using Key Pairs in the AWS Command Line Interface User Guide.
Output¶
KeyFingerprint -> (string)
KeyMaterial -> (string)
An unencrypted PEM encoded RSA private key.
KeyName -> (string)
KeyPairId -> (string)
Aws Key Pair Import
The ID of the key pair.
Tags -> (list)
Any tags applied to the key pair.
(structure)
Describes a tag.
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .
Value -> (string)
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.
I want to add new user accounts that can connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using SSH. How do I do that?
Short Description
Every Amazon EC2 Linux instance launches with a default system user account with administrative access to the instance. If multiple users require access to the instance, it's a security best practice to use separate accounts for each user.
You can expedite these steps by using cloud-init and user data. For more information, see How can I give a user permissions to connect to my EC2 Linux instance using SSH?
Resolution
Create a key pair for the new user account
- Create a key pair, or use an existing one, for the new user.
- If you create your own key pair using the command line, follow the recommendations at create-key-pair or New-EC2KeyPair Cmdlet for key type and bit length.
- If you create your own key pair using a third-party tool, be sure that your key matches the guidelines at Importing Your Own Public Key to Amazon EC2.
Add a new user to the EC2 Linux instance
1. Connect to your Linux instance using SSH.
2. Use the adduser command to add a new user account to an EC2 instance (replace new_user with the new account name). The following example creates an associated group, home directory, and an entry in the /etc/passwd file of the instance:
Note: If you add the new_user to an Ubuntu instance, include the --disabled-password option to avoid adding a password to the new account:
3. Change the security context to the new_user account so that folders and files you create have the correct permissions:
Note: When you run the sudo su - new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of your shell session.
4. Create a .ssh directory in the new_user home directory:
5. Use the chmod command to change the .ssh directory's permissions to 700. Changing the permissions restricts access so that only the new_user can read, write, or open the .ssh directory.
6. Use the touch command to create the authorized_keys file in the .ssh directory:
7. Use the chmod command to change the .ssh/authorized_keys file permissions to 600. Changing the file permissions restricts read or write access to the new_user.
Retrieve the public key for your key pair
Retrieve the public key for your key pair using the method that applies to your configuration:
Verify your key pair's fingerprint
After you import your own public key or retrieve the public key for your key pair, follow the steps at Verifying Your Key Pair's Fingerprint.
Update and verify the new user account credentials
After you retrieve the public key, use the command shell session that is running under the context of the new user account to confirm that you have permission to add the public key to the .ssh/authorized_keys file for this account:
1. Run the Linux cat command in append mode:
2. Paste the public key into the .ssh/authorized_keys file and then press Enter.
Note: For most Linux command line interfaces, the Ctrl+Shift+V key combination pastes the contents of the clipboard into the command line window. For the PuTTY command line interface, right-click to paste the contents of the clipboard into the PuTTY command line window.
3. Press and hold Ctrl+d to exit cat and return to the command line session prompt.
(Optional) Allow the new user to use sudo
Note: If you don't want to allow the new user to use sudo, proceed to Verify that the new user can use SSH to connect to the EC2 instance.
1. Use the passwd command to create a password for the new user:
Note: You're prompted to reenter the password. Enter the password a second time to confirm it.
Generate Key Pair Linux From Pem For Aws Server
2. Add the new user to the correct group.
For Amazon Linux, Amazon Linux 2, RHEL, and CentOS:
Use the usermod command to add the user to the wheel group.
For Ubuntu:
Use the usermod command to add the user to the sudo group.
Verify that the new user can use SSH to connect to the EC2 instance
Generate Key Pair Linux From Pem For Aws Mac
1. Verify that you can connect to your EC2 instance when using ssh as the new_user by running the following command from a command line prompt on your local computer:
To connect to your EC2 Linux instance using SSH from Windows, follow the steps at Connecting to Your Linux Instance from Windows Using PuTTY.
2. After you connect to your instance as the new_user by using SSH, run the id command from the EC2 instance command line to view the user and group information created for the new_user account:
The id command returns information similar to the following:
3. Distribute the private key file to your new user.
Related Information
Anything we could improve?
Need more help?
Generate Key Pair Linux From Pem For Aws Free
Related Videos
Generate Key Pair Linux From Pem For Aws Account
Joel shows you how to manage user accounts on your Amazon EC2 Linux instance (5:47)