Amazon recently launched the ability to upload your own ssh public key to EC2 so that it can be passed to new instances when they are launched. Prior to this you always had to use an ssh keypair that was generated by Amazon.
The benefits of using your own ssh key include:
-
Amazon never sees the private part of the ssh key (though they promise they do not save a copy after you downloaded it and we all trust them with this)
-
The private part of the ssh key is never transmitted over the network (though it always goes over an encrypted connection and we mostly trust this)
-
You can now upload the same public ssh key to all EC2 regions, so you no longer have to keep track of a separate ssh key for each region.
-
You can use your default personal ssh key with brand new EC2 instances, so you no longer have to remember to specify options like
-i EC2KEYPAIR
in everyssh
,scp
,rsync
command.
If you haven’t yet created an ssh key for your local system, it can be done with the command:
ssh-keygen
You can accept the default file locations, and I recommend using a secure passphrase to keep the key safe.
Here are some sample commands that will upload to all existing regions your personal ssh public key from the default file location on Ubuntu, giving it an EC2 keypair name of your current username. Adjust to suit your preferences:
keypair=$USER # or some name that is meaningful to you
publickeyfile=$HOME/.ssh/id_rsa.pub
regions=$(ec2-describe-regions | cut -f2)
for region in $regions; do
echo $region
ec2-import-keypair --region $region --public-key-file $publickeyfile $keypair
done
When you start new instances, you can now specify this new keypair name and EC2 will provide the previously uploaded public ssh key to the instance, allowing you to ssh in. For example:
ec2-run-instances --key $USER ami-508c7839
[...]
ec2-describe-instances i-88eb15e5
[...]
ssh ubuntu@ec2-184-73-107-172.compute-1.amazonaws.com
Don’t forget to terminate the instance if you started one to test this.
[Update]
Based on a Twitter question, I tested uploading a DSA public ssh key (instead of RSA) and got this error from Amazon:
Client.InvalidKeyPair.Format: Invalid DER encoded key material
I don’t see why DSA would not work since it’s just a blurb of text being stored by EC2 and passed to the instance to add to $HOME/.ssh/authorized_keys
but there you have it.
相关推荐
首先,SSH2SFTP客户端基于SSH2库,SSH2是一个强大的、全面的Node.js库,用于处理SSH2协议。它不仅支持SFTP,还支持SSH连接、远程命令执行等功能。SSH2SFTP客户端提供了简单易用的API,使得开发者能够在Node.js应用...
- **Android--10-steps-to-integrate-dropbox-api--demo-project-master**:文件名可能表明这是一个示例项目,遵循10个步骤完成Dropbox API的集成。源代码可能包含版本控制信息,如Git提交历史,帮助开发者理解代码...
化妆品培训材料.pptx.baiduyun.uploading.cfg
Uploading Desktop
标题 "Uploading-Images-To-Node-Dynamically: 源代码 - ajax source code" 提供的信息表明,这个项目是关于动态上传图片到Node.js服务器的,并且涉及到使用Ajax技术来实现这一功能。Ajax(Asynchronous JavaScript ...
带用户数据的Terraform-EC2- 使用Terraform用用户数据配置ec2实例 先决条件: 从链接下载Terraform并在Linux机器中进行设置。 (这里我使用的是ec2实例)在实例中配置aws cli。 首先我们需要创建一个目录 mkdir ec2...
化妆品工艺.pptx.baiduyun.uploading.cfg
ACCESS_TOKEN=5607b93462c0a7e6b07d4e1892493e92d13c94e2391f80131edf0853c1e05b29e968rb2w265589cftu9 跑 $ python working_with_the_vk_api.py.py 你会看见 组中的漫画。 如果没有必需的组权限,或者获取ACCESS_...
隐名合伙协议.doc.baiduyun.uploading
"Uploading and Viewing Files the Easy Way" 这个主题聚焦于简化这一过程的技术和最佳实践。我们将探讨如何实现高效、安全且用户体验良好的文件上传与查看功能。 首先,上传功能的核心在于前端和后端的交互。前端...
a highly efficient proprietary HttpModule, which enables uploading of files with size up to 2GB, while allocating a minimum amount of server memory. UI control for single- and multi-file uploads, ...
这个名为“Jsp_Uploading_MySQL.rar_mysql image”的压缩包内容很可能涉及到使用JSP实现文件上传功能,特别是图片(image),并将这些文件存储到MySQL数据库中的过程。这一主题涵盖了许多关键知识点,下面我们将详细...
化妆品卫生安全培训.pptx.baiduyun.uploading.cfg
标题“ext上传uploading”指的是基于EXTJS框架的文件上传功能。EXTJS是一个强大的JavaScript库,主要用于构建富客户端应用程序,其强大的组件模型使得创建复杂的Web界面变得简单。在这个场景中,“uploading”意味着...
化妆品品牌调研概述课件.pptx.baiduyun.uploading.cfg
npm install --save react-images-uploading 纱 yarn add react-images-uploading 用法 您可以在此处查看基本演示: Javascript: https : //codesandbox.io/s/react-images-uploading-demo-u0khz 打字稿: ...
composer create-project --prefer-dist laravel/lumen cloud-uploading-service ``` 2. **配置Lumen**: 配置 `.env` 文件以设置数据库连接、密钥和其他必要设置。Lumen默认不启用路由模型绑定,所以如果需要的...