Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== EC2: SSH Access ====== **General Information** Using SSH to gain access to AWS EC2 instances. **Checklist** * AWS Account * Basic VPC, Subnets, etc already setup ---- ====== EC2: Keys ====== If you generate a key pair through the Amazon console, you will download a .pem file. * This file contains your key pair (private and public) and is used in ssh commands to login \\ You can extract just your public key and output it in RSA format that Linux authorized_keys files expect.<code bash>ssh-keygen -y -f MYKEYPAIR.pem</code> * The output string can appended to a user's file at /home/USERNAME/.ssh/authorized_keys for additional key access beyond the default. ---- ====== EC2: SSH Access ====== Accessing EC2 instances with a SSH key. Pre-req Setup * Launch EC2 Instance * Create new key and download it or use existing SSH key pair * Transfer the .pem key to your system that you will jump from to AWS * Change permissions to read only for owner<code bash>chmod 400 keypair.pem</code> ---- ===== EC2: Direct SSH To Public Facing System ===== SSH to a system's public IP/DNS. * Pre-req Setup complete * SSH using the pem key as the identity to a system's public IP/DNS * AWS AMI<code bash>ssh -i keypair.pem ec2-user@public.ip.address.here</code> * CentOS AMI<code bash>ssh -i keypair.pem centos@public.ip.address.here</code> ---- ===== EC2: SSH Through Bastion Host ===== SSH to a bastion host that is public facing and hopping from there to systems with private addresses only. * Pre-req Setup complete * Start SSH Agent<code bash>eval $(ssh-agent -s)</code> * Add key to the agent<code bash>ssh-add keypair.pem</code> * SSH to the bastion host, forwarding the pem key * AWS Linux AMI<code bash>ssh -A ec2-user@public.ip.address.here</code> * CentOS AMI<code bash>ssh -A centos@public.ip.address.here</code> * Now on bastion host, SSH to the private address only instance * AWS Linux AMI<code bash>ssh ec2-user@private.ip.address.here</code> * CentOS AMI<code bash>ssh centos@private.ip.address.here</code> ---- linux_wiki/ec2_ssh_access.txt Last modified: 2019/05/25 23:50(external edit)