How to change the SSH Key on a running EC2 instance?

How to change the SSH Key on a running EC2 instance?

Background Information

Is it possible to change the SSH Key on a running EC2 instance? If so, how?

Answer

For various security reasons it can be a good idea to change ssh keys. Amazon doesn’t actually let you change keys for a live instance. If you can easily restart your instance, that’s the best way to change the key pair. However, sometimes restarting an instance can be a much larger hassle than manually changing the keys. We recently ran into this very situation, so here’s a workaround:

  1. Generate a new key pair from your AWS account
  2. Generate a public key from the private key AWS generates
  3. Add the key to the instance’s authorized_keys
  4. Remove the old public key from authorized_keys
  5. Make sure you change the key pair on AWS next time the instance is restarted!

Generate a new key pair

Login to your AWS management console. Go the ec2 tab, then select “key pairs” from the sidebar. Now all you have to do is click “Create key pair.” AWS will give you the private key and store the public key. Copy the private key into a file on your local computer. We’ll call it my_key.pem for this walkthrough.

#sudo nano /etc/ssh/sshd_config
#sudo /etc/init.d/ssh restart

By Keenlio, November 22, 2011

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *


− 2 = one

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>