PART 1: SSH INTO AN EC2 INSTANCE FROM WINDOWS USING PUTTY
DOWNLOAD & Install PuTTY
If you don’t have the PuTTY software installed on your system, you will need to download it from www.putty.org. Be sure to select the entire package as shown below, as it will include all the needed utilities such as puttygen and pageant.
DOWNLOAD YOUR EC2 KEY PAIR FILE
If you have not already downloaded (or cannot locate) your key pair (i.e my_key_pair.pem) you will need to create a new EC2 instance and download a new one. A key pair consists of a public key that AWS stores and a private key file that you store (downloaded as PEM file). PEM stands for Privacy Enhanced Mail and is a widely used X.509 encoding format used for security certificates. Together, the two keys enable you to securely connect to your EC2 instance using SSH.
CONVERT YOUR PEM FILE TO PPK FORMAT
PuTTY does not natively support the PEM format that AWS uses, so you need to first convert your PEM file to a PPK file (PPK = PuTTY Private Key). To do this, you use the PuTTYgen utility. To start the utility you can type puttygen in the Windows start dialog box:
On the PuTTYgen dialog box, click the Load Button and then select the .pem file that you downloaded from AWS. Note: when browsing for your pem file be sure to select All Files in the dropdown list that is located to the right of the File name field. PuTTYgen will then load and convert your file.
As the message indicates, you then need to click on “Save private key”. You will receive a warning message asking if you want to save this key without a passphrase. Be sure to select Yes.
Provide a name for your ppk file and click save.
Now that you have converted the pem file to a ppk file, you are ready to use the PuTTY utility. In the Windows start dialog box, type in putty to start the utility.
ENTER HOST NAME
Enter your Host Name into the appropriate field. This will be in the format of: user_name@public_dns_name. Be sure to specify the appropriate user name for your AMI type. For example:
•For an Amazon Linux AMI, the user name is ec2-user.
•For a RHEL AMI, the user name is ec2-user or root.
•For an Ubuntu AMI, the user name is ubuntu or root.
•For a Centos AMI, the user name is centos.
•For a Fedora AMI, the user name is ec2-user.
•For SUSE, the user name is ec2-user or root.
•Otherwise, if ec2-user and root don't work, check with the AMI provider.
Here is an example for connecting to an Amazon Linux AMI:
SELECT YOUR PPK FILE
Next, click on the + button next to the SSH field to expand this section. Then click on Auth (which stands for authenticate) and enter the name of your private key file (i.e. the ppk file) where it says Private key file for authentication (if you click on browse you can easily search for the directory where you have stored it).
OPEN YOUR TERMINAL SESSION
Lastly, click on Open to start your SSH session.
Note: if this is the first time that you are logging into the instance, you will receive the following alert.
Click on Yes to continue.
If you did everything correctly, you will see a new window appear displaying your command line SSH session (troubleshooting hint: if the window appears but fails to connect, a common issue is that you likely have not created a rule to enable SSH inbound traffic on Port 22 in the Security Group that is attached to this instance…..so double check that first).
Part 2: Connecting to a Linux Instance that is Running in a Private Subnet
USE PuTTYGEN TO CREATE A PRIVATE PPK FILE
You will first need to use PuTTYGen to convert your PEM file into a private PPK file that has a password. So, in PuTTYGen, choose Conversions > Import Key and select your PEM-formatted private key. Enter a passphrase and then click Save private key, as shown in the following screenshot. Save the key as a .ppk file
OPEN THE PAGEANT UTILITY THAT IS PART OF THE PuTTY PACKAGE
Pageant is an SSH authentication agent and allows you to hold your private key in memory, so that it can in turn be forwarded by PuTTY. To start the utility you can type pageant in the Windows start dialog box:
ADD YOUR PPK KEY FILE INTO PAGEANT
Find the Pageant icon in your Windows task bar (generally found at the bottom of your screen…look for computer terminal with a black hat on top of it). Double click on this icon then select Add Key and in the pop up dialog window navigate to the folder that contains your PPK file and select it, followed by clicking on Open. When you select the PPK file, you’re prompted to enter the passphrase you chose when you converted the key. You can then close the Pageant Key List window after your key has been added:
OPEN UP THE MAIN PuTTY UTILITY
On the main screen (Session) enter the Host Name information for your instance as was described earlier in this guide (i.e. user_name@public_dns_name). Then click on SSH and select the Auth tab. Click on Allow agent forwarding and leave the Private key file for authentication empty as shown here:
Then click on Open and it should connect you to your publically accessible EC2 instance (in this scenario, this instance would be referred to as the Bastion host or a jump box).
CONNECTING TO THE PRIVATE INSTANCE
ssh user_name@private_IP_address (i.e., something like this: ssh email@example.com).
You should then see a second log-in occur within your PuTTY session. If you did everything correctly you will now be logged into the private instance via SSH.