Differences
This shows you the differences between the selected revisions of the page.
| guide_amazon_ec2 2021-01-08 | guide_amazon_ec2 2026-06-02 (current) | ||
| Line 6: | Line 6: | ||
| Before starting you should: | Before starting you should: | ||
| * [[guide_install|Have WinSCP installed]]; | * [[guide_install|Have WinSCP installed]]; | ||
| - | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launching-instance.html|Have Amazon EC2 instance running]]; | + | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html|Have Amazon EC2 instance running]]; |
| - | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html|Have enabled inbound SSH traffic from your IP address to your instance]]; | + | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-security-group.html|Have enabled inbound SSH traffic from your IP address to your instance]]; |
| * Have your [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html|key pair]] ready; | * Have your [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html|key pair]] ready; | ||
| Line 14: | Line 14: | ||
| Collect information about your EC2 instance: | Collect information about your EC2 instance: | ||
| - | * Host name: Check //Public %%DNS%%// column on //Instances// page of Amazon EC2 console. Note that the public DNS may change when instance is restarted. | + | * Hostname: Check //Public %%DNS%%// column on //Instances// page of Amazon EC2 console. Note that the public DNS may change when instance is restarted. |
| * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. | * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. | ||
| - | * You can locate key fingerprint in server's initial start log, when host keys are generated.((Using ''cloud-init'' script.)) Use //Actions > Instance Settings > Get System Log// command on //Instances// page of Amazon EC2 console: \\ \\ &screenshotpict(ec2_hostkey) \\ \\ The format of host key display in the log may differ with distribution or its version. \\ Alternatively use ''[[https://docs.aws.amazon.com/cli/latest/reference/ec2/get-console-output.html|aws ec2 get-console-output]]'' command. | + | * To securely acquire a fingerprint of the host key, use EC2 web-based terminal. Go to //Actions > Connect > EC2 Instance Connect > Connect// on //Instances// page of Amazon EC2 console. In the terminal, use ''[[https://man.openbsd.org/ssh-keygen|ssh-keygen]]'' command to display a fingerprint of any number of host keys algorithms. The following example shows SHA-256 and MD5 fingerprints of Ed25519 host key: \\ <code bash>sudo ssh-keygen -l -f /etc/<nohilite>ssh</nohilite>/ssh_host_ed25519_key |
| - | * If you did not save the fingerprint on the first instance run, but you have another EC2 instance that you can connect to safely (you know its fingerprints), you can connect to the target instance using private IP from the trusted instance. Staying within private Amazon network keeps you safe from [[wp>Man-in-the-middle_attack|man-in-the-middle attacks]]. When on the trusted instance terminal, you can use following commands to collect fingerprints: \\ <code> | + | sudo ssh-keygen -l -f /etc/<nohilite>ssh</nohilite>/ssh_host_ed25519_key -E md5 |
| - | $ ssh-keyscan <target_instance_private_ip> > ec2key | + | |
| - | $ ssh-keygen -l -f ec2key | + | |
| - | 256 SHA256:oZHeiMEPLKetRgd3M5Itgwaqr2zJJH93EvSdx5UoHbQ <ip> (ED25519) | + | |
| - | 2048 SHA256:8zg105EUFFrPFpVzdfTGsgXnxuSpTiQd85k0uNapUio <ip> (RSA) | + | |
| - | 256 SHA256:L7UXLw0djE5B9W7ZhvrkYVSTZyi1MEQ2dBaRtpkkUGY <ip> (ECDSA) | + | |
| </code> | </code> | ||
| - | * If you do not have another trusted instance, you can create new temporary instance, just for the purpose of collecting the keys. First find keys for the new temporary instance, using it's initial start log. Then collect keys of the target instance by connecting to it from the temporary instance. After that you can discard the temporary instance. | ||
| ~~AD~~ | ~~AD~~ | ||
| Line 31: | Line 25: | ||
| * Make sure //New site// node is selected. | * Make sure //New site// node is selected. | ||
| * On //New site node//, make sure //%%SFTP%%// protocol is selected. | * On //New site node//, make sure //%%SFTP%%// protocol is selected. | ||
| - | * Enter your EC2 instance public DSN name (see above) into //Host name// box. | + | * Enter your EC2 instance public DSN name (see above) into //Hostname// box. |
| - | * //User name// differs with instance type: | + | * //Username// differs with instance type: |
| - | * For an Amazon Linux AMI, the user name is ''ec2-user''. | + | * For an Amazon Linux AMI, the username is ''ec2-user''. |
| - | * For a RHEL5 AMI, the user name is either ''root'' or ''ec2-user''. | + | * For a RHEL5 AMI, the username is either ''root'' or ''ec2-user''. |
| - | * For an Ubuntu AMI, the user name is ''ubuntu''. | + | * For an Ubuntu AMI, the username is ''ubuntu''. |
| - | * For an Centos AMI, the user name is ''centos''. | + | * For an Centos AMI, the username is ''centos''. |
| - | * For a Fedora AMI, the user name is either ''fedora'' or ''ec2-user''. | + | * For a Fedora AMI, the username is either ''fedora'' or ''ec2-user''. |
| - | * For SUSE Linux, the user name is ''root'' or ''ec2-user''. | + | * For SUSE Linux, the username is ''root'' or ''ec2-user''. |
| * Press //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | * Press //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | ||
| * In //Private key file// box select the ''.pem'' private key file. WinSCP will need to convert the key to its ''.ppk'' format (you can then use the converted ''.ppk'' key for example with [[integration_putty|PuTTY]] SSH client). | * In //Private key file// box select the ''.pem'' private key file. WinSCP will need to convert the key to its ''.ppk'' format (you can then use the converted ''.ppk'' key for example with [[integration_putty|PuTTY]] SSH client). | ||
| Line 56: | Line 50: | ||
| ===== [[ssm]] Connecting using AWS SSM (Session Manager) ===== | ===== [[ssm]] Connecting using AWS SSM (Session Manager) ===== | ||
| - | In //Host name//, specify your //Instance ID//. | + | In //Hostname//, specify your //Instance ID//. |
| Press //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_proxy|Connection > Proxy page]]//. There: | Press //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_proxy|Connection > Proxy page]]//. There: | ||
| Line 68: | Line 62: | ||
| * [[guide_automation|*]]; | * [[guide_automation|*]]; | ||
| * [[faq_su|*]] | * [[faq_su|*]] | ||
| - | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html|Official AWS guide for connecting using PuTTY/WinSCP]]; | + | * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-linux-inst-from-windows.html|Official AWS guide for connecting using PuTTY/WinSCP]]; |
| * [[https://docs.aws.amazon.com/transfer/latest/userguide/transfer-file.html#winscp|Official AWS guide for transfering files using a WinSCP]] | * [[https://docs.aws.amazon.com/transfer/latest/userguide/transfer-file.html#winscp|Official AWS guide for transfering files using a WinSCP]] | ||
| * [[guide_google_compute_engine|*]]; | * [[guide_google_compute_engine|*]]; | ||
| * [[guide_microsoft_azure|*]]. | * [[guide_microsoft_azure|*]]. | ||