how to SSH to EC2 without explicitly using the pem key?

Question

I have a windows as my main OS. Using VMware player, I setup a Ubuntu server 12.4 as a guest machine. The Ubuntu server have "ubuntu" user.

I created a new EC2 instance + setup pem key. From the windows machine, when I use putty+pem key - I can ssh.

I added the pem key to my VMware Ubuntu server ( /home/ubuntu/.ssh/) In addition, i set the following permissions: chmod 700 /home/ubuntu/.ssh chmod 600 /home/ubuntu/.ssh/*

Through the Ubuntu server - I tried to SSH to the ec2 instance without success: ssh ubuntu@EC2_IP Permission denied (publickey). If I explicit use the pem key, it works: ssh -i /home/ubuntu/.ssh/NAME.pem ubuntu@EC2_IP - Please note, that I must use direct path to the key, otherwise, I'll get Warning: Identity file NAME.pem not accessible: No such file or directory. Permission denied (publickey).

Please advise. Thanks!

score 29 · Answer 1 · answered Jun 28 '14 at 13:10

29

Add EC2 pem key to SSH

ssh-add ~/.ssh/KEY_PAIR_NAME.pem

answered Jun 28 '14 at 13:10

nadavkav

1,519
1
11
6

You might need to start the authentication agent: eval 'ssh-agent -s' – douglaslps Dec 22 '14 at 12:08

score 19 · Answer 2 · answered Mar 15 '13 at 17:02

By default the SSH client will look for keys named id_rsa, id_dsa and id_ecdsa in ~/.ssh/. If your key isn't named like that you either need to specify it on the command line with -i as you've been doing, or specify it in the client configuration.

You can add something like this to ~/.ssh/config to automatically select this key when SSHing to EC2:

Host *.compute-1.amazonaws.com
    IdentityFile ~/.ssh/ec2_rsa

score 2 · Answer 3 · answered Mar 15 '13 at 14:33

2

How do you name your private key? It should have default id_rsa file name (rename pem file to /home/ubuntu/.ssh/id_rsa)

answered Mar 15 '13 at 14:33

Andrei Mikhaltsov

3,027
1
23
31

it called eldad.pem (default name from AWS). I renamed it to id_rsa and it worked. is there a way to keep it in the current name and still use it? – user798562 Mar 15 '13 at 15:51
Yep, Daniel already wrote about it in his answer :) – Andrei Mikhaltsov Mar 15 '13 at 16:12

David Levesque · Answer 4 · 2013-03-15T16:41:40.477

1

You can use ssh-agent and ssh-add to avoid having to specify the private key explicitly.

You can put the commands in your .profile or .bashrc so they get executed every time you log in. You can find an example startup script at the bottom of this post.

edited Mar 15 '13 at 16:41

answered Mar 15 '13 at 14:38

David Levesque

3,543
1
19
13

I did that, but when i reboot - i need to do that all over again. Any way to avoid that? – user798562 Mar 15 '13 at 15:46
Edited my answer to include that. – David Levesque Mar 15 '13 at 16:42

score 0 · Answer 5 · answered Mar 15 '13 at 15:00

The ssh client looks for identify file based on the configuration set in /etc/ssh/ssh_config. So you can specify the identity file there, and remember you can have multiple identity files listed in the ssh client config file. From the ssh man page -

    -i identity_file
         Selects a file from which the identity (private key) for public key authentication is read.  The default is ~/.ssh/identity
         for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2.  Identity files may also
         be specified on a per-host basis in the configuration file.  It is possible to have multiple -i options (and multiple identiâ
         ties specified in configuration files).

For RSA key, for instance, the default location is ~/.ssh/id_rsa. As Andrei Mikhaltsov suggested, you can place your private key in /home/ubuntu/ssh/id_rsa and will be able to connect without specifying it at the command line. If that file name already exists and holds another private key, you can still customize your ssh client config file at the IdentityFile parameter.

how to SSH to EC2 without explicitly using the pem key?

5 Answers5