How to apply multiple SSH keys to an AWS Lightsail Instance

Question

My team has an issue that, when we spin up a new lightsail instance, we are only allowed to apply a single SSH key pair to that instance.

Is there a way to add the key pairs from everyone on my team to some kind of group? And then apply that group to the lightsail instance?

We need everyone on the team to be able to have access to the instance and I cannot find a way to accomplish this. Any insight would be greatly appreciated!

Answer 1

First thing, Private key is not designed to be used by the whole team and its really very bad practice you should not do that and you should not share the EC2 key with everyone.

Is there a way to add the key pairs from everyone on my team to some kind of group? And then apply that group to the lightsail instance?

You have two option.

• Ask for the public key from each developer and your team member, add their keys in ~/.ssh/authorized_keys files. They will be able to ssh against their own key.

This approach will help you to remove user once he has done his job and rotating user keys will be a bit easy.

• OpsWork for user and ssh management for EC2 machine or you can explore amazon-ec2-instance-connect-for-ssh

With above approach you will not need to do an ssh and add new team member manually you do this with AWS console. I will prefer this.

Answer 2

I haven't used Lightsail before, but since it's uses EC2 under the hood I am assuming it's pretty much the same. You can ssh into the machine with they private key provided by lightsail, and then you can add the public keys of the members of your team separated by a new line in this file

~/.ssh/authorized_keys

Then, the people from your team would use something like

ssh ec2-user@public-ip -i /path/to/private/key

If you used an Amazon Linux instance, user is ec2-user, but you used a different instance, the user is different.

If you want to add keys to multiple lightsail instances, I suggest to use a CM tool, like Ansible.