Using SSH to Log In to a Linux Instance - AWS OpsWorks

Using SSH to Log In to a Linux Instance

Important

AWS OpsWorks Stacks is no longer accepting new customers. Existing customers will be able to use the OpsWorks console, API, CLI, and CloudFormation resources as normal until May 26, 2024, at which time they will be discontinued. To prepare for this transition, we recommend you transition your stacks to AWS Systems Manager as soon as possible. For more information, see AWS OpsWorks Stacks End of Life FAQs and Migrating your AWS OpsWorks Stacks applications to AWS Systems Manager Application Manager.

You can log into your online Linux instances with SSH using either the built-in MindTerm client, or a third-party client, such as PuTTY. SSH typically depends on an RSA key pair for authentication. You install the public key on the instance and provide the corresponding private key to the SSH client. AWS OpsWorks Stacks handles installing public keys on your stack's instances for you, as follows.

  • Amazon Elastic Compute Cloud (Amazon EC2)key pair – If the stack's region has one or more Amazon EC2 key pairs, you can specify a default SSH key pair for the stack.

    You can optionally override the default key pair and specify a different pair when you create an instance. In either case, AWS OpsWorks Stacks installs the specified key pair's public key on the instance. For more information on how to create Amazon EC2 key pairs, see Amazon EC2 Key Pairs.

  • Personal key pair – Each user can register a personal key pair with AWS OpsWorks Stacks.

    The user or an administrator registers the public key with AWS OpsWorks Stacks, and the user stores the private key locally. When setting permissions for a stack, the administrator specifies which users should have SSH access to the stack's instances. AWS OpsWorks Stacks automatically creates a system user on the stack's instances for each authorized user and installs the users' personal public key.

A user must have SSH authorization to use the MindTerm SSH client or to use their personal key pair to log in to a stack's instances.

To authorize SSH for a user
  1. In the AWS OpsWorks Stacks navigation pane, click Permissions.

  2. Select SSH/RDP for the desired IAM user to grant the necessary permissions. If you want to allow the user to use sudo to elevate privileges—for example, to run agent CLI commands—select sudo/admin also.

    
                    SSH and sudo permissions for users

For more information on how to use AWS OpsWorks Stacks to manage SSH access, see Managing SSH Access.