         | Did this page help you? Yes No Tell us about it... |
Connecting to Linux/UNIX Instances from Linux/UNIX
Topics
This section describes how to connect to Linux and UNIX instances using SSH and SCP on a Linux/UNIX machine.
Connect to Linux/UNIX Instances from Linux/UNIX with SSH
Prerequisites
Enable SSH traffic—Open the instance's SSH port
Before you try to connect, ensure that your Amazon EC2 instance accepts incoming SSH traffic (usually on port 22). For more information, see Authorize Network Access to Your Instances.
SSH client—Install an SSH client
Most Linux and UNIX machines include an SSH client by default. You can check for an SSH client by typing
sshat the command line. If your machine doesn't recognize the command, the OpenSSH project provides a free implementation of the full suite of SSH tools. For more information, go to http://www.openssh.org.Instance ID—Get the ID of your Amazon EC2 instance
Retrieve the Instance ID of the Amazon EC2 instance you want to access. The Instance ID for all your instances are available in the AWS Management Console or through the CLI command ec2-describe-instances.
Instance's public DNS—Get the public DNS of your Amazon EC2 instance
Retrieve the public DNS of the Amazon EC2 instance you want to access. You can find the public DNS for your instance using the AWS Management Console or by calling the CLI command
ec2-describe-instances. The format of an instance's public DNS is ec2-w-x-y-z-compute-1.amazonaws.com where w, x, y, and z each represents a number between 0 and 255 inclusive.Private key—Get the path to your private key
You'll need the fully qualified path of the private key file associated with your instance. For more information on key pairs, see Getting an SSH Key Pair.
To use SSH to connect
If you've launched a public AMI that you have not rebundled, run the
ec2-get-console-outputcommand on your local system (not on the instance), and locate theSSH HOST KEY FINGERPRINTSsection. For more information, go toec2-get-console-outputin the Amazon Elastic Compute Cloud Command Line Reference.PROMPT>ec2-get-console-outputinstance_id... ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_key.pub ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_rsa_key.pub ec2: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_dsa_key.pub ec2: -----END SSH HOST KEY FINGERPRINTS-----...Note the fingerprints so that you can compare them to the fingerprints of the instance.
In a command line shell, change directories to the location of the private key file that you created when you launched the instance.
Use the
chmodcommand to make sure your private key file isn't publicly viewable. For example, if your private key file wereMy_Keypair.pem, you would enter:chmod 400 My_Keypair.pem
Connect to your instance using the instance's public DNS name (available through the AWS Management Console or the
ec2-describe-instancescommand). For example, if the key file isMy_Keypair.pemand the instance's DNS name is ec2-184-72-204-112.compute-1.amazonaws.com, use the following command.ssh -i /example/My_Keypair.pem root@ec2-184-72-204-112.compute-1.amazonaws.com
![[Note]](http://docs.amazonwebservices.com/docs-common/images/note.png)
Note Some AMIs let you log in as root, but some require that you log in with the username ec2-user. For log in information for your chosen AMI, contact your AMI provider directly or go to Amazon Machine Images(AMIs) page, then locate and click your AMI on the list.
You'll see a response like the following.
The authenticity of host 'ec2-184-72-204-112.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00. Are you sure you want to continue connecting (yes/no)?
yes![[Important]](http://docs.amazonwebservices.com/docs-common/images/important.png)
Important If you've launched a public AMI, verify that the fingerprint matches the fingerprint from the output of the
ec2-get-console-outputcommand. If it doesn't, someone might be attempting a "man-in-the-middle" attack.Enter
yes.You'll see a response like the following.
Warning: Permanently added 'ec2-184-72-204-112.compute-1.amazonaws.com' (RSA) to the list of known hosts.
Transfer Files to Linux/UNIX Instances from Linux/UNIX with SCP
One way to transfer files between your local machine and a Linux/UNIX instance is to use Secure Copy (SCP). This section describes how to transfer files with SCP. The procedure is very similar to the procedure for connecting to an instance with SSH.
Prerequisites
Enable SSH traffic—Open the instance's SSH port
Before you try to connect, ensure that your Amazon EC2 instance accepts incoming SSH traffic (usually on port 22). For more information, see Authorize Network Access to Your Instances.
SCP client—Install an SCP client
Most Linux and UNIX machines include an SCP client by default. If yours doesn't, the OpenSSH project provides a free implementation of the full suite of SSH tools, including an SCP client. For more information, go to http://www.openssh.org.
Instance ID—Get the ID of your Amazon EC2 instance
Retrieve the Instance ID of the Amazon EC2 instance you want to access. The Instance ID for all your instances are available in the AWS Management Console or through the CLI command ec2-describe-instances.
Instance's public DNS—Get the public DNS of your Amazon EC2 instance
Retrieve the public DNS of the Amazon EC2 instance you want to access. You can find the public DNS for your instance using the AWS Management Console or by calling the CLI command
ec2-describe-instances. The format of an instance's public DNS is ec2-w-x-y-z-compute-1.amazonaws.com where w, x, y, and z each represents a number between 0 and 255 inclusive.Private key—Get the path to your private key
You'll need the fully qualified path of the private key file associated with your instance. For more information on key pairs, see Getting an SSH Key Pair.
The following procedure steps you through using SCP to transfer a file. If you've already connected to the instance with SSH and have verified its fingerprints, you can start with the step that contains the SCP command (step 4).
To use SCP to transfer a file
If you've launched a public AMI that you have not rebundled, run the
ec2-get-console-outputcommand on your local system (not on the instance), and locate theSSH HOST KEY FINGERPRINTSsection. For more information, go toec2-get-console-outputin the Amazon Elastic Compute Cloud Command Line Reference.PROMPT>ec2-get-console-outputinstance_id... ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_key.pub ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_rsa_key.pub ec2: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /etc/ssh/ssh_host_dsa_key.pub ec2: -----END SSH HOST KEY FINGERPRINTS-----...Note the fingerprints so that you can compare them to the fingerprints of the instance.
In a command line shell, change directories to the location of the private key file that you created when you launched the instance.
Use the
chmodcommand to make sure your private key file isn't publicly viewable. For example, if your file wereMy_Keypair.pem, you would enter:chmod 400 My_Keypair.pem
Transfer a file to your instance using the instance's public DNS name (available through the AWS Management Console or the
ec2-describe-instancescommand). For example, if the key file isMy_Keypair.pem, the file to transfer is samplefile.txt, and the instance's DNS name is ec2-184-72-204-112.compute-1.amazonaws.com, use the following command to copy the file to the ec2-user home directory.scp -i My_Keypair.pem samplefile.txt ec2-user@ec2-184-72-204-112.compute-1.amazonaws.com:~
Note Some AMIs let you log in as root, but some require that you log in with the username ec2-user. For log in information for your chosen AMI, contact your AMI provider directly or go to Amazon Machine Images(AMIs) page, then locate and click your AMI on the list.
You'll see a response like the following.
The authenticity of host 'ec2-184-72-204-112.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00. Are you sure you want to continue connecting (yes/no)?
yesImportant If you've launched a public AMI, verify that the fingerprint matches the fingerprint from the output of the
ec2-get-console-outputcommand. If it doesn't, someone might be attempting a "man-in-the-middle" attack.Enter
yes.You'll see a response like the following.
Warning: Permanently added 'ec2-184-72-204-112.compute-1.amazonaws.com' (RSA) to the list of known hosts. Sending file modes: C0644 20 samplefile.txt Sink: C0644 20 samplefile.txt samplefile.txt 100% 20 0.0KB/s 00:00
To transfer files in the other direction, i.e., from your Amazon EC2 instance to your local machine, simply reverse the order of the host parameters. For example, to transfer the samplefile.txt file from your Amazon EC2 instance back to the home directory on your local machine as samplefile2.txt, use the following command on your local machine.
scp -i My_Keypair.pem ec2-user@ec2-184-72-204-112.compute-1.amazonaws.com:~/samplefile.txt ~/samplefile2.txt
