How do use PuTTY or Filezilla to connect to my Lightsail instance if I lost the SSH key pair?

3 minute read

I lost the SSH key pair (private key) that I configured for my Amazon Lightsail instance. I want to use PuTTY or Filezilla to regain access to the instance.


If you created the Lightsail instance with the default SSH key pair, then download the SSH private key from the Lightsail console.

If you created the Lightsail instance with a custom SSH key pair, then configure a new key pair. Either use the Lightsail browser-based SSH console. Or, create a new Lightsail instance from a snapshot.  

Use the Lightsail browser-based SSH console to configure a new key pair

Create a new SSH key pair from the Amazon Lightsail console and retrieve the public key

To create the new SSH key pair, complete the following steps: 

  1. Open the Amazon Lightsail console.
  2. On the navigation pane, choose Account, and then from the dropdown menu, choose Account.
  3. Choose SSH keys, and then choose Create new.

To retrieve the public key from the private key, use one of the following methods.

Local Linux or macOS computer

Open the terminal, and then run the ssh-keygen command:

$ ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem

The command returns the public key, such as in the following example:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V

Local Windows computer

Complete the following steps:

  1. Open the puttygen program.
  2. Choose File, and then Load private key
  3. Change the File name type from PuTTy Private Key Files (*.ppk) to All Files (*.*) to view the .pem file.
  4. Select the key pair file (.pem) that you downloaded, and then choose Open.
  5. Select the entire public key, and then right-click and choose Copy.
  6. Open any text editor, and enter the contents.

Connect to the instance through the browser-based SSH console and add the public key to the SSH configuration file

Complete the following steps:

  1. Open the Amazon Lightsail console.

  2. Select the name of the instance, and then choose Connect.

  3. Choose Connect using SSH. For more information, see Connect to your Lightsail Linux or Unix instances.

  4. Open the ~/.ssh/authorized_keys file in a text editor.
    To view the current public key of the key pair that the instance accepted, run the following command:

    $ cat ~/.ssh/authorized_keys
  5. Copy and paste the public key into the authorized_keys file.

  6. Save the authorized_keys file.

Use PuTTY or Filezilla with the new SSH private key to connect to your Lightsail instance.

Note: Before you connect to your instance, you must convert a .pem file (private key) into a .ppk file.

Create a new Lightsail instance from a snapshot and configure the new key pair

Complete the following steps:

  1. Open the Amazon Lightsail console.
  2. Create a snapshot of your Lightsail instance.
  3. Create a new instance from the snapshot.
  4. On the Create an instance from a snapshot page, choose an SSH key pair. You can either create a new one or choose an existing key pair. 
  5. Choose Create instance.

Note: If the previous instance had a static IP address, then you can use it on the new instance. On the Networking page of the Lightsail console, detach the static IP address, and then attach it to the new instance. For more information, see Static IP addresses in Amazon Lightsail.

AWS OFFICIALUpdated 2 months ago