The following describes how to use PuTTY (a free SSH client for Windows) to connect to your instance. If you receive an error message when trying to connect to your instance, see putty Linux connection failure troubleshooting.
After starting your instance, you can connect to the instance and use it like using the computer in front of you.
Note
After the instance is started, it takes several minutes to prepare the instance so that you can connect to the instance. Check whether your instance has passed the Status check-you can view this information in the Status Checks column on the Instances page.
The following describes how to use PuTTY (a free SSH client for Windows) to connect to your instance. If you receive an error message when trying to connect to your instance, see troubleshooting instance connection problems.
Prerequisites
Before using PuTTY to connect to your Linux instance, complete the following prerequisites:
Install PuTTY
Download and install PuTTY from the PuTTY download page. Ensure that the entire suite is installed.
Obtain the instance ID
You can obtain the ID of your Instance by using the Amazon EC2 Console (in the Instance ID column. You can use describe-instances (aws cli) or ec2-describe-instances (Amazon EC2 CLI)Command.
Obtain the public DNS name of the Instance
You can use the Amazon EC2 console to obtain the Public DNS of the Instance (check the Public DNS (Public DNS) column; if this column is hidden, Click Show/Hide (Show/Hide) and select Public DNS )). If you want, you can use the describe-instances (aws cli) or ec2-describe-instances (Amazon EC2 CLI) command.
Find private keys
You need to use the key pair you specified when starting the instance.pem
File Path.
Allow inbound SSH traffic from your IP address to your instance
Make sure that the security group associated with your instance allows incoming SSH traffic from your IP address.
Important
By default, your default security group does not allow incoming SSH traffic.
Use PuTTYgen to convert your private key
PuTTY itself does not support the private key format (. pem) generated by Amazon EC2 ). PuTTY has a tool named PuTTYgen that converts keys to the required PuTTY format (. ppk ). You must convert the private key to this format (. ppk) before attempting to connect to your instance using PuTTY.
Convert your private key
Start PuTTYgen (for example, click "All Programs> PuTTY> PuTTYgen" in the "Start" menu ").
Under Type of key to generate, select SSH-2 RSA.
Click Load ". By default, PuTTYgen only displays.ppk
. To find your.pem
File. select the option to display all types of files.
Select the key pair specified when the instance is started.pem
File, and then click Open. Click OK to close the confirmation dialog box.
Click Save private key to Save the key in a format available for PuTTY. PuTTYgen displays a warning about saving the key without a password. Click Yes ).
Note
The password of a private key is additionally protected. Therefore, even if your private key is disclosed, the key is still unavailable without a password. The disadvantage of using a password is that it makes automation more difficult, because manual intervention is required to log on to the instance or copy files to the instance.
Specify the same name as the key pair for this key (for example,my-key-pair
). PuTTY automatically added .ppk
File extension.
Your private key format is now in the correct PuTTY format. You can now use the PuTTY SSH client to connect to the instance.
Start PuTTY session
Use PuTTY to connect to your Linux instance. You will need.ppk
File.
Start PuTTY session
(Optional) You can use one of the following commands on the local system (instead of the Instance) to verify the RSA key fingerprint on the instance. If you start an instance from a third-party public AMI, you may need to do so. FindSSH HOST KEY FINGERPRINTS
Part, write down the RSA fingerprint (for example, 1f: 51: AE: 28: bf: 89: e9: d8: 1f: 25: 5d: 37: 2d: 7d: b8: ca: 9f: f5: f1: 6f) and compare it with the instance fingerprint.
Get-console-output (aws cli)
aws ec2 get-console-output --instance-id instance_id
The ec2-get-console-output (Amazon EC2 CLI)
ec2-get-console-output instance_id
Note
SSH HOST KEY FINGERPRINTS
Some are only available after the instance is started for the first time.
Start PuTTY (in the "Start" menu, click "All Programs> PuTTY ").
In the "Category" pane, select Session and enter the following fields:
In the Host Name box, enteruser_name
@public_dns_name
. Make sure that the user name is specified for your AMI. For example:
For Amazon Linux AMI, the user name isec2-user
.
For the RHEL5 AMI, the user name isroot
Orec2-user
.
For Ubuntu AMI, the user name isubuntu
.
For the Fedora AMI, the user name isfedora
Orec2-user
.
For SUSE Linux, the user name isroot
Orec2-user
.
In addition, ifec2-user
Androot
Unavailable. Check with the AMI supplier.
Under Connection type, select SSH.
Make sure the Port is 22.
In the Category pane, expand Connection, expand SSH, and then select Auth ). Complete these steps:
Click Browse ).
Select.ppk
File, and then click Open ).
(Optional) If you want to restart the session later, you can save the session information for future use. Select Session in the Category tree, enter a name for the Session in the Saved Sessions (Saved Session), and click Save ).
Click Open to start the PuTTY session.
If this is your first connection to this instance, PuTTY will display a security warning dialog box asking if you trust the host you want to connect.
(Optional) Verify that the fingerprint in the security alarm matches the fingerprint obtained in step 1. If these fingerprints do not match, someone may be attempting to launch a "man-in-the-middle" attack. If yes, proceed to the next step.
Click Yes ). A window opens and you connect to your instance.
Note
If you specify a password when converting a private key to the PuTTY format, you must provide the password when you log on to the instance.
Use PuTTY secure copy client to transmit files to your Linux instancePuTTY secure replication client (PSCP) is a command line tool that transfers files between Windows and Linux instances. If you prefer a graphical user interface (GUI), you can use an open-source GUI tool called "WinSCP. For more information, see transfer files to your Linux instance using WinSCP.
To use PSCP, you will need to use PuTTYgen to convert the private key generated in your private key. You also need the public DNS address of the Linux instance.
In the following exampleSample_file.txt
Transfer from a Windows computer to a Linux instance/usr/local
Directory:
C:\>
pscp -i C:\Keys\my-key-pair.ppk C:\Sample_file.txt user_name@public_dns:/usr/local/Sample_file.txt
Use WinSCP to transfer files to your Linux instanceWinSCP is a GUI-based file manager for Windows. You can use the SFTP, SCP, FTP, and FTPS protocols to upload and transmit files to a remote computer. With WinSCP, you can drag and drop files from Windows to a Linux instance or synchronize all the directory structures between the two systems.
To use WinSCP, you will need to use PuTTYgen to convert the private key generated in your private key. You also need the public DNS address of the Linux instance.
Download and install WinSCP from the http://winscp.net/eng/download.php. For most users, use the default installation option.
Start WinSCP.
On the WinSCP login (WinSCP logon) screen, for Host name (Host name), enter the public DNS address of the instance.
For User name, enter the default AMI User name. For Amazon Linux AMI, the user name isec2-user
. For Red Hat AMI, the user name isroot
For Ubuntu AMI, the user name isubuntu
.
Specify a private key for your instance. For Private key, enter the path of the Private key or click "…" Button to browse the file. For the updated WinSCP version, click Advanced to open Advanced website settings, and then click Authentication under SSH to find Private key file Settings.
Note
WinSCP requires PuTTY private key file (.ppk
). You can use PuTTYgen.pem
Convert a security key file.ppk
Format.
(Optional) in the left-side pane, click Remote directory. For Directories, enter the directory path to add the file. For the updated version of WinSCP, You need to click Advanced to open Advanced website settings, and then click Directories under Environment (Environment) to find the Remote directory settings.
Click Login to connect, and then click Yes to add the host fingerprint to the host cache.
After the connection is established, in the connection window, your Linux instance is displayed on the right and the local computer is displayed on the left. You can drag and drop files from a local computer to a remote file system. For more information about WinSCP, see the project documentation in http://winscp.net/eng/docs/start.
Note
If you receive aCannot execute SCP to start transfer
"Error, you must first install it on your Linux instanceScp. For some operating systems, this command isopenssh-clients
Package. For Amazon Linux variants (such as AMI optimized by Amazon ECS), run the following command to installScp.
[ec2-user ~]$ sudo yum install -y openssh-clients