I will share points to note about replace a key pair for EC2.
EC2 instance cannot allow to be connected to with SSH by password authentication in initial settings.
# To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication no
Once you select a key pair and launch EC2 instance, you can connect to it with public key authentication.
ssh -i ./NewWindows.pem email@example.com Last login: Mon Aug 2 13:36:42 2021 __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/
There is a case that you need to replace a key pair attached EC2 instance because of security, review of operations and so on.
In this case, you change a new key pair from existing key pair. Also, you can connect to EC2 instance with another secret key.
ssh -i .\tepkey.pem firstname.lastname@example.org Last login: Mon Aug 2 13:45:37 2021 __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/
At first, I expected that only new public key exists in the file,
~/.ssh/authorized_keys. But, it was wrong and an old public key existed there, too.
ssh-rsa ~~~~~~~~~~~~~~~~~~~XXXX~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NewWindows ssh-rsa ~~~~~~~~~~~~~~~~~~~XXXX~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tepkey
Actually, I confirm that I can connect to EC2 instance with SSH by the former secret key.
ssh -i .\NewWindows.pem email@example.com Last login: Mon Aug 2 15:07:23 2021 __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/
According to the AWS documentation, you have to remove an old public key in
~/.ssh/authorized_keys manually when you replace a key pair.
I research replace a key pair for EC2 instance. I'm surprised at the specification and concerned about security🤔
If you disclosure an old secret key which is not used and not managed, your EC2 instances may be illegally accessed.
How does everyone do an operation? Let me hear your what you think.