Chapter 7. SSH Remote Connection

SSH Remote Login (1) – Use Key Pair Generated by Server

SSH Remote Login (1) – Use Key Pair Generated by Server
Tag:

This page covers how to set up the SSH remote connection between local computer and the remote server.

There are two major approaches to establishing an SSH remote connection:

  • 1) Use a key pair generated by the Server
  • 2) Use a key pair generated by the Client.

In this section, we'll explain the first case, which is generally simpler than the second case.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

Key Steps

1. Download a private key from your remote server or cloud service provider (in your web browser)

How and where you can get a private key can differ by service provider, so please follow the instructions of your service provider. In this section, we'll explain the case of AWS Lightsail.

2. Save the key to the .ssh directory under your home directory (on your local computer)

You can set another path for the key file; however, using the same location makes managing multiple key files easier.

3. For Mac mac.svg, change Access Mode to manage security (on your local computer)

windows.svg For Windows, this step may not be needed.

You need to change the access mode for the .ssh directory and the key you'll use for remote login. This is done to prohibit access to the directory and key files for other users.

  • .ssh: chmod 700
  • private key file: chmod 600

4. Run the ssh command from your local command line (on your local computer)

Three sets of information are required to run the command
1) private key file path
2) user name of your server
3) public IP address of your server

Run the following command to establish the SSH connection. The -i option is used to specify the key file path.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

Practice

Below are the steps for establishing an SSH connection to an AWS Lightsail instance with your own SSH client.

1. Download a private key from the AWS Lightsail console to your local computer

From the AWS Lightsail Console , go to the instance page currently running and press the Download default key button. The key is already generated when you start using the service in your selected region.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

2. Save the key to the .ssh directory under your home directory (on your local computer)

Usually, the default key is saved under the download directory. Move the file to the .ssh directory.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

3. For Mac mac.svg, change Access Mode to manage security (on your local computer)

windows.svg For Windows, this step may not be needed.

Check the current access mode of the .ssh directory and the public key file.
Run the following command under your home directory to see the .ssh directory's access mode.

Command Line - INPUT (Local)
ls -la

You may see the access mode of the directory as shown below. This means group owner users and other users have “read” (r) and “execute” (x) access to the directory.

Command Line - RESPONSE (Local)
drwxr-xr-x 6 user_a staff 192 Dec 26 .ssh

Next, check the key file's access mode. Run the following command.

Command Line - INPUT (Local)
ls -l .ssh

You may see the result like the one below. This means group owner users and other users have “read” (r) and “execute” (x) access to the public key.

Command Line - RESPONSE (Local)
-rw-r--r--@ 1 user_a staff 1679 Dec 26 LightsailDefaultKey.pem

To change access mode, run the following commands. For the public key file name, use the name on your computer.

Command Line - INPUT (Local)
chmod 700 .ssh
chmod 600 .ssh/LightsailDefaultKey.pem

Finally, check if the access mode is properly modified by running the ls command.

Command Line - INPUT (Local)
ls -la
Command Line - RESPONSE
drwx------ 6 user_a staff 192 Dec 26 .ssh
Command Line - INPUT
ls -l .ssh
Command Line - RESPONSE (Local)
:
-rw-------@ 1 user_a staff 1679 Dec 26 LightsailDefaultKey.pem

4. Run the SSH command from your local command line

Check the user name and the public IP address of your instance on the AWS Lightsail Console .

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

Run the following command on your local computer.

Command Line - INPUT (Local)
ssh -i [your key file path] [user name]@[public IP address]

In our case, the command will look like the one below.

Command Line - INPUT (Local)
ssh -i ~/.ssh/LightsailDefaultKey.pem ubuntu@18.143.143.190

If an SSH remote connection is successfully established, your command line will change to the user and private IP address of the server (not the public address of the server).

Command Line - INPUT (Remote)
 

Frequent Error Message

If you get an error message like the one below, you have an issue with the access mode setting. Check the access mode of your .ssh directory and the public key file.

Command Line - RESPONSE
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/user_a/.ssh/LightsailDefaultKey.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

Exit the remote login

To exit the remote login, run the exit command.

Command Line - INPUT (Remote)
exit
Command Line - RESPONSE
logout
Connection to 18.143.143.190 closed.

This page covers how to set up the SSH remote connection between local computer and the remote server.

There are two major approaches to establishing an SSH remote connection:

  • 1) Use a key pair generated by the Server
  • 2) Use a key pair generated by the Client.

In this section, we'll explain the first case, which is generally simpler than the second case.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

Key Steps

1. Download a private key from your remote server or cloud service provider (in your web browser)

How and where you can get a private key can differ by service provider, so please follow the instructions of your service provider. In this section, we'll explain the case of AWS Lightsail.

2. Save the key to the .ssh directory under your home directory (on your local computer)

You can set another path for the key file; however, using the same location makes managing multiple key files easier.

3. For Mac mac.svg, change Access Mode to manage security (on your local computer)

windows.svg For Windows, this step may not be needed.

You need to change the access mode for the .ssh directory and the key you'll use for remote login. This is done to prohibit access to the directory and key files for other users.

  • .ssh: chmod 700
  • private key file: chmod 600

4. Run the ssh command from your local command line (on your local computer)

Three sets of information are required to run the command
1) private key file path
2) user name of your server
3) public IP address of your server

Run the following command to establish the SSH connection. The -i option is used to specify the key file path.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

Practice

Below are the steps for establishing an SSH connection to an AWS Lightsail instance with your own SSH client.

1. Download a private key from the AWS Lightsail console to your local computer

From the AWS Lightsail Console , go to the instance page currently running and press the Download default key button. The key is already generated when you start using the service in your selected region.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

2. Save the key to the .ssh directory under your home directory (on your local computer)

Usually, the default key is saved under the download directory. Move the file to the .ssh directory.

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

3. For Mac mac.svg, change Access Mode to manage security (on your local computer)

windows.svg For Windows, this step may not be needed.

Check the current access mode of the .ssh directory and the public key file.
Run the following command under your home directory to see the .ssh directory's access mode.

Command Line - INPUT (Local)
ls -la

You may see the access mode of the directory as shown below. This means group owner users and other users have “read” (r) and “execute” (x) access to the directory.

Command Line - RESPONSE (Local)
drwxr-xr-x 6 user_a staff 192 Dec 26 .ssh

Next, check the key file's access mode. Run the following command.

Command Line - INPUT (Local)
ls -l .ssh

You may see the result like the one below. This means group owner users and other users have “read” (r) and “execute” (x) access to the public key.

Command Line - RESPONSE (Local)
-rw-r--r--@ 1 user_a staff 1679 Dec 26 LightsailDefaultKey.pem

To change access mode, run the following commands. For the public key file name, use the name on your computer.

Command Line - INPUT (Local)
chmod 700 .ssh
chmod 600 .ssh/LightsailDefaultKey.pem

Finally, check if the access mode is properly modified by running the ls command.

Command Line - INPUT (Local)
ls -la
Command Line - RESPONSE
drwx------ 6 user_a staff 192 Dec 26 .ssh
Command Line - INPUT
ls -l .ssh
Command Line - RESPONSE (Local)
:
-rw-------@ 1 user_a staff 1679 Dec 26 LightsailDefaultKey.pem

4. Run the SSH command from your local command line

Check the user name and the public IP address of your instance on the AWS Lightsail Console .

SSH-Remote-Login-1--Use-Key-Pair-Generated-by-Server

Run the following command on your local computer.

Command Line - INPUT (Local)
ssh -i [your key file path] [user name]@[public IP address]

In our case, the command will look like the one below.

Command Line - INPUT (Local)
ssh -i ~/.ssh/LightsailDefaultKey.pem ubuntu@18.143.143.190

If an SSH remote connection is successfully established, your command line will change to the user and private IP address of the server (not the public address of the server).

Command Line - INPUT (Remote)
 

Frequent Error Message

If you get an error message like the one below, you have an issue with the access mode setting. Check the access mode of your .ssh directory and the public key file.

Command Line - RESPONSE
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/user_a/.ssh/LightsailDefaultKey.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

Exit the remote login

To exit the remote login, run the exit command.

Command Line - INPUT (Remote)
exit
Command Line - RESPONSE
logout
Connection to 18.143.143.190 closed.
Tag: