Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS EC2: generating private key file out of cert-***.pem for SSH terminal access

i have my access key, secret key, and the downloaded cert pem file.

i understand SSH requires a private key file in order to establish a terminal SSH connection to my instance.

what i did find through Google is that i need to use puttygen to convert my cert pem file into a private key file:

http://www.techrepublic.com/blog/datacenter/connect-to-amazon-ec2-with-a-private-key-using-putty-and-pageant/5085

however, all the instructions i found are based on a GUI puttygetn and i only have the CL version because i am running Linux Fedora 16 on my laptop. i did yum PuTTy, which came with a GUI but puttygen only has a CL version. what i tried to do in puttygen is as follows:

>puttygen cert-***.pem -o default.pem 

puttygen: error loading `cert-***.pem': file does not begin with OpenSSH key header

can anybody point what i am doing wrong and how i can use CL puttygen to convert my cert file to a private key file that is usable by SSH to connect to my instances?

thanks in advance

like image 699
amphibient Avatar asked Sep 13 '12 15:09

amphibient


People also ask

Can I get the PEM file from EC2 instance?

Log in to AWS, and navigate to EC2. Select Network and security in the navigation pane, and enter key pairs. Select Create Key Pair. Then, select the format of the file (.

How do I download a .PEM file from an instance?

In the left navigation pane, under Network & Security, choose Key Pairs. Choose Create Key Pair and name your key pair your AWS Management Console username (e.g. student01). Choose Create. A PEM file is downloaded in your browser.


2 Answers

The ssh private key is completely different from the X.509 certificate and private key. It's a little confusing because folks often save the ssh private key generated by EC2 in a ".pem" file just like the cert and pk use.

You can't convert or use the X.509 certificate or private key for ssh as you tried to do.

You can generate an ssh private key (sometimes called a "keypair") through Amazon EC2 on the AWS console or through the AWS command line tools (ec2-add-keypair). If you are using Putty, you may still need to convert to PPK format as your referenced article describes, but you are converting the ssh key .pem file, not the X.509 private key or certificate.

If you know how to generate your own ssh key locally (or have already done so) then I recommend doing this and uploading the ssh public key to EC2.

When you run an EC2 instance, you then specify the ssh keypair name so that EC2 makes the ssh public key available to the instance, letting you securely ssh in to your new server.

like image 31
Eric Hammond Avatar answered Sep 28 '22 05:09

Eric Hammond


If you are running Linux at the command line, why are you needing to make a ppk with puttygen? Basically the keypair you get from AWS IS in pem format suitable for using in ssh command line.

So if you saved your .pem file from Amazon as /path/to/aws.pem, all you need to do is

ssh -i /path/to/aws.pem [email protected]
like image 173
Mike Brant Avatar answered Sep 28 '22 05:09

Mike Brant