There are two major approaches to establishing an SSH remote connection:
In this section, we'll explain the second case, which is generally more complex than the first case.
By running the following command, a key pair (secret key and public key) is generated.
When running the command, you’ll be asked to set a passphrase. Type your passphrase twice. Save the passphrase as the passphrase is used when you establish ssh connection. You can also skip setting a passphrase. In that case, just hit the enter key twice.
Note: A passphrase is almost the same as a password, but, unlike in a password, you can use spaces in it.
-t option
is used to set a security type. The default type is rsa.
-C option
is used to overwrite a comment in the key. As the default comment is username@hostname, it is good to overwrite the comment to avoid disclosing your hostname. Typically, an email address is used for the comment.
Public key content is saved in the ~/.ssh/authorized_keys file on the Linux server. Copy the public key information and add the information into the authorized_keys file.
There are several ways to share the public key. For AWS Lightsail, you can open the authorized_keys file through the browser-based SSH console, and save the public key information there.
Three sets of information are required to run the command
1) private key file path
2) user name of your server
3) public IP address of your server
Run the following command to establish the SSH connection. -i
option is used to specify the key file path.
Below are the steps for establishing an SSH connection to an AWS Lightsail instance with your own SSH client.
By running the following command, a key pair (secret key and public key) is generated.
ssh-keygen -t rsa -C “user_a@example.com”
After running the command, you’ll be asked to input the file path to save the key, as shown below.
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/bloovee/.ssh/id_rsa):
Hit the enter key (typically, it's saved under the .ssh directory in the indication between the parentheses above).
Next, you’ll be asked to enter a passphrase as shown below. You can also skip setting a passphrase. In that case, just hit the enter key twice.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Once the passphrase is set, a key pair is saved under the file path displayed. You'll see the following response in your command line window.
Your identification has been saved in /Users/bloovee/.ssh/id_rsa. Your public key has been saved in /Users/bloovee/.ssh/id_rsa.pub. The key fingerprint is: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx bloovee@example.com
The key's randomart image is:
+---[RSA 3072]----+
| ooo . =*O=|
| .. + o =.O+=|
| E . + o.= oo|
:
You can confirm that the two files are generated in the .ssh directory under your home directory. The .ssh directory is a hidden directory.
The content of the public key file begins with ssh-rsa
and ends with your email address. To check the public key content, run the cat
command. For Windows, you can use the type
command, or you can simply open the key file with a text editor.
cat ~/.ssh/id_rsa.pub
Copy the public key information. You can use the pbcopy
command for Mac or the clip
command for Windows to directly copy the content of the file. Or you can simply copy the content of the key file.
pbcopy [the public key file_path]
Open the browser-based SSH client from the AWS Lightsail Console .
Open the authorized_keys file with the Vim editor by running the following command.
sudo vim ~/.ssh/authorized_keys
As the default, a default Lightsail key is saved. Paste the copied new public key data after the existing data.
More specifically,
wq
and hit the enter key.Check Chapter 3. Vim Editor to learn how to use the Vim editor.
Check the user name and public IP address of your instance on the AWS Lightsail Console .
Run the following command on your local computer.
ssh -i [your private key file path] [user name]@[public IP address
In our case, the command is like the one below.
ssh -i ~/.ssh/id_rsa ubuntu@18.143.143.190
If the SSH connection is successfully established, your command line will change to the user and private IP address of the server (not the public address of the server).
If you get an error message like the one below, you have an issue with the access mode setting. Check the access mode of your .ssh directory and the public key file.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/sky-blue/.ssh/d-libra.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Note: for more details, refer to AWS Lightsail official documentation .
To exit the remote login, run the exit
command.
exit
logout
Connection to 18.143.143.190 closed.
There are two major approaches to establishing an SSH remote connection:
In this section, we'll explain the second case, which is generally more complex than the first case.
By running the following command, a key pair (secret key and public key) is generated.
When running the command, you’ll be asked to set a passphrase. Type your passphrase twice. Save the passphrase as the passphrase is used when you establish ssh connection. You can also skip setting a passphrase. In that case, just hit the enter key twice.
Note: A passphrase is almost the same as a password, but, unlike in a password, you can use spaces in it.
-t option
is used to set a security type. The default type is rsa.
-C option
is used to overwrite a comment in the key. As the default comment is username@hostname, it is good to overwrite the comment to avoid disclosing your hostname. Typically, an email address is used for the comment.
Public key content is saved in the ~/.ssh/authorized_keys file on the Linux server. Copy the public key information and add the information into the authorized_keys file.
There are several ways to share the public key. For AWS Lightsail, you can open the authorized_keys file through the browser-based SSH console, and save the public key information there.
Three sets of information are required to run the command
1) private key file path
2) user name of your server
3) public IP address of your server
Run the following command to establish the SSH connection. -i
option is used to specify the key file path.
Below are the steps for establishing an SSH connection to an AWS Lightsail instance with your own SSH client.
By running the following command, a key pair (secret key and public key) is generated.
ssh-keygen -t rsa -C “user_a@example.com”
After running the command, you’ll be asked to input the file path to save the key, as shown below.
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/bloovee/.ssh/id_rsa):
Hit the enter key (typically, it's saved under the .ssh directory in the indication between the parentheses above).
Next, you’ll be asked to enter a passphrase as shown below. You can also skip setting a passphrase. In that case, just hit the enter key twice.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Once the passphrase is set, a key pair is saved under the file path displayed. You'll see the following response in your command line window.
Your identification has been saved in /Users/bloovee/.ssh/id_rsa. Your public key has been saved in /Users/bloovee/.ssh/id_rsa.pub. The key fingerprint is: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx bloovee@example.com
The key's randomart image is:
+---[RSA 3072]----+
| ooo . =*O=|
| .. + o =.O+=|
| E . + o.= oo|
:
You can confirm that the two files are generated in the .ssh directory under your home directory. The .ssh directory is a hidden directory.
The content of the public key file begins with ssh-rsa
and ends with your email address. To check the public key content, run the cat
command. For Windows, you can use the type
command, or you can simply open the key file with a text editor.
cat ~/.ssh/id_rsa.pub
Copy the public key information. You can use the pbcopy
command for Mac or the clip
command for Windows to directly copy the content of the file. Or you can simply copy the content of the key file.
pbcopy [the public key file_path]
Open the browser-based SSH client from the AWS Lightsail Console .
Open the authorized_keys file with the Vim editor by running the following command.
sudo vim ~/.ssh/authorized_keys
As the default, a default Lightsail key is saved. Paste the copied new public key data after the existing data.
More specifically,
wq
and hit the enter key.Check Chapter 3. Vim Editor to learn how to use the Vim editor.
Check the user name and public IP address of your instance on the AWS Lightsail Console .
Run the following command on your local computer.
ssh -i [your private key file path] [user name]@[public IP address
In our case, the command is like the one below.
ssh -i ~/.ssh/id_rsa ubuntu@18.143.143.190
If the SSH connection is successfully established, your command line will change to the user and private IP address of the server (not the public address of the server).
If you get an error message like the one below, you have an issue with the access mode setting. Check the access mode of your .ssh directory and the public key file.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/sky-blue/.ssh/d-libra.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Note: for more details, refer to AWS Lightsail official documentation .
To exit the remote login, run the exit
command.
exit
logout
Connection to 18.143.143.190 closed.