an image of How to Connect to Your AWS EC2 Instance Using SSH

How to Connect to Your AWS EC2 Instance Using SSH

Arslan ud Din Shafiq Avatar
Arslan ud Din Shafiq

How to Connect to Your AWS EC2 Instance Using SSH

Congratulations! You’ve successfully launched your first virtual server using Amazon EC2. You have a running instance in the cloud, but now you might be asking: “How do I actually access and control it?

The answer is SSH, or the Secure Shell protocol. SSH is the standard way to securely connect to and manage Linux servers over the internet. It gives you a command-line interface, allowing you to run commands, install software, and configure your server from your own computer.

This step-by-step guide will show you exactly how to connect to your new Linux EC2 instance from Windows, macOS, or Linux.

Prerequisites

Before you begin, make sure you have the following three items ready:

  1. A Running EC2 Instance: You should have an instance running in your EC2 Dashboard.
  2. Your Instance’s Public IP Address: This is the public address of your server on the internet.
  3. Your Private Key File: This is the .pem file you downloaded when you launched your EC2 instance. You must have this file saved on your computer.

Step 1: Locate Your Instance’s Public IP Address

First, we need the address of the server we want to connect to.

  1. Navigate to your EC2 Dashboard in the AWS Management Console.
  2. Click on “Instances” in the left-hand menu.
  3. Select your running instance from the list.
  4. In the details panel at the bottom, look for the “Public IPv4 address”. Copy this address; you will need it shortly.
A screenshot of the EC2 Instances dashboard with an arrow pointing to the "Public IPv4 address" of a selected instance.

Step 2: Connecting from macOS or Linux (Using the Terminal)

If you are using a Mac or any Linux distribution (like Ubuntu), you have a built-in SSH client in your terminal.

Action 1: Secure Your Private Key File

This is the most important step. For security reasons, your SSH client will refuse to use a key file that has open permissions. We need to lock it down.

  1. Find the .pem file you downloaded. It’s likely in your Downloads folder.
  2. Open your Terminal application.
  3. Use the chmod command to set the permissions to “read-only for the owner.” This is what 400 means.

chmod 400 /path/to/your/my-aws-key.pem

(Remember to replace /path/to/your/my-aws-key.pem with the actual path to your key file.)

Action 2: Connect via SSH

Now you can use the ssh command to connect. The command has three parts: the path to your key, the username for the instance, and the server’s IP address.

  • The default username for Amazon Linux AMIs is ec2-user. The username for Ubuntu will be ubuntu, for debian it will be admin, for CentOS, it will be centos and for Fedora it will be fedora. Make sure username is correct, otherwise your connection will be unsuccessful (you can see my screenshot where I made a mistake of username resulting in unsuccessful access.)

In your terminal, run the following command, replacing the ec2-user with your own username and YOUR_PUBLIC_IP_ADDRESS with your instance’s public IP address:

ssh -i /path/to/your/my-aws-key.pem ec2-user@YOUR_PUBLIC_IP_ADDRESS

The first time you connect, you will see a message asking if you want to continue connecting because the authenticity of the host can’t be established. This is normal. Type yes and press Enter.

If successful, your terminal prompt will change, and you will be logged into your EC2 instance!

A screenshot of a terminal showing a successful SSH connection to an EC2 instance, with the new command prompt visible in MacOS.

Step 3: Connecting from Windows

Connecting from Windows used to be complicated, but modern versions of Windows 10 and 11 have made it much easier.

Method A: The Modern Way (Using Windows Terminal or PowerShell)

Modern Windows now includes a built-in OpenSSH client, just like macOS and Linux.

  1. Secure Your Private Key File:
    • Find your .pem key file in File Explorer.
    • Right-click on the file and go to Properties > Security > Advanced.
    • Click “Disable inheritance,” then “Remove all inherited permissions.”
    • Click “Add,” select your own user account, and give yourself “Read” permissions only. This is the graphical equivalent of chmod 400.
  2. Connect via SSH:
    • Open Windows Terminal or PowerShell.
    • Use the exact same ssh command as the one for macOS/Linux:
    ssh -i "C:\path\to\your\my-aws-key.pem" ec2-user@YOUR_PUBLIC_IP_ADDRESS
    (Note: Use quotes around the path if it contains spaces.)

Method B: The Classic Way (Using PuTTY)

If you prefer a graphical tool, you can use PuTTY.

  1. Download PuTTY and PuTTYgen.
  2. Convert your key: You must first use PuTTYgen to convert your .pem file into a .ppk file, which is the format PuTTY uses. Open PuTTYgen, load your .pem file, and save the private key as a .ppk file.
  3. Connect with PuTTY: Open PuTTY, enter ec2-user@YOUR_PUBLIC_IP_ADDRESS in the Host Name field, then go to Connection > SSH > Auth > Credentials and browse to select your newly created .ppk file. Click “Open” to connect.

Common Troubleshooting Tips

  • “Connection timed out”: This almost always means your Security Group is not configured correctly. Go back to the EC2 console, find your instance’s security group, and ensure there is an inbound rule of type SSH that allows traffic from My IP.
  • “Permissions for ‘my-key.pem’ are too open”: You will see this on macOS or Linux if you forgot to set the correct permissions. Run the chmod 400 command on your key file to fix it.

Conclusion

You have now mastered a fundamental skill for any cloud professional: securely connecting to a remote server. You have full command-line access to your EC2 instance, giving you the power to install software, configure a web server, or run any application you can imagine.

Read Next: Understanding EC2 Instance Types: A Simple Guide