Master SSH to Safely Access and Control Your EC2 Instances
Table of contents
- π§βπ« Task 1: Understanding Public and Private Keys in SSH
- π Task 2: Connecting EC2 to EC2 Using SSH Keys π
- π₯οΈ Task 3: Connecting Local Machine to EC2 Using SSH Keys
- π Task 4: File Transfer with SCP (EC2 to Local)
- π‘οΈ Troubleshooting Common SSH and SCP Issues β οΈ
- π― Conclusion
Assignment:
Mastering SSH Key Authentication and EC2 Connections: A Step-by-Step Guide π οΈπ
In today's world of cloud computing and remote servers, secure communication and authentication are essential. One of the best ways to ensure a secure connection is by using SSH keys. If you're managing servers or working with cloud platforms like AWS EC2, understanding how to use public and private keys is a must. In this blog, weβll dive deep into the practical and theoretical aspects of using SSH keys to connect to EC2 instances from both another EC2 instance and your local machine. Letβs get started! π
π§βπ« Task 1: Understanding Public and Private Keys in SSH
Public and private keys form the foundation of asymmetric cryptography, which ensures secure communication between two systems. Hereβs a brief breakdown:
Public Key: This is shared openly and can be used by anyone to encrypt data. It is also placed on the server.
Private Key: This is kept secret and is used to decrypt data that was encrypted with the public key.
Authorized Keys: In the context of SSH, these are the public keys listed on the server that are allowed to authenticate. This enables passwordless login and enhances security.
Example: When connecting to an EC2 instance, the authorized_keys file contains the public keys allowed to log in to that instance.
π Task 2: Connecting EC2 to EC2 Using SSH Keys π
π Step 1: Generate a Key Pair
To start, youβll need to generate a pair of public and private keys using the following command in Linux:
ssh-keygen -t rsa -b 2048
This will create:
A public key (
.pub
file)A private key (kept secret)
The public key is added to the ~/.ssh/authorized_keys file on the remote EC2 instance.
π Step 2: Connect to an EC2 Instance
To connect from one EC2 instance to another using the private key:
ssh -i "yourkey.pem" ubuntu@your-ec2-instance-public-ip
-i
: Specifies the private key to use for authentication.ubuntu@your-ec2-instance-public-ip
: This is the username (ubuntu for Ubuntu-based instances) and the public IP of the remote EC2 instance.
π Step 3: Set Correct Permissions
Before making the connection, ensure that the private key file has the correct permissions. Otherwise, you may encounter errors. Set the permissions using:
chmod 400 yourkey.pem
This ensures the private key is only readable by you.
β Outcome: Secure Connection
Once everything is set up, the connection will be established securely without a password, thanks to the SSH key authentication. Youβll see a message like:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-1041-aws x86_64)
π₯οΈ Task 3: Connecting Local Machine to EC2 Using SSH Keys
Connecting your local machine to an EC2 instance follows a similar process, but weβll break it down step by step:
π Step 1: Prepare Your Private Key
First, make sure you have the PEM file (private key) downloaded from AWS when you created the EC2 instance. The private key should have restricted permissions:
chmod 400 batch-8-key.pem
π Step 2: SSH into Your EC2 Instance
Use the following SSH command to connect from your local machine to the EC2 instance:
ssh -i "./batch-8-key.pem" ubuntu@ec2-52-66-101-134.us-west-2.compute.amazonaws.com
Make sure to replace the public DNS or IP with that of your actual EC2 instance.
If successful, youβll be connected to the EC2 instance and can start managing it just like any other Linux system. π
π Task 4: File Transfer with SCP (EC2 to Local)
Secure Copy Protocol (SCP) allows you to transfer files between your local machine and a remote EC2 instance over an SSH connection. In this task, weβll copy an SSH key file (id_ed25519
) from an EC2 instance to your local machine.
π Step 1: Verify File on EC2
First, log into the EC2 instance and ensure that the file you want to copy exists:
ssh -i manojkey.pem ubuntu@ec2-52-37-217-12.us-west-2.compute.amazonaws.com
ls /home/ubuntu/.ssh/
Make sure the id_ed25519 file is present in the .ssh
directory.
π Step 2: Use SCP to Transfer the File
Run the following scp command from your local machine to copy the SSH key file:
scp -i manojkey.pem ubuntu@ec2-52-37-217-12.us-west-2.compute.amazonaws.com:/home/ubuntu/.ssh/id_ed25519 .
-i
: Specifies the private key for authentication.ubuntu@ec2-52-37-217-12.us-west-2.compute.amazonaws.com
:/home/ubuntu/.ssh/id_ed25519
: The source file on the EC2 instance..
: The destination directory on your local machine.
After running this, the file will be copied to your local machine, and you can verify its presence by using the ls command:
ls
You should see id_ed25519 listed in the directory.
π‘οΈ Troubleshooting Common SSH and SCP Issues β οΈ
While working with SSH and SCP, you might encounter a few common issues. Here are some solutions:
π Permission Denied (publickey)
If you see this error, itβs likely that the private key file has incorrect permissions. Fix it by running:
chmod 400 yourkey.pem
π SSH Timeout or Connection Refused
Check the security group of your EC2 instance. Ensure it allows inbound SSH (port 22).
Ensure the EC2 instance is running and not stopped.
π Cannot Resolve Hostname
Double-check the public DNS or IP address of the EC2 instance. If the DNS isnβt working, try using the public IP instead.
π― Conclusion
Using SSH keys to authenticate and connect to AWS EC2 instances is an essential skill for anyone working in cloud management or server administration. With SSH keys, you can establish secure, passwordless connections that are both more secure and more convenient than traditional password-based authentication.
Hereβs a quick recap of what weβve covered:
Understanding public and private keys in SSH for secure communication.
Connecting EC2 to EC2 using SSH keys.
Connecting your local machine to EC2 with SSH key-based authentication.
Transferring files with SCP from EC2 to your local machine.
Master these skills, and youβll be well on your way to managing remote systems with confidence and security! ππ»