Reputation: 667
What is the purpose of the key pairs (public and private) available in aws ec2?
In the AWS EC2 console/service, you are able to view several key pairs - what exactly is the purpose of these key pairs? Are they relevant to the ec2 instances or the rds?
Upvotes: 1
Views: 1854
Answers (2)
Reputation: 269081
Keypairs are not actually related to AWS or Amazon EC2. They are related to Linux.
When using Linux utilities like ssh and scp, keypairs are used to authenticate users. For example, if you use this command:
ssh -i key.pem ec2-user@IP-ADDRESS
The receiving Linux operating system will look in the /home/ec2-user/.ssh/authorized_keys file. It will check whether the private keypair supplied in key.pem matches a public keypair in that file. If they match, then the connection is permitted.
To make this process simpler, there is some software installed in Amazon Linux that will accept a nominated keypair and install the public half in the the authorized_keys file. This makes it easy to initially login to the instance.
You are then welcome to modify the contents of the authorized_keys file to add/remove any keypairs you wish. You can also create new users on the operating system and add appropriate keypairs to their authorized_keys file.
Common corporate security practices involve each staff member generating their own keypair (so only they have the private keypair), then providing the public half of the keypair to the IT department. Whenever access is requested to a particular Linux computer, the IT people can add their public keypair in the appropriate location. This then grants the staff member access to the computer.
The Amazon EC2 service provides an easy way to generate keys and it will also keep the public half of the keypair, which can be used to add keys when an instance is launched. However, you do not need to keep these keypairs! If you prefer to manage the keypairs yourself (as suggested above), then you do not need to keep these in AWS beyond the initial launch of the instance.
Amazon RDS does not allow users to connect via SSH, so keypairs are not used with Amazon RDS.
Bottom line: Keypairs are used by Linux computers to authenticate users.
Upvotes: 1
Reputation: 571
Amazon EC2 uses public key cryptography to encrypt and decrypt login information. Public key cryptography uses a public key to encrypt a piece of data, and then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair. Public key cryptography enables you to securely access your instances using a private key instead of a password. When you launch an instance, you specify the key pair. You can specify an existing key pair or a new key pair that you create at launch. At boot time, the public key content is placed on the instance in an entry within ~/.ssh/authorized_keys. To log in to your instance, you must specify the private key when you connect to the instance.
So, we can see what the purpose of the key pair is. It is used to ensure safe login and connection to your EC2 instance.
Upvotes: 0
Related Questions
- AWS Access keys vs keyPairs
- What is a keyName in AWS ( Amazon Web Services )?
- Why are there two distinct AWS keys?
- AWS EC2 SSH Keys
- What is aws_access_key_id and aws_secret_access_key in AWS?
- What's the difference between Amazon EC2 private key (.pem) and secret access key?
- What information is contained in the AWS EC2 Key pair?
- AWS EC2 Key Pair setup
- what is the difference between various keys in public key encryption
- What is the 'None' option for, for the keypairs when launching an instance in EC2?