Hello Kunal,

please bear in mind that the whole purpose of a ssh-based login is to replace the password login with something more secure, the use of a secret key to provide a digital signature instead of a cleartext password (on the wire).

That's why it is a bad idea to return to password logins. Here is how you can proceed:

Usually the secret key resides only on your local machine, but with EC2 it also is stored here without protection. Another bad idea.
That, in essence, is the reason why you are not requested for a root password when you use your key.pem.

If you protect your secret key with a password and reliably remove the unprotected one, everyone who wants to login as root on the instance will have to provide this password in order to get access to your instance.

Personally, I would not use the old one for this purpose, as someone might have copied this unprotected file already. So you need to create a new one, which also will be unprotected. But then you can simply set a password with the following command and remove the unprotected file from the system:

ssh-keygen -p -P "" -N "thisisthenewpassword" -f yourunprotected.pem

This command would overwrite the unprotected file with the new password protected rewritten secret key.

If you use it you would be prompted for the password to unlock the (protected) secret key and then it is used to create a digital signature which eventually lets you log into the instance.

Ralph