Cloud InfrastructureShell

How to Add or Replace an SSH Key Pair for Your EC2 Instance Securely

Add or replace a SSH key pair for your instance

Step-by-step guide illustrates using ssh-keygen to add or replace SSH key pairs on your cloud instance ensuring continuous secure access.

Managing SSH key pairs is essential for secure and seamless access to your cloud instances such as AWS EC2. This guide walks you through adding or replacing an SSH key pair for your instance safely without losing connection.

You will learn how to generate a new public key from your private key using ssh-keygen, update the authorized_keys file on your instance and verify connection with the new key before removing the old one.

This approach helps maintain continuous access while improving security by rotating keys or adding new access credentials.

Shell
AWS EC2 Key Pairs Documentation
1step 1] Create new key pair from under the network and security and it will download pem or ppk file 
2

3step 2] save that file and open cmd from there and write: ssh-keygen -y -f name_of_the_new_file.pem
4

5step 3] copy the content that you get from execution of above command and paste that in you connected that instance with old pem file
6		   and open .ssh/authorized_keys file (.ssh Folder is In Home Directory of user, eg. /home/ubuntu/.ssh)
7	       and insert in new line(dont remove old line until you connect with new pem file)
8

9step 4] try to connect with new pem file and remove old key in .ssh/authorized_keys file

Understanding This Code

What It Does

Allows users to add a new SSH public key to an existing EC2 instance for secure shell access or replace an old key without disconnecting.

When To Use

Use this when you need to rotate keys, add a new user key, or replace lost or compromised key pairs without losing SSH access.

Prerequisites

  • Existing access to the instance with old key
  • Basic command line familiarity
  • A new key pair downloaded from AWS EC2 console

Key Concepts

Important ideas to understand in this code

SSH Key Pair

A public and private key set for access authentication to an instance.

Learn more

ssh-keygen -y

Extracts a public key from a private key file.

Learn more

authorized_keys File

File on the instance storing allowed public keys for SSH login.

Learn more

Step-by-Step Tutorial

Follow along to understand how this code works

1

Create a new SSH key pair in AWS EC2 console

Navigate to the 'Network & Security' section and create a new key pair which downloads the .pem or .ppk file.

Next Step
2

Generate public key from private key

Using a terminal or command prompt, run 'ssh-keygen -y -f your-key.pem' to output the public key content.

Shell
ssh-keygen -y -f name_of_the_new_file.pem
Next Step
3

Add the new public key to the instance's authorized_keys

SSH into your instance using the old key, open or create the .ssh/authorized_keys file in the user's home directory, and append the newly generated public key on a new line without removing old keys.

Shell
nano ~/.ssh/authorized_keys
Next Step
4

Verify connection and clean up

Test connecting to the instance with the new private key. Once confirmed, remove the old key line from the authorized_keys file to maintain security.

Shell
nano ~/.ssh/authorized_keys

Common Issues & Solutions

Troubleshoot problems you might encounter

Frequently Asked Questions

Find answers to common questions about our services

Still have questions?

Contact Support