Situation/Task: When creating a virtual machine on AWS EC2, you can create and download a new SSH key for this instance.  These keys do not come with passphrase protection.  This means if someone “finds” your key they can use it without restriction.


Action: Good news, we can add a layer of protection by adding a passphrase password on your .pem key file:

  • You can overwrite the existent file but I recommend to do the “output” into a new file
  • test the new file
  • and if you are happy, then delete the original keyfile that is not password protected.

Result: The new file is now protected with a password

sample command:

openssl rsa -in MyEC2_key.pem -out MyEC2_key_protected.pem -aes256

ssh -i MyEC2_key_protected.pem user@server
Enter passphrase for key 'MyEC2_key_protected.pem': ******


Source that helped building this article:


All the best!