This is another quicknotes which I tend to forget at times.
Pre-requisites
- two or more Amazon EC2 instances
- instances must be in same subnet and same availability zone
Main Steps
It actually only requires you to to generate an RSA key on each server. Assumption:
- server-a is source (my server-a is RHEL)
- server-b is destination (my server-b is Ubuntu)
- On server-a, generate an rsa key by running:
ssh-keygen -t rsa
# You would need to enter a passphrase twice - recommended to have a passphrase
- On you
~/.ssh
folder, you should now see two id_rsa. One is a private key (something that's yours only) and a publc key(something you share). Note that you can rename your private and public key. Open the id_rsa.pub using vi editor and copy the contents. W
[eden@tst-rhel ~]$ cd .ssh/
[eden@tst-rhel .ssh]$ ll
total 16
-rw-------. 1 eden eden 799 Nov 17 22:03 authorized_keys
-rw-------. 1 eden eden 2655 Nov 17 21:44 id_rsa-rhel
-rw-r--r--. 1 eden eden 567 Nov 17 21:44 id_rsa-rhel.pub
-rw-r--r--. 1 eden eden 523 Nov 17 21:57 known_hosts
[eden@tst-rhel ~]$vi ~/.ssh/id_rsa.pub
ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************eden@tst-rhel
- Now open another terminal and login to server-b. Go to the same
~/.ssh
folder and open the authorized_keys file. Append the previously copied public key(from server-a).
[eden@tst-ubuntu .ssh]$ vi authorized_keys
ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************qwerty-keypair
# server-a public-key should be appended below.
ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************eden@tst-rhel
Trust should always be two-way. On server-b, generate the rsa keys (step 1), copy the public key (step 2), and then go back to server-a to append server-b's public key to the authorized_keys file (step 3).
From server-a, try to SSH to server-b.
From server-b, try to SSH to server-a.
If something goes wrong
- Confirm that the IP you're using on the SSH command is still valid. The EC2 instances' public IP changes when stopped and started unless the instances are using Elastic IPs.
- Check NACLs are set to default - they're normally unchanged
- Ensure that they're on the same security group
- Ensure that SSH through port 22 is allowed in the Inbound Rules section of the security group.
- Try creating another destination EC2 instance in the same public subnet/Availability zone
- You may also create another VPC and instances inside that VPC
References
These are some links that I find to be useful. You may find some others
- Can't SSH into AWS EC2 instance
- How to ssh from one ec2 instance to another?
- How to Use SSH to Connect to a Remote Server in Linux or Windows
Final Reminders!
- Yes, even if you've done the steps a couple of times in the past, you might still forget how to do it. This is the why of this notes
- Having said, always good to document.
- Never ever share your Private key. That's yours and yours alone!
- It is recommended to use key-based authentication instead of password-based authentication
- You may try to search easier methods of connecting by using passwords but remember, passwords can be brute-forced!
- Lastly, enjoy!
Top comments (0)