Convert Amazon Web Services Private RSA Key For Use With SecureCRT
When I first was working with an Amazon Web Services instance at EC2 I was getting frustrated trying to use SecureCRT to connect to the AWS instance. When you configure an instance you are required to configure an Amazon EC2 key pair which will allow you to connect to your instances via SSH. The problem is once you receive the key pair via download it will not work with SecureCRT so you need to convert it to a public key to work. I did a lot of searching and didn’t find much but the below worked for me.
Convert Amazon Web Services Key Pair for Use With SecureCRT:
**NOTE: You will either need to do the below on a Linux machine or have cygwin installed on your Windows computer.
- Create Amazon EC2 Key Pair: First via the AWS Management Console you need to create a key pair. Once logged into the AWS Console click on Key Pairs at the bottom of the left side navigation. Click the Create Key Pair button located at the top left of the center column. You will be required to provide a name for the Key Pair and then click the Create button. Once you do this the Amazon EC2 Key will automatically download. Make sure to save it to a location that you will remember.
- Modify Key File Permissions: If you do not have cygwin installed on Windows then transfer the Key file to a Linux computer to complete the below tasks. Issue the below command to modify the Amazon EC2 Key file. In our example below we will be using amazon-ec2-key.pem as the example file.
- chmod og-r amazon-ec2-key.pem
- Rewrite Key In OpenSSH Format: Now issue the below command to reqrite the Amazon EC2 Key .pem file into OpenSSH format. You can leave the passphrase empty as the Amazon EC2 Key Pair generator does. To do this just click enter when asked for the passphrase and again when asked to verify the passphrase.
- ssh-keygen -p -f amazon-ec2-key.pem
- Create Public Key: Now use ssh-keygen again to extract the public portion of the Amazon EC2 Key file as shown below. This will create a .pub file and when using this public key then SecureCRT will not only require the .pub file but also the private key file or .pem file.
- ssh-keygen -e -f amazon-ec2-key.pem >> amazon-ec2-key.pem.pub
- Point SecureCRT To Public Key: Now set SecureCRT to use the .pub file you have created. In SecureCRT click on Options in the top navigation menu and select Global Options from the drop down menu. Once the Global Options configuration menu opens click on SSH2 in the left navigation. At the top of this configuration window you will see Public Key so make sure that the “Use identity or certificate file” radio button is selected and then use the right button to navigate to the .pub file you created earlier.
- Use SecureCRT Public Key: When you attempt to connect to the instance it will probably try to use a username and password first so you will need to modify the session options. This can be done by click Options in the top navigation and selecting Session Options from the drop down. Highlight SSH2 in the left navigation and then in the Authentication window move PublicKey to the top using the arrows.
- Connect to AWS EC2 Using SecureCRT: Now try to connect again using the SecureCRT session you have created and you should connect directly to your Amazon Web Services instance without issue.
There may be other ways to do this but initially this caused me a lot of problems and when I figured out how to do this I was relieved to be able to use SecureCRT to connect to Amazon Web Services at EC2.