Bird
Raised Fist0
AWScloud~5 mins

Key pairs for SSH access in AWS - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is a key pair in AWS used for?
A key pair in AWS is used to securely connect to virtual machines (EC2 instances) via SSH. It consists of a public key stored by AWS and a private key kept by the user.
Click to reveal answer
beginner
What are the two parts of an SSH key pair?
The two parts are the public key, which AWS stores and uses to verify connections, and the private key, which you keep safe and use to prove your identity when connecting.
Click to reveal answer
beginner
How do you use a key pair to connect to an EC2 instance?
You use an SSH client with the private key file to connect. The client proves your identity using the private key, and AWS verifies it with the stored public key.
Click to reveal answer
beginner
Why should you never share your private key?
Sharing your private key risks unauthorized access to your servers. It is like a password that grants full access, so it must be kept secret and secure.
Click to reveal answer
intermediate
What happens if you lose your private key for an EC2 instance?
If you lose your private key, you cannot connect to the instance via SSH. You must create a new key pair and update the instance or use other recovery methods.
Click to reveal answer
What does AWS store when you create a key pair?
ABoth public and private keys
BThe public key
CThe private key
DNo keys, only a password
Which file do you use to connect to an EC2 instance via SSH?
AKey pair metadata
BPublic key file
CPrivate key file
DInstance configuration file
What should you do if you suspect your private key is compromised?
ACreate a new key pair and update the instance
BDelete the EC2 instance immediately
CShare it with your team
DIgnore it if you still can connect
Can you download the private key again from AWS after creating a key pair?
ANo, only at creation time
BYes, anytime from the console
CYes, but only after 24 hours
DYes, if you request support
What is the main purpose of using SSH key pairs instead of passwords?
ATo speed up connection time
BTo avoid typing passwords
CTo allow multiple users to share one password
DTo provide stronger, more secure authentication
Explain how SSH key pairs work to secure access to AWS EC2 instances.
Think about the two keys and their roles in connection.
You got /4 concepts.
    Describe the steps you would take if you lose your private key for an EC2 instance.
    Focus on recovery and maintaining secure access.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the main purpose of a key pair in AWS for SSH access?
      easy
      A. To store server data securely
      B. To securely connect to a server without using a password
      C. To create a backup of the server
      D. To monitor server performance

      Solution

      1. Step 1: Understand SSH access

        SSH uses keys to allow secure login without passwords.

      2. Step 2: Role of key pairs in AWS

        A key pair provides a private key for the user and a public key for the server to verify identity.

      3. Final Answer:

        To securely connect to a server without using a password -> Option B

      4. Quick Check:

        Key pairs enable passwordless secure login [OK]
      Hint: Key pairs replace passwords for secure server login [OK]
      Common Mistakes:
      • Thinking key pairs store server data
      • Confusing key pairs with backups
      • Assuming key pairs monitor performance
      2. Which AWS CLI command correctly creates a new key pair named MyKey and saves the private key to a file?
      easy
      A. aws ec2 create-key-pair --key-name MyKey --query 'KeyMaterial' --output text > MyKey.pem
      B. aws ec2 create-key-pair MyKey > MyKey.pem
      C. aws ec2 generate-key-pair --name MyKey > MyKey.pem
      D. aws ec2 new-key --key-name MyKey > MyKey.pem

      Solution

      1. Step 1: Identify correct AWS CLI syntax

        The correct command uses create-key-pair with --key-name and outputs the private key material.

      2. Step 2: Confirm output redirection

        The private key is saved by redirecting the output to a file with > MyKey.pem.

      3. Final Answer:

        aws ec2 create-key-pair --key-name MyKey --query 'KeyMaterial' --output text > MyKey.pem -> Option A

      4. Quick Check:

        Correct AWS CLI syntax for key pair creation [OK]
      Hint: Use create-key-pair with --query 'KeyMaterial' to save private key [OK]
      Common Mistakes:
      • Using wrong command like generate-key-pair
      • Omitting --query to extract key material
      • Not redirecting output to save private key
      3. You launched an EC2 instance with key pair MyKey. Which command will you use to connect to it if the instance's public IP is 54.12.34.56 and your private key file is MyKey.pem?
      medium
      A. ssh ec2-user@54.12.34.56 -i MyKey.pem
      B. ssh -key MyKey.pem ec2-user@54.12.34.56
      C. ssh -p MyKey.pem ec2-user@54.12.34.56
      D. ssh -i MyKey.pem ec2-user@54.12.34.56

      Solution

      1. Step 1: Understand SSH command syntax for key usage

        The -i option specifies the private key file for authentication.

      2. Step 2: Confirm correct order of arguments

        The correct syntax is ssh -i private_key user@host. ssh -i MyKey.pem ec2-user@54.12.34.56 matches this exactly.

      3. Final Answer:

        ssh -i MyKey.pem ec2-user@54.12.34.56 -> Option D

      4. Quick Check:

        SSH uses -i to specify private key file [OK]
      Hint: Use ssh -i private_key user@ip to connect [OK]
      Common Mistakes:
      • Using -key or -p instead of -i
      • Placing -i after user@host
      • Omitting the private key option
      4. You tried to connect to your EC2 instance using SSH but got a permission denied error. Which of these is the most likely cause?
      medium
      A. The private key file has incorrect permissions (too open)
      B. The instance is stopped
      C. The key pair was deleted from AWS
      D. The instance has no public IP

      Solution

      1. Step 1: Check SSH private key file permissions

        SSH requires private key files to have strict permissions (e.g., 400). Too open permissions cause denial.

      2. Step 2: Understand other options

        While stopped instances or no public IP prevent connection, the error message differs. Deleted key pairs do not affect existing instances.

      3. Final Answer:

        The private key file has incorrect permissions (too open) -> Option A

      4. Quick Check:

        Private key file permissions cause SSH denial [OK]
      Hint: Set private key file permission to 400 or stricter [OK]
      Common Mistakes:
      • Ignoring file permission errors
      • Assuming instance state causes permission denied
      • Confusing deleted key pairs with connection errors
      5. You lost your private key file for an EC2 instance launched with key pair OldKey. What is the best way to regain SSH access without stopping the instance?
      hard
      A. Use the AWS console to download the lost private key again
      B. Delete the instance and launch a new one with a new key pair
      C. Create a new key pair, then update the instance's authorized keys by connecting through Systems Manager or another user
      D. Generate a new private key file with the same key name in AWS

      Solution

      1. Step 1: Understand private key loss impact

        Private keys cannot be recovered or downloaded again from AWS once lost.

      2. Step 2: Regain access without stopping instance

        Use AWS Systems Manager or another user with access to add a new public key from a new key pair to the instance's authorized keys.

      3. Final Answer:

        Create a new key pair, then update the instance's authorized keys by connecting through Systems Manager or another user -> Option C

      4. Quick Check:

        Lost private key requires new key and authorized keys update [OK]
      Hint: Use Systems Manager to add new key without stopping instance [OK]
      Common Mistakes:
      • Trying to download lost private key again
      • Assuming new key pair with same name works
      • Deleting instance unnecessarily