0

Setup: Bitnami Wordpress Lightsail Stack

Is it possible to generate a new SSH key pair for an existing instance? What are the steps to generate a new SSH key pair for an existing instance (without stoping or deleting the existing instance) if that is possible.

Organic Heart
  • 157
  • 1
  • 8
  • 1
    have you got access to the instance or not? – MLu Mar 13 '20 at 04:32
  • @MLu Hi, yes I do have access to the instance. – Organic Heart Mar 13 '20 at 04:48
  • 1
    Google something like "Linux add user". I don't think you can replace the key pair for the ec2-user, but it's fairly trivial to add another user in Linux and generate them a key pair. – Tim Mar 13 '20 at 05:27
  • @Jalene just to confirm: it's a fairly regular Linux in there, yes? With normal shell? – jaskij Mar 13 '20 at 09:23
  • 2
    Yes, it is a regular Linux. So you can login by SSH and add a new ssh key to `~bitnami/.ssh/authorized_keys`. You can also remove the existing EC2 ssh key there. (The user name could be different, depending on the used distribution.) – mschuett Mar 13 '20 at 10:10

1 Answers1

0

Simply add a new Linux user, or add an additional key to an existing user. I wrote a short blog post about this a while back. I'll copy the essential steps below, but there's a bit more detail on the blog.

First we create the user and give them a password. I’d already created the user a while back, but this is how it’s done. I’m not sure if you really need to give the user a password since login is by certificate only.

sudo su
sudo useradd fred
passwd fred

Next we generate the public and private keys, as the user tim, and copy them to the right place on the file system. We have to set very specific file and folder permissions for this to work. It’s good practice to set a password on the private key when prompted.

su fred
ssh-keygen -f rsa

mkdir .ssh

touch .ssh/authorized_keys
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

cat fred.pub >> /home/fred/.ssh/authorized_keys

Now we edit the sshd config to allow only ec2-user and tim to login

vi /etc/ssh/sshd_config
PasswordAuthentication no
AllowUsers ec2-user fred

Next you have to download the private key to your PC and convert it to a ppk file using puttygen. You can read about this here. You test the login using putty with a host in the format below, and the private key in ppk format set under connection -> ssh -> auth

fred@ipaddress
Tim
  • 31,888
  • 7
  • 52
  • 78