Lab2b : Connect to your Linux instance from Linux or macOS using SSH
You can use Secure Shell (SSH) to connect to your Linux instance from a local machine that runs a Linux or macOS operating system, or you can use a platform independent connection tool, such as EC2 Instance Connect or AWS Systems Manager Session Manager. For more information about platform independent tools, see Connect to your Linux instance.
This page explains how to connect to your instance with an SSH client. To connect to your Linux instance from Windows, see Connect from Windows.
Note
If you receive an error while attempting to connect to your instance, make sure that your instance meets all of the SSH connection prerequisites. If it meets all of the prerequisites, and you’re still not able to connect to your Linux instance, see Troubleshoot connecting to your instance.
Contents
SSH connection prerequisites
Before you connect to your Linux instance, complete the following prerequisites.
- Check your instance status
- After you launch an instance, it can take a few minutes for the instance to be ready so that you can connect to it. Check that your instance has passed its status checks. You can view this information in the Status check column on the Instances page.
- Get the public DNS name and user name to connect to your instance
- To find the public DNS name or IP address of your instance and the user name that you should use to connect to your instance, see Get information about your instance.
- Locate the private key and set the permissions
- To locate the private key that is required to connect to your instance, and to set the key permissions, see Locate the private key and set permissions.
- Install an SSH client on your local computer as needed
- Your local computer might have an SSH client installed by default. You can verify this by typing ssh at the command line. If your computer doesn’t recognize the command, you can install an SSH client.
- Recent versions of Windows Server 2019 and Windows 10 – OpenSSH is included as an installable component. For more information, see OpenSSH in Windows.
- Earlier versions of Windows – Download and install OpenSSH. For more information, see Win32-OpenSSH.
- Linux and macOS X – Download and install OpenSSH. For more information, see https://www.openssh.com.
Connect to your Linux instance using an SSH client
Use the following procedure to connect to your Linux instance using an SSH client. If you receive an error while attempting to connect to your instance, see Troubleshoot connecting to your instance.
Connect to your instance using SSH
- In a terminal window, use the ssh command to connect to the instance. You specify the path and file name of the private key (
.pem), the user name for your instance, and the public DNS name or IPv6 address for your instance. For more information about how to find the private key, the user name for your instance, and the DNS name or IPv6 address for an instance, see Locate the private key and set permissions and Get information about your instance. To connect to your instance, use one of the following commands.- (Public DNS) To connect using your instance’s public DNS name, enter the following command.
ssh -i/path/key-pair-name.peminstance-user-name@instance-public-dns-name - (IPv6) Alternatively, if your instance has an IPv6 address, to connect using your instance’s IPv6 address, enter the following command.
ssh -i/path/key-pair-name.peminstance-user-name@instance-IPv6-address
You see a response like the following:
The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (198-51-100-1)'
can't be established.
ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY. Are you sure you want to continue connecting (yes/no)?
- (Public DNS) To connect using your instance’s public DNS name, enter the following command.
- (Optional) Verify that the fingerprint in the security alert matches the fingerprint that you previously obtained in (Optional) Get the instance fingerprint. If these fingerprints don’t match, someone might be attempting a man-in-the-middle attack. If they match, continue to the next step.
- Enter
yes.You see a response like the following:Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (ECDSA) to the list of known hosts.
Transfer files to Linux instances using an SCP client
One way to transfer files between your local computer and a Linux instance is to use the secure copy protocol (SCP). This section describes how to transfer files with SCP. The procedure is similar to the procedure for connecting to an instance with SSH.
Prerequisites
- Verify the general prerequisites for transferring files to your instance.Before you transfer files between your local machine and your instance, take the following actions to ensure that you have all of the information you need.
- Install an SCP clientMost Linux, Unix, and Apple computers include an SCP client by default. If yours doesn’t, the OpenSSH project provides a free implementation of the full suite of SSH tools, including an SCP client. For more information, see https://www.openssh.com.
The following procedure steps you through using SCP to transfer a file using the instance’s public DNS name, or the IPv6 address if your instance has one.
To use SCP to transfer files between your computer and your instance
- Determine the location of the source file on your computer and the destination path on the instance. In the following examples, the name of the private key file is
key-pair-name.pem, the file to transfer ismy-file.txt, the user name for the instance is ec2-user, the public DNS name of the instance isinstance-public-dns-name, and the IPv6 address of the instance isinstance-IPv6-address.- (Public DNS) To transfer a file to the destination on the instance, enter the following command from your computer.
scp -i/path/key-pair-name.pem/path/my-file.txtec2-user@instance-public-dns-name:path/ - (IPv6) To transfer a file to the destination on the instance if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (
[ ]), which must be escaped ().scp -i/path/key-pair-name.pem/path/my-file.txtec2-user@[instance-IPv6-address]:path/
- (Public DNS) To transfer a file to the destination on the instance, enter the following command from your computer.
- If you haven’t already connected to the instance using SSH, you see a response like the following:
The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f. Are you sure you want to continue connecting (yes/no)?
(Optional) You can optionally verify that the fingerprint in the security alert matches the instance fingerprint. For more information, see (Optional) Get the instance fingerprint.
Enter
yes. - If the transfer is successful, the response is similar to the following:
Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts. my-file.txt 100% 480 24.4KB/s 00:00
- To transfer a file in the other direction (from your Amazon EC2 instance to your computer), reverse the order of the host parameters. For example, you can transfer
my-file.txtfrom your EC2 instance to the a destination on your local computer asmy-file2.txt, as shown in the following examples.- (Public DNS) To transfer a file to a destination on your computer, enter the following command from your computer.
scp -i/path/key-pair-name.pemec2-user@instance-public-dns-name:path/my-file.txt path/my-file2.txt - (IPv6) To transfer a file to a destination on your computer if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (
[ ]), which must be escaped ().scp -i /path/key-pair-name.pem ec2-user@[instance-IPv6-address]:
path/my-file.txt path/my-file2.txt
- (Public DNS) To transfer a file to a destination on your computer, enter the following command from your computer.
