How do I set up SSH access for an Amazon EC2 instance?

Question

I need SSH access to an Amazon EC2 instance running Ubuntu 10.4. All I have is the Amazon username and password. Any ideas?

Don't forget to run chmod 400 my_private_key.pem.txt after you download it. — Peter Kaminski, Jun 23 '16 at 16:49

Rakesh Sankar · Accepted Answer · 2013-12-15T05:11:00.767

160

Basically, you need a private-key file to login into your EC2 via SSH. Follow these steps to create one:

Go https://console.aws.amazon.com/ec2/home & sign in to your existing Amazon account.
Click on "Key Pairs" on LHS or https://console.aws.amazon.com/ec2/home?region=us-east-1#s=KeyPairs.
- You should see the list of KEYs generated by you (or during EC2 creation process).
- Click on "Create Key Pair" if you don't see any or you lost your private-key.
- Enter a unique name and hit enter.
- A download panel will appear for you to save the private-key, save it.
- Keep it somewhere with the file permission "0600"
Click on "Instances" on LHS or https://console.aws.amazon.com/ec2/home?region=us-east-1#s=Instances
- You should see the list of ec2-instances, if you don't see any, then please create one.
- Click on the EC2 machine and note down the Public DNS address.
Open your Terminal (in Linux) and type the following command
- ssh -i /path/to/private-key root@<ec2-public-dns-address> - the root username has been avoided in the latest releases, based on your distribution select ec2-user or ubuntu as your username.
- hit Enter
- That's it.

edited Dec 15 '13 at 05:11

answered Jun 20 '11 at 06:40

Rakesh Sankar

9,721
4
38
64

im getting `Connection refused` from ubuntu. using putty on win7 is ok. where can the error be? – t q Aug 27 '12 at 20:13
@t-q make sure your IP address is not under any firewall? also post the debug statement of your SSH, run this command `ssh -v user@ipaddress.com` – Rakesh Sankar Aug 28 '12 at 07:48
6

You likely can't login as root directly via ssh. You will have to use a non-root account such as _ec2-user_ so 'ssh -i /path/to/private-key ec2-user@hostname – timbo Nov 21 '12 at 23:09
4

Once I've tried to connect it told me that I should use `ubuntu` login instead of `root`. Apparently I've got ubuntu server 12.04 instance. – Vasiliy Stavenko Nov 25 '12 at 10:13
3

I successfully created SSH account, next is how to upload files using SCP with the created account ??? When i try to upload using SCP, it says "Permission denied (publickey)." – Ashok KS Jun 12 '13 at 04:17
1

@AshokKS You should create another question looks like it will be worth to many. – Rakesh Sankar Jun 12 '13 at 05:18
Thx @RakeshS i can't ask question here, can you make a question and inform us ??? – Ashok KS Jun 12 '13 at 05:57
@AshokKS that makes me wonder/curious - why can't you ask question? – Rakesh Sankar Jun 12 '13 at 06:01
Thank i got it "#scp -i myfile.txt ubuntu@ec2-x-x-x.com/home/ubuntu/myfile.txt" from https://forums.aws.amazon.com/thread.jspa?threadID=64703. The stackoverflow blocked me to asking questions because asking un important questions early. lol – Ashok KS Jun 12 '13 at 06:57
5

still get this massage "Permission denied (publickey)." Why is that? – Kasun Kariyawasam Feb 26 '15 at 15:19
this probably means that you have not specified a valid key pair (or have given a wrong address for it - for example, if you key pair is in your Downloads directory, you should specify: `/home/kasun/Downloads/awsKey.pem` – tony gil May 12 '17 at 17:31
Thanks for making it more clearer than the aws doc. :) – Kulasangar Dec 05 '17 at 18:04
2

Y'all getting "Permission denied (publickey)." may be using Elastic Beanstalk. If so, you need to go into the EB env Config, Security, and chose the new key pair. New EC2 instances will be created that accept the key. And the user name is `ec2-user` or maybe `ubuntu`, but not `root`. – Jorge Orpinel Sep 10 '18 at 07:35
Can you please include `chmod 400 /path/to/private-key` to your answer? – Smily Aug 06 '19 at 14:35

score 25 · Answer 2 · answered Aug 21 '13 at 00:01

25

ssh -i /path/to/private-key ubuntu@<ec2-public-dns-address>

just use ubuntu instead of root. Your problem will be solved. Cheers!

answered Aug 21 '13 at 00:01

Shaharia Azam

1,865
17
24

prayagupd · Answer 3 · 2017-08-25T03:17:09.907

13

STEP 1) Download private keys assigned to your ec2 machine (which is only one time download when created. so recommended to commit somewhere)

STEP 2) and fire following commands,

chmod 400 MyKeyPair.pem
ssh -i MyKeyPair.pem ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com

Official Doc : Connecting to Your Linux/Unix Instances Using SSH

edited Aug 25 '17 at 03:17

answered Jun 06 '14 at 20:51

prayagupd

27,100
10
130
179

score 7 · Answer 4 · answered Aug 09 '13 at 14:18

7

Note, the current user for 13.04 is "ubuntu" ssh -i ./mykey.pem ubuntu@ec2-xxx-xxx-xxx-1.compute-1.amazonaws.com

answered Aug 09 '13 at 14:18

Mainguy

1,562
12
10

score 4 · Answer 5 · answered Feb 10 '15 at 19:47

4

If you are using MacOS, you should create/edit SSH configuration file (~/.ssh/config) and put something like:

Host *.amazonaws.com
    User ubuntu
    Port 22
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null
    IdentityFile ~/PATH/YOUR_DOWNLOADED_KEY.pem

Then to connect to any of EC2 instances:

ssh MYNAME.amazonaws.com

Nothing more!

answered Feb 10 '15 at 19:47

Thomas Decaux

18,451
2
83
95

what if i have multi-pal key for different Region like us-east-1.pem and us-west-2.pem – Haseeb Jul 07 '17 at 10:36

score 4 · Answer 6 · answered Jun 19 '11 at 19:06

You need to create a key pair first - do that using your EC2 console. Then use your private key to SSH into the server (the username is ec2-user) using a SSH client of your choice.

Once in, you can issue a sudo su - to gain root if you want (note: you cant log in as root directly).

score 1 · Answer 7 · edited May 23 '17 at 12:26

To setup Ubuntu on AWS, please follow the following steps:

Log-in to Amazon Web Services and select EC2.
Choose Launch Instance and follow wizard by selecting the right image (Ubuntu), instance type, configuring VPC network and Subnet, storage and allowing SSH access in Security Groups. Then Launch.
For the first time, you probably need to setup the key pair and assign it to the instance. You can also create key pair in Key Pairs. Once created, download the PEM file and keep it in a safe place.
Once the instance is launched, wait until the instance is Initialized and running.

To access the instance via SSH, run:

Connect to Linux box by specifying your PEM file, e.g.
```
ssh -i "file.pem" ubuntu@x.x.x.x
```
^{Make sure your PEM file has 600 permission (chmod 600 file.pem).}

Troubleshooting

If you're running VPC instance, and your security group is correct (with the right rules) and it still doesn't work, in VPC section check your subnet which should be attached to your VPC (both used by your instance) and setup new rule in Route Table that has 0.0.0.0/0 as Destination and your Internet Gateway as Target.

For more details check: Troubleshooting Connecting to Your Instance

See also: Possible reasons for timeout when trying to access EC2 instance

score 1 · Answer 8 · answered May 05 '17 at 18:59

1) First chmod the .pem file for restricting the file permissons as below

chmod 400 my-key-pair.pem

2)Then ssh with the following commands directly from .ssh folder

ssh -i my-key-pair.pem ec2-user@ec2-198-99-90-3.compute-1.amazonaws.com

Note:- To navigate into .ssh folder. First press Ctrl + H to display all the hidden files and finallycd .ssh

score 0 · Answer 9 · answered Jun 01 '14 at 23:38

Not logging in as the correct user for you OS Distro could be the issue. For certain new AMI, the username may not be "ubuntu", but "ec2-user". For Amazon Linux, for instance I believe the user is "ec2-user". Eric Hammond gives examples here: http://alestic.com/2014/01/ec2-ssh-username

My suggestion, try:

ssh -i /path/to/file.pem ec2-user@ec2...

ssh -i /path/to/file.pem ubuntu@ec2...

ssh -i /path/to/file.pem root@ec2...

If you have the wrong AMI, you might just want to restart the machine altogether so you have uniformity amongst your clusters. If this is your problem, you'll probably want the same OS Distro's at least for your linux boxes.

score 0 · Answer 10 · answered Nov 27 '14 at 13:17

Doing what is suggested in all these answers is not enough. Against each instance you see a security group. When you launch a new instance, you will have this thing set to default. You need to edit the security group and add the ssh port it. Later you need to add the 8080, 8443, 80, 443 ports also when you want to host your website.

Rajesh Prasad Yadav · Answer 11 · 2018-09-03T11:35:24.377

0

Make sure these thing in check

private key must have 400 permission
Make sure port 22 is open for AWS instance you are trying to access.
ssh -i privatekey.pem ubuntu@XXX.XXX.XXX.XXX // XXX.XXX.XXX.XXX = your instance public ip

edited Sep 03 '18 at 11:35

answered Apr 25 '15 at 11:02

Rajesh Prasad Yadav

625
6
7

score 0 · Answer 12 · answered Jun 11 '15 at 23:21

I Accepted AWS offer to use the default security groups which included 'All Trafic' ports.

And, after many and many times trying to connect on my new ec2 instance, I just realized that I should edit my used security group and manually add to inbound and outbound the 22 port ( ssh ) !

Hope it helps !

Vineet Jain · Answer 13 · 2017-08-22T15:43:57.500

First change permission of pem file by

chmod 400 path/to/key_pair.pem

Inside the file ~/.ssh/config add the following lines, at the top of the file

Host AWS
     Hostname myserver.com
     User myuser
     IdentityFile path/to/.pem/file
     port 22

Hostname take IP or link of server, User take username of server and Identity file is file downloaded from AWS when you created instance. Just Run the following command in terminal

ssh AWS

and enjoy it!

Note: To navigate into .ssh folder. First press Ctrl + H in home folder to display all the hidden files and finally cd .ssh

How do I set up SSH access for an Amazon EC2 instance?

13 Answers13

Troubleshooting

Linked