Bird
Raised Fist0
AWScloud~20 mins

Key pairs for SSH access in AWS - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
SSH Key Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
What is the primary purpose of an AWS key pair?

In AWS, what is the main reason you create a key pair?

ATo manage user permissions in IAM
BTo configure network routing tables
CTo securely connect to EC2 instances via SSH
DTo encrypt data stored in S3 buckets
Attempts:
2 left
💡 Hint

Think about how you access a virtual server securely.

Configuration
intermediate
2:00remaining
Which AWS CLI command creates a new key pair and saves the private key locally?

You want to create a new key pair named my-key and save the private key to a file. Which AWS CLI command should you use?

Aaws ec2 create-key-pair --key-name my-key --query 'KeyMaterial' --output text > my-key.pem
Baws ec2 create-key --name my-key --output json > my-key.pem
Caws ec2 generate-key-pair --name my-key > my-key.pem
Daws ec2 new-key-pair --key-name my-key --save my-key.pem
Attempts:
2 left
💡 Hint

Look for the official AWS CLI command to create key pairs and how to extract the private key.

Architecture
advanced
2:30remaining
How to securely manage SSH access to multiple EC2 instances in a production environment?

You have many EC2 instances and want to manage SSH access securely and efficiently. Which approach is best?

ADisable SSH access and rely only on HTTP connections
BUse AWS Systems Manager Session Manager to connect without SSH keys
CCreate a unique key pair for each instance and distribute private keys to users
DUse a single key pair for all instances and share the private key with all users
Attempts:
2 left
💡 Hint

Consider AWS services that allow secure access without managing SSH keys.

security
advanced
2:00remaining
What happens if you lose the private key of an AWS key pair used for EC2 access?

You lost the private key file (.pem) for an EC2 instance's key pair. What is the impact and best recovery method?

AYou can reset the key pair directly from the EC2 instance settings
BYou can download the private key again from AWS console anytime
CAWS automatically regenerates the private key and emails it to you
DYou lose SSH access; best practice is to create a new key pair and update the instance's authorized keys
Attempts:
2 left
💡 Hint

Think about AWS security design and private key handling.

service_behavior
expert
2:30remaining
What is the behavior when you delete an AWS key pair that is associated with running EC2 instances?

You delete a key pair in AWS that is currently associated with several running EC2 instances. What happens to SSH access on those instances?

ANothing changes; instances keep the public key and allow SSH access
BSSH access is immediately revoked and connections fail
CExisting SSH sessions remain, but new SSH connections using that key fail
DAWS automatically replaces the deleted key pair on instances with a new one
Attempts:
2 left
💡 Hint

Consider how AWS stores public keys on instances and the effect of deleting key pairs in the console.

Practice

(1/5)
1. What is the main purpose of a key pair in AWS for SSH access?
easy
A. To store server data securely
B. To securely connect to a server without using a password
C. To create a backup of the server
D. To monitor server performance

Solution

  1. Step 1: Understand SSH access

    SSH uses keys to allow secure login without passwords.

  2. Step 2: Role of key pairs in AWS

    A key pair provides a private key for the user and a public key for the server to verify identity.

  3. Final Answer:

    To securely connect to a server without using a password -> Option B

  4. Quick Check:

    Key pairs enable passwordless secure login [OK]
Hint: Key pairs replace passwords for secure server login [OK]
Common Mistakes:
  • Thinking key pairs store server data
  • Confusing key pairs with backups
  • Assuming key pairs monitor performance
2. Which AWS CLI command correctly creates a new key pair named MyKey and saves the private key to a file?
easy
A. aws ec2 create-key-pair --key-name MyKey --query 'KeyMaterial' --output text > MyKey.pem
B. aws ec2 create-key-pair MyKey > MyKey.pem
C. aws ec2 generate-key-pair --name MyKey > MyKey.pem
D. aws ec2 new-key --key-name MyKey > MyKey.pem

Solution

  1. Step 1: Identify correct AWS CLI syntax

    The correct command uses create-key-pair with --key-name and outputs the private key material.

  2. Step 2: Confirm output redirection

    The private key is saved by redirecting the output to a file with > MyKey.pem.

  3. Final Answer:

    aws ec2 create-key-pair --key-name MyKey --query 'KeyMaterial' --output text > MyKey.pem -> Option A

  4. Quick Check:

    Correct AWS CLI syntax for key pair creation [OK]
Hint: Use create-key-pair with --query 'KeyMaterial' to save private key [OK]
Common Mistakes:
  • Using wrong command like generate-key-pair
  • Omitting --query to extract key material
  • Not redirecting output to save private key
3. You launched an EC2 instance with key pair MyKey. Which command will you use to connect to it if the instance's public IP is 54.12.34.56 and your private key file is MyKey.pem?
medium
A. ssh ec2-user@54.12.34.56 -i MyKey.pem
B. ssh -key MyKey.pem ec2-user@54.12.34.56
C. ssh -p MyKey.pem ec2-user@54.12.34.56
D. ssh -i MyKey.pem ec2-user@54.12.34.56

Solution

  1. Step 1: Understand SSH command syntax for key usage

    The -i option specifies the private key file for authentication.

  2. Step 2: Confirm correct order of arguments

    The correct syntax is ssh -i private_key user@host. ssh -i MyKey.pem ec2-user@54.12.34.56 matches this exactly.

  3. Final Answer:

    ssh -i MyKey.pem ec2-user@54.12.34.56 -> Option D

  4. Quick Check:

    SSH uses -i to specify private key file [OK]
Hint: Use ssh -i private_key user@ip to connect [OK]
Common Mistakes:
  • Using -key or -p instead of -i
  • Placing -i after user@host
  • Omitting the private key option
4. You tried to connect to your EC2 instance using SSH but got a permission denied error. Which of these is the most likely cause?
medium
A. The private key file has incorrect permissions (too open)
B. The instance is stopped
C. The key pair was deleted from AWS
D. The instance has no public IP

Solution

  1. Step 1: Check SSH private key file permissions

    SSH requires private key files to have strict permissions (e.g., 400). Too open permissions cause denial.

  2. Step 2: Understand other options

    While stopped instances or no public IP prevent connection, the error message differs. Deleted key pairs do not affect existing instances.

  3. Final Answer:

    The private key file has incorrect permissions (too open) -> Option A

  4. Quick Check:

    Private key file permissions cause SSH denial [OK]
Hint: Set private key file permission to 400 or stricter [OK]
Common Mistakes:
  • Ignoring file permission errors
  • Assuming instance state causes permission denied
  • Confusing deleted key pairs with connection errors
5. You lost your private key file for an EC2 instance launched with key pair OldKey. What is the best way to regain SSH access without stopping the instance?
hard
A. Use the AWS console to download the lost private key again
B. Delete the instance and launch a new one with a new key pair
C. Create a new key pair, then update the instance's authorized keys by connecting through Systems Manager or another user
D. Generate a new private key file with the same key name in AWS

Solution

  1. Step 1: Understand private key loss impact

    Private keys cannot be recovered or downloaded again from AWS once lost.

  2. Step 2: Regain access without stopping instance

    Use AWS Systems Manager or another user with access to add a new public key from a new key pair to the instance's authorized keys.

  3. Final Answer:

    Create a new key pair, then update the instance's authorized keys by connecting through Systems Manager or another user -> Option C

  4. Quick Check:

    Lost private key requires new key and authorized keys update [OK]
Hint: Use Systems Manager to add new key without stopping instance [OK]
Common Mistakes:
  • Trying to download lost private key again
  • Assuming new key pair with same name works
  • Deleting instance unnecessarily