Differences
This shows you the differences between the selected revisions of the page.
| guide_amazon_ec2 2014-07-15 | guide_amazon_ec2 2024-08-19 (current) | ||
| Line 1: | Line 1: | ||
| - | ====== Connecting to Amazon EC2 Server ====== | + | ====== Connecting securely to Amazon EC2 server with SFTP ====== |
| - | With WinSCP you can easily upload and manage files on your Amazon EC2 (elastic cloud) instance/server over [[sftp|SFTP protocol]]. | + | With WinSCP you can easily upload and manage files on your Amazon EC2 (Elastic Compute Cloud) instance/server over [[sftp|SFTP protocol]]. |
| + | |||
| + | ===== Direct Connection ===== | ||
| Before starting you should: | Before starting you should: | ||
| * [[guide_install|Have WinSCP installed]]; | * [[guide_install|Have WinSCP installed]]; | ||
| - | * [[http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launching-instance.html|Have Amazon EC2 instance running]]; | + | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html|Have Amazon EC2 instance running]]; |
| - | * [[http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html|Have enabled inbound SSH traffic from your IP address to your instance]]; | + | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-security-group.html|Have enabled inbound SSH traffic from your IP address to your instance]]; |
| - | * Have your [[http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html|key pair]] ready; | + | * Have your [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html|key pair]] ready; |
| - | First you need to [[ui_puttygen#other_formats|convert your private key]] from ''.pem'' format to ''.ppk'': | + | ~~AD~~ |
| - | * Use [[ui_puttygen|PuTTYgen]] tool for conversion; | + | |
| - | ·* PuTTYgen installs by default with WinSCP. One way to run it to using //Tools > Run PuTTYgen// command on WinSCP [[ui_login|Login dialog]]. | + | Collect information about your EC2 instance: |
| - | * In PuTTYgen window, use //[[ui_puttygen#other_formats|Conversions > Import]]// command and locate your private key in ''.pem'' format. | + | |
| - | * Optionally enter passphrase for the converted key to protect it. | + | * Host name: Check //Public %%DNS%%// column on //Instances// page of Amazon EC2 console. Note that the public DNS may change when instance is restarted. |
| - | * [[ui_puttygen#saving_private|Save private key]] to ''.ppk'' format using //Save private key// button. | + | * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. |
| + | ···* To securely acquire a fingerprint of the host key, use EC2 web-based terminal. Go to //Actions > Connect > EC2 Instance Connect > Connect// on //Instances// page of Amazon EC2 console. In the terminal, use ''[[https://man.openbsd.org/ssh-keygen|ssh-keygen]]'' command to display a fingerprint of any number of host keys algorithms. The following example shows SHA-256 and MD5 fingerprints of Ed25519 hostkey: \\ <code bash>sudo ssh-keygen -l -f /etc/<nohilite>ssh</nohilite>/ssh_host_ed25519_key | ||
| + | sudo ssh-keygen -l -f /etc/<nohilite>ssh</nohilite>/ssh_host_ed25519_key -E md5 | ||
| + | </code> | ||
| + | |||
| + | ~~AD~~ | ||
| Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | ||
| * Make sure //New site// node is selected. | * Make sure //New site// node is selected. | ||
| * On //New site node//, make sure //%%SFTP%%// protocol is selected. | * On //New site node//, make sure //%%SFTP%%// protocol is selected. | ||
| - | * Enter your EC2 instance public DSN name into //Host name// box. If you do not know your instance DNS name, check //Public DNS// column on //Instances// page of Amazon EC2 console. | + | * Enter your EC2 instance public DSN name (see above) into //Host name// box. |
| * //User name// differs with instance type: | * //User name// differs with instance type: | ||
| * For an Amazon Linux AMI, the user name is ''ec2-user''. | * For an Amazon Linux AMI, the user name is ''ec2-user''. | ||
| - | * For a RHEL5 AMI, the user name is either root or ''ec2-user''. | + | * For a RHEL5 AMI, the user name is either ''root'' or ''ec2-user''. |
| * For an Ubuntu AMI, the user name is ''ubuntu''. | * For an Ubuntu AMI, the user name is ''ubuntu''. | ||
| + | * For an Centos AMI, the user name is ''centos''. | ||
| * For a Fedora AMI, the user name is either ''fedora'' or ''ec2-user''. | * For a Fedora AMI, the user name is either ''fedora'' or ''ec2-user''. | ||
| - | * For SUSE Linux, the user name is ''root''. | + | * For SUSE Linux, the user name is ''root'' or ''ec2-user''. |
| * Press //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | * Press //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | ||
| - | * In //Private key file// box select file you have saved your private key in ''.ppk'' format. | + | * In //Private key file// box select the ''.pem'' private key file. WinSCP will need to convert the key to its ''.ppk'' format (you can then use the converted ''.ppk'' key for example with [[integration_putty|PuTTY]] SSH client). |
| * Submit Advanced site settings dialog with //OK// button. | * Submit Advanced site settings dialog with //OK// button. | ||
| - | * Save your site settings using //Save// button. \\ \\ &screenshotpict(ec2_login) \\ | + | * Save your site settings using //Save// button. \\ \\ &screenshotpict(ec2_login) \\ \\ |
| * Login using //Login// button. | * Login using //Login// button. | ||
| - | * On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. The only way we know how to get host key safely to verify it, is to locate its fingerprint in server's initial start log (//Actions > Get System Log// command on //Instances// page of Amazon EC2 console), when host keys are generated: \\ \\ &screenshotpict(ec2_hostkey) | + | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprints with those collected before (see above). |
| - | ===== Further reading ===== | + | //If you are managing a large amount of servers, and it is not feasible for you to save a site for each of them in WinSCP, consider using the user script [[guide_injecting_sftp_ftp_url_to_page|*]].// |
| - | * Guide to [[guide_upload|uploading files to SFTP server]] | + | |
| + | ===== [[vpc]] Connecting to EC2 instance in VPC ===== | ||
| + | |||
| + | To connect to an EC2 instance in an Amazon VPC, you can tunnel through a [[https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html|NAT instance]]. | ||
| + | |||
| + | For details, see [[guide_tunnel|*]]. | ||
| + | |||
| + | ===== [[ssm]] Connecting using AWS SSM (Session Manager) ===== | ||
| + | |||
| + | In //Host name//, specify your //Instance ID//. | ||
| + | |||
| + | Press //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_proxy|Connection > Proxy page]]//. There: | ||
| + | |||
| + | * For //Proxy type//, select //Local//. | ||
| + | * In //Local proxy command//, specify: \\ <code>aws ssm start-session --target %host --document-name AWS-StartSSHSession --parameters "portNumber=%port" --profile <aws profile> --region <region></code> | ||
| + | * You may need to set //Do DNS name lookup at proxy end// to //Yes//. | ||
| + | |||
| + | ===== Further reading ===== | ||
| + | * [[guide_upload|*]]; | ||
| + | * [[guide_automation|*]]; | ||
| + | * [[faq_su|*]] | ||
| + | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-linux-inst-from-windows.html|Official AWS guide for connecting using PuTTY/WinSCP]]; | ||
| + | * [[https://docs.aws.amazon.com/transfer/latest/userguide/transfer-file.html#winscp|Official AWS guide for transfering files using a WinSCP]] | ||
| + | * [[guide_google_compute_engine|*]]; | ||
| + | * [[guide_microsoft_azure|*]]. | ||