Home > Additional Resources > Resource Access and Identity Verification Methods

How to SSH into an EC2 Instance: A Step-by-Step Guide

Q: How to SSH into an EC2 Instance from a Mac

Open your Terminal application and use the following command: `ssh -i "your-key-pair-name.pem" ec2-user@your-instance-public-ip-or-dns`

Q: How to SSH into an EC2 Instance from Windows

Download an SSH client like PuTTY . Input your EC2 instance's public IP or DNS, configure the SSH authentication settings to use your private key ( file), and connect.

Q: How to Troubleshoot SSH Connection Issues to an EC2 Instance

Check Logs: Examine your system logs and the AWS Management Console for error messages. Verify Network Connectivity: Use the command to check if you can reach your instance. Test SSH Configuration: Try SSH'ing to a different server to see if the issue is local.

Q: How to SSH into an EC2 Instance with a Specific User

Specify the desired username before the symbol in the command. For example, to connect as the user 'admin': `ssh -i "your-key-pair-name.pem" admin@your-instance-public-ip-or-dns`

Q: What are the Best Practices for Secure SSH Access to EC2 Instances?

Limit IP Access: Restrict inbound traffic to your instance's security group, allowing only trusted IP addresses. Disable Root Login: Configure your SSH server to disallow direct root logins. Use Strong Passwords and MFA: Enforce complex passwords and enable MFA whenever possible. Regularly Update Software: Keep your SSH client, server software, and operating system up to date. Implement SSH Key Management: Use a centralized system for secure storage, rotation, and management of SSH keys, especially in a team environment.

Posted 26th Jul 2024 by Ben Arent

What is Cryptographic Identity?

What are short-lived certificates?

Credentials vs. Cryptographic Identity

SSH Keys Explained: Enhancing Secure Access

What is zero trust security for applications and workloads?

What is Secretless (Passwordless) Authentication?

What are Access Requests?

What is Authorization?

What are Ephemeral Privileges?

What is Just-In-Time (JIT) access?

Principle of Least Privilege: What It Is & How to Implement It

What is RBAC?

What is ABAC?

What is MAC (Mandatory Access Control)?

What is OAuth 2.0 (Open Authorization)?

What is FIDO (Fast IDentity Online)?

What is U2F (Universal 2nd Factor)?

What is WebAuthn?

What is OIDC (Open ID Connect)?

What Is SAML (Security Assertion Markup Language)?

The Failures of Shared Secrets and How We Can Replace Them

What is Time-Based One-Time Password & How it Works

Risk-Adaptive Access Control (RADAC): A Deep Dive

SMS MFA: Is It Safe? Security Risks & Better Alternatives

Rule-Based Access Control (RuBAC): A Complete Guide

Time-Based Access Control (TBAC): A Complete Guide

PIM vs. PAM: Choosing the Right Approach for Identity Management

SCIM Overview: Streamlining User Management

What is Identity Governance & Administration (IGA)?

What is Identity Threat Detection and Response (ITDR)?

What is Cloud Infrastructure Entitlement Management (CIEM)?

What is Observability?

What are bastion hosts?

What is mutual TLS authentication (mTLS)?

What are non-human identities?

What is TCP/IP protocol suite?

What is a VPN (Virtual Private Network)?

Comparing TCP/IP and OSI Model

How IPv4 and IPv6 works

How to Access and Monitor IoT Devices Securely

Implementing Zero Trust Network Access in Cloud-Native Environments

SSH Bastion Server on AWS: Setup Guide & Security Benefits

Deploying self-hosted Highly Available Teleport on an On-Prem data center.

Mastering SSH Keygen

Backend for Frontend (BFF) Pattern: Microservices for UX

Infrastructure as Code (IaC): Automating IT Infrastructure

What is PCI Compliance?

What is HIPAA compliance?

What is SOC2 compliance?

What is FedRAMP compliance?

Access Logging

OS Default Logging with Windows

Guide to Audit Logging for Cloud Native Companies

Auditing and Reviewing Amazon EKS Workloads

StrongDM vs Teleport

Hashicorp Boundary vs Teleport

StrongDM Alternatives to Secure Infrastructure Access

Azure AKS RBAC

Authenticating Azure AKS Kubernetes Clusters with GitHub SSO

Authenticating Azure AKS Kubernetes Clusters with Okta SSO

Auditing and Reviewing Amazon EKS Workloads

Just-in-Time Access for Amazon EKS

Auditing and Reviewing Amazon EKS Workloads

Authenticating AWS EKS Kubernetes Clusters with GitHub SSO

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO

Authenticating Google Kubernetes Engine Clusters with Okta SSO

Authenticating GCP GKE with Google Workspace SSO

RBAC for Google Cloud Kubernetes Engine (GCP GKE)

Authenticating GKE Kubernetes Clusters with GitHub SSO

Authenticating Google Kubernetes Engine Clusters with Okta SSO

How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters

How to Access Proxmox Virtual Environment with Teleport

A Guide to EC2 Instance Connect

Managing Amazon EKS Clusters with kubectl

Accessing the Inaccessible: Your Guide to AWS EC2 Serial Console

Secure EC2 RDP: The Ultimate Guide to Safe Access

Secure AWS EC2 Access with Session Manager

How to SSH into an EC2 Instance: A Step-by-Step Guide

PostgreSQL LDAP Authentication: A Step-by-Step Guide

Secure PostgreSQL with RADIUS Authentication: A Step-by-Step Guide

Simple Random Tokens: A Guide to Secure Authentication

PostgreSQL Password Authentication: A Complete Guide

PostgreSQL SSL Authentication: A Step-by-Step Guide

Want to interact with your cloud server remotely? Of course you do. SSH, or Secure Shell, is the secure and preferred way to access your EC2 instance (your virtual server in the cloud). Think of it as a secure tunnel for managing your applications, troubleshooting issues, and running commands, all from the comfort of your local machine.

In this guide, we'll walk you through the essentials of SSH'ing into your EC2 instance. We'll cover key concepts, different operating systems, and best practices to ensure a smooth and secure experience.

Understanding the Basics: SSH, EC2, and Key Pairs

Before we jump into the how-to, let's break down some key concepts.

What is SSH?

SSH is a cryptographic network protocol that lets you access and manage your EC2 instance securely over an unsecured network. It's like having a private, encrypted conversation with your server, keeping prying eyes out.

What is an EC2 Instance?

An EC2 instance is a virtual server in Amazon Web Services (AWS) that you can use to run applications and services. It's like renting a computer in the cloud instead of having a physical one.

What are Key Pairs?

Key pairs are like digital keys for your EC2 instance. They consist of:

Public Key: This key is placed on your EC2 instance, acting like a lock on the door.
Private Key: You keep this key safe on your local machine. It's like the key that unlocks the door.

Only by using the matching private key can you "unlock" and SSH into your EC2 instance.

Setting the Stage: Before You SSH into an EC2 Instance

Before you can SSH into an EC2 Instance, here's what you need:

An AWS Account: You'll need an active AWS account.
An EC2 Instance: Make sure your instance is running. You can create one through the AWS Management Console.
A Key Pair: You'll need to create a key pair when launching your EC2 instance or generate one separately.
An SSH Client: Your local machine needs an SSH client. For Windows, consider tools like PuTTY. Mac and Linux users, you're in luck! OpenSSH is usually pre-installed.

How to SSH into an EC2 Instance: A Step-by-Step Guide

Now, let's walk through the steps of SSH'ing into your EC2 instance. For this example, we'll be connecting to a Linux instance.

1. Locate Your Key Pair (.pem file)

When you create an EC2 instance, you'll download a .pem file. This is your private key, and it's essential to keep it secure. Store it in a safe location on your local computer. Note: We don't recommend creating a new key per host, and instead upload keys pairs prior to creating instances.

2. Set Proper Permissions for Your Private Key

To ensure only you can use your private key, you need to set the correct permissions. Open your terminal (Mac/Linux) or command prompt (Windows) and navigate to the folder with your .pem file. Then, run the following command, replacing your-key-pair-name.pem with your actual file name:

chmod 400 your-key-pair-name.pem

3. Find Your EC2 Instance's Public IP Address or DNS

You need the address of your instance to connect. You can find this in the AWS Management Console. Navigate to your EC2 dashboard, select your instance, and look for the "Public IPv4 address" or "Public DNS (IPv4)" information.

4. Connect Using Your SSH Client

Now it's time to SSH into your EC2 instance:

On Mac/Linux: Open your terminal and run the following command:

ssh -i "your-key-pair-name.pem" ec2-user@your-instance-public-ip-or-dns

On Windows (Using PuTTY):

Open PuTTY and enter your instance's public IP address or DNS in the "Host Name (or IP address)" field.
In the "Connection" > "SSH" > "Auth" settings, browse and select your private key (.pem) file.
Click "Open" to connect.

5. You're In!

You should now be connected to your EC2 instance. You'll see a command prompt that usually starts with ec2-user or ubuntu, indicating you're logged in.

Important Considerations:

Windows Instances: Connecting to a Windows instance requires additional steps, such as enabling Remote Desktop Protocol (RDP) and configuring security groups.
Security Groups: Ensure your EC2 instance's security group allows inbound traffic on port 22 (SSH) from your IP address.

Conclusion

With these steps, you can now securely SSH into your EC2 Instance. This is just the beginning of your journey into managing your cloud infrastructure.

Scoring the Security of SSH into EC2

From a security team's perspective, let's rate the security of directly SSH'ing into an EC2 instance with a private key.

Score: 3 out of 5

Here's why:

While SSH itself is a secure protocol, relying solely on key pairs for access has inherent risks. Think about lost or stolen private keys — these can be serious vulnerabilities. Plus, managing keys across large teams or many EC2 instances can become a logistical nightmare.

Past incidents have shown that compromised credentials are a leading cause of security breaches. Relying solely on SSH keys for access, while convenient, doesn't offer the most robust defense against modern threats.

How to Improve SSH Security

Here's the good news: You can significantly boost the security of your SSH access. Consider these strategies:

Strong Passwords and MFA: Combine SSH keys with strong passwords and multi-factor authentication (MFA) for an extra layer of protection.
Bastion Hosts: Use a bastion host (a dedicated server) as an intermediary for SSH connections. This limits direct access to your EC2 instances.
SSH Key Management: Implement a system to securely store, rotate, and manage SSH keys, especially for teams.
Security Best Practices: Regularly update your SSH configurations, disable root login, and limit SSH access based on user roles and needs.
Use SSH Certificates: Leverage SSH Certificates for extra security.

Remember: Security is not a one-time setup. It requires ongoing attention and adaptation to counter evolving threats.

In Conclusion

SSH'ing into your EC2 instance is fundamental to managing your cloud infrastructure. This guide helps you master the process — from understanding the basics to implementing robust security measures.

Remember: Prioritizing security is crucial. While SSH itself provides a secure channel, consider the best practices outlined above to mitigate risks and safeguard your valuable cloud assets.

FAQs About SSH and Your EC2 Instances

How to SSH into a Private EC2 Instance

Connecting to a private EC2 instance (one without a public IP address) is a bit different. Here's how you do it:

Use a Bastion Host: Set up a bastion host within your Virtual Private Cloud (VPC) that has a public IP address. SSH into the bastion host first, and from there, SSH into your private instance.
VPN Connection: Establish a VPN connection to your VPC, which will allow you to access private IP addresses directly as if you were within the same network.

Why Can't I SSH into My EC2 Instance?

Troubleshooting SSH connections can be tricky. Here are common culprits:

Incorrect Security Group Settings: Verify your instance's security group allows inbound traffic on port 22 from your IP address.
Firewall Issues: Check your local machine's firewall and any network firewalls that might be blocking port 22.
Incorrect Key Permissions: Ensure your private key file has the correct permissions (chmod 400).
Typo in Hostname or IP: Double-check you're using the correct public IP address or DNS name of your EC2 instance.
Wrong Username: Ensure you are using the correct username (e.g., ec2-user, ubuntu).

How to SSH into an EC2 Instance from a Mac

Open your Terminal application and use the following ssh command:

`ssh -i "your-key-pair-name.pem" ec2-user@your-instance-public-ip-or-dns`

How to SSH into an EC2 Instance from Windows

Download an SSH client like PuTTY. Input your EC2 instance's public IP or DNS, configure the SSH authentication settings to use your private key (.pem file), and connect.

How to Troubleshoot SSH Connection Issues to an EC2 Instance

Check Logs: Examine your system logs and the AWS Management Console for error messages.
Verify Network Connectivity: Use the ping command to check if you can reach your instance.
Test SSH Configuration: Try SSH'ing to a different server to see if the issue is local.

How to SSH into an EC2 Instance with a Specific User

Specify the desired username before the @ symbol in the ssh command. For example, to connect as the user 'admin':

`ssh -i "your-key-pair-name.pem" admin@your-instance-public-ip-or-dns`

What are the Best Practices for Secure SSH Access to EC2 Instances?

Limit IP Access: Restrict inbound traffic to your instance's security group, allowing only trusted IP addresses.
Disable Root Login: Configure your SSH server to disallow direct root logins.
Use Strong Passwords and MFA: Enforce complex passwords and enable MFA whenever possible.
Regularly Update Software: Keep your SSH client, server software, and operating system up to date.
Implement SSH Key Management: Use a centralized system for secure storage, rotation, and management of SSH keys, especially in a team environment.

What is Cryptographic Identity?

What are short-lived certificates?

Credentials vs. Cryptographic Identity

SSH Keys Explained: Enhancing Secure Access

What is zero trust security for applications and workloads?

What is Secretless (Passwordless) Authentication?

What are Access Requests?

What is Authorization?

What are Ephemeral Privileges?

What is Just-In-Time (JIT) access?

Principle of Least Privilege: What It Is & How to Implement It

What is RBAC?