I created a new Windows instance on AWS EC2, using a keypair I created by uploading my public key from my local machine.
The instance launched fine, but it won't decrypt the password. It reports:
I'm certain I uploaded the correct key. I've verified that the fingerprints match with the weird fingerprint format AWS uses. But it just won't decrypt.
I've tried uploading the key file, and pasting it into the form.
I eventually figured out that it isn't stripping the trailing newline, and deleted the blank line in the key. That just gets me to a new error when I click "Decrypt Password", though:
Best Answer
AWS EC2's key management does not cope with SSH private keys that have passwords set (are encrypted). It doesn't detect this, and simply fails with an uninformative error.
If your private key is stored encrypted on disk (like it should be, IMO) you must decrypt it to paste it into AWS's console.
Rather than doing that, consider decrypting the password locally, so you don't have to send your private key to AWS. Get the encrypted password data (base64 encoded) from the server log after startup, or using get-password-data or the corresponding API requests.
You can then base64 decode and decrypt the result:
(OpenSSH private keys are accepted by
openssl rsautl
).The issue with failing to handle password protected keys with a useful error also affects the
ec2-get-password
command.See also: