Creating SSH key pairs and uploading them to Amazon EC2

Interactive access to remote machines is usually achieved through SSH. VMs running on Amazon’s EC2 service are no exception. If you have ever remotely logged into a machine over the network at your institution, then you are likely to be familiar with SSH already. Usually, there are two ways to authenticate: by password or by public/private key. By default, Amazon machines only authenticate by public/private key. Therefore, in order to access a VM, you need to register a key.

SSH keys come in pairs – a public and a private key. You upload the public key to the remote machine (e.g., Amazon EC2 instance), and keep the private key locally on your own machine(s). This article explains how to create your own key pair and then upload the public key to your Amazon account.


Creating a SSH key pair

Linux / Mac OSX

Mac OSX and most Linux distributions come pre-installed with at least the SSH client utilities. Generating a SSH keypair is straightforward.

Open a command terminal and type the following:

You will be prompted for a password (this is optional but highly recommended) with which to protect your key. If the key generation is successful (see screenshot below), then then two files (id_rsa and will be created in the ‘.ssh’ directory on your machine. You will need the ‘’ file for upload to Amazon later.




Windows has no OpenSSH client or server installed by default. We suggest the use of the PuTTY package, but you can use any SSH client program that you are comfortable with. Make sure you download the Windows installer that contains at least PuTTY and PuTTYgen (the key generator). When you launch the PuTTYgen program, you will see the following window:

Click the ‘Generate’ button and then move your mouse as instructed…
Once you’ve wiggled the mouse ‘enough’, you will be presented with a screen similar to the following. Don’t forget to type a password which your private key will be protected with.
Finally, save both your public key and private key using the buttons provided by the interface. We recommend using a ‘.pub‘ extension for the public key file to avoid confusion later on.

Uploading your public key to Amazon EC2

From the Amazon Management Console, choose the ‘EC2’ tab. From the menu on the left-hand side, choose ‘Key Pairs‘ (under Network and Security). When you click the ‘Import Key Pair‘ button from the toolbar, you should see the following dialogue box:


Give your keypair a a suitable name. Then upload the public key, by clicking the ‘Choose File‘ button and selecting the ‘‘ file.


Finally, click ‘Yes Import‘ and after a few moments, your SSH key should appear in the key list. You can now start virtual machines that use your own SSH key.

After your SSH key has been imported, you should be able to connect to an Amazon EC2 instance.