When I first was working with an Amazon Web Services instance at EC2 I was getting frustrated trying to use SecureCRT to connect to the AWS instance. When you configure an instance you are required to configure an Amazon EC2 key pair which will allow you to connect to your instances via SSH.  The problem is once you receive the key pair via download it will not work with SecureCRT so you need to convert it to a public key to work. I did a lot of searching and didn’t find much but the below worked for me.

Convert Amazon Web Services Key Pair for Use With SecureCRT:

**NOTE: You will either need to do the below on a Linux machine or have cygwin installed on your Windows computer.

  1. Create Amazon EC2 Key Pair: First via the AWS Management Console you need to create a key pair. Once logged into the AWS Console click on Key Pairs at the bottom of the left side navigation. Click the Create Key Pair button located at the top left of the center column. You will be required to provide a name for the Key Pair and then click the Create button. Once you do this the Amazon EC2 Key will automatically download. Make sure to save it to a location that you will remember.
  2. Modify Key File Permissions: If you do not have cygwin installed on Windows then transfer the Key file to a Linux computer to complete the below tasks. Issue the below command to modify the Amazon EC2 Key file. In our example below we will be using amazon-ec2-key.pem as the example file.
    chmod og-r amazon-ec2-key.pem
    
  3. Rewrite Key In OpenSSH Format: Now issue the below command to reqrite the Amazon EC2 Key .pem file into OpenSSH format. You can leave the passphrase empty as the Amazon EC2 Key Pair generator does. To do this just click enter when asked for the passphrase and again when asked to verify the passphrase.
    ssh-keygen -p -f amazon-ec2-key.pem
    
  4. Create Public Key: Now use ssh-keygen again to extract the public portion of the Amazon EC2 Key file as shown below. This will create a .pub file and when using this public key then SecureCRT will not only require the .pub file but also the private key file or .pem file.
    ssh-keygen -e -f amazon-ec2-key.pem >> amazon-ec2-key.pem.pub
    
  5. Point SecureCRT To Public Key: Now set SecureCRT to use the .pub file you have created. In SecureCRT click on Options in the top navigation menu and select Global Options from the drop down menu. Once the Global Options configuration menu opens click on SSH2 in the left navigation. At the top of this configuration window you will see Public Key so make sure that the “Use identity or certificate file” radio button is selected and then use the right button to navigate to the .pub file you created earlier.
  6. Use SecureCRT Public Key: When you attempt to connect to the instance it will probably try to use a username and password first so you will need to modify the session options. This can be done by click Options in the top navigation and selecting Session Options from the drop down. Highlight SSH2 in the left navigation and then in the Authentication window move PublicKey to the top using the arrows.
  7. Connect to AWS EC2 Using SecureCRT: Now try to connect again using the SecureCRT session you have created and you should connect directly to your Amazon Web Services instance without issue.

There may be other ways to do this but initially this caused me a lot of problems and when I figured out how to do this I was relieved to be able to use SecureCRT to connect to Amazon Web Services at EC2.


List Price: $49.99 USD
New From: $19.00 USD In Stock
Used from: $2.18 USD In Stock


List Price: $29.99 USD
New From: $7.95 USD In Stock
Used from: $2.99 USD In Stock

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , ,
13 Responses to “Convert Amazon Web Services Private RSA Key For Use With SecureCRT”
  1. Rob McMeekin says:

    Thanks for this, worked perfectly for me!

    [Reply]

    alex Reply:

    Hello Rob,

    No problem at all. Glad the article helped you out.. Thanks for taking the time to leave feedback.

    Thanks.
    alex

    [Reply]

  2. Andreas Geesen says:

    Hi Alex,

    it looks like your first command does nothing but change the passsword of the pem-file. But changing an empty password into an empty password is …. futile :) Nothing is rewritten except the linebreaks change.

    For those who have a long list of permissions to convert try this command:

    find . -name ‘*.pem’ -exec sh -c ‘ssh-keygen -e -f $1 >> $1.pub’ {} {} \;

    [Reply]

    alex Reply:

    Hello Andreas,

    Heh… Not sure what the point there was but sometimes isn’t it just fun to type commands for no reason? :) Thanks for pointing that out… Also thank you for the command that I am sure others will find useful!

    Thanks.
    alex

    [Reply]

  3. Torsten says:

    Thx for the info, but it did not work for me.
    I try everything but when I try to connect through SecureCRT I get following message:

    Could not load the public key file
    c:\x\name.

    The system cannot find the file specified.

    The .pub file is in that directory, I can choose it, but I get everytime the same error. Any hints for me?

    Btw: Putty works, but I could better work with SCRT.

    Regards
    Torsten

    [Reply]

    alex Reply:

    Hello Torsten,

    It sounds to me like there is an issue with the public key. Are you using the same exact one for putty? Also it could be that securecrt requires a more specific format than putty.

    Thanks.
    alex

    [Reply]

  4. Keith says:

    Hey Guys, thanks for the article. This finally helped me hook up my SecureCRT 5.5 to Amazon EC2. Previously I only used the username/password method. I was having the same problem as Alex, and I found this little nugget on the van-dyke forum – LINK:forums.vandyke.com/archive/index.php/t-2185.html –
    The private key can have an extension, but the associated .pub file must then also match.

    For example, say you named your private key as:
    “this.that.the.other.private.key”

    SecureCRT looks for the corresponding public key as:
    “this.that.the.other.private.key.pub” So you may have to make sure the name is the same for the private key, and the public key just has the “.pub” extension added.

    [Reply]

    alex Reply:

    Hello Keith,

    No problem. Thanks for taking the time to expand… exactly what we hope when we post articles… that people will take the initial information posted and share/expand on the concept.

    Thanks!
    alex

    [Reply]

  5. aucarter says:

    Just wanted to say “Thank You” to the OP and additional posters.
    I am now able to use my SecureCRT client to connect to my Amazon builds.

    [Reply]

    alex Reply:

    Hello aucarter,

    No problem. Thanks for taking the time to leave feedback!

    Thanks.
    alex

    [Reply]

  6. TunTun says:

    this is useful weblink for me.thanks u very for that.i holp later also this is needful website for us.Thanks u very much

    [Reply]

    alex Reply:

    Hello TunTun,

    No problem. Thanks for posting feedback.

    Thanks.
    alex

    [Reply]

  7.  
Leave a Reply

*Type the letter/number combination in the abvoe field before clicking submit.

*