EC2: multiple ssh keys for an instance?

Solution 1:

You could also use standard ssh mechanisms. The best approach would be if user run on their machine ssh-keygen to generate his/her key pair. Then they send you ~/.ssh/id_rsa.pub (or id_dsa.pub, depending on chosen algorithm) and you add its content to the .ssh/authorized_keys on the destination host in the home directory of the user account they should be able to access. There can be more than one key in the file. One per line. And that is all! The same public key (id_rsa.pub) can be used on any number of hosts - it will always identify the user.

You can also do it other way round - you run the ssh-keygen and post ~/.ssh/id_rsa (or id_dsa) to the user. And the user saves the file to ~/.ssh/id_rsa. Just need to remember to change permissions to 600 (-rw-------) of that file, otherwise ssh won't accept it. This is obviously less secure, since the private key is being distributed over email probably.

It can also be done in PuTTY with PuTTYgen.

Solution 2:

Absolutely; you just place all the relevant public keys into the image and you should be right to go. I prefer to use a configuration management system to manage SSH keys; that way it's fairly trivial to revoke a user's access even on running systems. There are also far more... let's say "imaginative"... ways of handling this, such as storing all your SSH keys in LDAP, that centralise SSH keys like any other credential.