Add a new keypair to AWS linux instance

Thanks to the original author on StackOverflow – Source link below; for this beautiful and clear and concise documentation on adding a new keypair (by creating a new user) on the AWS linux instance.
I tried this on a CentOS7 installation and bitnami powered suiteCRM installation and with a few changes, it worked awesomely.

Post w/ instructions for bitnami instances will follow soon.

Though you can’t add a key pair to a running EC2 instance directly, you can create a linux user and create a new key pair for him, then use it like you would with the original user’s key pair.

In your case, you can ask the instance owner (who created it) to do the following. Thus, the instance owner doesn’t have to share his own keys with you, but you would still be able to ssh into these instances. These steps were originally posted by Utkarsh Sengar (aka. @zengr) at I’ve made only a few small changes.

Step 1: login by default “ubuntu” user:
$ ssh -i my_orig_key.pem ubuntu@
Step 2: create a new user, we will call our new user “john”:

[ubuntu@ip-11-111-111-111 ~]$ sudo adduser john
Set password for “john” by:

[ubuntu@ip-11-111-111-111 ~]$ sudo su –
[root@ip-11-111-111-111 ubuntu]$ passwd john
Add “john” to sudoer’s list by:

[root@ip-11-111-111-111 ubuntu]$ visudo
.. and add the following to the end of the file:

john ALL = (ALL) ALL
Alright! We have our new user created, now you need to generate the key file which will be needed to login, like we have my_orin_key.pem in Step 1.

Now, exit and go back to ubuntu, out of root.
[root@ip-11-111-111-111 ubuntu]$ exit
[ubuntu@ip-11-111-111-111 ~]$
Step 3: creating the public and private keys:

[ubuntu@ip-11-111-111-111 ~]$ su john
Enter the password you created for “john” in Step 2. Then create a key pair. Remember that the passphrase for key pair should be at least 4 characters.

[john@ip-11-111-111-111 ubuntu]$ cd /home/john/
[john@ip-11-111-111-111 ~]$ ssh-keygen -b 1024 -f john -t dsa
[john@ip-11-111-111-111 ~]$ mkdir .ssh
[john@ip-11-111-111-111 ~]$ chmod 700 .ssh
[john@ip-11-111-111-111 ~]$ cat > .ssh/authorized_keys
[john@ip-11-111-111-111 ~]$ chmod 600 .ssh/authorized_keys
[john@ip-11-111-111-111 ~]$ sudo chown john:ubuntu .ssh
In the above step, john is the user we created and ubuntu is the default user group.
[john@ip-11-111-111-111 ~]$ sudo chown john:ubuntu .ssh/authorized_keys
Step 4: now you just need to download the key called “john”. I use scp to download/upload files from EC2, here is how you can do it.

You will still need to copy the file using ubuntu user, since you only have the key for that user name. So, you will need to move the key to ubuntu folder and chmod it to 777.

[john@ip-11-111-111-111 ~]$ sudo cp john /home/ubuntu/
[john@ip-11-111-111-111 ~]$ sudo chmod 777 /home/ubuntu/john
Now come to local machine’s terminal, where you have my_orig_key.pem file and do this:

$ cd ~/.ssh
$ scp -i my_orig_key.pem ubuntu@ john
The above command will copy the key “john” to the present working directory on your local machine. Once you have copied the key to your local machine, you should delete “/home/ubuntu/john”, since it’s a private key.

Now, one your local machine chmod john to 600.
$ chmod 600 john
Step 5: time to test your key:
$ ssh -i john john@
So, in this manner, you can setup multiple users to use one EC2 instance!!