This article will discuss EC2 key pairs and how they can be used to connect to Windows and Linux instances.
Amazon AWS uses keys to encrypt and decrypt login information.
At the basic level, a sender uses a public key to encrypt data, which its receiver then decrypts using another private key. These two keys, public and private, are known as a key pair.
You need a key pair to be able to connect to your instances. The way this works on Linux and Windows instances is different.
First, when you launch a new instance, you assign a key pair to it. Then, when you log in to it, you use the private key.
The difference between Linux and Windows instances is that Linux instances do not have a password already set and you must use the key pair to log in to Linux instances. On the other hand, on Windows instances, you need the key pair to decrypt the administrator password. Using the decrypted password, you can use RDP and then connect to your Windows instance.
Amazon EC2 stores only the public key, and you can either generate it inside Amazon EC2 or you can import it. Since the private key is not stored by Amazon, it’s advisable to store it in a secure place as anyone who has this private key can log in on your behalf.
This article assumes that you don’t have any key pair created, hence no public or private keys (generated in AWS or imported) and no running Linux or Windows instances.
All of them will be created and you will be shown how to do so, and also how to connect to your Linux and Windows instances.
The first step is to create the key pair. From the EC2 panel under NETWORK & SECURITY, choose Key Pairs. Click on Create Key Pair, specify the name of the key pair and click on Create:
Once you do that, the private key is automatically saved by your browser. Save this file in a safe place as this is the only time you will have access to it:
Now that the key pair is created, it’s time to create two instances: one Linux instance and one Windows instance.
During the process of creating the instances, specifically at the very end of the instance launch, you will be asked if you want to use a key pair and if yes, to select an existing one or create a new one. As we already have one, we will use an existing one.
This is for the Linux instance:
And this is for the Windows instance:
After a few minutes, you should see both instances running:
Now that both instances are running, let’s connect to the Linux instance from a Linux host and also from a Windows host using PuTTY.
Check the public IP address assigned to the Linux instance: 126.96.36.199.
In order to connect to the Linux instance from a Linux host, you have to change the permissions of the key pair to 400, which means that the only permission is that it can be read by the owner of the file.
Below is an example of how you can connect from a Linux host to your Linux instance in AWS.
But what happens if you try to connect to the Linux instance from a Windows machine using PuTTY?
PuTTY does not support the .pem format generated by Amazon EC2 for the private key. It uses the .ppk format.
PuTTYgen is a tool that can be used to convert keys to the required PuTTY format .ppk.
Unless you convert the key generated by Amazon EC2, you will not be able to connect to the Linux instance using PuTTY.
Start PuTTYgen and load the private key downloaded earlier. Choose SSH-2 RSA with 1024 bits length.
Click on Save private key (because this is still a private key) to save it in a format that PuTTY can use.
You will be asked if you want to save the key without a passphrase (password). Choose Yes and specify the name of the private key.
Once the private key is saved, start PuTTY and provide the location of the private key:
And the username and hostname of the Linux instance:
You can now log in to the Linux instance:
It’s time to connect to the Windows instance. First we need to find out the administrator password.
Right click on the Windows instance and select Get Windows Password. You will be asked to provide the private key:
Click on Decrypt Password and the password will be shown in clear text. Write down the password as you will need it to connect using RDP to the Windows instance:
After that, you can RDP to the Windows instance, by using the IP address of the Windows instance 188.8.131.52, and change the administrator password:
As you can see, the key pairs are really important to EC2 instances. Without them you will not be able to connect to your instances or change passwords.
The most important thing to remember is that you shouldn’t lose the private keys, and that they should never get in the hands of anyone else that is not trusted by your organization. Otherwise, there might be unauthorized access to your instances and your data might be compromised or lost.