Managing Key Pairs for AWS Regions

Key pairs are required to connect to certain Amazon EC2 Linux instances. This topic explains how to manage key pairs for an AWS region.

Note: Commander also allows you to manage key pairs through the use of key pair credentials. A key pair credential allows you to associate key pairs with users, groups and organizations. These are two distinct ways of managing key pairs. If you want to associate key pairs with users, you need to manage key pairs through credentials, rather than from an AWS region. See Adding key pair credentials.

To learn how to enable SSH connections to EC2 instances using key pairs, see Enabling Key Pair SSH Connections to Amazon EC2 VMs.

In this topic:

Storing private keys for existing key pairs in AWS regions

When you add an AWS account as a Commander cloud account, Commander has access to the public keys in each region, but not the private keys. You can supply the private key for each key pair in each of your AWS regions. Commander encrypts and stores the private keys.

Note: The private key can be downloaded in the AWS console only when the key pair is first created, and it can't be retrieved again. If you did not store the private key at creation time, you need to create a new key pair.

Access through:

Views > Inventory > Infrastructure, Applications, or Storage views

Available to:

Commander Roles of Superuser and Enterprise Admin

Administrator and All Operator Levels of Access Rights for the Cloud Account

To store a private key for an existing AWS key pair:

  1. From the Inventory tree, select an AWS cloud account.
  2. Select the applicable region, then select Actions > Manage Key Pairs.
  3. In the Manage Key Pairs dialog, select a key pair in the list and click View/Edit Private Key.
  4. Paste the contents of the private key and click OK.

    Commander encrypts and stores the private key.

Creating new key pairs in AWS regions

You can use Commander to create new key pairs in an AWS region. AWS generates the key pair and returns the private key for storage in Commander. Once the private key is stored, the key pair can be assigned to EC2 instances deployed by Commander.

Access through:

Views > Inventory > Infrastructure, Applications, or Storage views

Available to:

Commander Roles of Superuser and Enterprise Admin

Administrator and All Operator Levels of Access Rights for the Cloud Account

To create a new key pair in an AWS region:

  1. From the Inventory tree, select an AWS cloud account.
  2. Select the applicable region, then select Actions > Manage Key Pairs.
  3. In the Manage Key Pairs dialog, click Create New.
  4. Enter a name for the new key pair and click OK.

The new key pair appears in the list. The value for the new key in the Private Key column is "Stored".

Adding existing key pairs to AWS regions

If you generate key pairs with a third-party key generator (such as ssh-keygen, a tool provided with the standard OpenSSH installation), you can add the public and private keys to Commander. Commander sends the public key portion to AWS, and then encrypts and stores the private key. Once the private key is stored, the key pair can be assigned to EC2 instances deployed by Commander.

The private key portion must be in one of the following formats:

  • Open SSH public key format
  • Base64 encoded DER format
  • SSH public key file format (as specified in RFC4716)

Access through:

Views > Inventory > Infrastructure, Applications, or Storage views

Available to:

Commander Roles of Superuser and Enterprise Admin

Administrator and All Operator Levels of Access Rights for the Cloud Account

To add an existing key pair to a region:

  1. From the Inventory tree, select an AWS cloud account.
  2. Select the applicable region, then select Actions > Manage Key Pairs.
  3. In the Manage Key Pairs dialog, click Add Existing.
  4. Enter a name for the new key pair.

    Typically, key pairs are user-specific, so it's a good idea to include a user name in the key pair name.

  5. Paste the copied public key and the copied private key and click OK.

After a moment, the new key pair appears in the list. The value for the new key in the Private Key column is "Stored".

Deleting key pairs from AWS regions

You can delete key pairs that are no longer needed.

Caution: Key pairs deleted from Commander are also deleted from the AWS region.

Access through:

Views > Inventory > Infrastructure, Applications, or Storage views

Available to:

Commander Roles of Superuser and Enterprise Admin

Administrator and All Operator Levels of Access Rights for the Cloud Account

To delete a key pair:

  1. From the Inventory tree, select an AWS cloud account.
  2. Select the applicable region.
  3. Select Actions > Manage Key Pairs.
  4. In the Manage Key Pairs dialog, select one or more listed key pairs and click Delete.

    If applicable, the confirmation dialog lists any VMs, deployment destinations and service requests where the selected key pairs are in use. If you delete a key pair that has been assigned to a VM, users won't be able to connect to that VM using that key pair. If you delete the only key pair that would be valid for a particular service request, new VMs won't be assigned a key pair during automated deployment.

  5. Click Yes to confirm the deletion from AWS.
  6. Click Close to close the Manage Key Pairs dialog.