My AWS instance pem file got exposed to few persons. How can I invalidate that and create a new pem file from my instance?
Create NEW PublicKey and PrivateKey.
Copy Newly created publicKey to /home/ec2-user/.ssh/authorized_keys or /home/ubutu/.ssh/authorized_keys
Delete Old publicKey( in /home/ec2-user/.ssh/authorized_keys or /home/ubutu/.ssh/authorized_keys) which is relevant to shared PEM key.
Access the instance using newly created privateKey.
That's it.
When an Amazon EC2 instance is launched with the Amazon Linux AMI (and a few other Linux AMIs), the public half of the nominated keypair is copied to:
/home/ec2-user/.ssh/authorized_keys
Then, users can login to ec2-user by using the private half of the keypair.
Therefore, to change your login credentials:
Generate a new PEM key: ssh-keygen -t rsa -f keypair.pem
This generates two files: keypair.pem (private) and keypair.pem.pub (public)
Remove the existing entry from /home/ec2-user/.ssh/authorized_keys (The name of the keypair is stored at the end of the entry)
Add the contents of keypair.pem.pub to the authorized_keys file
You can then login to e2-user using the new keypair.
Related
When creating my EC2 instance on aws, I indicated that I wanted to setup ssh. I was ask for a user name and a password. In return, I was given an SHA256 key and the key's art. No idea what either of these are or how these can be used right now, but I have them saved.
I now want to connect to my instance via ssh, but I need a .pem or .ppk file for the private key. I have neither and have no idea where to find these or how to create them.
When I created my instance via awsebcli, would the private key have been saved somewhere on my computer?
Thanks!
When you run eb init you are promped for a number of things. One of them is the ssh key. For example:
Type a keypair name.
(Default is aws-eb):
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxxx/.ssh/aws-eb
Your public key has been saved in /home/xxxx/.ssh/aws-eb.pub
Assuming you used default values, your key pair is called
aws-eb
Also by default, the aws-eb keys are stored in:
/home/xxxx/.ssh
Thus, to login to your EB instance you can do the following:
ssh -i ~/.ssh/aws-eb ec2-user#<ip-of-the-eb-instance>
Shortcut using eb ssh
eb ssh <your-eb-environment-name>
I have one running instance on aws and I lost my .pem file for that instance. So I go to network and security section of aws and created one new kaepair. After that I Run chmod 400 test.pem then I run ssh -i test.pem ec2-user#mypublicip
Then I got an option to enter password so I entered my aws password But my authentication got failed.
Please help me how I can login to my existing aws instance on new keypair
The Connecting to Your Linux Instance if You Lose Your Private Key chapter in the EC2 user guide describes in depth how you can regain access to an EC2 instance. To summarize:
Stop the instance (make sure to back up any data stored in the instance store to persistence storage that you would like to keep)
Launch a temporary instance
Detach the root volume of the original instance and attach it to the temporary instance
Update the authorized_keys on the mounted volume with the new public key
Unmount the volume from the temporary instance
Attach the volume to the original volume
Start the original instance
(Terminate the temporary instance)
Please see the link above for details.
I am having my old pem file but I want to generate new pem file.
I think what you want to do is change the key pair used to access an EC2 instance.
To generate a new private key, go to the EC2 console, select "Key Pairs" and then select "Create New Key Pair".
You can follow this Amazon EC2 Tutorial for how to use the new key pair with your instance; even though you haven't lost your key pair, the process is the same.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair
I'm using puttygen to create the three required ppk. Certificate CertificateChain and private key. After that I convert the three ppk files to pem files.
Then using the tutorial on aws I write the following lines in the ec2 terminal:
$ aws iam upload-server-certificate --server-certificate-name ExampleCertificate
--certificate-body file://Certificate.pem
--certificate-chain file://CertificateChain.pem
--private-key file://PrivateKey.pem
Then I receive the error:
An error occurred (MalformedCertificate) when calling the UploadServerCertificate
operation:
Certificate body is invalid. The body must not contain a private key.
I've tried to use different keys. I'm not really sure what to do. I thought I followed the steps correctly. I'm at a loss here.
If you were after uploading a keypair for an ec2 server, the process I use is
Log into the AWS Console and create a new Keypair server-default
Save the private key somewhere safe like a Password Repo
Open putty gen, open the private key and hit the save Public Key option and save it somewhere useful like /temp/server_pub.pem
Run the AWS Cli to upload the public key for the Keypair
aws ec2 import-key-pair --region us-east-1 --key-name server-default --public-key-material file:///temp/server_pub.pem
I have created an instance and its pem file named as demo.pem, But due to some security i have to change my old demo.pem file with demos.pem for the same instance.
I do not want to create new instance for changing pem file => Is it possible? | Help?
It's worth understanding how keypairs work...
When logging into Linux using keypairs, you specify a username and a keypair, eg:
ssh -i demo.pem ec2-user#54.11.22.33
Linux then looks in the .ssh/authorized_keys file belonging to that user, eg:
/home/users/ec2-user/.ssh/authorized_keys
If looks for the public key in that file that matches the private key used for login. It then does keypair magical stuff and determines whether to allow the person to login.
Therefore, to enable login on an instance using a new keypair:
Add the public half of the keypair to the ~/.ssh/authorized_keys file in the appropriate user's home directory
If desired, remove an old key from that file to remove access permissions
You can have multiple keys in that file, which permit login via any of the authorized keypairs.
Answer from A to Z:
create a pem key pair in the aws interface at (example)
https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs:
then go to your download files and modify access mode
chmod 400 yourNewPemName.pem
then generate the public key:
ssh-keygen -y -f yourNewPemName.pem > yourNewPemName.pub
connect to the ec2 instance:
cd ~ / .ssh
then replace the contents of the authorized_keys file, with the contents of your public key contents generated above step 3