SSH Remote Login (1) – Use Key Pair Generated by Server
This page covers how to set up the SSH remote connection between local computer and the remote server.
There are two major approaches to establishing an SSH remote connection:
- 1) Use a key pair generated by the Server
- 2) Use a key pair generated by the Client.
In this section, we'll explain the first case, which is generally simpler than the second case.
Key Steps
1. Download a private key from your remote server or cloud service provider (in your web browser)
How and where you can get a private key can differ by service provider, so please follow the instructions of your service provider. In this section, we'll explain the case of AWS Lightsail.
2. Save the key to the .ssh directory under your home directory (on your local computer)
You can set another path for the key file; however, using the same location makes managing multiple key files easier.
3. For Mac , change Access Mode to manage security (on your local computer)
For Windows, this step may not be needed.
You need to change the access mode for the .ssh directory and the key you'll use for remote login. This is done to prohibit access to the directory and key files for other users.
- .ssh: chmod 700
- private key file: chmod 600
4. Run the ssh command from your local command line (on your local computer)
Three sets of information are required to run the command
1) private key file path
2) user name of your server
3) public IP address of your server
Run the following command to establish the SSH connection. The -i
option is used to specify the key file path.
Practice
Below are the steps for establishing an SSH connection to an AWS Lightsail instance with your own SSH client.
1. Download a private key from the AWS Lightsail console to your local computer
From the AWS Lightsail Console, go to the instance page currently running and press the Download default key button. The key is already generated when you start using the service in your selected region.
2. Save the key to the .ssh directory under your home directory (on your local computer)
Usually, the default key is saved under the download directory. Move the file to the .ssh directory.
3. For Mac , change Access Mode to manage security (on your local computer)
For Windows, this step may not be needed.
Check the current access mode of the .ssh directory and the public key file.
Run the following command under your home directory to see the .ssh directory's access mode.
ls -la
You may see the access mode of the directory as shown below. This means group owner users and other users have “read” (r
) and “execute” (x
) access to the directory.
drwxr-xr-x 6 user_a staff 192 Dec 26 .ssh
Next, check the key file's access mode. Run the following command.
ls -l .ssh
You may see the result like the one below. This means group owner users and other users have “read” (r
) and “execute” (x
) access to the public key.
-rw-r--r--@ 1 user_a staff 1679 Dec 26 LightsailDefaultKey.pem
To change access mode, run the following commands. For the public key file name, use the name on your computer.
chmod 700 .ssh
chmod 600 .ssh/LightsailDefaultKey.pem
Finally, check if the access mode is properly modified by running the ls
command.
ls -la
drwx------ 6 user_a staff 192 Dec 26 .ssh
ls -l .ssh
:
-rw-------@ 1 user_a staff 1679 Dec 26 LightsailDefaultKey.pem
4. Run the SSH command from your local command line
Check the user name and the public IP address of your instance on the AWS Lightsail Console.
Run the following command on your local computer.
ssh -i [your key file path] [user name]@[public IP address]
In our case, the command will look like the one below.
ssh -i ~/.ssh/LightsailDefaultKey.pem ubuntu@18.143.143.190
If an SSH remote connection is successfully established, your command line will change to the user and private IP address of the server (not the public address of the server).
Frequent Error Message
If you get an error message like the one below, you have an issue with the access mode setting. Check the access mode of your .ssh directory and the public key file.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/user_a/.ssh/LightsailDefaultKey.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Exit the remote login
To exit the remote login, run the exit
command.
exit
logout
Connection to 18.143.143.190 closed.