Understanding SSH Keys and EC2: A Complete Guide 🔐

Hey there, DevOps friends! 👋 Today, let's dive deep into SSH keys and how they work with EC2 instances. I had some confusion about this topic initially, but after researching and working with it, everything became clear. Let me share my understanding!

The Basics: Why Do We Need Two Keys? 🤔

Think of SSH key pairs like a super-secure lock and key system:

• Public Key 🔒: It's like a special lock that you can share with anyone
• Private Key 🔑: It's like a unique key that only you have

Here's the cool part - you can distribute the lock (public key) everywhere, but keep the key (private key) secret. That's what makes it so secure!

Creating SSH Keys 🛠️

There are two ways to get SSH keys for EC2:

1. AWS Console Method

# AWS gives you a .pem file when you launch an instance
# After downloading xyz.pem, you need to:
chmod 400 xyz.pem
ssh -i xyz.pem ec2-user@your-instance-ip

2. Generate Your Own Keys

# Generate the key pair
ssh-keygen -t rsa -b 4096

# It will ask for:
# 1. Path (press Enter for default ~/.ssh/id_rsa)
# 2. Passphrase (optional)

# This creates two files:
# - id_rsa (private key)
# - id_rsa.pub (public key)

Using SSH Keys with Terraform 🚀

Here's how to use your own SSH keys in Terraform:

# Add your public key to AWS
resource "aws_key_pair" "my_key" {
  key_name   = "my-key"
  public_key = file("~/.ssh/id_rsa.pub")  # Path to your public key
}

# Use it in EC2 instance
resource "aws_instance" "example" {
  ami           = "ami-12345"
  instance_type = "t2.micro"
  key_name      = aws_key_pair.my_key.key_name
}

The Big Question: How Does It All Work? 🤯

I was confused about why we give AWS the public key but use the private key to connect. Here's how it works:

1. Setting Up 🏗️

   • Public key gets installed on EC2 (like installing a lock)
   • Private key stays on your computer (like keeping your key safe)

2. Connecting 🔌

   • When you try to SSH:
     1. EC2 (with public key) sends a challenge
     2. Your computer uses private key to solve it
     3. Only the matching private key can solve it correctly
     4. If solved, you get access!

Common Gotchas and Tips 💡

1. Permissions Matter

   # Always set correct permissions for private keys
   chmod 400 private_key

1. Key Location

   • Default: ~/.ssh/
   • Custom: Specify with -f flag during generation

2. Connection Command
   

   # With .pem from AWS
   ssh -i path/to/key.pem ec2-user@instance-ip

   # With your generated key
   ssh -i ~/.ssh/id_rsa ec2-user@instance-ip

Why This is More Secure Than Passwords 🛡️

1. Private key never travels over the network
2. Each connection uses a new challenge
3. Can't reverse-engineer private key from public key
4. No password to forget or guess!

Final Thoughts 💭

Understanding SSH keys was a game-changer for me. Whether you're using AWS-generated .pem files or your own SSH keys, the principle is the same - public key on the server, private key on your machine.

Remember:

• Keep your private key safe 🔒
• Never share your private key 🚫
• Public keys are fine to share ✅
• Always set proper permissions 👍

Now go forth and SSH securely! 🚀