How To Change The Key Pair For EC2 Instance

Amazon EC2 provides customizable virtual servers. To securely access them we use key pair. In this article, I will make sure you understand Amazon EC2 and how to secure them using key pairs, and also I will guide you through the step-by-step process to change your key pair of EC2 instances to ensure the safety of your EC2 environment.

What Is Amazon EC2?

Amazon EC2 is a web service that enables users to rent virtual servers in the cloud called EC2 instances. These EC2 instances can be scaled up or down based on the load on the instances. EC2 instances run on a variety of operating systems like Ubuntu, CentOS, etc and users who use these instances have full control over the configurations and management.

Amazon EC2 Key Pair Management

A key pair is a security credential associated with an EC2 instance when you launch an EC2 instance. These key pair consists of a public key and a private key. When you launch an instance public key is placed on the instance while the private key is stored in the local machine. This is crucial for communication with EC2 instances as it facilitates SSH access.

Sometimes you have to change the key pair of EC2 instances. Some reasons are:

• If the private key (key used to log in the EC2 instance) associated with the EC2 instance is lost or compromised then it is necessary to change the key pair to maintain the security of the EC2 instance.
• Changing the key pair periodically is a good practice as it enhances the overall security of the EC2 instance.

Steps To Change Key Pair For EC2 Instance

Step 1: For Creating an EC2 instance. Firstly provide the EC2 instance a name, then select Ubuntu as the AMI image (you can choose another image also) . Make sure that you are using t2.micro to avoid any costs. Then create a new key pair for the EC2 instance and download it. Maintain default settings for other options.

Step 2: You have now the .pem file in the downloads . Go to your downloads folder and open a terminal in it .

Step 3: Add execute permission to your .pem file(key). Then using the key in download folder login to your EC2 instance .

chmod +x old-key.pem

ssh -i "old-key.pem" ubuntu@ec2-54-242-37-72.compute-1.amazonaws.com

Step 4 : Now you open another terminal in the downloads and here write the following command to generate a new key. This command will generate two keys a private key(key with no extension) and public key( key with .pub extension) .

ssh-keygen -b 4096 -f new-key

Step 5: To see the content of new public key write the following command .

 cat new-key.pub

Step 6: Then copy the content of the new public key.

Step 7 : Now go to the terminal where you login to EC2 instance . Then change directory to .ssh directory . This .ssh directory contains the authorized keys.

cd .ssh

Step 8 : Here inside the directory you will find authorized_keys .You have to remove all the content and paste the new key content .

vi authorized_keys

Step 9 : Then logout from your EC2 instance . Use ‘exit‘ command to logout from the EC2 instance .

exit

Step 10 : Rename your new private key.

mv new-key new-key.pem

Step 11 : Now login to your EC2 instance using the new private key.

And On trying to login the EC2 Instance with your the previous old key. If you try to access then you will get permission denied Error.

In this Article You first learned about what are EC2 instances and how they work in AWS cloud. Then you learned about key pairs , why they are important for security and when they need to be changed . Then finally We walked you through the step by step process of changing key pair of an EC2 instance to make sure that your AWS cloud server remains safe and Secure.

Changing The Key Pair For Amazon EC2 Instances – FAQs

Is It Possible To Change The Key Pair Without Impacting The IP Of The EC2 Instance?

Yes it is possible to change the key pair without impacting the IP of the EC2 instance . You can generate a new key pair using ssh-keygen on your local machine and associate the new key with EC2 instance .

What Is The Impact On The Security Groups And Network Configuration On Changing Key Pair?

There is no impact on the security group and network configuration if you change the key pair of the EC2 instance . Security group and network configuration primarily control network traffic to and from the instance and they are separate from the key pair which is used for authentication .

What Is The Significance Of Key Pair In An EC2 Instance?

The key pair acts as an authentication mechanism for secure connection of EC2 instance . Only the authorized user can access the EC2 instance .

How Does Changing Key Pair Of An EC2 Instance Contribute AWS Security Best Practices ?

Changing the key pair periodically enhances the security of an EC2 instance by minimizing the risk of prolonged exposure to a compromised key .

How To Verify The Key Pair Change Is Successful ?

You can verify the key pair change is successful when you successfully login to the EC2 instance using the new key .