DEV Community

Cover image for Connecting via SSH from one EC2 instance to another
Eden Jose
Eden Jose

Posted on • Updated on

Connecting via SSH from one EC2 instance to another


This is another quicknotes which I tend to forget at times.

Pre-requisites

  • two or more Amazon EC2 instances
  • instances must be in same subnet and same availability zone

Main Steps

It actually only requires you to to generate an RSA key on each server. Assumption:

  • server-a is source (my server-a is RHEL)
  • server-b is destination (my server-b is Ubuntu)
  1. On server-a, generate an rsa key by running:
ssh-keygen -t rsa
# You would need to enter a passphrase twice - recommended to have a passphrase
Enter fullscreen mode Exit fullscreen mode
  1. On you ~/.ssh folder, you should now see two id_rsa. One is a private key (something that's yours only) and a publc key(something you share). Note that you can rename your private and public key. Open the id_rsa.pub using vi editor and copy the contents. W
[eden@tst-rhel ~]$ cd .ssh/
[eden@tst-rhel .ssh]$ ll
total 16
-rw-------. 1 eden eden  799 Nov 17 22:03 authorized_keys
-rw-------. 1 eden eden 2655 Nov 17 21:44 id_rsa-rhel
-rw-r--r--. 1 eden eden  567 Nov 17 21:44 id_rsa-rhel.pub
-rw-r--r--. 1 eden eden  523 Nov 17 21:57 known_hosts

[eden@tst-rhel ~]$vi ~/.ssh/id_rsa.pub
ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************eden@tst-rhel
Enter fullscreen mode Exit fullscreen mode
  1. Now open another terminal and login to server-b. Go to the same ~/.ssh folder and open the authorized_keys file. Append the previously copied public key(from server-a).
[eden@tst-ubuntu .ssh]$ vi authorized_keys

ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************qwerty-keypair

# server-a public-key should be appended below.
ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************eden@tst-rhel
Enter fullscreen mode Exit fullscreen mode
  1. Trust should always be two-way. On server-b, generate the rsa keys (step 1), copy the public key (step 2), and then go back to server-a to append server-b's public key to the authorized_keys file (step 3).

  2. From server-a, try to SSH to server-b.
    From server-b, try to SSH to server-a.

If something goes wrong

  • Confirm that the IP you're using on the SSH command is still valid. The EC2 instances' public IP changes when stopped and started unless the instances are using Elastic IPs.
  • Check NACLs are set to default - they're normally unchanged
  • Ensure that they're on the same security group
  • Ensure that SSH through port 22 is allowed in the Inbound Rules section of the security group.
  • Try creating another destination EC2 instance in the same public subnet/Availability zone
  • You may also create another VPC and instances inside that VPC

References

These are some links that I find to be useful. You may find some others

Final Reminders!

  • Yes, even if you've done the steps a couple of times in the past, you might still forget how to do it. This is the why of this notes
  • Having said, always good to document.
  • Never ever share your Private key. That's yours and yours alone!
  • It is recommended to use key-based authentication instead of password-based authentication
  • You may try to search easier methods of connecting by using passwords but remember, passwords can be brute-forced!
  • Lastly, enjoy!

Discussion (0)