AWS EC2- Navigating SSH & File Permissions ๐
Table of contents
In this discussion, we'll break down the process of SSHing into AWS EC2 instances โ something many of us encounter as we delve into the AWS ecosystem. We'll navigate through the details you'll likely come across on your screen, aiming to provide a practical guide for engineers at the early stages of their AWS journey.
Before proceeding with the contents of this article, meticulous attention to the following prerequisites is imperative:
Acquisition of Key Pair file (.pem): Ensure possession of the key pair file (.pem) generated during the AWS instance launch. This cryptographic key is fundamental for establishing a secure connection, a prerequisite for the procedures elucidated in this discussion.
Configuration of Security Group Rules: Thoroughly set up accurate inbound and outbound rules within your AWS security groups. These rules serve as the gatekeepers for network traffic to and from your AWS instance, particularly impacting SSH access. Verify that the security group settings align precisely with the requirements for seamless SSH connectivity.
Operational Status of the Instance: Confirm that the AWS instance designated for SSH access is currently operational. Validate its running status, as a non-operational instance may hinder the successful initiation of SSH connections.
Let's begin !!
While a single command can swiftly establish an SSH connection to your AWS instance, unraveling the process incrementally provides a profound understanding of the intricacies involved. Let's dissect the approach step by step, delving into each phase to gain a comprehensive insight into the underlying mechanics.
- You just copied your instance's private IP and ran the command
(base) โ ~ ssh ec2-user@your-ip
The authenticity of host 'your-ip' can't be established.
ED25519 key fingerprint is SHA256:some-longas*-string
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
and got this long message by server. This is your server asking for trust. Type 'yes' to solidify the connection, establishing a secure handshake.
Despite adding your IP as a known host, the journey doesn't end there. A familiar adversary surfaces:
ec2-user@your-ip: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Recall our initial setup in the AWS console: the creation of a key pair and the download of a crucial .pem file. To overcome this hurdle:
Locate Your .pem File: Move the downloaded .pem file to your desired directory.
Navigate to the Directory in Terminal: Open your terminal and move to the directory where your .pem file resides.
cd your-directory
ssh -i certification-file.pem ec2-user@your-ip
This meticulous file management ensures that the cryptographic key required for authentication is precisely where it needs to be. However, this time around we get an even more intimidating warning:
Not again!! We got the permission denied one more time. This error arises due to incorrect file permissions associated with the key pair (.pem) file. Let's delve into a detailed analysis to demystify it:
Understanding the Digits: The "0644" is a numeric representation of file permissions in octal format. Each digit signifies specific access rights for different user categories:The first digit (0) pertains to the file type and special permissions.In the context of SSH key pair files, this digit usually remains as "0" because they are regular files without any special permissions. In general, the first digit may vary for different file types. For instance:"0" indicates a regular file."1" denotes a directory."2" signifies a symbolic link."4" designates a device file.The next three digits (644) delineate the permissions for the owner, group, and others.
Breaking Down 644:*Owner (6): Read (4) + Write (2) = Read and Write PermissionsGroup (4): Read OnlyOthers (4): Read Only*
Correcting Permissions: To rectify the "Permission denied" error, adjust the file permissions using the chmod command.
Security Implications: Understanding permissions is crucial for security. The error prompts us to reassess access levels, ensuring that the key pair file remains secure yet accessible.
Now, let's execute the steps to set the correct permissions and establish the SSH connection:
chmod 0400 certification-wala.pem
ssh -i certification-wala.pem ec2-user@your-ip
If you are seeing something like below image in your terminal then you're successfully inside your instance.
Conclusion
By following these simple steps, you can connect to your Amazon EC2 instance securely using SSH. Great job!
If you find this guide helpful then like the post and follow me for more articles as i explore more AWS services.
Subscribe to my newsletter
Read articles from Ajaydeep Singh Rajpoot directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Ajaydeep Singh Rajpoot
Ajaydeep Singh Rajpoot
I am a freelance fullstack Developer from India. Over the years,I have delved into numerous technologies and discovered a genuine passion for fullstack development and software testing.