Situation/Task: When creating a virtual machine on AWS EC2, you can create and download a new SSH key for this instance. These keys do not come with passphrase protection. This means if someone “finds” your key they can use it without restriction.
Action: Good news, we can add a layer of protection by adding a passphrase password on your .pem key file:
- You can overwrite the existent file but I recommend to do the “output” into a new file
- test the new file
- and if you are happy, then delete the original keyfile that is not password protected.
Result: The new file is now protected with a password
openssl rsa -in MyEC2_key.pem -out MyEC2_key_protected.pem -aes256 ssh -i MyEC2_key_protected.pem user@server Enter passphrase for key 'MyEC2_key_protected.pem': ******
Source that helped building this article: http://ngs.ac.uk/ukca/certificates/advanced
All the best!