Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Use of "Proceed without key pair" in EC2 instance creation?

Tags:

amazon-web-services

amazon-ec2

I am relatively new to AWS and exploring different options available. While creating an instance if "Proceed without key pair" is selected we cannot connect to the instance.The documentation also has a note saying this option should not be selected.

So what is the main use of this option ?

In which scenarios are we suppose to use it?

like image 839
akhila Avatar asked Nov 19 '16 17:11

akhila

2 Answers

The option Proceed without key pair is used when:

  • When the sshd in your AMI is configured to use password based authentication and no ssh key is needed to access the machine
  • sshd can accept some other username/key combination
  • If an unauthorized user gains access to AWS dashboard or metadata, he/she can get the name of the keypair and if he/she has access to the keypair, can ssh into the instance. With no keypair listed and another known key baked in the AMI, this security concern is addressed
  • Windows: Admin password (for which private key is required to decrypt) is not needed because some other user is an admin
  • Caution: If you launch an instance with no keypair and don't have any of the above mentined ways to access the instance, you have to relaunch the instance with a keypair.
like image 53
helloV Avatar answered Oct 16 '22 20:10

helloV

"Proceed without key pair" could, for example, be used for instances created from an AMI where the username and password are already known by the party creating the instance.

Keypairs are commonly used to generate login credentials on AMIs where agents to generate credentials have been installed. These are on most all AMIs that AWS themselves maintain. The default behavior for AWS maintained AMIs is a bit different depending on OS:

  • Linux: You supply the private part of the keypair when SSHing into the EC2 instance. The username is different depending on the flavor of linux you're using, see here for more details.
  • Windows: the EC2Config agent generates a password for the default "Administrator" windows user during bootup that are available via the AWS Console or CLI if you as the end user can supply the private part of the keypair.

Further Reading:

  • AWS Documentation - Keypairs
  • AWS Documentation - Accessing Instances
  • AWS Documentation - Troubleshooting connecting to instances
like image 41
Anthony Neace Avatar answered Oct 16 '22 19:10

Anthony Neace
Sign in to Comment

Related questions

Is A/B testing in AWS for static websites not possible using Cloudfront?
Elastic Beanstalk NetworkOut auto scaling
change AWS AMI Name
AWS DynamoDB: Could not unconvert attribute error
Route53 getHostedZone AccessDenied. User doesn't have permission to call route53:GetHostedZone
Making S3 static web hosting content private
terraform the db instance and ec2 security group are in different vpcs
How to mask IP in AWS cloud watch in AWS ELB via AWS cli by custom header?
How to share data in `AWS Step Functions` without passing it between the steps
RDS does not support creating a DB instance with the following combination
AWS CodeBuild GitHub Deploy Keys
How do you assign a VPC and security group to a Lambda in AWS CDK?
How to avoid cycle error when setting an S3 bucket policy with a template that depends on the bucket name?
What root-device to use for a new EC2 instance?
Amazon EC2 Load Testing
Browser uploads to s3 with instance roles
What is advantage and disadvantage of using pubnub over Amazon Simple Notification Service (sns)? [closed]
amqp.node won't detect a connection drop
AuthorizationError when confirming SNS subscription over HTTP
how many objects are returned by aws s3api list-objects?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!