Amazon WorkSpaces
Administration Guide

Connect to Amazon Linux WorkSpaces by Using SSH

If you or your users want to connect to your Amazon Linux WorkSpaces by using the command line, you can enable SSH connections. You can enable SSH connections to all WorkSpaces in a directory or to individual WorkSpaces in a directory.

To enable SSH connections, you create a new security group or update an existing security group and add a rule to allow inbound traffic for this purpose. Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level. After you create or update your security group, your users and others can use PuTTy or other terminals to connect from their devices to your Amazon Linux WorkSpaces.

Prerequisites for SSH Connections to Amazon Linux WorkSpaces

  • Enabling inbound SSH traffic to a WorkSpace — To add a rule to allow inbound SSH traffic to one or more Amazon Linux WorkSpaces, make sure that you have the public or private IP addresses of the devices that require SSH connections to your WorkSpaces. For example, you can specify the public IP addresses of devices outside your virtual private cloud (VPC) or the private IP address of another EC2 instance in the same VPC as your WorkSpace.

    If you plan to connect to a WorkSpace from your local device, you can use the search phrase "what is my IP address" in an internet browser or use the following service: Check IP.

  • Connecting to a WorkSpace — The following information is required to initiate an SSH connection from a device to an Amazon Linux WorkSpace.

    • The NetBIOS name of the WorkSpace that you want to connect to.

    • Your WorkSpace user name.

    • The public or private IP address of the WorkSpace that you want to connect to.

      Private: If your VPC is attached to a corporate network and you have access to that network, you can specify the private IP address of the WorkSpace.

      Public: If your WorkSpace has a public IP address, you can use the WorkSpaces console to find the public IP address, as described in the following procedure.

To find the IP addresses for the Amazon Linux WorkSpace you want to connect to and your user name

  1. Open the Amazon WorkSpaces console at https://console.aws.amazon.com/workspaces/.

  2. In the navigation pane, choose WorkSpaces.

  3. In the list of WorkSpaces, choose the WorkSpace that you want to enable SSH connections to.

  4. In the Running mode column, confirm that the WorkSpace status is Available.

  5. Click the arrow to the left of the WorkSpace name to display the inline summary, and note the following information:

    • The WorkSpace IP. This is the private IP address of the WorkSpace.

      The private IP address is required for obtaining the elastic network interface associated with the WorkSpace. The network interface is required to retrieve information such as the security group or public IP address associated with the WorkSpace.

    • The WorkSpace Username. This is the user name that you specify to connect to the WorkSpace.

  6. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  7. In the navigation pane, choose Network Interfaces.

  8. In the search box, type the WorkSpace IP that you noted in Step 5.

  9. Select the network interface associated with the WorkSpace IP.

  10. If your WorkSpace has a public IP address, it is displayed in the IPv4 Public IP column. Make a note of this address, if applicable.

To find the NetBIOS name of the directory for the WorkSpace you want to connect to

  1. Open the AWS Directory Service console at https://console.aws.amazon.com/directoryservicev2/.

  2. In the list of directories, click the Directory ID link of the directory for the WorkSpace.

  3. In the Directory details section, note the Directory NetBIOS name.

Enable SSH Connections to all Amazon Linux WorkSpaces in a Directory

To enable SSH connections to all Amazon Linux WorkSpaces in a directory, do the following.

To create a security group with a rule to allow inbound SSH traffic to all Amazon Linux WorkSpaces in a directory

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Security Groups.

  3. Choose Create Security Group.

  4. Type a name and optionally, a description for your security group.

  5. For VPC, choose the VPC that contains the WorkSpaces that you want to enable SSH connections to.

  6. On the Inbound tab, choose Add Rule, and do the following:

    • For Type, choose SSH.

    • For Protocol, TCP is automatically specified when you choose SSH.

    • For Port Range, 22 is automatically specified when you choose SSH.

    • For Source, choose My IP or Custom, and specify a single IP address or an IP address range in CIDR notation. For example, if your IPv4 address is 203.0.113.25, specify 203.0.113.25/32 to list this single IPv4 address in CIDR notation. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.

    • For Description (optional), type a description for the rule.

  7. Choose Create.

Enable SSH Connections to a Specific Amazon Linux WorkSpace

To enable SSH connections to a specific Amazon Linux WorkSpace, do the following.

To add a rule to an existing security group to allow inbound SSH traffic to a specific Amazon Linux WorkSpace

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under Network & Security, choose Network Interfaces.

  3. In the search bar, type the private IP address of the WorkSpace that you want to enable SSH connections to.

  4. In the Security groups column, click the link for the security group.

  5. On the Inbound tab, choose Edit.

  6. Choose Add Rule, and then do the following:

    • For Type, choose SSH.

    • For Protocol, TCP is automatically specified when you choose SSH.

    • For Port Range, 22 is automatically specified when you choose SSH.

    • For Source, choose My IP or Custom, and specify a single IP address or an IP address range in CIDR notation. For example, if your IPv4 address is 203.0.113.25, specify 203.0.113.25/32 to list this single IPv4 address in CIDR notation. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.

    • For Description (optional), type a description for the rule.

  7. Choose Save.

Connect to an Amazon Linux WorkSpace by Using Linux or PuTTy

After you create or update your security group and add the required rule, your users and others can use Linux or PuTTy to connect from their devices to your WorkSpaces.

Note

Before completing either of the following procedures, make sure that you have the following:

  • The NetBIOS name of the WorkSpace that you want to connect to.

  • The username that you use to connect to the WorkSpace.

  • The public or private IP address of the WorkSpace that you want to connect to.

For instructions on how to obtain this information, see "Prerequisites for SSH Connections to Amazon Linux WorkSpaces" earlier in this topic.

To connect to an Amazon Linux WorkSpace by using Linux

  1. Open the command prompt as an administrator and type the following command. For NetBIOS name, Username, and WorkSpace IP, type the applicable values.

    ssh "NetBIOS_NAME\Username"@WorkSpaceIP

    The following is an example of the SSH command where:

    • The NetBIOS_NAME is anycompany

    • The Username is janedoe

    • The WorkSpace IP is 203.0.113.25

    ssh "anycompany\janedoe"@203.0.113.25
  2. When prompted, type the same password that you use when authenticating with the WorkSpaces client (your Active Directory password).

To connect to an Amazon Linux WorkSpace by using PuTTY

  1. Open PuTTY.

  2. In the PuTTY Configuration dialog box, do the following:

    • For Host Name (or IP address), type the following command. Replace the values with the NetBIOS name of the WorkSpace that you want to connect to, the user name that you use to connect to the WorkSpace, and the IP address of the WorkSpace that you want to connect to.

      "NetBIOS_NAME\Username"@WorkSpaceIP
    • For Port, type 22.

    • For Connection type, choose SSH.

    For an example of the SSH command, see step 1 in the previous procedure.

  3. Choose Open.

  4. When prompted, type the same password that you use when authenticating with the WorkSpaces client (your Active Directory password).