Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Use of "Proceed without key pair" in EC2 instance creation?

I am relatively new to AWS and exploring different options available. While creating an instance if "Proceed without key pair" is selected we cannot connect to the instance.The documentation also has a note saying this option should not be selected.

So what is the main use of this option ?

In which scenarios are we suppose to use it?

like image 839
akhila Avatar asked Nov 19 '16 17:11

akhila


2 Answers

The option Proceed without key pair is used when:

  • When the sshd in your AMI is configured to use password based authentication and no ssh key is needed to access the machine
  • sshd can accept some other username/key combination
  • If an unauthorized user gains access to AWS dashboard or metadata, he/she can get the name of the keypair and if he/she has access to the keypair, can ssh into the instance. With no keypair listed and another known key baked in the AMI, this security concern is addressed
  • Windows: Admin password (for which private key is required to decrypt) is not needed because some other user is an admin
  • Caution: If you launch an instance with no keypair and don't have any of the above mentined ways to access the instance, you have to relaunch the instance with a keypair.
like image 53
helloV Avatar answered Oct 16 '22 20:10

helloV


"Proceed without key pair" could, for example, be used for instances created from an AMI where the username and password are already known by the party creating the instance.

Keypairs are commonly used to generate login credentials on AMIs where agents to generate credentials have been installed. These are on most all AMIs that AWS themselves maintain. The default behavior for AWS maintained AMIs is a bit different depending on OS:

  • Linux: You supply the private part of the keypair when SSHing into the EC2 instance. The username is different depending on the flavor of linux you're using, see here for more details.
  • Windows: the EC2Config agent generates a password for the default "Administrator" windows user during bootup that are available via the AWS Console or CLI if you as the end user can supply the private part of the keypair.

Further Reading:

  • AWS Documentation - Keypairs
  • AWS Documentation - Accessing Instances
  • AWS Documentation - Troubleshooting connecting to instances
like image 41
Anthony Neace Avatar answered Oct 16 '22 19:10

Anthony Neace