When I create a new Elastic Beanstalk environment it asked me if wanted to create a new keypair. I say yes, and it created two file in my .ssh folder locally called app and app.pub. Normally to ssh into an instance I use a app.pem file.
i.e
ssh -i app.pem ubuntu#ip
Why did Elastic Beanstalk not give me pem file and how do I SSH into the instance without one?
It seems that you need to create your key first in the AWS console, this will allow you to download the correct file app.pem which you add to .ssh folder (Mac).
You can then resign the new key by doing eb ssh --setup. WARNING This deletes all instances and recreates!
Related
I create ec2-instance on the AWS server:
Now I try to connect to the server with putty.
First of all, I downloaded the PPK for instance:
In the next I created a connection with putty:
After I launch connection and set the username as ec2-user:
in the result I got the error:
How to correctly connect to the ec2 instance with PPK?
What I understand from the question is that you did launch an EC2 instance successfully and afterwards you generated a new SSH key pair which does not have any connection to the already created EC2 instance.
What you should have done is to create a new key when the instance was launched:
OR select an existing key:
Now, the easiest way to solve this problem is to terminate the EC2 instance and recreate it with your existing key pair. You should be able to chose wlifter-ppk from the dropdown.
If, for some reason, you don't want to do this or it is not possible to terminate and relaunch the instance, there are several ways to rescue the instance and attach an existing SSH key.
I. Manually rescue the instance:
From Putty convert you .ppk to RSA public key.
Use EC2 Instance Connect or Session Manager to connect to your instance.
Locate the .ssh/authorized_keys file. For Amazon Linux instances this can be found in /home/ec2-user/.ssh folder.
Open authorized_keys, append the new RSA public key and save the file.
Connect to the instance using Putty.
II. Use EC2Rescue tool https://aws.amazon.com/premiumsupport/knowledge-center/ec2-instance-boot-issues/
I assume you have local Windows and you'd like to connect to your EC2 AWS linux VM.
Use PuTTYgen to generate SSH-2 RSA key, 2048 bits.
Save keys into file, ie. myaws1.pub and myaws1.
In AWS dashboard, find your live instance, open up shell. It'll open up in the browser.
You will be logged in most likely as ec2-user
vi .ssh/authorized_keys
On your Windows, open up myaws1.pub file. take the relevant part and make it one line. Yes, it's broken up into multiple lines. Now press CTRL-C. And over in the browser where you Linux shell, press ESC-I (for insert), now CTRL-V (paste). Save and exit vi.
Back to Amazon Dashboard, in Network Security -> Security Groups, create SSH inbound rule with source 0.0.0.0/0
Now, when connecting to your instance from Putty use "Auth" in options.
This is what your new line in auth file should look like. I shortened it
ssh-rsa AAAAB3......... aws1
Recently, I had to change ssh key of my EC2 instance which i did using following steps:
Created new key-pair file from AWS
Connected to AWS using old ssh and then went to .ssh directory listed under root folder.
Opened authorized_keys file and deleted old key from there and added new PRIVATE key and then saved it.
Restarted ssh service.
Opened new terminal and tried to connect using new ssh key and it worked without any issue.
However, my problem is that when I tried to connect using old ssh which I just removed from authorized_keys file, I was able to connect to server which I did not want.
Can anybody explain me if I doing anything wrong here as I wanted to remove access of server via old ssh key and use only new ssh key?
The following instructions are given for the ec2 instance that I'm trying to connect to:
To access your instance: Open an SSH client. (find out how to connect
using PuTTY)
CHECK!
Locate your private key file (keypair.pem). The wizard automatically
detects the key you used to launch the instance.
I launched Putty with a .ppk and I also still have the .pem sitting on my local machine. However, how does this help once I am in the aws Linux terminal?
It sounds to me that the .pem should now be located on the remote machine, not my local one.
Your key must not be publicly viewable for SSH to work. Use this
command if needed: chmod 400 keypair.pem
This is fine once the previous step is clearer.
Connect to your instance using its Public DNS:
ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
Example: ssh -i "keypair.pem"
root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
I am currently typing this in (also trying ec2-user instead of root) but I get the following:
Warning: Identity file keypair.pem not accessible: No such file or directory.
Permission denied (publickey).
Please note that in most cases the username above will be correct,
however please ensure that you read your AMI usage instructions to
ensure that the AMI owner has not changed the default AMI username.
In case this is important, what user name are they referring to here?
I have also made sure the I can SSH into the security group from all locations.
Christopher, I am not sure if you have access to the AWS console, but If you do, then it will be easy to find out the correct user name of your EC2 machine. click on the check mark box to pick your instance, then click Connect, and it will show you the correct user name. If it is an amazon AMI image, it will most likely be ec2-user, other images can have root, ubuntu, bitnami, or any other user configured by the AMI creator.
Your error message: " Warning: Identity file keypair.pem not accessible" indicates an issue with your private key not being accessible.
You said you converted the .pem to ppk for putty, which will enable you to SSH via putty. If you need to SSH from an EC2 machine to another EC2 machine, you will need that private key with the "pem" extension.
Think of your private key as your password, except that it's stored in a file.
ssh -i "keypair.pem" root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
This command says: Log me in via SSH protocol to server xxxx.eu... using password file (Private key) "keypair.pem" that resides in the current directory.
if you do an "ls" and you don't see "keypair.pem" then that is your issue.
I hope that helps!
I am using mac terminal and I want to connect my machine with server instance EC2 in aws with SSH. Since I am using Mac OS X is not necessary to use PUTTY. The problem is that when I download the key it is with extension .ppk but when i need to run it on terminal i need to use a command in which i have to use .pem extension . I tried to run it in that way and it said to me permission denied. Can someone help me what to do in this case? Do i have to change the permission or to convert my key from .ppk to .ppm?
You need to know the .pem file folder you download, and then follow steps below:
download the keypair(.pem file)
cd to keypair(.pem file) location (Note that you can use absolute path name for key pair instead)
chmod 400 [your_key_name].pem (Note that to make SSH work, your key must not be publicly viewable. Use this command if needed.)
ssh -i "[your_key_name].pem" ec2-user#[your ec2 dns name]
You will have to convert your "ppk" file to "pem" file follow this steps.
http://www.ramsmusings.com/2014/02/20/converting-a-putty-ppk-file-to-a-pem-file-for-accessing-aws-ec2-instances/
After you convert connect to the instance using the SSH command and converted "pem" file.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
Quick answer
Instead of working directly with SSH keys I would consider working with AWS ec2-instance-connect.
It saves you the the management of the SSH keys and is much safer then sharing SSH keys for each EC2 machine between team members.
After authentication with the aws credentials (by referring to a profile in .aws/config file or using environment variables ) you can connect to the instance very easily by providing the instance ID:
./bin/mssh <instance-ID>
Installation of this tool can be done via pip or directly from the github repo.
Additional information
Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH).
With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principles to control SSH access to your instances, removing the need to share and manage SSH keys.
When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes a one-time-use SSH public key to the instance metadata where it remains for 60 seconds. An IAM policy attached to your IAM user authorizes your IAM user to push the public key to the instance metadata.
The SSH daemon uses AuthorizedKeysCommand and AuthorizedKeysCommandUser, which are configured when Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance.
You can use Instance Connect to connect to your Linux instances using a
browser-based client,
the Amazon EC2 Instance Connect CLI,
or the SSH client of your choice.
(*) Amazon Linux 2 2.0.20190618 or later and Ubuntu 20.04 or later comes preconfigured with EC2 Instance Connect.
For other supported Linux distributions, you must set up Instance Connect for every instance that will support using Instance Connect. This is a one-time requirement for each instance.
Links:
Connect using EC2 Instance Connect
Securing your bastion hosts with Amazon EC2 Instance Connect
I have information for some AWS. When I log in I go to AWS management control and then I open EC2. I am just trying to make simple ssh or ftp to the server, so I can change some things on some website which is hosted there.
I added private key that I made in AWS and try to ssh to AWS but it is looking for some publik key. Where can I found that>
Thanks everyone for your help.
Once you created the machine there is no need to access AWS Console to ssh into the instance.
1) Make sure you have the pem file used to create the instance
2) Open a terminal window
3) SSH into your instance. ssh -i you_pem_file.pem root#ip_address_of_your_ec2
If you lost the pem file, well, you're kind of lost :) In this case, you can go to the EC2 AWS Console, create an AMI from the instance you have lost your PEM file, create a new keypair, and launch a new instance from the AMI with the just created keypair.