Why do I have only private keys for some SSH connections but I have to generate key pairs for other SSH connections?

0
votes

When I create an EC2 Ubuntu instance on AWS, it generates a key pair. Then it has me download the private key from that key pair. I use that private key with ssh -i to connect to the EC2 instance.

To use AWS CodeCommit, AWS asks me to create a key pair on my machine using ssh-keygen. Why do I want two keys? Why doesn't AWS generate the key pair? Can this key pair be used with connecting to other (non-AWS) entities? Can I use a key pair that I generated for connections to a non-AWS entity to connect to AWS CodeCommit?

Why is there a difference between these two SSH-setup approaches and are these approaches interchangeable?

1
amazon-web-servicessshaws-codecommit

1 Answers

0
votes

You can generate one ssh key or use even pre-existing ssh key and then you can generate many public key from one ssh private key. What AWS needs in both cases a public key to authenticate you.

The option -y outputs the public key. From the linux/mac manual for the ssh-keygen command:

-y ---- This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

SSH and Linux, macOS, or Unix: Set up the public and private keys for Git and CodeCommit

Instead of using Amazon EC2 to create your key pair, you can create an RSA key pair using a third-party tool and then import the public key to Amazon EC2.

Import your own public key to Amazon EC2