Ec2 Self Generated Keys Not Working On Mac
Security can be easily overlooked when building a product, especially when working with an outsourced engineering team. You want to trust them, so you give them access to your servers. But then you discover fraudulent activity, and, well, you start to panic.
Cannot determine host's domain name so skipping default key generation download. And copied generated keys to local machine and added new public key to /.ssh/authorizedkeys on remote host. Why am I still getting a password prompt with ssh with key authentication? Still getting a password prompt with ssh with public key authentication?
Well, colleagues, I have NO IDEA WHY exactly (no idea YET), but when I generate the keys with a CLI command, the SSH connectivity does NOT WORK: aws -region us-east-1 ec2 create-key-pair -key-name 'KeyPair' BUT, when I am creating the SSH key pai manually using the AWS Console it works perfectly fine: 1. Go to AWS Console 2. Nov 23, 2016 How to replace public SSH keys on your AWS EC2 instance. Generate a new key pair. Your new public key should be on your EC2 instance in the authorizedkeys file, and all you have to do is.
In hindsight, you realize you never should have shared your Secure Shell (SSH) key, instead storing it in a vault with restricted user access. If, however, someone has a private SSH key to your Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance and you’re worried about a malicious attack, you have two options to revoke their access:
Amazon EC2 does not accept DSA keys. Generate a key pair with a third-party tool of your choice. For more information about how tags work, see Tagging Your Amazon EC2 Resources. You can view, add, and delete tags using the new console and the command line tools. May 12, 2017 Use PuTTY to access EC2 Linux Instances via SSH from Windows Posted on May 12, 2017 by braun0. Share on Facebook. You will need to create a new EC2 instance and download a new one. A key pair consists of a public key that AWS stores and a private key file that you store (downloaded as PEM file). If ec2-user and root don’t work. Amazon Linux 2 2.0.20190618 or later comes preconfigured with EC2 Instance Connect. For other supported Linux distributions, you must set up Instance Connect for every instance that will support using Instance Connect. This is a one-time requirement for each instance.
- Create a new key-pair in the AWS console and boot up a new instance (assuming the attacker is removed from IAM users). This requires configuring the instance, which can be time-consuming — especially when you have several of them.
- Replace the public key in ~/.ssh/authorized_keys on your existing instance so the attacker can no longer unlock it with their private key.
Here’s a summary of how to replace the keys mentioned in option No. 2 above:
(For more, DigitalOcean has a great tutorial on setting up SSH keys.)
- On your local machine in the terminal, generate a new key pair:
ssh-keygen -t rsa
- When prompted to save the file, hit Enter for the default location or choose your own path.
- When prompted for a passphrase, you can leave the field empty. Although it does not hurt to have more security, if the key pair is used elsewhere for CI or automation, you will need to leave the passphrase empty — machines cannot guess passphrases.
- Copy the public key you just saved on your machine to your EC2 authorized keys file:
cat ~/.ssh/id_rsa.pub | ssh [email protected] 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys
where ~/.ssh/id_rsa.pub is the new key on your machine and [email protected] is the username and IP address of your EC2 instance. - At this point, your new public key should be on your EC2 instance in the authorized_keys file, and all you have to do is remove the old one. Make sure you can SSH into your EC2 instance with the new key first.
- Once you’re in, you can remove the old key using
vim ~/.ssh/authorized_keys
Just go to the line with the old key and remove it:dd
Note: If you tried editing the file and didn’t save it, or the connection was interrupted, an .authorized_keys.swp file will be created, and the next time you try to edit your authorized_keys, you will get a nasty message. Just delete the .swp file, and you should be good to edit. - Save the file.
Make sure to update the key if you’re using it elsewhere, like on a continuous integration (CI) server. Otherwise you’ll be scratching your head when none of your builds are working.