I decided to make my life easier and jumped on to using key pairs in order to access my Servers and VM Instances. So I’ll add it here as well, for anyone that needs to do it and for future me 🙂
Managing Key Pairs on Linux Instances
Instances launched using CentOS, Debian, AlmaLinux or Ubuntu images use an SSH key pair instead of a password to authenticate a remote user. A key pair consists of a private key and a public key. You keep the private key on your computer and provide the public key when you create an instance. When you connect to the instance using SSH, you provide the path to the private key in the SSH command.
You can have as many key pairs as you want or keep it simple and use one key pair for all or several of your instances.
To create your own key pairs, you can use a third-party tool such as OpenSSH on UNIX-style systems (including Linux, Solaris, BSD, and OS X) or PuTTY Key Generator on Windows.
Just be careful and use extreme caution because anyone who has access to the private key can connect to the instance. Store the private key in a secure location.
Before You Begin
-
- If you use a UNIX-style system, you likely already have the
ssh-keygenutility installed. To determine whether the utility is installed, typessh-keygenon the command line. If it is not installed, then you can download OpenSSH for UNIX from http://www.openssh.com/portable.html and install it.
- If you use a UNIX-style system, you likely already have the
-
- If you are using a Windows operating system, you must have PuTTY and the PuTTY Key Generator. Download PuTTY and PuTTYgen from http://www.putty.org and install them.
-
- Ensure that the permissions for the SSH folder and keys are as follows:
-
- Public keys must be 644
-
- Private keys must be 400
-
- Ensure that the permissions for the SSH folder and keys are as follows:
Creating an SSH Key Pair on the Command Line
-
- Open a shell or terminal for entering the commands.
-
- At the prompt, enter
ssh-keygenand provide a name for the key when prompted. Optionally, include a passphrase.The keys will be created with the default values: RSA keys of 2048 bits.
- At the prompt, enter
Alternatively, you can type a complete ssh-keygen command, for example:
ssh-keygen -t rsa -N "" -b 2048 -C "<key_name>" -f <path/root_name>The command arguments are shown in the following table:
| Argument | Description |
|---|---|
-t rsa |
Use the RSA algorithm. |
-N "<passphrase>" |
A passphrase to protect the use of the key (like a password). If you don’t want to set a passphrase, don’t enter anything between the quotes.A passphrase is not required. You can specify one as a security measure to protect the private key from unauthorized use. If you specify a passphrase, when you connect to the instance you must provide the passphrase, which typically makes it harder to automate connecting to an instance. |
-b 2048 |
Generate a 2048-bit key. You don’t have to set this if 2048 is acceptable, as 2048 is the default.A minimum of 2048 bits is recommended for SSH-2 RSA. |
-C "<key_name>" |
A name to identify the key. |
-f <path/root_name> |
The location where the key pair will be saved and the root name for the files. |
Creating an SSH Key Pair Using PuTTY Key Generator
-
- Find
puttygen.exein the PuTTY folder on your computer, for example,C:\Program Files (x86)\PuTTY. Double-clickputtygen.exeto open it.
- Find
-
- Specify a key type of SSH-2 RSA and a key size of 2048 bits:
-
- In the Key menu, confirm that the default value of SSH-2 RSA key is selected.
-
- For the Type of key to generate, accept the default key type of RSA.
-
- Set the Number of bits in a generated key to 2048 if it is not already set.
-
- Specify a key type of SSH-2 RSA and a key size of 2048 bits:
-
- Click Generate.
-
- Move your mouse around the blank area in the PuTTY window to generate random data in the key. When the key is generated, it appears under Public key for pasting into OpenSSH authorized_keys file.
-
- A Key comment is generated for you, including the date and time stamp. You can keep the default comment or replace it with your own more descriptive comment.
-
- Leave the Key passphrase field blank.
-
- Click Save private key, and then click Yes in the prompt about saving the key without a passphrase. The key pair is saved in the PuTTY Private Key (PPK) format, which is a proprietary format that works only with the PuTTY tool set. You can name the key anything you want but use the
ppkfile extension. For example,mykey.ppk.
- Click Save private key, and then click Yes in the prompt about saving the key without a passphrase. The key pair is saved in the PuTTY Private Key (PPK) format, which is a proprietary format that works only with the PuTTY tool set. You can name the key anything you want but use the
-
- Select all of the generated key that appears under Public key for pasting into OpenSSH authorized_keys file, copy it using Ctrl + C, paste it into a text file, and then save the file in the same location as the private key. (Do not use Save public key because it does not save the key in the OpenSSH format.)You can name the key anything you want, but for consistency, use the same name as the private key and a file extension of
pub. For example,mykey.pub.
- Select all of the generated key that appears under Public key for pasting into OpenSSH authorized_keys file, copy it using Ctrl + C, paste it into a text file, and then save the file in the same location as the private key. (Do not use Save public key because it does not save the key in the OpenSSH format.)You can name the key anything you want, but for consistency, use the same name as the private key and a file extension of
-
- Write down the names and locations of your public and private key files. You will need the public key when launching an instance. You will need the private key to access the instance via SSH.
-
- That is it! I wish you good luck!