Connecting to Linux/UNIX Instances from Windows Using PuTTY
To connect to your Linux/UNIX instance from a Windows computer, use
an SSH client. The following instructions explain how to use PuTTY,
a free SSH client for Windows computers.
Prerequisites
Enable SSH traffic—Open the instance's
SSH port
Before you try to connect, ensure that your Amazon EC2 instance
accepts incoming SSH traffic (usually on port 22). For more
information, see
Instance ID—Get the ID of your Amazon
EC2 instance
Retrieve the Instance ID of the Amazon EC2 instance you want to
access. The Instance ID for all your instances are available in the
AWS Management Console or through the CLI
command
Instance's public DNS—Get the public
DNS of your Amazon EC2 instance
Retrieve the public DNS of the Amazon EC2 instance you want to
access. You can find the public DNS for your instance using the AWS
Management Console or by calling the CLI
command ec2-describe-instances.
The format of an instance's public DNS is
ec2-w-x-y-z-compute-1.amazonaws.com where w, x, y, and z each
represents a number between 0 and 255 inclusive.
Private key—Get the path to your
private key
You'll need the fully qualified path of the private key file
associated with your instance. For more information on key pairs,
see
Getting
PuTTY
To download and
install PuTTY
Other tools in the PuTTY suite are
PuTTYgen, a key generation program, and pscp, a secure copy command
line tool. The different PuTTY tools are separate applications. You
can install them separately or install the entire suite with a
simple Windows installer. The following instructions assume you've
installed the entire suite and can access all the components from
the Windows Start menu.
Converting
Your Private Key
PuTTY does not natively support the
private key format generated by Amazon EC2. Fortunately, PuTTY has
a tool called PuTTYgen, which can convert keys to the required
PuTTY format.
To convert your
private key
Start PuTTYgen (for example, from
the Start menu,
click All Programs > PuTTY >
PuTTYgen).
Click Load and browse to the
location of the private key file that you want to convert
(e.g., GSG_Keypair.pem).
By default, PuTTYgen displays only files with
extension .ppk; you'll
need to change that to display files of all types in order to see
your .pem key
file. The private key file must end with a newline character or
PuTTYgen cannot load it correctly.
Select
your .pem key
file and click Open.
PuTTYgen displays the following
message.
When you click OK, PuTTYgen displays
a dialog box with information about the key you loaded, such as the
public key and the fingerprint. The keys that Amazon EC2 generates
are 1024-bit SSH-2 RSA keys.
Click Save private
key to save the key in PuTTY's format.
PuTTYgen asks if you want to save the key without a passphrase.
Click Yes.
Note
A passphrase
on a private key is an extra layer of protection, so even if your
private key is discovered, it will not be usable without the
passphrase. The downside to using a passphrase is that it makes
automation harder because human intervention is needed to log on to
an instance, or copy files to an instance. For this exercise, we're
not using a passphrase.
Use the same name for the key that
you used for the key pair (for example, GSG_Keypair). PuTTY
automatically adds the .ppk file
extension.
Your private key is now in the
correct format for use with PuTTY. You can now connect to your
instance using PuTTY's SSH client.
Connecting
Using PuTTY SSH
You'll connect by starting a PuTTY
SSH session.
To use SSH to
connect
If you've launched a public AMI that
isn't one that you created yourself, run
the ec2-get-console-output command
on your local system (not on the instance), and locate
the SSH HOST KEY
FINGERPRINTS section. For more information,
see ec2-get-console-output in
the Amazon Elastic Compute
Cloud Command Line Reference.
C:\>ec2-get-console-output instance_id
...
ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
/etc/ssh/ssh_host_key.pub
ec2: 2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
/etc/ssh/ssh_host_rsa_key.pub
ec2: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
/etc/ssh/ssh_host_dsa_key.pub
ec2: -----END SSH HOST KEY FINGERPRINTS-----
...
Note the fingerprints so that you
can compare them to the fingerprints of the instance.
Start PuTTY (from
the Start menu,
click All Programs > PuTTY >
PuTTY).
A dialog box opens with a Category menu on
the left side. On the right side, the basic options for your PuTTY
session are displayed.
In the Host
Name field, enter the public DNS name of
your instance (available through the AWS Management Console or
the ec2-describe-instancescommand).
You can optionally prefix the DNS name
with ec2-user@ to
automatically log in with superuser privileges when the session
opens.
In the Category menu,
under Connection,
click SSH, and
then Auth.
The options controlling SSH authentication are displayed.
Click Browse and navigate to
the PuTTY private key file you generated in the preceding
section.
Click Open.
An SSH session window opens and PuTTY displays a security alert
asking if you trust the host you're connecting to.
Important
If you've
launched a public AMI, verify that the fingerprint in the security
alert matches the fingerprint from the output of
the ec2-get-console-output command.
If it doesn't, someone might be attempting a "man-in-the-middle"
attack.
Click Yes.
In the SSH session window, log in as
root (or ec2-user) if you didn't as part of starting the SSH
session.
Note
Some AMIs let
you log in as root, but some require you to log in with the
username ec2-user. For log in information for your chosen AMI,
contact your AMI provider directly or go
to Amazon Machine
Images(AMIs) page, then locate and click your
AMI on the list.
Note
If you
specified a passphrase when you converted your private key to
PuTTY's format, you must provide that passphrase when you log in to
the instance.
Transferring Files with PSCP
The PuTTY Secure Copy Client (PSCP)
is a command-line tool that lets you transfer files between your
Windows computer and your Linux/UNIX instance.
To use PSCP, you'll need the private
key you generated in Converting Your Private Key. You'll
also need the public IP address of your Linux/UNIX instance.
The following example transfers the
file sample_file.txt from
a Windows computer to the /usr/local directory
on a Linux/UNIX instance:
C:\>pscp -i C:\GSG_Keypair.ppk C:\sample_file.txt root@ec2-184-72-204-112.compute-1.amazonaws.com:/usr/local/sample_file.txt
If you prefer a graphical user
interface (GUI), you can use an open source GUI tool named WinSCP.
For more information, go to the