Uploading Personal ssh Keys to Amazon EC2

Amazon recently launched the ability to upload your own ssh public key to EC2 so that it can be passed to new instances when they are launched. Prior to this you always had to use an ssh keypair that was generated by Amazon.

The benefits of using your own ssh key include:

  • Amazon never sees the private part of the ssh key (though they promise they do not save a copy after you downloaded it and we all trust them with this)

  • The private part of the ssh key is never transmitted over the network (though it always goes over an encrypted connection and we mostly trust this)

  • You can now upload the same public ssh key to all EC2 regions, so you no longer have to keep track of a separate ssh key for each region.

  • You can use your default personal ssh key with brand new EC2 instances, so you no longer have to remember to specify options like -i EC2KEYPAIR in every ssh, scp, rsync command.

If you haven’t yet created an ssh key for your local system, it can be done with the command:


You can accept the default file locations, and I recommend using a secure passphrase to keep the key safe.

Here are some sample commands that will upload to all existing regions your personal ssh public key from the default file location on Ubuntu, giving it an EC2 keypair name of your current username. Adjust to suit your preferences:

keypair=$USER  # or some name that is meaningful to youpublickeyfile=$HOME/.ssh/id_rsa.pubregions=$(ec2-describe-regions | cut -f2)for region in $regions; do  echo $region  ec2-import-keypair --region $region --public-key-file $publickeyfile $keypairdone

When you start new instances, you can now specify this new keypair name and EC2 will provide the previously uploaded public ssh key to the instance, allowing you to ssh in. For example:

ec2-run-instances --key $USER ami-508c7839[...]ec2-describe-instances i-88eb15e5[...]ssh

Don’t forget to terminate the instance if you started one to test this.


Based on a Twitter question, I tested uploading a DSA public ssh key (instead of RSA) and got this error from Amazon:

Client.InvalidKeyPair.Format: Invalid DER encoded key material

I don’t see why DSA would not work since it’s just a blurb of text being stored by EC2 and passed to the instance to add to $HOME/.ssh/authorized_keys but there you have it.



The lives of great men …

The lives of great men remind us
we can make ours sublime
and that, when we will go away, we will leave
our footprints on the sands of time.

Footprints that perhaps another,
navigating his life,
a brother lost and shipwrecked
viewing it will follow it and take heart.

Come then: courage and action,
with an open heart to all;
always searching, always on the go
learning to stand and wait.

Henry Wadsworth Longfellow


Facebook’s Gmail Killer, Project Titan, Is Coming On Monday

Back in February we wrote about Facebook’s secret Project Titan — a web-based email client that we hear is unofficially referred to internally as its “Gmail killer”. Now we’ve heard from sources that this is indeed what’s coming on Monday during Facebook’s special event, alongside personal email addresses for users.

This isn’t a big surprise — the event invites Facebook sent out hinted strongly that the news would have something to do with its Inbox, sparking plenty of speculation that the event could be related to Titan. Our understanding is that this is more than just a UI refresh for Facebook’s existing messaging service with POP access tacked on. Rather, Facebook is building a full-fledged webmail client, and while it may only be in early stages come its launch Monday, there’s a huge amount of potential here.

Facebook has the world’s most popular photos product, the most popular events product, and soon will have a very popular local deals product as well.  It can tweak the design of its webmail client to display content from each of these in a seamless fashion (and don’t forget messages from games, or payments via Facebook Credits). And there’s also the social element: Facebook knows who your friends are and how closely you’re connected to them; it can probably do a pretty good job figuring out which personal emails you want to read most and prioritize them accordingly.

Oh, and assuming our sources prove accurate, this explains the timing of the Google/Facebook slap fight over contact information.

We’ll keep digging for more details and will have full coverage on Monday.

Image by Spencereholtaway

Facebook image


Location: Palo Alto, California, United States
Founded: February 1, 2004
Funding: $836M

Facebook is the world’s largest social network, with over 500 million users.

Facebook was founded by… Learn More

Information provided by CrunchBase

Google/Facebook slap fight … : )


Homegrown Revolution Trailer: Premiers Wild & Scenic Film Festival Jan 9-11


Inception Infographic :)