0
0
AWScloud~5 mins

Key pairs for SSH access in AWS - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
When you want to securely connect to a remote server, you need a way to prove who you are without using a password. Key pairs help by using a secret key on your computer and a matching public key on the server to allow safe access.
When you launch a new virtual server in the cloud and want to connect to it securely.
When you want to avoid using passwords for logging into your cloud servers.
When you need to share access to a server without sharing your private key.
When you want to automate secure connections to your cloud servers.
When you want to manage access keys centrally in your cloud environment.
Commands
This command creates a new SSH key pair named 'my-ssh-key' in AWS and saves the private key to a file called 'my-ssh-key.pem' on your computer. The private key is needed to connect to your server.
Terminal
aws ec2 create-key-pair --key-name my-ssh-key --query 'KeyMaterial' --output text > my-ssh-key.pem
Expected OutputExpected
No output (command runs silently)
--key-name - Sets the name of the key pair in AWS.
--query - Extracts only the private key material from the output.
--output - Formats the output as plain text for saving.
This command changes the file permissions of your private key so that only you can read it. This is important for security and SSH will refuse to use the key if permissions are too open.
Terminal
chmod 400 my-ssh-key.pem
Expected OutputExpected
No output (command runs silently)
This command checks that your key pair named 'my-ssh-key' exists in AWS. It helps confirm that the key pair was created successfully.
Terminal
aws ec2 describe-key-pairs --key-names my-ssh-key
Expected OutputExpected
{ "KeyPairs": [ { "KeyName": "my-ssh-key", "KeyPairId": "key-0abcd1234efgh5678", "KeyFingerprint": "1a:2b:3c:4d:5e:6f:7g:8h:9i:0j:kl:mn:op:qr:st:uv" } ] }
--key-names - Specifies the name of the key pair to describe.
This command uses your private key file to securely connect to your AWS server as the user 'ec2-user'. Replace the hostname with your server's public DNS name.
Terminal
ssh -i my-ssh-key.pem ec2-user@ec2-3-123-45-67.compute-1.amazonaws.com
Expected OutputExpected
Last login: Tue Jun 6 12:34:56 2024 from 203.0.113.25 [ec2-user@ip-172-31-0-1 ~]$
-i - Specifies the private key file to use for authentication.
Key Concept

If you remember nothing else from this pattern, remember: the private key stays on your computer and the public key is stored on the server to allow secure, password-free login.

Common Mistakes
Not setting the private key file permissions to 400.
SSH refuses to use private keys that are accessible by others for security reasons.
Always run 'chmod 400 my-ssh-key.pem' to restrict access to your private key.
Trying to connect with the wrong username or server address.
The SSH connection will fail if the username or server hostname is incorrect.
Use the correct username (like 'ec2-user' for Amazon Linux) and the server's public DNS or IP address.
Sharing the private key file with others.
Anyone with your private key can access your servers, risking security breaches.
Keep your private key secret and share only the public key if needed.
Summary
Create a key pair in AWS and save the private key file locally.
Set strict permissions on the private key file to keep it secure.
Verify the key pair exists in AWS before using it.
Use the private key file to SSH into your cloud server securely.