Amazon EC2 Cloud – Resetting the PEM Key

Leave a comment

Virtual ServerEach virtual server instance in Amazon is secured by a unique file, called the PEM Key Pair.  This file needs to be saved onto the client computer in order to access and maintain the cloud server.  Unfortunately, these keys can occasionally be lost, such as during a hard drive crash or when switching software vendors.

If the PEM key is lost or not accessible, it is necessary to perform a reset as follows:

  1. The first step is to take the existing virtual machine instance, stop the instance, right-click and select “Create Image”.  This will create something called an “AMI”, or Amazon Machine Image.  This contains a snapshot of the server, along with launch permissions and identifying information.  The AMI will take some time to create depending on the size of the disk.  During this time, it will show a “Pending” status.
  2. Once the AMI snapshot is created, right click on the AMI, and select “Launch”.  This process will create a new virtual machine instance, and allow you to create a new PEM Key Pair and Security Group.  While setting up the Security Group (basically a set of firewall rules), be sure to disable public access to the SSH protocol, and only enable SSH access from your IP.
  3. Once the instance is created, start the instance and wait a few minutes for boot to complete.  Then, using the Amazon interface, select the instance and click “Connect”.  Use the Java-based SSH client to verify connectivity before attempting to connect with a local SSH client like Putty.
  4. Before using Putty, you will need to reformat the PEM key into a Putty-compatible format.  Luckily, this is very easy.  Download and run the free software “puttygen” from the same developer as Putty, load the PEM key file, and save the output file, without a password, to the same folder.
  5. Finally, start putty, load the private key file under “Connection->SSH->Auth”, and connect to the instance’s public IP.  You can now use the new key file to manage the machine.
  6. Be sure to re-associate any “Elastic IPs” with the new instance, if the previous server was listed in any DNS entries
  7. Finally, delete the old instance and volume to prevent confusion and reduce hosting costs.

Using these six steps, it is relatively straightforward to reset the PEM key.  Other comparable tutorials recommend creating a temporary machine, mounting the virtual image, and manually overwriting the file.  While this can work, it is significantly more difficult than these steps.  The mounting technique should be used in highly customized virtual servers where the AMI snapshot will not start.

While Amazon offers a great framework for managing virtual machines, there really should be a more straightforward approach for regenerating the PEM key.  A tool within the administrative console would go a long way toward simplifying virtual machine management.

Written by Andrew Palczewski

About the Author
Andrew Palczewski is CEO of apHarmony, a Chicago software development company. He holds a Master's degree in Computer Engineering from the University of Illinois at Urbana-Champaign and has over ten years' experience in managing development of software projects.
Google+

RSS Twitter LinkedIn Facebook Email

Leave a Reply

Your email address will not be published. Required fields are marked *