Appendix: PuTTY
Note: | This section is for Windows users using PuTTY. If you are using another operating system or SSH client you can skip this chapter. |
PuTTY is a free SSH client for Windows. PuTTY also comes with PuTTYgen, a key generation program, and pscp, a secure copy command line tool. This guide outlines the additional steps required to use PuTTY with Amazon EC2.
PuTTY does not natively support the private key format generated by Amazon EC2. Fortunately PuTTY has a tool called PuTTYgen which can convert keys to its internal format.
You should have generated a private key as described in Chapter 5, Running an Instance
and saved the key to a file named something like id_rsa-gsg-keypair.
Launch PuTTYgen and load id_rsa-gsg-keypair. PuTTYgen should pop up
the following message.
Note: | The private key file must end with a newline character or PuTTYgen will not load it correctly. |
PuTTYgen key loaded confirmation.
PuTTYgen displays a lot of information regarding the key that has been loaded, such as the public key, the key passphrase, the type and the number of bits in the generated key. The keys generated by Amazon EC2 are 1024 bit SSH-2 RSA keys. They are also passphraseless. A passphrase on a private key is an extra layer of protection, so even if your private key is discovered it will not be usable without the passphrase. The downside is that it makes automation harder as human intervention is needed to log on to an instance, or copy files to an instance.
PuTTYgen's main screen after loading the private key.
You need to save the key in PuTTY's format. You can either either use the File -> Save menu option or click on the Save private key button. Save the key as id_rsa-gsg-keypair.ppk. Click Yes when PuTTYgen prompts you about saving the key without a passphrase.
Confirm saving the key without a passphrase.
The file you have just saved can be used with PuTTY to connect to your Amazon EC2 host as outlined in the next section.
This section assumes that you have converted an Amazon EC2 generated private key file to a PuTTY private key file and have successfully launched an instance.
Running PuTTY brings up a graphical configuration utility. Go to Connection -> SSH -> Auth. Under Authentication parameters click on Browse... and select the PuTTY private key file you generated earlier. If you are following the guide the file will be named id_rsa-gsg-keypair.ppk.
Authorization Configuration
Under Session fill in your EC2 instance host name or IP address. Click on Open to connect to your EC2 instance.
Session Configuration
The use of pscp is nearly identical to scp. To use pscp you first need to convert your private key to PuTTY's format. The command to copy the private key and X.509 certificate, as shown in the section called “Preparing for Bundling”, should look as follows
$scp -i id_rsa-gsg-keypairpk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pemcert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pemroot@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com:
To run the same command with pscp, bearing in mind that we are using the private key in PuTTY's format as generated above, the command should look as follows:
C:\>pscp -i id_rsa-gsg-keypair.ppkpk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pemcert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pemroot@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com: