How to ssh from one ec2 instance to another?
Solution 1
Method 1 - use the same keys on the servers:
Convert the keys to openssh format and upload the private keys to the servers. When you ssh to the destination host, specify the private key file:
ssh -i mykey.pem private.ip.of.other.server
Method 2 - Create new keys
On each server run:
ssh-keygen
Hit enter enter enter. You'll have two files:
.ssh/id_rsa
.ssh/id_rsa.pub
On Server A, cat and copy to clipboard the public key:
cat ~/.ssh/id_rsa.pub
[select and copy to your clipboard]
ssh into Server B, and append the contents of that to the it's authorized_keys file:
cat >> ~/.ssh/authorized_keys
[paste your clipboard contents]
[ctrl+d to exit]
Now ssh from server A:
ssh -i ~/.ssh/id_rsa private.ip.of.other.server
Solution 2
There is a 3rd and IMHO the best solution so called ssh agent forwarding:
- on local machine configure ~/.ssh/config, by adding following section:
Host <ip-or-name-of-A-server> ForwardAgent yes
- I assume on server A and B you have your local ~/.ssh/id_rsa.pub added to server's ~/.ssh/authorized_keys
While working on server A your keys can be used in further ssh communication - e.g.:
- connecting to other server with ssh client - in this case to server B,
- scp (secure copy),
- git - you can pull/push using your local identity to your remote git repositories
- etc.
To check to see if this works:
- connect to server A
- check if there is socket connection for key exchange by detecting SSH_AUTH_SOCK env var:
set|grep SSH_AUTH_ # output should be something like this: SSH_AUTH_SOCK=/tmp/ssh-sEHiRF4hls/agent.12042
Notes:
- you need to have ssh agent running - linux:
ps -e | grep [s]sh-agent
, for windows check putty's utilities pagent and plink - reference: https://help.github.com/articles/using-ssh-agent-forwarding
- troubleshooting ssh:
https://confluence.atlassian.com/display/BITBUCKET/Troubleshoot+SSH+Issues
Related videos on Youtube
Stephen Walsh
Updated on September 18, 2022Comments
-
Stephen Walsh over 1 year
I have created two EC2 instances on AWS. I created a key pair for each of them. I downloaded the .pem private keys and converted them into
.ppk
format. I can connect to each of my ec2 instances using PuTTY and their .ppk private key. But how do I SSH from one of my ec2 instance to the other? I can ping the Public DNS of either of them from the other. But if I try ssh from one to the other, I get:Permission denied (publickey).
-
Skaperen over 7 yearsset up these keys into your keypairs (only the public half). launch 2 new instances with each of these keypairs. upload everything (private half in particular) to be the designated client (e.g. for key A it is used to launch instance B and its private half is uploaded to instance A).
-
matiu over 7 yearsI think you might need to convert the keys into an openssh format: stackoverflow.com/questions/2224066/…
-
JW0914 over 4 yearsJust a general FYI, there's little security benefit to utilizing multiple SSH keys for multiple SSH servers, provided the SSH key utilized is encrypted with a complex password (at time of creation) of at least 16 characters containing two each of the following: Uppercase, Lowercase, Symbols, & Numbers. Utilizing multiple SSH keys overcomplicates management while offering negligible additional security.
-
-
raphael75 about 7 yearsThank you for such a simple and straightfoward explanation! It worked perfectly.
-
weston over 5 yearsYou will also need to ensure that the Security Group has an inbound rule for port 22 (SSH) with your EC2 subnet as the source.
-
Mehdi LAMRANI over 4 yearsMethod 1 is highly discouraged as it is a serious security breach imho
-
Nulldevice almost 3 yearsIn my opinion, this answer is significantly underestimated.