Skip to main content

From a Windows Machine - Connect (ssh) to Linux Instances running in a Private Amazon VPC

To start with the following tools need to be downloaded:

1. PuTTY
2. PuTTYGen
3. Pageant


If you are a Windows user & trying to connect to (SSH into) an AWS EC2 instance then you need to use PuTTY.

During the process of provisioning an EC2 instance, you would have created/downloaded a key pair file which would be in a .pem format. But PuTTY doesn't support the .pem format and it needs the key pair file to be in .ppk file format. That's where PuTTYGen comes into play. PuTTYGen helps in converting a .pem file into a .ppk file with a click of a button.

Connecting to an EC2 instance in a public subnet:

1. Open PuTTyGen
2. Load >> Choose the .pem which you want to convert
2.1 [Optional] Provide a key passphrase & confirm passphrase. For simplicity sake, I skip it for now.



3. Click on "Save private key"
4. Open Putty
5. Enter the hostname / IP - For ex: ec2-user@35.154.74.77
6. Copy paste that into Saved Sessions textbox as well
7. Category > Connection > SSH > Auth > Choose the .ppk file which you saved in step 3.
8. Category > Session > Click on Save.
9. Now click on "Open" to ssh to that instance.

Connecting to an EC2 instance in a private subnet:

EC2 instance in a private subnet will not have a Public IP instead it would only have a Private IP. So the question in hand is from a windows machine how would you connect to this EC2 instance with Private IP on a private subnet.

1. For this, we need to make use of Pageant. It's actually a windows service. Just double click to run Pageant and it would sit in the system tray doing nothing until you add a private key into it

2. Double clicking on the Pageant icon in the system tray will open up the "Pageant key list" dialogue box. 

3. Choose the .ppk file by clicking on "Add Key". Pageant will now load the private key. If the key is protected by a passphrase, Pageant will ask you to type the passphrase. When the key has been loaded, it will appear in the list in the Pageant window.



4. Once you see a screen like shown above click on "Close".

(Now if you start PuTTY and open an SSH session which expects this keypair file. It will notice that Pageant is running, retrieve the key automatically from Pageant, and use it to authenticate. You can now open as many sessions as you like without having to type your passphrase again.)

5. Now open PuTTy and if you had saved the earlier session the name would be listed there. Click on it and Load.

6. Navigate to connection configuration section and check "Allow Agent Forwarding". For me, it worked only after providing the "Private key file for authentication" here as well. [But you can check by leaving it empty as well.]


Do not forget to save this session again so that this change is also saved in PuTTY.

7. As agent forwarding enabled in the PuTTY configuration, from this connection you can connect to any other instance in the VPC without having the SSH private key here. 

Assuming our EC2 Instance private IP is 10.0.2.82 we can just do a basic SSH command as shown below and connect into it.


Labels:

Comments

Post a Comment

Popular posts from this blog

My Wedding Anniversary :)

Six years back on the same day I married Sai Lakshmi (12-July-2000). I know Sai for almost 13 years now :) I fell in love with her during my 12th standard. I know @ 17 yrs any person wouldn't be matured enough to make a big decision like this. But thank God my choice was perfect :) Even now, very often we used to think about the past and laugh at our behaviors/actions then. My love story would be really interesting (at least for me and Sai :)) and I am sure none of you guys would be interested in reading about it so lemme not get into it in-depth. But one thing which I want to share is "Without Sai, I wouldn't have entered into the IT field at all". She was instrumental in convincing me to study my Master's degree in Computer Application. That's the move that changed my career. Till my schooling, my dream was to either become a "big" sportsman (Cricket and Badminton were my favorites at that time.) or an Aeronautics engineer. Unfortunately, my l...
40 comments
Read more

Script table as - ALTER TO is greyed out - SQL SERVER

One of my office colleague recently asked me why we are not able to generate ALTER Table script from SSMS. If we right click on the table and choose "Script Table As"  ALTER To option would be disabled or Greyed out. Is it a bug? No it isn't a bug. ALTER To is there to be used for generating modified script of Stored Procedure, Functions, Views, Triggers etc., and NOT for Tables. For generating ALTER Table script there is an work around. Right click on the table, choose "Modify" and enter into the design mode. Make what ever changes you want to make and WITHOUT saving it right click anywhere on the top half of the window (above Column properties) and choose "Generate Change Script". Please be advised that SQL Server would drop actually create a new table with modifications, move the data from the old table into it and then drop the old table. Sounds simple but assume you have a very large table for which you want to do this! Then it woul...
2 comments
Read more

What should one look @ while buying a land in chennai?

Offlate people have started thinking about investing their money in lands. I too think that to be a wise decision only! As most of us know buying a land in chennai (for that matter any where in the world) isn't an easy affair. I was just wondering what all one needs to look at before deciding to purchase a land. I thought I would put down what ever I know about this subject here. [Guys pls free to correct me if I my understanding is wrong somewhere. That way, it would help me understand as well as others who might read this in future]. Here we go ... 1. One should not buy farm lands if they want to build a residential house sometime later there. Because to my knowledge its illegal to build residential houses on lands meant for irrigation. 2. Encumberance Certificate -- This is what is shortly refered as "EC". One needs to get an EC from local sub registrar office (i guess we need pay a small amount for this). From this we / our lawyers :) can find out whether the guy who ...
34 comments
Read more