Using SSH Key Pairs for Connecting AWS EC2 Instances

Securing your access to AWS EC2 instances is paramount. Gone are the days of relying solely on passwords, vulnerable to breaches and unauthorized access. In this blog, we'll dive into the world of SSH key pairs, your key to unlocking secure and robust connections to your EC2 instances.

Why Key Pairs?

While passwords offer a basic level of security, they are susceptible to brute-force attacks and leaks. SSH key pairs address this concern by implementing a two-factor authentication mechanism:

• Public Key: This resides on the EC2 instance and acts like a publicly known lock. Anyone can see it, but it cannot unlock access.
• Private Key: This stays securely with you and functions like a unique key that fits the public lock. Only the private key can grant access to the instance.

Think of it like a combination lock. Anyone can see the lock (public key), but only the correct combination (private key) grants access.

Benefits of Key Pairs:

• Enhanced Security: Compared to passwords, key pairs offer a significant security improvement. Brute-forcing a private key is highly improbable.
• Convenience: No more memorizing complex passwords. You can access your instance with the private key readily available.
• Automation: Script access to your EC2 instance becomes easier and more secure with key pairs.

Note: SSH will use ~/.ssh path as default path

Creating Your Key Pair:

Creating Key Pairs on Local Machine

Open any terminal (Linux/Mac) or cmd (windows) then type below command

ssh-keygen

Above command will create two key pairs based on the name of key you have provided. If haven't provided like me then name would be id_rsa,id_rsa.pub

Creating Key Pairs using AWS console:

1. Launch the AWS Management Console.
2. Navigate to the EC2 service.
3. Select "Key Pairs" from the navigation menu.
4. Click "Create key pair".
5. Provide a key pair name (e.g., my-ec2-key-pair).
6. Download the private key (.pem file). This is crucial, so store it securely!

Using Your Key Pair:

Once you have your key pair, use it during the EC2 instance launch process:

1. Select "Key Pair" and choose your newly created key pair.
2. Proceed with launching your EC2 instance.

Connecting with SSH:

With your instance up and running, you can connect using an SSH client like PuTTY:

1. Open your SSH client.
2. Specify the username (usually "ec2-user") and the public DNS address of your EC2 instance.
3. Select the path to your downloaded private key file (.pem).

Providing the private key grants access, establishing a secure connection to your EC2 instance.

Best Practices:

• Never share your private key! Treat it like your password and keep it confidential.
• Store your private key securely. Consider using a password manager or encrypted storage solutions.
• Rotate your key pairs regularly. This adds an extra layer of security, especially if you suspect a compromise.