How to ssh from one ec2 instance to another?

ssh amazon-web-services amazon-ec2 private-key

31,569

Solution 1

Method 1 - use the same keys on the servers:

Convert the keys to openssh format and upload the private keys to the servers. When you ssh to the destination host, specify the private key file:

ssh -i mykey.pem private.ip.of.other.server

Method 2 - Create new keys

On each server run:

ssh-keygen

Hit enter enter enter. You'll have two files:

.ssh/id_rsa
.ssh/id_rsa.pub

On Server A, cat and copy to clipboard the public key:

cat ~/.ssh/id_rsa.pub
[select and copy to your clipboard]

ssh into Server B, and append the contents of that to the it's authorized_keys file:

cat >> ~/.ssh/authorized_keys
[paste your clipboard contents]
[ctrl+d to exit]

Now ssh from server A:

ssh -i ~/.ssh/id_rsa private.ip.of.other.server

Solution 2

There is a 3rd and IMHO the best solution so called ssh agent forwarding:

on local machine configure ~/.ssh/config, by adding following section:

Host <ip-or-name-of-A-server>
  ForwardAgent yes

I assume on server A and B you have your local ~/.ssh/id_rsa.pub added to server's ~/.ssh/authorized_keys

While working on server A your keys can be used in further ssh communication - e.g.:

connecting to other server with ssh client - in this case to server B,
scp (secure copy),
git - you can pull/push using your local identity to your remote git repositories
etc.

To check to see if this works:

connect to server A
check if there is socket connection for key exchange by detecting SSH_AUTH_SOCK env var:

set|grep SSH_AUTH_ # output should be something like this:
SSH_AUTH_SOCK=/tmp/ssh-sEHiRF4hls/agent.12042

Notes:

you need to have ssh agent running - linux: ps -e | grep [s]sh-agent, for windows check putty's utilities pagent and plink
reference: https://help.github.com/articles/using-ssh-agent-forwarding
troubleshooting ssh:
https://confluence.atlassian.com/display/BITBUCKET/Troubleshoot+SSH+Issues

31,569

Stephen Walsh

Updated on September 18, 2022

Comments

Stephen Walsh over 1 year

I have created two EC2 instances on AWS. I created a key pair for each of them. I downloaded the .pem private keys and converted them into .ppk format. I can connect to each of my ec2 instances using PuTTY and their .ppk private key. But how do I SSH from one of my ec2 instance to the other? I can ping the Public DNS of either of them from the other. But if I try ssh from one to the other, I get:

Permission denied (publickey).
- Skaperen over 7 years
  
  set up these keys into your keypairs (only the public half). launch 2 new instances with each of these keypairs. upload everything (private half in particular) to be the designated client (e.g. for key A it is used to launch instance B and its private half is uploaded to instance A).
- matiu over 7 years
  
  I think you might need to convert the keys into an openssh format: stackoverflow.com/questions/2224066/…
- JW0914 over 4 years
  
  Just a general FYI, there's little security benefit to utilizing multiple SSH keys for multiple SSH servers, provided the SSH key utilized is encrypted with a complex password (at time of creation) of at least 16 characters containing two each of the following: Uppercase, Lowercase, Symbols, & Numbers. Utilizing multiple SSH keys overcomplicates management while offering negligible additional security.
raphael75 about 7 years

Thank you for such a simple and straightfoward explanation! It worked perfectly.
weston over 5 years

You will also need to ensure that the Security Group has an inbound rule for port 22 (SSH) with your EC2 subnet as the source.
Mehdi LAMRANI over 4 years

Method 1 is highly discouraged as it is a serious security breach imho
Nulldevice almost 3 years

In my opinion, this answer is significantly underestimated.