SSH Key Generation on a Unix Computer

How to Create a Public/Private SSH Keypair on a Unix Computer

Note: sudo commands can only be executed in your ubuntu account, not your user account.


By creating a keypair you can set up key authentication for your user account (not user "ubuntu") on your EC2 instance. That means you can connect to your user account with using a password.

In the examples below replace "yourDuckID" with your actual DuckID username (same as for Blackboard).
  1. Open up a Unix console on your computer:

    OS X: Start the Terminal.app.
    Windows: Connect to shell.uoregon.edu.

    You now have access to a Unix command line (CLI) interface.

  2. Move to your AWS directory:

    cd AWS
    pwd

  3. Generate an SSH keypair. When prompted for a passphrase, leave it blank (just hit Enter):

    ssh-keygen -b 1024 -f yourDuckID -t dsa

    This will create 2 files in your AWS directory:

    yourDuckId (private key)
    yourDuckID.pub (public key)

  4. Connect to your EC2 instance as user "ubuntu":

    Sign in to the AWS Management Console and open the Amazon EC2 console:
    https://console.aws.amazon.com/ec2/

    In the Navigation pane, click Instances.

    Right-click your instance, and then click Connect. Fill in your information to connect as user "ubuntu".

    Transfer your public key from your Unix computer to your ubuntu machine as follows:

    a. When the Mindterm SSH Client opens, select SFTP File Transfer.. from the Plugins menu.
    b. In the SFTP File Transfer Plugin, open your [AWS] directory by double-clicking,
    c. Select the public key (yourDuckID.pub) and transfer it to your "ubuntu" account.

    Close the SFTP File Transfer Plugin window.

  5. As user "ubuntu" do the following:

    Move to your user home diretory, and create a directory named .ssh with these two commands:

    cd ~yourDuckID
    sudo mkdir .ssh

    Move your public key into the user's .ssh diretory:

    sudo mv /home/ubuntu/yourDuckID.pub .ssh

    Next, change the file access mode of .ssh, and change the owner from root to you:

    sudo chmod 700 .ssh
    sudo chown yourDuckID .ssh

    The following command creates an authorized_keys file in the user's .ssh directory, and adds the public key to it:

    sudo bash -c "cat .ssh/yourDuckID.pub >> .ssh/authorized_keys"

    Now change the file's access mode, and change the owner:

    sudo chmod 600 .ssh/authorized_keys
    sudo chown yourDuckID .ssh/authorized_keys

     Remove the public key from the server:

    sudo rm .ssh/yourDuckID.pub

    Finally, eyeball the permissions and verify that .ssh is 700 and .ssh/authorized_keys is 600:

    sudo ls -la
    sudo ls -l .ssh

  6. Test the connection. Enter the following command on shell.uoregon.edu (Windows) or in your Terminal.app (OS X), not

    ssh -i ~/.ssh/yourDuckID yourDuckID@ec2-######-7.us-west-2.compute.amazonaws.com

    NOTE: Use your own DuckID username and your own public DNS in the above ssh command.

    You can now connect to any server on which you have an account, and a copy of your public key in the .ssh/authorized_keys file in your home directory.

  7. Exercise: Set up and test key authentication on your shell.uoregon.edu account.

  8. Optional (OS X): Create an ssh-uo alias on your Unix computer.

References

AWS has an article that includes information about generating key pairs and creating an AMI from an instance: Tips for Securing Your EC2 Instance