Glam Prestige Journal

Bright entertainment trends with youth appeal.

I have created two EC2 instances on AWS. I created a key pair for each of them. I downloaded the .pem private keys and converted them into .ppk format. I can connect to each of my ec2 instances using PuTTY and their .ppk private key. But how do I SSH from one of my ec2 instance to the other? I can ping the Public DNS of either of them from the other. But if I try ssh from one to the other, I get:

Permission denied (publickey).

3

3 Answers

Method 1 - use the same keys on the servers:

Convert the keys to openssh format and upload the private keys to the servers. When you ssh to the destination host, specify the private key file:

ssh -i mykey.pem private.ip.of.other.server

Method 2 - Create new keys

On each server run:

ssh-keygen

Hit enter enter enter. You'll have two files:

.ssh/id_rsa
.ssh/id_rsa.pub

On Server A, cat and copy to clipboard the public key:

cat ~/.ssh/id_rsa.pub
[select and copy to your clipboard]

ssh into Server B, and append the contents of that to the it's authorized_keys file:

cat >> ~/.ssh/authorized_keys
[paste your clipboard contents]
[ctrl+d to exit]

Now ssh from server A:

ssh -i ~/.ssh/id_rsa private.ip.of.other.server
2

There is a 3rd and IMHO the best solution so called ssh agent forwarding:

  • on local machine configure ~/.ssh/config, by adding following section:
Host <ip-or-name-of-A-server> ForwardAgent yes
  • I assume on server A and B you have your local ~/.ssh/id_rsa.pub added to server's ~/.ssh/authorized_keys

While working on server A your keys can be used in further ssh communication - e.g.:

  • connecting to other server with ssh client - in this case to server B,
  • scp (secure copy),
  • git - you can pull/push using your local identity to your remote git repositories
  • etc.

To check to see if this works:

  • connect to server A
  • check if there is socket connection for key exchange by detecting SSH_AUTH_SOCK env var:
set|grep SSH_AUTH_ # output should be something like this:
SSH_AUTH_SOCK=/tmp/ssh-sEHiRF4hls/agent.12042

Notes:

  • you need to have ssh agent running - linux: ps -e | grep [s]sh-agent, for windows check putty's utilities pagent and plink
  • reference:
  • troubleshooting ssh:
2

A new AWS solution for the problem.

EC2 Instance Connect

Here's a blog post for the same:

AWS Blog

Please note:

The SSH public keys are only available for one-time use for 60 seconds in the instance metadata. To connect to the instance successfully, you must connect using SSH within this time window. Because the keys expire, there is no need to track or manage these keys directly, as you did previously.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Related Journals