Change key pair for ec2 instance

 

How do I change the key pair for my ec2 instance in AWS management console? I can stop the instance, I can create new key pair, but I don't see any link to modify the instance's key pair.

Just do this: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair

Here is what I did, thanks to Eric Hammond's blog post:

  • Stop the running EC2 instance
  • Detach its /dev/xvda1 volume (let's call it volume A) - see here
  • Start new t1.micro EC2 instance, using my new key pair. Make sure you create it in the same subnet , otherwise you will have to terminate the instance and create it again. - see here
  • Attach volume A to the new micro instance, as /dev/xvdf (or /dev/sdf )

  • SSH to the new micro instance and mount volume A to /mnt/tmp

    $ sudo mount /dev/xvdf1 /mnt/tmp

  • Copy ~/.ssh/authorized_keys to /mnt/tmp/home/ubuntu/.ssh/authorized_keys

  • Logout
  • Terminate micro instance
  • Detach volume A from it
  • Attach volume A back to the main instance as /dev/xvda
  • Start the main instance
  • Login as before, using your new .pem file

    • That's it.

    Once an instance has been started, there is no way to change the keypair associated with the instance at a meta data level, but you can change what ssh key you use to connect to the instance.

    There is a startup process on most AMIs that downloads the public ssh key and installs it in a .ssh/authorized_keys file so that you can ssh in as that user using the corresponding private ssh key.

    If you want to change what ssh key you use to access an instance, you will want to edit the authorized_keys file on the instance itself and convert to your new ssh public key.

    The authorized_keys file is under the .ssh subdirectory under the home directory of the user you are logging in as. Depending on the AMI you are running, it might be in one of: 

    /home/ec2-user/.ssh/authorized_keys
/home/ubuntu/.ssh/authorized_keys
/root/.ssh/authorized_keys

    After editing an authorized_keys file, always use a different terminal to confirm that you are able to ssh in to the instance before you disconnect from the session you are using to edit the file. You don't want to make a mistake and lock yourself out of the instance entirely.

    While you're thinking about ssh keypairs on EC2, I recommend uploading your own personal ssh public key to EC2 instead of having Amazon generate the keypair for you.

    Here's an article I wrote about this:

    Uploading Personal ssh Keys to Amazon EC2
    http://alestic.com/2010/10/ec2-ssh-keys

    This would only apply to new instances you run.

    Run this command after you download your AWS pem. 

    ssh-keygen -f YOURKEY.pem -y

    Then dump the output into authorized_keys .

    Or copy pem file to your AWS instance and execute following commands 

    chmod 600 YOURKEY.pem

    and then 

    ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys
    链接地址: http://www.djcxy.com/p/32438.html

    上一篇: 当SSH访问Amazon EC2实例时,权限被拒绝(publickey)

    下一篇: 更改ec2实例的密钥对