While creating an ec2 instance, we provide a key pair name.
But generally, I associate multiple ssh public/private keys with any remote server. I know that it's not possible to attach a key pair once the ec2 server has been created. So I would like to know whether it's possible or not to use multiple key pairs while creating an instance.
Unfortunately, it's also not possible to import a key having two entries. Only the first entry is imported into the new key pair.
What you can do is:
Don't use the EC2 key pairs but instead use the user_data
field to insert multiple SSH public keys in the /home/<user>/.ssh/authorized_keys
file, where is the standard user for your AMI (ubuntu, ec2_user etc.).
You can add user_data
to every launching EC2 instance. Consider the following example:
#!/bin/bash
echo "ssh-rsa AAAA…" > /home/ubuntu/.ssh/authorized_keys
echo "ssh-rsa AAAA…" >> /home/ubuntu/.ssh/authorized_keys
chown ubuntu: /home/ubuntu/.ssh/authorized_keys
chmod 0600 /home/ubuntu/.ssh/authorized_keys
User data scripts run as root
so you don't need to specify sudo
.
That way, you could create personalized SSH access keys via tools like Terraform before managing the instances with Ansible or similar.
Note that you don't know what keys are being used by a simple look, though. You'd need access to the machine to check it.