How To Replace SSH Keys for Amazon Lightsail Server Instance

This tutorial walks through replacing the SSH Key pair for an existing AWS Lightsail server instance. This can be helpful when you have shared your private key with others and no longer want them to have access to your server instance. We will look at how to setup Custom key pairs in Lightsail dashboard, and also generate Private and Public Keys for your existing server instance.


  1. Create a new SSH Key from the Lightsail Dashboard
    1. Download the Private Key to your local computer
  2. Generate a Public Key pair using the new Private Key using ssh-keygen command
  3. Copy the Public Key and update the authorized_keys file on the server instance
    1. authorized_keys is found in your users’ home directory in the .ssh folder. e.g. /home/bitnami/.ssh/authorized_keys
  4. Test LOGIN with new Public/Private Key Pair using SSH Client.
  5. If sucessful, Delete the original Public Key from authorized_keys file on the server instance.

All videos tutorials on the website as well as the YouTube channel aim to provide a simplified process for a specific scenario; there could be many different factors and unique use cases you may have. The tutorials may not cover every situation; so treat is as a starting point or learning concept to apply to your unique situations, and consider this inspiration but not prescription or explicit direction.

Scroll to Top