Easy way to change keys on EC2 instances! (part 2)

In part 2, let’s continue our detailed guide to replace the key non-disruptively with GUI!

Please be careful in this part as any mistake would rather your instance inaccessible. For my test, I temporally enabled password authentication just in case I broke the key access. Just follow the steps carefully and you will be fine.


3. Replacing keys on the EC2 instance

I’ll use another useful GUI tools for the file transfer here. Install and open WinSCP:


You need to first connect using your existing private key, provide the location of the old private key in the “Advanced…” menu, under SSH, Authentication:


Click OK when finish, and then save and click login:


It will proceed to connect and ask for the passphrase of the old key (if you have one)


no need to cache the old key as you’ll be replacing one very soon. Click No to continue without adding the key to the cache.


The left panel is your local files and right panel is the files on the EC2 instance. Click on the directory bar on the right and access the hidden folder “.ssh”. Here’s the full path: /home/ec2-user/.ssh/


I always rename the old “authorized_keys” instead of deleting it just in case you need to use the old key pair again. Just click on the file name, right click and select “rename” or hit the F2 key to rename the key file.

Next just drag and drop to copy the new “authorized_keys” to the EC2 instance.


Next you will need to set permission to the key file. if the permission is incorrect, then you won’t be able to use the new key to access the instance. Right click on the new key and select “Properties”


Now make sure only Owner have read and write permission. The Octal should read 0600 if done correctly. Click “OK” to save the permission. You might want to open properties again to verify it has been changed. Again other permission setup might deny you access to the instance with the new key!

Yes! That’s it for the configuration on the instance. You are now ready to connect!

4. Connect with the new key


Open the PuTTY program, enter your host or IP address. You’ll need to have your username in front of the host/IP too (e.g. ec2-user@ec2-instance)


Select Auth under SSH in the Connection category on the left. Enter or Browse for your new private key we prepared back in section 2 from my last post.


You could cache the new key this time, click “Yes”


Enter your passphrase and you have now access your instance with the new key!

You may also like...