AWS can authenticate using the public-private key mechanism. The recommended authentication mechanism is public-private key authentication instead of passwords to remotely log in to your instances with SSH. We upload the public key to AWS, and store the private key on our local machine. If anyone has your private key, then they can easily log in to your EC2 instances. It's a best practice to store these private keys in a secure place. We can create the public and private key from our machine using tools like PuTTY Key Generator.
You should include a passphrase with the private key to prevent unauthorized persons from logging in to your EC2 instance. When you include a passphrase, you have to enter the passphrase whenever you log in to the EC2 instance. A passphrase on a private key is an extra layer of protection. If you lost your private key for an EBS-backed instance, you can regain access to your instance by executing the following steps:
Stop the EBS-backed EC2 instance.
Detach the root volume from EC2 instance.
Launch the new EC2 instance for recovery.
Attach the EC2 root volume as data volume to the previously created instance.
Modify the
authorized_keysfile.Detach the root volume from recovery instance.
Attach the root volume back to the EC2 instance.
Start the instance.
Here, we list the commands to create a key pair and then launching the EC2 instance (using the key pair).
Use the following steps to create a key pair:
Run the following command to create the key pair.
You have to provide the key pair name. You can explicitly specify the text output for this command using the
–outputargument for easy cut and paste.$ aws ec2 create-key-pair --key-name [KeyPairName]
After executing the
create-key-paircommand, copy the entire output key into file including the following lines:----BEGIN RSA PRIVATE KEY---- -----END RSA PRIVATE KEY-----
Save the file with ASCII encoding.
Run the following command to create the key pair with name
WebServerKeyPair.$ aws ec2 create-key-pair --key-name WebServerKeyPair
