I have an AWS EC2 Instance using EBS and I want to stop the use of the current private key, and use a new one. As I understand it, merely deleting the key pair on the AWS Console just deletes the public key and does not prevent access to the instance using the (old) private key via SSH.
I attempted a workaround (detailed here) but I realized this doesn't prevent the use of the old private key.
Is there any way to keep using this instance and prevent the use of the old private key and issue a new one, without having to create a new instance and re-install everything? Can you go into Linux and SSH and manually delete support for specific keys?
I can provide details about the instance configuration as needed.
Best Answer
EC2 key pairs, which appear on AWS console panel, are only used to initialize EC2 instances, granting you initial access to them with the provided key pair. Thus, deleting them on AWS console panel won't make a difference on existing instances. See AWS Doc.
To prevent the use of the old private key, you need to to edit the
.ssh/authorized_keysfile on your remote EC2 instance, removing the corresponding entry, which is the public key of your EC2 key pair.Remember to add your new public key to
authrozied_keysfile, and test it before removing the old one, or you may be locked out of your EC2 instance.To issue a new key pair, use
ssh-keygencommand on your local Linux machine, it's an interactive program when calling without arguments.And use
ssh-copy-idto automatically apply your new key to your instance.