Setting up a key pair

When we launch an EC2 instance, we want to be able to access it via SSH. We can register a key pair in the EC2 console to allow us to log in once our instance has been launched.

It is possible for us to instruct AWS to generate a key pair for you (that you can then download). But the best practice is to generate a key pair on your workstation and upload the public part to AWS. This ensures that you (and only you) have control of your instance, since the private half of your key will never leave your own machine. To set up the key pair, go through the following steps:

1. You may already have a key pair on your machine that you wish to use. You can check for existing keys by looking in your .ssh directory, as follows:

$ ls -la ~/.ssh
total 128
drwx------    6 edwardrobinson  staff    192 25 Feb 15:49 .
drwxr-xr-x+ 102 edwardrobinson  staff   3264 25 Feb 15:49 ..
-rw-r--r--    1 edwardrobinson  staff   1759 25 Feb 15:48 config
-rw-------    1 edwardrobinson  staff   3326 25 Feb 15:48 id_rsa
-rw-r--r--    1 edwardrobinson  staff    753 25 Feb 15:48 
id_rsa.pub
-rw-r--r--    1 edwardrobinson  staff  53042 25 Feb 15:48 
known_hosts  

1. In this example, you can see that I have one key pair in my .ssh directory—the private key has the default name of id_rsa and the public key is called id_rsa.pub.
2. If you don't already have a key pair set up, or if you want to create a fresh one, then you can use the ssh-keygen command to create a new one, as follows:

$ ssh-keygen -t rsa -b 4096 -C "email@example.com"
Generating public/private rsa key pair.  

1. This command creates a new key pair using your email address as a label.
2. Next, choose where to save the new key pair. If you don't already have a key pair, just press Enter to write it to the default location as follows:

Enter file in which to save the key (/home/edwardrobinson/.ssh/id_rsa):  

1. Next, you will be asked for a passphrase (password). If you just press Enter, then the key will be created without any password protection, as shown in the following command. If you choose a password, make sure that you remember it or store it securely, as you won't be able to use your SSH key (or access your instances) without it.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/edwardrobinson/.ssh/id_rsa.
Your public key has been saved in /home/edwardrobinson/.ssh/id_rsa.
The key fingerprint is:
SHA256:noWDFhnDxcvFl7DGi6EnF9EM5yeRMfGX1wt85wnbxxQ email@example.com  

1. Once you have an SSH key pair on your machine, you can go about importing it into your AWS account. Remember that you only need to import the public part of your key pair. This will be in a file that ends with the .pub extension.

1. From the AWS EC2 console (click on Services and then search for EC2), choose Key Pairs from the menu on the left of the screen, as shown in the following screenshot:

1. From this screen, choose Import Key Pair to bring up a dialog where you can upload your key pair, as shown in the following screenshot:

1. Choose a name that will identify your key pair within AWS (I chose eds_laptop). Then, either navigate to your key's location or just paste its text into the large text box, and then click Import. Once you have imported your key, you should see it listed on the Key Pairs page.

If you are using AWS in more than one region, you will need to import a key pair in each region that you want to launch instances in.