- Generate Key Pair In Aws System
- How To Use Amazon Keywords
- Terraform Generate Key Pair Aws
- Generate Key Pair In Aws Software
In AWS, when you launch any EC2 Linux instance, you should select a key pair for that particular instance.
AWS key pair will be in the standard private key format with .pem file extension
But if you are using PuTTY on your Windows laptop to login to AWS instance, you have a problem.
PuTTY doesn’t support PEM format. PuTTY understands only it’s own PPK format.
Jul 21, 2017 The key pair that you create is specific to that region. If you change the AWS region, you have to create another key pair for that new region. Create key pair. In the left navigation pane of EC2 console, choose the key pair under NETWORK & SECURITY. Click Create Key Pair button. Enter the key pair name of your choice. Jul 02, 2019 Terraform Module to Automatically Generate SSH Key Pairs (Public/Private Keys) - cloudposse/terraform-aws-key-pair.
PPK stands for Putty Private Key.
So, you should convert your .pem file to .ppk file.
For this conversion, putty provides a tool called PuTTYgen.
1. Download AWS PEM file
In AWS, when you first create a key pair file, that you want to use for your EC2 instances, AWS will allow you to download the PEM file to your local machine. Save this PEM file somewhere on your machine.
In this example, the .pem file I have is called thegeekstuff.pem, which is under C drive.
We’ll be converting this thegeekstuff.pem file to thegeekstuff.ppk and use the .ppk to login to EC2 instance using PuTTY.
BTW, the steps to convert pem to ppk for putty is exactly the same for all the Linux AMI images, including CentOS, RedHat, Ubuntu, SuSE, Fedora, Amazon Linux, etc.
2. Download PuTTYGen
Download PuTTYgen from here.
Generate Key Pair In Aws System
If you’ve used the PuTTY MSI installer, then all the PuTTY utilities comes with it including puttygen.
If you are already using only putty.exe as a standalone, then you can also download the standalone puttygen.exe
Launch PuTTYgen by double clicking on it.
PuTTYGen is a RSA and DSA key generation utility. But, in our case, we’ll be using this to convert the pem to ppk file.
The main PuTTYGen screen will have the following three sections:
Key Section: This will display the current key that is loaded. i.e The key that you are currently working on. When you first launch the puttygen, this section will say “No Key”.
Actions Section: This section will display all the possible actions that you can perform inside PuTTYGen. The following are the available actions:
- Generate – This will let you generate a brand new public/private key pair
- Load – If you already have an existing private key, you can use that by loading it here
- Save – Once you’ve generated a new key, or loaded an existing key, you can save either the public-key or the private-key to your local machine. Initially the save buttons will be disabled, as we have not loaded a key yet.
Parameters Section: Here you’ll specify the type of key to generate. You have three options here: SSH-1 (RSA), SSH-2 (RSA), SSH-2 DSA. You can also set the value of number of bits for the generated key. By default the type will be SSH-2 (RSA) and 2048-bit.
For our purpose of converting PEM to PPK, leave all the parameters at their default value. i.e SSH-2 (RSA) and 2048 bit.
See also: 10 Awesome PuTTY Tips and Tricks You Probably Didn’t Know
How To Use Amazon Keywords
3. Load PEM file to PuTTYGen for Conversion
In the following PuTTYGen main screen, click on “Load” button, and select your AWS PEM file.
Please note that when you click on “Load”, in the file selection window, by default, it will show “PuTTY Private Key Files (*.ppk)” as the option. Click on this drop-down list and choose “All Files” as shown below. After this, you can browser to the directory where you *.pem file is located, and load it.
Once the *.pem file is loaded, you’ll get a pop-up message saying “Successfully imported foreign key (OpenSSH SSH-2 private key)”. Click on “OK” in this screen.
4. Save your Converted PPK Private Key
Now that we have the keys loaded, you’ll see in the top “Key” section, our key information will be displayed. This will display the key fingerprint, key comment. The key passphrase in this case will be empty, as we didn’t have any passphrase for our AWS PEM file in this example.
Also, in the action section, we’ll see the save button enabled.
Click on the “Save Private Key” button, to save our converted ppk private key.
This will display a warning message saying: “Are you sure you want to save this key without a passphrase to protect it?”. Click on “YES”.
Now, give a name to this file. In our case, I’ve named this converted file as thegeekstuff.ppk
5. Use the PPK File in PuTTY
Now, that we have the thegeekstuff.pem AWS PEM file converted to thegeekstuff.ppk PuTTY key file, we can use this to login to our AWS EC2 instance.
For this, launch the putty, and do the following:
First, in the “Host Name (or IP address)” field, enter the public-dns or ip of your AWS EC2 instance.
Second, in the “Saved Sessions” field, enter the name that you would like to give for this AWS-EC2-instance on your putty, and click on “Save” to save this sessions in your putty list.
Third, on the left-hand side panel, expand the “Connections” -> expand “SSH” -> select “Auth”. Click on “Browse”, and select your converted ppk file for the “Private key file for authentication” as shown below.
Fourth, at this stage you can click on “Open” to start the connection, but you’ll lose the values that you just entered. So, on the left-panel click on “Sessions” again, and click on “Save” again. This will save the information about the private key that you provided to the putty-session that you saved earlier.
6. PEM and PPK File Formats
Once you’ve converted the file, you can view the content of PEM and PPK file in a text editor, and you’ll see that the content looks different, as they are of different formats.
PEM Key File from Aamazon EC2 (e.g: thegeekstuff.pem)
The PPK file format (e.g: thegeekstuff.pem). This is the file that we converted using PuTTYGen tool. This is the keyfile format that will work on your PuTTY to login to your Amazon AWS EC2 Linux instance using SSH protocol as shown above.
If you enjoyed this article, you might also like..
Terraform Generate Key Pair Aws
Next post: 8 PostgreSQL Examples to Install, Create DB & Table, Insert & Select Records
Previous post: 8 Steps to Install MirthConnect with MySQL / MariaDB on Linux
Security can be easily overlooked when building a product, especially when working with an outsourced engineering team. You want to trust them, so you give them access to your servers. But then you discover fraudulent activity, and, well, you start to panic.
In hindsight, you realize you never should have shared your Secure Shell (SSH) key, instead storing it in a vault with restricted user access. If, however, someone has a private SSH key to your Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance and you’re worried about a malicious attack, you have two options to revoke their access:
- Create a new key-pair in the AWS console and boot up a new instance (assuming the attacker is removed from IAM users). This requires configuring the instance, which can be time-consuming — especially when you have several of them.
- Replace the public key in ~/.ssh/authorized_keys on your existing instance so the attacker can no longer unlock it with their private key.
Generate Key Pair In Aws Software
Here’s a summary of how to replace the keys mentioned in option No. 2 above:
(For more, DigitalOcean has a great tutorial on setting up SSH keys.)
- On your local machine in the terminal, generate a new key pair:
ssh-keygen -t rsa
- When prompted to save the file, hit Enter for the default location or choose your own path.
- When prompted for a passphrase, you can leave the field empty. Although it does not hurt to have more security, if the key pair is used elsewhere for CI or automation, you will need to leave the passphrase empty — machines cannot guess passphrases.
- Copy the public key you just saved on your machine to your EC2 authorized keys file:
cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys
where ~/.ssh/id_rsa.pub is the new key on your machine and user@123.45.56.78 is the username and IP address of your EC2 instance. - At this point, your new public key should be on your EC2 instance in the authorized_keys file, and all you have to do is remove the old one. Make sure you can SSH into your EC2 instance with the new key first.
- Once you’re in, you can remove the old key using
vim ~/.ssh/authorized_keys
Just go to the line with the old key and remove it:dd
Note: If you tried editing the file and didn’t save it, or the connection was interrupted, an .authorized_keys.swp file will be created, and the next time you try to edit your authorized_keys, you will get a nasty message. Just delete the .swp file, and you should be good to edit. - Save the file.
Make sure to update the key if you’re using it elsewhere, like on a continuous integration (CI) server. Otherwise you’ll be scratching your head when none of your builds are working.