Creating the SSH Keypair
In order to connect to and perform tasks on the bastion, you will use SSH with keypair authentication. In this section, you will create a key pair and store its private value and fingerprint to local files.
The SSH keypair will be used later for instantiating worker nodes. Optionally, you can create a separate keypair for the bastion and for worker nodes. In that case, follow the steps described here, and give each keypair a distinct name.
To create the keypair using the web UI:
- Using the Find Services search tool, locate and browse to the EC2 dashboard.
- In the left navigation pane, under Network and Security, select Key Pairs
- On the Key Pairs management dialog, click Create key pair.
- On the Create Key Pair page, specify values for the following:
- Name: The key pair name will be later used for instantiating bastion as well as worker nodes. You will also use it as a CLI parameter when using an SSH client.
- File format: Choose the format suitable for your client; check the description as shown.
- Click Create Key Pair.
- On the Key pair management dialog, save the private part to a secure location when prompted.
You must save the value now, and will not be able to save it later.
- Optionally, save the key pair fingerprint to the same secure location. The optimal way to store this value is in the file named the same as the private part, exchanging the suffix. For example:
srgdemo.fingerprint.
You can later compare your locally-stored fingerprint value with the one presented on the table on the web UI.
- To store the fingerprint value, copy the value in the Fingerprint column to a text document on your local machine.
- Record the keypair name and keypair fingerprint to the AWS worksheet.
To create the SSH key pair using the CLI:
- Specify the following commands:
export KEYPAIR_NAME=<Key pair name>
export KEYPAIR_CREATION=$(aws ec2 create-key-pair \
--key-name ${KEYPAIR_NAME})echo $KEYPAIR_CREATION | jq -r '.KeyMaterial' \
| sed "s/\\\\n/\n/g" > ~/.ssh/${KEYPAIR_NAME}.pemecho $KEYPAIR_CREATION \
| jq -r '.KeyFingerprint' > ~/.ssh/${KEYPAIR_NAME}.fingerprintchmod 400 ~/.ssh/${KEYPAIR_NAME}.pem
Replace the
<KEYPAIR_NAME> value with your real key pair name. In our examples, we use srgdemo.Example commands:
export KEYPAIR_NAME=srgdemo
export KEYPAIR_CREATION=$(aws ec2 create-key-pair \
--key-name ${KEYPAIR_NAME})echo $KEYPAIR_CREATION | jq -r '.KeyMaterial' \
| sed "s/\\\\n/\n/g" > ~/.ssh/${KEYPAIR_NAME}.pemecho $KEYPAIR_CREATION \
| jq -r '.KeyFingerprint' > ~/.ssh/${KEYPAIR_NAME}.fingerprintchmod 400 ~/.ssh/${KEYPAIR_NAME}.pem
Next Steps:Determining the AMI ID