Posted On: Aug 17, 2021

Starting today, AWS customers can use ED25519 keys to prove their identity when connecting to EC2 instances. ED25519 is an elliptic curve based public-key system commonly used for SSH authentication.

Previously, EC2 customers could only use RSA based keys to authenticate to EC2 instances, when they needed to establish secure connections to deploy and manage instances on EC2. EC2 customers can now also use ED25519 key pairs in addition to RSA based key pairs. This will help customers choose the type of key pair they want to, as well as standardize on a single type of key pair across their organization. The default type of key pair generated with EC2 will continue to be RSA based, unless explicitly specified.

Customers can get started with ED25519 keys by either generating an ED25519 key pair using EC2 console, or the AWS CLI or by importing an existing ED25519 key pair. Once an ED25519 key pair is generated or imported, it can be used to establish an SSH connection to any Linux or Mac instance on EC2.

To learn more about how to generate ED25519 keys and how to use them to validate your identity to EC2 instances, see documentation.