What is a .pem file?
A .pem file is a private key given by AWS when you create an EC2 instance. You use it to authenticate without a password. The flow is:
- You have a private key (
.pem) — keep this secret, never share it - The server stores your public key — extracted from the
.pem - SSH matches both to let you in
Mac & Linux
1. Move and secure the key
mv ~/Downloads/<your-key.pem> ~/.ssh/
# Required — SSH rejects keys that are too open
chmod 400 ~/.ssh/<your-key.pem>2. Extract the public key
ssh-keygen -y -f ~/.ssh/<your-key.pem>Copy the entire output line starting with ssh-rsa AAAA...
3. Add the public key to the server
Connect to the server first, then:
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2E..." >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys4. Connect
ssh -i ~/.ssh/<your-key.pem> ec2-user@<your-server-ip>Windows
1. Move the .pem to the right place
# Create .ssh folder if it doesn't exist
mkdir C:\Users\<username>\.ssh
# Copy your .pem file into it
copy C:\Users\<username>\Downloads\<your-key.pem> C:\Users\<username>\.ssh\2. Extract the public key
ssh-keygen -y -f C:\Users\<username>\.ssh\<your-key.pem>Copy the entire output line starting with ssh-rsa AAAA...
3. Add the public key to the server
Connect to the server first, then:
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2E..." >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys4. Connect
ssh -i C:\Users\<username>\.ssh\<your-key.pem> ec2-user@<your-server-ip>Common Errors
WARNING: UNPROTECTED PRIVATE KEY FILE! — Fix with chmod 400 <your-key.pem>
Permission denied (publickey) — The public key is not in authorized_keys, or wrong username — try ubuntu instead of ec2-user for Ubuntu servers
ssh-keygen: key is not passphrase protected — That's fine, just use the .pem directly with -i