danjoneslf
commented
3 years ago The problem we had switching keypairs was caused by the ssh-keygen change from RSA to OPENSSH format which TF rsadecrypt doesn't understand. You can create a keypair that works like this:
openssl genrsa -out ~/.ssh/test-5 2048
chmod 400 ~/.ssh/test-5
ssh-keygen -y -f ~/.ssh/test-5 > ~/.ssh/test-5.pub
If this is transitory hardware that we apply and destroy in a pipeline we can probably create and destroy the keypair in the pipeline/terraform as well. We could local-exec an ssh-keygen and then read them with file() and put them in SSM for safe keeping.