如何在不创建新ec2-instance的情况下更改ec2-instance的pem文件? [英] How to change pem file for an ec2-instance without creating new ec2-instance?

问题描述

我已经创建了一个实例及其名为demo.pem的pem文件，但是出于安全考虑，我不得不为同一实例将旧的demo.pem文件更改为demos.pem.
我不想创建用于更改pem文件的新实例 =>可以吗? |帮助?

I have created an instance and its pem file named as demo.pem,
But due to some security i have to change my old demo.pem file with demos.pem for the same instance.
I do not want to create new instance for changing pem file => Is it possible? | Help?

推荐答案

值得理解密钥对的工作原理...

It's worth understanding how keypairs work...

使用密钥对登录Linux时，您指定用户名和密钥对，例如:

When logging into Linux using keypairs, you specify a username and a keypair, eg:

ssh -i demo.pem ec2-user@54.11.22.33

然后，Linux查找属于该用户的.ssh/authorized_keys文件，例如:

Linux then looks in the .ssh/authorized_keys file belonging to that user, eg:

/home/users/ec2-user/.ssh/authorized_keys

如果在该文件中查找与用于登录的私钥匹配的公钥.然后，它会执行神奇的密钥对操作，并确定是否允许该人登录.

If looks for the public key in that file that matches the private key used for login. It then does keypair magical stuff and determines whether to allow the person to login.

因此，要使用新的密钥对在实例上启用登录:

• 将密钥对的公共部分添加到相应用户主目录中的~/.ssh/authorized_keys文件中
• 如果需要，请从该文件中删除旧密钥以删除访问权限

• Add the public half of the keypair to the ~/.ssh/authorized_keys file in the appropriate user's home directory
• If desired, remove an old key from that file to remove access permissions

该文件中可以有多个密钥，这些密钥允许通过任何授权的密钥对进行登录.

You can have multiple keys in that file, which permit login via any of the authorized keypairs.

这篇关于如何在不创建新ec2-instance的情况下更改ec2-instance的pem文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！