AWS SSM / Session Manager support in WinSCP

I'm trying to hook up WinSCP and AWS SSM / Session Manager. But I cannot get it to work with current tooling... :(

My attempt was to use Advanced > Proxy. Specify proxy as local and use the following proxy command:

But it appears as if WinSCP doesn't even get to that stage as it first looks for host (which is an AWS instance ID, not a valid host normally ie i-02633e980a031c37f.

AWS SSM would normally recommend to use .ssh/config with the following config:

Any help would be appreciated or if native support for this feature was added in, that'd be great :)

You probably have to turn on "Do DNS name lookup at proxy end".
Also if they recommend starting the aws via powershell.exe (though I have no idea why), then you should do the same in WinSCP.
If none of this help, please post a session log file.

Thanks for that Martin, don't know how I missed that option!

The only other thing I had to change to get it to work was changing ' to " in the parameter list. For whatever reason it doesn't like it.

Do you think it's worthwhile creating a small guide for this particular authentication option?
Was my final proxy string

mattisdada wrote:

Do you think it's worthwhile creating a small guide for this particular authentication option?

I'm not familiar with AWS SSM / Session Manager. Would that fit as a subsection to the following article (along with "Connecting to EC2 instance in VPC" section)?
https://winscp.net/eng/docs/guide_amazon_ec2

Hi guys,

I'm also trying to get this working but the only way to get a successful connection is to pass a username and the associated PPK file via the SSH > Authentication setting.

This sort of defeats the purpose of using AWS SSM if we need to main user accounts and keys to set up an SFTP connection.

I assumed that my AWS credentials would be sufficient or am I missing something?

Thanks,
Michael

@martin: It would suit on that page yes :) . Short explanation on what SSM is, it's basically just a way of SSHing into a server without the need of network access, it's also possible to use it without requiring keys or passwords and it uses AWSs IAM authentication system instead. Pretty cool stuff honestly.

---

@Invigor: For my situation it was okay for the keys, but no I couldn't get it to work without providing keys. I tried skipping authentication. SSM should allow it to work without keys, but.... didn't really work for me. Got ssh errors instead. Let me know if you find a workaround

@mattisdada: Thanks.
I've put the part I've understood to:
https://winscp.net/eng/docs/guide_amazon_ec2#ssm
Feel free to improve it :)

Hi I couldnt start a session without providing the keys too
Anyone had success with that?

@rafaelff: What keys? The SSH keys? Where do you have those keys? In .ssh?