Get a key pair for a Lightsail for Research virtual computer
A key pair, consisting of a public key and a private key, is a set of security credentials that you use to prove your identity when connecting to an Amazon Lightsail for Research virtual computer. The public key is stored on each virtual computer in Lightsail for Research, and you keep the private key on your local computer. The private key allows you to securely establish a Secure Shell Protocol (SSH) with your virtual computer. Anyone who possesses the private key can connect to your virtual computer, so it's important that you store your private key in a secure place.
An Amazon Lightsail default key pair (DKP) is automatically created the first time that you create a Lightsail instance or a Lightsail for Research virtual computer. The DKP is specific to each AWS Region in which you create an instance or virtual computer. For example, the Lightsail DKP for the US East (Ohio) Region (us-east-2) applies to all computers that you create in US East (Ohio) in Lightsail and Lightsail for Research that were configured to use the DKP when they were created. Lightsail for Research automatically stores the public key of the DKP on the virtual computers you create. You can download the private key of the DKP at any time by making an API call to the Lightsail service.
In this document, we show you how to get the DKP for a virtual computer. After you have the DKP, you can establish a connection using numerous SSH clients, such as OpenSSH, PuTTY, and Windows Subsystem for Linux. You can also use Secure Copy (SCP) to securely transfer files from your local computer to your virtual computer.
Note
You can also establish a remote display protocol connection to your virtual computer using the browser-based Amazon DCV client. Amazon DCV is available in the Lightsail for Research console. That RDP client does not require that you obtain a key pair for your computer. For more information, see Access a Lightsail for Research virtual computer application and Access your Lightsail for Research virtual computer's operating system.
Complete the prerequisites
Complete the following prerequisites before you get started.
-
Create a virtual computer in Lightsail for Research. For more information, see Create a Lightsail for Research virtual computer.
-
Download and install the AWS Command Line Interface (AWS CLI). For more information, see Installing or updating the latest version of the AWS CLI in the AWS Command Line Interface User Guide for Version 2.
-
Configure the AWS CLI to access your AWS account. For more information, see Configuration basics in the AWS Command Line Interface User Guide for Version 2.
-
Download and install jq. It's a lightweight and flexible command line JSON processor used in the following procedures to extract key pair details from JSON outputs of the AWS CLI. For more information about downloading and installing jq, see Download jq
on the jq website.
Get a key pair for a virtual computer
Complete one of the following procedures to get the Lightsail DKP for a virtual computer in Lightsail for Research.
This procedure applies to you if your local computer uses a Windows
operating system. This procedure uses the
download-default-key-pair
AWS CLI command to obtain the
Lightsail DKP for an AWS Region. For more information, see download-default-key-pair in the AWS CLI Command
Reference.
-
Open a Command Prompt window.
-
Enter the following command to get the Lightsail DKP for a specific AWS Region. This command saves the information to a
dkp-details.json
file. In the command, replace
with the code of the AWS Region in which the virtual computer was created, such asregion-code
us-east-2
.aws lightsail download-default-key-pair --region
region-code
> dkp-details.jsonExample
aws lightsail download-default-key-pair --region
us-east-2
> dkp-details.jsonThere is no response to the command. You can confirm if the command was successful by opening the
dkp-details.json
file and seeing if the Lightsail DKP information was saved. The contents of thedkp-details.json
file should look like the following example. The command failed if the file is blank. -
Enter the following command to extract the private key information from the
dkp-details.json
file and add it to a newdkp_rsa
private key file.type dkp-details.json | jq -r ".privateKeyBase64" > dkp_rsa
There is no response to the command. You can confirm if the command was successful by opening the
dkp_rsa
files and seeing if it contains information. The contents of thedkp_rsa
file should look like the following example. The command failed if the file is blank.You now have the required private key to establish an SSH or SCP connection to your virtual computer. Continue to the next section for additional next steps.
This procedure applies to you if your local computer uses a Linux, Unix,
or a macOS operating system. This procedure uses the
download-default-key-pair
AWS CLI command to obtain the
Lightsail DKP for an AWS Region. For more information, see download-default-key-pair in the AWS CLI Command
Reference.
-
Open a Terminal window.
-
Enter the following command to get the Lightsail DKP for a specific AWS Region. This command saves the information to a
dkp-details.json
file. In the command, replace
with the code of the AWS Region in which the virtual computer was created, such asregion-code
us-east-2
.aws lightsail download-default-key-pair --region
region-code
> dkp-details.jsonExample
aws lightsail download-default-key-pair --region
us-east-2
> dkp-details.jsonThere is no response to the command. You can confirm if the command was successful by opening the
dkp-details.json
file and seeing if the Lightsail DKP information was saved. The contents of thedkp-details.json
file should look like the following example. The command failed if the file is blank. -
Enter the following command to extract the private key information from the
dkp-details.json
file and add it to a newdkp_rsa
private key file.cat dkp-details.json | jq -r '.privateKeyBase64' > dkp_rsa
There is no response to the command. You can confirm if the command was successful by opening the
dkp_rsa
files and seeing if it contains information. The contents of thedkp_rsa
file should look like the following example. The command failed if the file is blank. -
Enter the following command to set permissions for the
dkp_rsa
file.chmod 600 dkp_rsa
You now have the required private key to establish an SSH or SCP connection to your virtual computer. Continue to the next section for additional next steps.
Continue to the next steps
You can complete the following additional next steps after you've successfully obtained the key pairs for your virtual computer:
-
Connect to your virtual computer using SSH to manage it using command line. For more information, see Connect to a Lightsail for Research virtual computer using Secure Shell.
-
Connect to your virtual computer using SCP to securely transfer files. For more information, see Transfer files to Lightsail for Research virtual computers using Secure Copy.