When creating my EC2 instance on aws, I indicated that I wanted to setup ssh. I was ask for a user name and a password. In return, I was given an SHA256 key and the key's art. No idea what either of these are or how these can be used right now, but I have them saved.
I now want to connect to my instance via ssh, but I need a .pem or .ppk file for the private key. I have neither and have no idea where to find these or how to create them.
When I created my instance via awsebcli, would the private key have been saved somewhere on my computer?
Thanks!
When you run eb init you are promped for a number of things. One of them is the ssh key. For example:
Type a keypair name.
(Default is aws-eb):
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxxx/.ssh/aws-eb
Your public key has been saved in /home/xxxx/.ssh/aws-eb.pub
Assuming you used default values, your key pair is called
aws-eb
Also by default, the aws-eb keys are stored in:
/home/xxxx/.ssh
Thus, to login to your EB instance you can do the following:
ssh -i ~/.ssh/aws-eb ec2-user#<ip-of-the-eb-instance>
Shortcut using eb ssh
eb ssh <your-eb-environment-name>
Related
When I look instead ~/.ssh/authorized_keys as the root user on my ami I see something like:
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10;exit 142" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5Cfdsafdafdas_some_public_key packer_610ad8fb-0ed3-eddc-c48f-0f8553d421da
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10;exit 142" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5Cfdsafdafdas_some_public_key my-key
The second key is the key is the one I used to set up my instance so I understand that one. Is the packer key just a temporary key used to upload the instance somewhere and I can safely delete it?
Packer is used to create AMI and during that process it needs to ssh into the image. Normally, people who create the AMI remove them during the finalization and cleanup, seems they forgot to do that. It's safe to delete them.
I am having my old pem file but I want to generate new pem file.
I think what you want to do is change the key pair used to access an EC2 instance.
To generate a new private key, go to the EC2 console, select "Key Pairs" and then select "Create New Key Pair".
You can follow this Amazon EC2 Tutorial for how to use the new key pair with your instance; even though you haven't lost your key pair, the process is the same.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair
I just started using gcloud, and I noticed when I create a VM or going into cloud console, my full name shows up in the console.
Is there a way to create another user with a more generic name? I don't like having my full name in all my VM's and consoles.
Do I just create another user as 'owner' or is there a best practices around this?
When you use gcloud compute ssh [INSTANCE_NAME], gcloud uses your current credentials to create an SSH keypair. The project ssh metadata is then updated with this username and SSH keypair. This is what you are seeing once you connect.
You can create a new SSH keypair with any username that you want. Then you can add this keypair to the instance metadata. Then you can login using that username. This also creates a new home directory in the instance.
For these examples, let's say that you want to create a new user 'development'.
STEP 1: Create a new SSH keypair
ssh-keygen -t rsa -f keypair -C development
This will create two files:
keypair - this is your RSA private key. You need this file to login via SSH to your instance using the new username.
keypair.pub - this is your SSH-RSA public key. The contents is imported to your instance. Display the contents of this file. Notice the username at the end.
STEP 2 (Google Cloud Console Method):
Login to the Google Cloud Console.
Go to "Compute Engine" -> "VM instances".
Click on the instance that you want to modify.
Click the "EDIT" button to modify the instance.
Scroll down to "SSH Keys". Click "Show and edit" under "You have 0 SSH keys".
Copy and paste the contents of "keypair.pub" into the box where "Enter entire key data" is displayed.
Scroll down to the bottom and click "Save".
STEP 3 - Connect to the instance using SSH:
Replace the IP_ADDRESS with the Compute Engine instances external IP address in the following command.
ssh -i keypair development#IP_ADDRESS
This is the correct method to support multiple users connecting to the same Compute Engine instance. Each user has their own keypair and their own username and home directory.
This is also the correct method to provide users with login access to an instance that do not have Google Cloud IAM permissions to the cloud account.
For advanced users, you can use the gcloud compute instances add-metadata command to add the SSH public key to the instance.
You can also add this SSH public key to the Project Metadata which will make this keypair available on all instances within a project.
I have created an instance and its pem file named as demo.pem, But due to some security i have to change my old demo.pem file with demos.pem for the same instance.
I do not want to create new instance for changing pem file => Is it possible? | Help?
It's worth understanding how keypairs work...
When logging into Linux using keypairs, you specify a username and a keypair, eg:
ssh -i demo.pem ec2-user#54.11.22.33
Linux then looks in the .ssh/authorized_keys file belonging to that user, eg:
/home/users/ec2-user/.ssh/authorized_keys
If looks for the public key in that file that matches the private key used for login. It then does keypair magical stuff and determines whether to allow the person to login.
Therefore, to enable login on an instance using a new keypair:
Add the public half of the keypair to the ~/.ssh/authorized_keys file in the appropriate user's home directory
If desired, remove an old key from that file to remove access permissions
You can have multiple keys in that file, which permit login via any of the authorized keypairs.
Answer from A to Z:
create a pem key pair in the aws interface at (example)
https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs:
then go to your download files and modify access mode
chmod 400 yourNewPemName.pem
then generate the public key:
ssh-keygen -y -f yourNewPemName.pem > yourNewPemName.pub
connect to the ec2 instance:
cd ~ / .ssh
then replace the contents of the authorized_keys file, with the contents of your public key contents generated above step 3
So, it seems a developer on our team deleted the public key for our App-Production.pem key in our .ssh/authorized_keys, so the default AWS Key Pair no longer works, breaking our deployment pipeline.
Where can I find the public key to add back to authorized_keys? Is it possible to do this without having to boot a fresh instance?
If you have the private key, you can retrieve the public key.
If you are using Linux, use following command,
ssh-keygen -y
Then provide your path to private key file when prompted.
After that you will be given a public key. Save it.
Then use following steps to regain access to this instance.
Stop your instance
Detach root volume
Attach volume to another instance as a data volume
Modify the authorized_keys file with the public key
Detach the data volume
Re attach the volume to the affected instance
For more information follow this doc.