single keypair for all regions
The AWS generated key can be transferred to another region:
- Log into the instance that was created with the key that you want to transfer.
- Install ec2-api-tools if not already present (sudo apt-get install ec2-api-tools)
Use this command
ec2-import-keypair keypair-name --public-key-file ~/.ssh/authorized_keys --region aws-region
With above steps, I transferred the AWS created key from Singapore region to Oregon region and same key worked perfectly fine for me.
Please visit this link as well:
https://forums.aws.amazon.com/thread.jspa?threadID=52654
This has meanwhile been enabled by means of importing your own keypair(s), see the introductory post New Amazon EC2 Feature: Bring Your Own Keypair:
You can now import your own RSA keypair (or the public half, to be precise) for use with your Amazon EC2 instances.
Why would you want to do this? Here are a couple of reasons:
- Trust - By importing your own keypair you can ensure that you have complete control over your keys.
- Security -You can be confident that your private key has never been transmitted over the wire.
- Management of Multiple Regions - You can use the same public key across multiple AWS Regions. [emphasis mine]
This approach is quite beneficial/convenient indeed - I'm using it for a while already, and it has considerably simplified EC2 usage across multiple regions and accounts.
Eric Hammond provides more details and a short tutorial in his article Uploading Personal ssh Keys to Amazon EC2:
Amazon recently launched the ability to upload your own ssh public key to EC2 so that it can be passed to new instances when they are launched. Prior to this you always had to use an ssh keypair that was generated by Amazon.
Accordingly, I recommend to follow his article regarding the (few and simple) steps required to achieve this.
If you want to create a ssh key pair in the AWS Console and upload this key pair to all other regions.
Create a new ssh key pair in the console or use the one that you already own.
Generate a ssh public key from the ssh private key (pem > pub)
$ ssh-keygen -y -f ~/.ssh/MySSHKeyPair.pem >> ~/.ssh/MySSHKeyPair.pub
Upload the ssh public key to all regions. (remove from the list the region that already have the ssh key)
$ for region in us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 eu-central-1 eu-west-1 eu-west-2 ; do aws ec2 import-key-pair --key-name MySSHKeyPair --public-key-material file://~/.ssh/MySSHKeyPair.pub --region $region ; done
Get the list of all ssh key pairs in all regions.
$ for region in us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 eu-central-1 eu-west-1 eu-west-2 ; do aws ec2 describe-key-pairs --region $region ; done
If you can import your own RSA public key, then you can share an Amazon generated key across regions:
- Using the key you want to share, log in to an instance in the region where it was generated.
- Open ~/.ssh/authorized_keys
- Find the line with the key you want to share (the end of the line should show the keypair name you specified when you generated it)
- Copy all of the line up to the first character of the keypair name. Should be 382 characters.
- Save the copied data to a file locally (e.g. to the machine you launched the SSH session FROM).
- Log on to the EC2 console and switch to the region that you want to share the key with.
- Select the "Key Pairs" management
- Click "Import Key Pair" and point it at the file created at step 5. You probably want to give the keypair the same name as you gave it in the region you're importing it form.
- Launch instances using this keypair. You should be able to log into instances in the new region using the same private key as in the region where you generated it.