Change AWS Pem file

Sometimes there is a need to change the .pem(login ssh key to the server) file received by the AWS, for security reasons.

The pem file received from the AWS cannot be re-downloaded again. In this scenario, there are two possible solutions either to restrict the IP from which the servers will be accessed or set up a new instance and reconfigure it by generating a new PEM file from AWS.

What if you have the PEM file and just wants to change it.

Here’s a procedure to change the PEM file.

1. Generate a PEM file on your system using ssh-keygen -f newPemFile.pem

Here demo.pem contains your ssh key generated by the ssh-keygen command

2. Copy the generated PEM file to the server using old PEM file

scp -i ~/oldPemFile.pem newPemFile.pem ubuntu@<ip address >:~/.

Now the generated pem file is copied to the server home directory

3. Add the copied newPemFile.pem file to the authorized keys of the server, One catch here is we have to remove the oldPemFile.pem details from the authorised keys of the server so that the server couldn’t be accessed using old pem file, this is what we want.

Use ssh-keygen -f newPemFile.pem -y > ~/.ssh/authorized_keys

Now you can use the new PEM file to login to the server on AWS.

Caution — Do test the new pem file on the server using a different session of the shell, in case the new pem file didn’t work, you could still use the ssh session logged in from the old pem file to make any changes.