guide_amazon_ec2 » Revisions »

Differences

This shows you the differences between the selected revisions of the page.

2014-07-16 2014-07-16
full name (martin) elaborate on key fingerprint (martin)
Line 14: Line 14:
  * Optionally enter passphrase for the converted key to protect it.   * Optionally enter passphrase for the converted key to protect it.
  * [[ui_puttygen#saving_private|Save private key]] to ''.ppk'' format using //Save private key// button.   * [[ui_puttygen#saving_private|Save private key]] to ''.ppk'' format using //Save private key// button.
 +
 +Collect information about your EC2 instance:
 +
 +  * Host name: Check //Public DNS// column on //Instances// page of Amazon EC2 console. Note that the public DNS may change when instance is restarted.
 +  * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]].
 +    * The only way we know how to get host key safely to verify it, is to locate its fingerprint in server's initial start log, when host keys are generated (//Actions > Get System Log// command on //Instances// page of Amazon EC2 console): \\ \\ &screenshotpict(ec2_hostkey) \\ \\ Look for RSA (or DSA) key fingerprint. WinSCP does not support ECDSA keys.
 +    * If you did not save the fingerprint on the first instance run, but you have another EC2 instance that you can connect to safely (you know its fingerprints), you can connect to the target instance using private IP from the trusted instance. Staying within private Amazon network should keep you safe from [[wp>Man-in-the-middle_attack|man-in-the-middle attacks]]. When on the trusted instance terminal, you can use following commands to collect fingerprints: \\ <code>
 +$ ssh-keyscan <target_instance_private_ip> > ec2key
 +$ ssh-keygen -l -f ec2key
 +2048 cc:3d:ac:a7:13:61:4c:14:25:47:80:ae:f1:f3:aa:10 172.31.30.101 (RSA)
 +256 ea:bc:4d:5f:ae:00:48:75:45:ba:97:43:fe:e1:a3:e9 172.31.30.101 (ECDSA)
 +</code>
 +    * Otherwise you probably have no way to connect to your instance safely. Consider disposing the instance and creating a new one (you may want to use action //Launch More Like this//).
Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog:
  * Make sure //New site// node is selected.   * Make sure //New site// node is selected.
  * On //New site node//, make sure //%%SFTP%%// protocol is selected.   * On //New site node//, make sure //%%SFTP%%// protocol is selected.
-  * Enter your EC2 instance public DSN name into //Host name// box. If you do not know your instance DNS name, check //Public DNS// column on //Instances// page of Amazon EC2 console.+  * Enter your EC2 instance public DSN name (see above) into //Host name// box.
  * //User name// differs with instance type:   * //User name// differs with instance type:
    * For an Amazon Linux AMI, the user name is ''ec2-user''.     * For an Amazon Linux AMI, the user name is ''ec2-user''.
Line 30: Line 43:
  * Save your site settings using //Save// button. \\ \\ &screenshotpict(ec2_login) \\   * Save your site settings using //Save// button. \\ \\ &screenshotpict(ec2_login) \\
  * Login using //Login// button.   * Login using //Login// button.
-  * On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. The only way we know how to get host key safely to verify it, is to locate its fingerprint in server's initial start log (//Actions > Get System Log// command on //Instances// page of Amazon EC2 console), when host keys are generated: \\ \\ &screenshotpict(ec2_hostkey)+  * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprints with those collected before (see above).
===== Further reading ===== ===== Further reading =====
  * Guide to [[guide_upload|uploading files to SFTP server]]   * Guide to [[guide_upload|uploading files to SFTP server]]

Last modified: by martin

Documentation

Support

Associations

Follow Us