Issue
I have three ec2 instances (ec2-01, ec2-02 and ec2-03) with ubuntu installed. I have pem-key-1 associated with ec2-01 and ec2-02 and pem-key-2 associated with ec2-03.
I have setup passwordless ssh between ec2-01 and ec2-02 using below commands and it's working.
ssh-keygen (generates key)
ssh-copy-id user@ec2-02 (copies ssh key to remote ec2)
ssh user@ec2-02 (login to remote ec2)
Next, I want to setup passwordless ssh from ec2-01/ec2-02 to ec2-03. I think I have to use ssh-keygen with pem_key_2 but don't know the correct way to do this. FYI, I am able to login to ec2-03 using below command from ec2-01:
ssh -i pem-key-2 user@ec2-03
Solution
ssh-copy-id copies the public side of the keypair that ssh-keygen generates and drops it on ec2-02 so that the private side of the keypair (pem-key-2 based on your ssh command) is sufficient to authorize your connection ( this is done by adding the public key to ~/.ssh/authorized_keys on the remote end, but ssh-copy-id took care of that detail for you).
to be able to login to ec2-03 from ec2-02 you'd have to either copy the private key from ec2-01 to ec2-03 or else just repeat the steps to generate a key pair on ec2-02 and distribute to ec2-03 the same way you did between ec2-01 and ec2-02. All else being equal I'd recommend the later option; ideally, private keys of any kind are not transmitted over the network if it can be avoided, even a secure connection, and it's a best practice the industry still struggles with today.
Answered By - Daniel Farrell Answer Checked By - Clifford M. (WPSolving Volunteer)
