How can I connect to my Lightsail instance using PuTTY or Filezilla if I lost the SSH keypair?

3 minute read

I lost the SSH key pair (private key) that I configured for my Amazon Lightsail instance. How can I regain access to the instance using PuTTY or Filezilla?


If you created the Lightsail instance using the default SSH key pair, then download the SSH private key. To do this, navigate to the Account > Account > SSH keys section in the Amazon Lightsail console. Refer to the following Resolution steps to gain the SSH access if the instance uses a custom SSH key pair (not the default).

Method 1: Use the Lightsail browser-based SSH console to configure a new key pair.

Generate a new SSH Key Pair from the Amazon Lightsail console and obtain the public key:

1.    Open the Amazon Lightsail console.

2.    Navigate to Account, Account, SSH keys and then select Create new to create a new SSH key.

3.    Retrieve the public key from the private key:

On your local Linux or macOS computer, open the terminal, and then run the ssh-keygen command to retrieve the public key for your key pair:

$ ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem

The command returns the public key, as shown in the following example:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V

On your Local Windows computer:

Open the puttygen program.
Select File, Load private key. Then, change the File name type from PuTTy Private Key Files (*.ppk) to All Files (*.*) to see the .pem file.
Select the key pair file (.pem) downloaded in step 2, and then select Open.
Select the entire public key, and then right-click and select Copy.
Open any text editor and paste the contents you just copied.

Connect to the instance via the browser-based SSH console and add the public key to the SSH configuration file

1.    Open the Amazon Lightsail console.

2.    Select the name of the instance, and then select the Connect tab.

3.    Select Connect using SSH.

4.    After the SSH console is connected, open the ~/.ssh/authorized_keys file in a text editor.

Note: To view the current public key of the keypair accepted by the instance, run the following command:

$ cat ~/.ssh/authorized_keys

5.    Copy and paste the public key you previously retrieved into the authorized_keys file.

6.    Save the authorized_keys file.

Now you can connect to your Lightsail instance with PuTTY or Filezilla using the new SSH private key you generated earlier.

Note: You must convert a .pem file (private key) into a .ppk file before you connect to your instance using the Putty or Filezilla tool.

Method 2: Create a new Lightsail instance from a snapshot and configure the new key pair.

1.    Open the Amazon Lightsail console.

2.    Create a snapshot of your Lightsail instance.

3.    After the snapshot is created, create a new instance from the snapshot.

4.    On the Create an instance from a snapshot page, choose an SSH key pair either by creating a new one or choosing an existing key pair that you can access. Then, choose Create instance.

Note: If the previous instance had a static IP address, you can use it on the new instance. Detach the static IP address and then attach it to the new instance from the Networking tab. For more information, see Static IP addresses in Amazon Lightsail.

AWS OFFICIALUpdated 2 years ago