Amazon Elastic Compute Cloud
User Guide (API Version 2013-02-01)
AWS Documentation » Amazon EC2 » User Guide » Amazon EC2 Instances » Connecting to Amazon EC2 Instances » Connecting to Linux/UNIX Instances from Windows Using PuTTY
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Connecting to Linux/UNIX Instances from Windows Using PuTTY

To connect to an instance, you will need a running instance and the private key file that corresponds to the key pair that was selected when the instance was launched. For information about launching instances, see Launching EC2 Instances. For information about key pairs, see Getting a Key Pair.

Topics

To connect to your Linux/UNIX instance from a Windows computer, use an SSH client. The following instructions explain how to use PuTTY, a free SSH client for Windows computers.

Prerequisites

  • Enable SSH traffic—Open the instance's SSH port

    Before you try to connect, ensure that your Amazon EC2 instance's security group accepts incoming SSH traffic on port 22. For more information, see Authorizing Network Access to Your Instances.

  • Instance ID—Get the ID of your Amazon EC2 instance

    Retrieve the Instance ID of the Amazon EC2 instance you want to access. The Instance IDs for all of your instances are available in the Amazon EC2 console or with the ec2-describe-instances command.

  • Instance's public DNS—Get the public DNS of your Amazon EC2 instance

    Retrieve the public DNS of the Amazon EC2 instance you want to access. You can find the public DNS for your instance using the Amazon EC2 console or with the ec2-describe-instances command.

  • Private key—Get the path to your private key

    You'll need the fully qualified path of the private key file associated with your instance. For more information on key pairs, see Getting a Key Pair.

Getting PuTTY

To download and install PuTTY

Other tools in the PuTTY suite are PuTTYgen, a key generation program, and pscp, a secure copy command line tool. The different PuTTY tools are separate applications. You can install them separately or install the entire suite with a simple Windows installer. The following instructions assume you've installed the entire suite and can access all the components from the Windows Start menu.

Converting Your Private Key

PuTTY does not natively support the private key format generated by Amazon EC2. Fortunately, PuTTY has a tool called PuTTYgen, which can convert keys to the required PuTTY format.

To convert your private key

  1. Start PuTTYgen (for example, from the Start menu, click All Programs > PuTTY > PuTTYgen).

  2. Click Load and browse to the location of the private key file that you want to convert (e.g., gsg-keypair.pem). By default, PuTTYgen displays only files with extension .ppk; you'll need to change that to display files of all types in order to see your .pem key file. The private key file must end with a newline character or PuTTYgen cannot load it correctly.

  3. Select your .pem key file and click Open.

    PuTTYgen displays the following message.

    When you click OK, PuTTYgen displays a dialog box with information about the key you loaded, such as the public key and the fingerprint. The keys that Amazon EC2 generates are 1024-bit SSH-2 RSA keys.

  4. Click Save private key to save the key in PuTTY's format.

    PuTTYgen asks if you want to save the key without a passphrase.

  5. Click Yes.

    Note

    A passphrase on a private key is an extra layer of protection, so even if your private key is discovered, it will not be usable without the passphrase. The downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instance, or copy files to an instance. For this exercise, we're not using a passphrase.

  6. Use the same name for the key that you used for the key pair (for example, gsg-keypair). PuTTY automatically adds the .ppk file extension.

Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client.

Connecting Using PuTTY SSH

You'll connect by starting a PuTTY SSH session.

To use SSH to connect

  1. If you've launched a public AMI that isn't one that you created yourself, run the ec2-get-console-output command on your local system (not on the instance), and locate the SSH HOST KEY FINGERPRINTS section. For more information, see ec2-get-console-output in the Amazon Elastic Compute Cloud Command Line Reference.

    C:\>  ec2-get-console-output instance_id

...
ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_key.pub
ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_rsa_key.pub
ec2: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_dsa_key.pub
ec2: -----END SSH HOST KEY FINGERPRINTS-----
...

    Note the fingerprints so that you can compare them to the fingerprints of the instance.

  2. Start PuTTY (from the Start menu, click All Programs > PuTTY > PuTTY).

  3. In the Host Name field, enter the public DNS name of your instance (available through the Amazon EC2 console or the ec2-describe-instances command).

  4. Under Connection type, select SSH and ensure that the Port is set to 22.

  5. In the Category tree, under Connection, expand the SSH node, and then select Auth.

  6. Click Browse... and select the PuTTY private key file you generated in the preceding section.

  7. If you will be opening this same session later, you may want to save it for future use. To save the session information, select Session in the Category tree, enter a name for the session in Saved Sessions, and click Save. This step is optional.

  8. Click Open. If this is the first time you have connected to this instance, a security alert dialog box will be displayed asking if you trust the host you are connecting to,

    Important

    If you've launched a public AMI, verify that the fingerprint in the security alert matches the fingerprint from the output of the ec2-get-console-output command. If it doesn't, someone might be attempting a "man-in-the-middle" attack.

  9. If the security alert dialog box is displayed, click Yes.

  10. In the SSH session window, log in with the appropriate username. In most cases, the username will be ec2-user. No password is required because the authentication is provided by the selected public/private key pair.

    Note

    Some AMIs let you log in as root, but some require you to log in with the username ec2-user. For log in information for your chosen AMI, contact your AMI provider directly or go to Amazon Machine Images (AMIs) page, then locate and click your AMI on the list.

    Note

    If you specified a passphrase when you converted your private key to PuTTY's format, you must provide that passphrase when you log in to the instance.

If you receive a "Connection Refused" error when connecting to the instance, ensure that your Amazon EC2 instance's security group accepts incoming SSH traffic on port 22. For more information, see Authorizing Network Access to Your Instances.

Transferring Files with PSCP

The PuTTY Secure Copy Client (PSCP) is a command-line tool that lets you transfer files between your Windows computer and your Linux/UNIX instance.

To use PSCP, you'll need the private key you generated in Converting Your Private Key. You'll also need the public DNS address of your Linux/UNIX instance.

The following example transfers the file sample_file.txt from a Windows computer to the /usr/local directory on a Linux/UNIX instance: 

C:\> pscp -i C:\Keys\gsg-keypair.ppk C:\sample_file.txt username@public-DNS:/usr/local/sample_file.txt

If you prefer a graphical user interface (GUI), you can use an open source GUI tool named WinSCP. For more information, go to the WinSCP website.

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...