vpack/KeyPair.md

## KeyPair.md

      
    Raw
  

              KeyPair.md
            
          
    This is simple. But i couldn't understand why the fingerprints don't match in AWS. So i started to dig deeper.

Option 1: Generate a key and upload the key to multiple AWS regions. (Clean and Simple)
Option 2: Create new Key at AWS and uplaod the key to other AWS regions.

When creating private key using Amazon (CLI or console) the fingerprint that appears AWS console will be the fingerprint on the private key. However when you import that same key to other regions, the fingerprint that appears AWS console will be the fingerprint on the public key. (This is the current behavior at the time of this writing.)
To keep the fingerprints consistent, delete the AWS Keypair in the region you created the key and (re)import the public key.

  
## KeyPair1.sh
PROFILE="--profile lab --region us-east-1 "
KPAIR=MYNAMEORID
rm -fv $KPAIR.pem $KPAIR.pem.pub

# Generate a new RSA Key Pair
ssh-keygen -C $KPAIR -N "" -t rsa -f $KPAIR.pem

#Import Public Key
#aws $PROFILE  ec2 delete-key-pair --key-name $KPAIR
aws $PROFILE  ec2 import-key-pair --key-name $KPAIR --public-key-material file://$KPAIR.pem.pub
aws $PROFILE  ec2 describe-key-pairs --key-name $KPAIR

## KeyPair2.sh
PROFILE="--profile lab --region us-east-1 "
KPAIR=MYNAMEORID
rm -fv $KPAIR.pem $KPAIR.pem.pub

# Step 1: Create AWS private Key
aws $PROFILE  ec2 create-key-pair --key-name $KPAIR  | grep "KeyMaterial" | cut -d: -f2 |cut -d',' -f1 | xargs echo  -e > $KPAIR.pem
aws $PROFILE  ec2 describe-key-pairs --key-name $KPAIR
aws $PROFILE  ec2 delete-key-pair --key-name $KPAIR

# Step 2: Create public key from private Key
chmod 400 $KPAIR.pem
ssh-keygen -y -f $KPAIR.pem > $KPAIR.pem.pub

# Step 3: Import Public Key to other AWS regions / AWS accounts
PROFILE="--profile lab --region us-west-1 "
#aws $PROFILE  ec2 delete-key-pair --key-name $KPAIR
aws $PROFILE  ec2 import-key-pair --key-name $KPAIR --public-key-material file://$KPAIR.pem.pub
aws $PROFILE  ec2 describe-key-pairs --key-name $KPAIR

## zKeyFingerPrint.sh
# Fingerprint on Private Key - Amazon Create Key Pair
openssl pkcs8 -in $KPAIR.pem -inform PEM -outform DER -topk8 -nocrypt | openssl sha1 -c

# Fingerprint on Public Key - Amazon import Key Pair
openssl rsa -in $KPAIR.pem -pubout -outform DER | openssl md5 -c
	PROFILE="--profile lab --region us-east-1 "
	KPAIR=MYNAMEORID
	rm -fv $KPAIR.pem $KPAIR.pem.pub

	# Generate a new RSA Key Pair
	ssh-keygen -C $KPAIR -N "" -t rsa -f $KPAIR.pem

	#Import Public Key
	#aws $PROFILE ec2 delete-key-pair --key-name $KPAIR
	aws $PROFILE ec2 import-key-pair --key-name $KPAIR --public-key-material file://$KPAIR.pem.pub
	aws $PROFILE ec2 describe-key-pairs --key-name $KPAIR
	# Fingerprint on Private Key - Amazon Create Key Pair
	openssl pkcs8 -in $KPAIR.pem -inform PEM -outform DER -topk8 -nocrypt \| openssl sha1 -c

	# Fingerprint on Public Key - Amazon import Key Pair
	openssl rsa -in $KPAIR.pem -pubout -outform DER \| openssl md5 -c