Changing EC2 pem file key pair when you have access to the EC2 instance

Question

thank you for your time.

I have an EC2 instance, but for security reasons i need to change the pem files associated in .ssh/authorized_keys. I do understand that the public pem file goes into authorized_keys.

I do not want to mount the volume of the ec2 instance to a new one. I am considering as a last option since I do have access to the EC2 instance.

How can this be done?

I have tried: This post Change key pair for ec2 instance the answer by Pat Mcb, but no luck.

Run this command after you download your AWS pem.

ssh-keygen -f YOURKEY.pem -y Then dump the output into authorized_keys.

Or copy pem file to your AWS instance and execute following commands

chmod 600 YOURKEY.pem and then

ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys

But that didn't work for me. If i follow it exactly download aws key pair key, and follow the instructions by coping the key when ssh into the instance, when i do ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys It asks for a passphrase (never had to input one)

What i am doing is the following. I create a new key with ssh-keygen newpem.pem

and the .pub file i copy it in .ssh/authorized_keys

Can someone explain what i am doing incorrectly? Note the authorized_keys file has the correct permissions.

Answer 1

Seems like you want to deprecate the old key and use a new key instead. These steps may help you -

1. Create a new key pair using the aws console and download it onto your system.

2. Retrieve the public key from the private key(.pem) file using the command - "ssh-keygen -y"

3. SSH into the instance using the old key.

4. Once you have access to the instance add the public key you got in step 2 into the "~/.ssh/authorized_keys" files and then save the file.

5. Log out of the instance and then try accessing the instance with the new key.

Hope it helps. Thank You !

Answer 2

Following are the steps to change your keypair on AWS EC2.

1. Login to AWS Console. Go to the Network and Security >> Keypair.

2. Give the name of your keypair (mykeypair) and keytype (RSA) and Private keyformat (.pem). and click on the create keypair. It will ask you to download .pem file in your local machine. Save it at and remember the location.

3. Login to your EC2 instance and go to the .ssh. location. Create a new file called (mykeypair.pem) and paste the content from the file we downloaded in step no.2

4. Run the command: sudo chmod 600 mykeypair.pem

5. Run the command: ssh-keygen -f mykeypair.pem -y and it will generate some content. Copy that content. Open the file called autherized_keys and remove all the content from it.

6. Paste the copied content that we have generated in the previous step. Also enter your file name (mykeypair) in last after entering space.

7. Reboot your instance. Go to the puttygen and generate the .ppk file using the pem file you have downloaded from the keypair. You will be able to login your ec2 with the newly generated .ppk from putty.