EC2: SSH Access
General Information
Using SSH to gain access to AWS EC2 instances.
Checklist
- AWS Account
- Basic VPC, Subnets, etc already setup
EC2: Keys
If you generate a key pair through the Amazon console, you will download a .pem file.
- This file contains your key pair (private and public) and is used in ssh commands to login
You can extract just your public key and output it in RSA format that Linux authorized_keys files expect.
ssh-keygen -y -f MYKEYPAIR.pem
- The output string can appended to a user's file at /home/USERNAME/.ssh/authorized_keys for additional key access beyond the default.
EC2: SSH Access
Accessing EC2 instances with a SSH key.
Pre-req Setup
- Launch EC2 Instance
- Create new key and download it or use existing SSH key pair
- Transfer the .pem key to your system that you will jump from to AWS
- Change permissions to read only for owner
chmod 400 keypair.pem
EC2: Direct SSH To Public Facing System
SSH to a system's public IP/DNS.
- Pre-req Setup complete
- SSH using the pem key as the identity to a system's public IP/DNS
- AWS AMI
ssh -i keypair.pem ec2-user@public.ip.address.here
- CentOS AMI
ssh -i keypair.pem centos@public.ip.address.here
EC2: SSH Through Bastion Host
SSH to a bastion host that is public facing and hopping from there to systems with private addresses only.
- Pre-req Setup complete
- Start SSH Agent
eval $(ssh-agent -s)
- Add key to the agent
ssh-add keypair.pem - SSH to the bastion host, forwarding the pem key
- AWS Linux AMI
ssh -A ec2-user@public.ip.address.here
- CentOS AMI
ssh -A centos@public.ip.address.here
- Now on bastion host, SSH to the private address only instance
- AWS Linux AMI
ssh ec2-user@private.ip.address.here
- CentOS AMI
ssh centos@private.ip.address.here