Amazon EC2 – Connecting to Linux/UNIX instances from Windows using PuTTY
After you launch your Linux/Unix instance on Amazon EC2, you want to connect to the newly launched machine/instance on AWS. You can connect to it and use it the way you use a computer sitting in front of you.
If you get any error while connecting to your Linux/Unix instance, see AWS EC2 – Troubleshooting Connecting to your Instance.
Below are the steps to connect to your Amazon EC2 Linux/Unix instance using PuTTY, a free SSH client for Windows.
1. Putty must be installed
Download and install PuTTY from the PuTTY download page.
2. Get the public DNS name of the instance
You can get the public DNS for your instance using the Amazon EC2 console. Check the Public DNS column; if this column is hidden, click the Show/Hide icon and select Public DNS.
3. Instance private key is required
You must have fully-qualified path of the .pem file for the key pair that you specified when you launched the instance.
4. Enable inbound SSH traffic from your IP address to your instance
Make sure that the security group associated with your instance allows incoming SSH traffic from your (computer from you wanted to access instance) IP address.
Converting Your Private Key Using PuTTYgen
PuTTY tool does not directly (natively) support the private key formate (.pem) generated by Amazon EC2. PuTTY supports its own format (.ppk). PuTTY has a tool named PuTTYgen, which convert keys to the required PuTTY format (.ppk). It is must to convert your private key into PuTTY format (.ppk) for connecting to your instance using PuTTY.
Steps to convert your private key (.pem) to PuTTY format (.ppk) are
1. Start PuTTYgen (for example, from the Start menu, click All Program > PuTTY > PuTTYgen)
2. Select SSH-2 RSA from Type of key to generate.
3. Click on Load. By default PuTTYgen displays only files with the extention .ppk. To locate your .pem file, select the All Files (*.*) option.
4. Select your .pem file and click Open. Click OK to dismiss the confirmation dialog box.
5. Click Save private key to save the key in the format that PuTTY can use. PuTTYgen displays a warning about saving the key without a passphrase. Click Yes.
A passphrase on a private key is an extra layer of protection, so even if your private key is discovered, it can’t be used without the passphrase. The downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instance, or copy files to an instance.
6. Specify the same name for the key that you used for the key pair (for example, my-key-pair). PuTTY automatically adds the .ppk file extension.
Now you have private key in the correct format for use with PuTTY. You can now connect to your instance using PuTTY’s SSH client.
Starting a PuTTY Session
Now we are ready to connect to your Amazon EC2 instance using PuTTY tool.
1. Start PuTTY tool (from the Start menu, click All Programs > PuTTY > PuTTY).
2. In the Category pane, select Session and complete the following fields:
a) In the Host Name box, enter user_name@public_dns_name. Be sure to specify the appropriate user name for your AMI. For example:
– For an Amazon Linux AMI, the user name is ec2-user.
– For a RHEL5 AMI, the user name is often root but might be ec2-user.
– For an Ubuntu AMI, the user name is ubuntu.
– Otherwise, check with your AMI provider.
b) Under Connection type, select SSH.
b) Ensure that Port is 22.
3. In the Category pane, expand Connection, expand SSH, and then select Auth. Complete the following:
a) Click Browse.
b) Select the .ppk file that you generated for your key pair, and then click Open.
c) (Optional) If you plan to start this session again later, you can save the session information for future use. Select Session in the Category tree, enter a name for the session in Saved Sessions, and then click Save.
d) Click Open to start the PuTTY session.
4. If this is the first time you have connected to this instance, PuTTY displays a security alert dialog box that asks whether you trust the host you are connecting to.
5. (Optional) If you’ve launched a public AMI, verify that the fingerprint in the security alert matches the fingerprint that you obtained in step 1. If these fingerprints don’t match, someone might be attempting a “man-in-the-middle” attack. If they match, continue to the next step.
6. Click Yes. A window opens and you are connected to your instance.
If you specified a passphrase when you converted your private key to PuTTY’s format, you must provide that passphrase when you log in to the instance.
14,142 total views, 1 views today