|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
To connect to an instance, you will need a running instance and the private key file that corresponds to the key pair that was selected when the instance was launched. For information about launching instances, see Launching EC2 Instances. For information about key pairs, see Getting a Key Pair.
To connect to your Linux/UNIX instance from a Windows computer, use an SSH client. The following instructions explain how to use PuTTY, a free SSH client for Windows computers.
Enable SSH traffic—Open the instance's SSH port
Before you try to connect, ensure that your Amazon EC2 instance's security group accepts incoming SSH traffic on port 22. For more information, see Authorizing Network Access to Your Instances.
Instance ID—Get the ID of your Amazon EC2 instance
Retrieve the Instance ID of the Amazon EC2 instance you want to access. The Instance IDs for all of your instances are available in the Amazon EC2 console or with the ec2-describe-instances command.
Instance's public DNS—Get the public DNS of your Amazon EC2 instance
Retrieve the public DNS of the Amazon EC2 instance you want to access. You can find the public DNS for your instance using the Amazon EC2 console or with the ec2-describe-instances command.
Private key—Get the path to your private key
You'll need the fully qualified path of the private key file associated with your instance. For more information on key pairs, see Getting a Key Pair.
To download and install PuTTY
Go to http://www.chiark.greenend.org.uk/~sgtatham/putty/ and follow the instructions there.
Other tools in the PuTTY suite are PuTTYgen, a key generation program, and pscp, a secure copy command line tool. The different PuTTY tools are separate applications. You can install them separately or install the entire suite with a simple Windows installer. The following instructions assume you've installed the entire suite and can access all the components from the Windows Start menu.
PuTTY does not natively support the private key format generated by Amazon EC2. Fortunately, PuTTY has a tool called PuTTYgen, which can convert keys to the required PuTTY format.
To convert your private key
Start PuTTYgen (for example, from the Start menu, click All Programs > PuTTY > PuTTYgen).
Click Load and browse to the location of the private
key file that you want to convert (e.g.,
gsg-keypair.pem). By default, PuTTYgen displays
only files with extension
.ppk; you'll need to change
that to display files of all types in order to see your
.pem key file. The private key file must end with a
newline character or PuTTYgen cannot load it correctly.
.pem key file and click
PuTTYgen displays the following message.
When you click OK, PuTTYgen displays a dialog box with information about the key you loaded, such as the public key and the fingerprint. The keys that Amazon EC2 generates are 1024-bit SSH-2 RSA keys.
Click Save private key to save the key in PuTTY's format.
PuTTYgen asks if you want to save the key without a passphrase.
A passphrase on a private key is an extra layer of protection, so even if your private key is discovered, it will not be usable without the passphrase. The downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instance, or copy files to an instance. For this exercise, we're not using a passphrase.
Use the same name for the key that you used for the key pair (for example,
gsg-keypair). PuTTY automatically adds the
.ppk file extension.
Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client.
You'll connect by starting a PuTTY SSH session.
To use SSH to connect
If you've launched a public AMI that isn't one that you created
yourself, run the
ec2-get-console-output command on
your local system (not on the instance), and locate the
SSH HOST KEY
FINGERPRINTS section. For more information, see ec2-get-console-output in the
Amazon Elastic Compute Cloud Command Line Reference.
... ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_key.pub ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_rsa_key.pub ec2: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_dsa_key.pub ec2: -----END SSH HOST KEY FINGERPRINTS-----...
Note the fingerprints so that you can compare them to the fingerprints of the instance.
Start PuTTY (from the Start menu, click All Programs > PuTTY > PuTTY).
In the Host Name field, enter the public DNS name of your instance (available through the Amazon EC2 console or the ec2-describe-instances command).
Under Connection type, select SSH and ensure that the Port is set to 22.
In the Category tree, under Connection, expand the SSH node, and then select Auth.
Click Browse... and select the PuTTY private key file you generated in the preceding section.
If you will be opening this same session later, you may want to save it for future use. To save the session information, select Session in the Category tree, enter a name for the session in Saved Sessions, and click Save. This step is optional.
Click Open. If this is the first time you have connected to this instance, a security alert dialog box will be displayed asking if you trust the host you are connecting to,
If you've launched a public AMI, verify that the fingerprint in the security alert matches the fingerprint from the output of the ec2-get-console-output command. If it doesn't, someone might be attempting a "man-in-the-middle" attack.
If the security alert dialog box is displayed, click Yes.
In the SSH session window, log in with the appropriate username. In most
cases, the username will be
ec2-user. No password is required
because the authentication is provided by the selected public/private key
Some AMIs let you log in as root, but some require you to log in
with the username
ec2-user. For log in information for your
chosen AMI, contact your AMI provider directly or go to Amazon Machine Images
(AMIs) page, then locate and click your AMI on the list.
If you specified a passphrase when you converted your private key to PuTTY's format, you must provide that passphrase when you log in to the instance.
If you receive a "Connection Refused" error when connecting to the instance, ensure that your Amazon EC2 instance's security group accepts incoming SSH traffic on port 22. For more information, see Authorizing Network Access to Your Instances.
The PuTTY Secure Copy Client (PSCP) is a command-line tool that lets you transfer files between your Windows computer and your Linux/UNIX instance.
To use PSCP, you'll need the private key you generated in Converting Your Private Key. You'll also need the public DNS address of your Linux/UNIX instance.
The following example transfers the file
sample_file.txt from a
Windows computer to the
/usr/local directory on a Linux/UNIX instance:
C:\>pscp -i C:\Keys\gsg-keypair.ppk C:\sample_file.txt
If you prefer a graphical user interface (GUI), you can use an open source GUI tool named WinSCP. For more information, go to the WinSCP website.