DEV Community

Cover image for Connecting via SSH from one EC2 instance to another
Eden Jose
Eden Jose

Posted on • Edited on

13

Connecting via SSH from one EC2 instance to another


This is another quicknotes which I tend to forget at times.

Pre-requisites

  • two or more Amazon EC2 instances
  • instances must be in same subnet and same availability zone

Main Steps

It actually only requires you to to generate an RSA key on each server. Assumption:

  • server-a is source (my server-a is RHEL)
  • server-b is destination (my server-b is Ubuntu)
  1. On server-a, generate an rsa key by running:
ssh-keygen -t rsa
# You would need to enter a passphrase twice - recommended to have a passphrase
Enter fullscreen mode Exit fullscreen mode
  1. On you ~/.ssh folder, you should now see two id_rsa. One is a private key (something that's yours only) and a publc key(something you share). Note that you can rename your private and public key. Open the id_rsa.pub using vi editor and copy the contents. W
[eden@tst-rhel ~]$ cd .ssh/
[eden@tst-rhel .ssh]$ ll
total 16
-rw-------. 1 eden eden  799 Nov 17 22:03 authorized_keys
-rw-------. 1 eden eden 2655 Nov 17 21:44 id_rsa-rhel
-rw-r--r--. 1 eden eden  567 Nov 17 21:44 id_rsa-rhel.pub
-rw-r--r--. 1 eden eden  523 Nov 17 21:57 known_hosts

[eden@tst-rhel ~]$vi ~/.ssh/id_rsa.pub
ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************eden@tst-rhel
Enter fullscreen mode Exit fullscreen mode
  1. Now open another terminal and login to server-b. Go to the same ~/.ssh folder and open the authorized_keys file. Append the previously copied public key(from server-a).
[eden@tst-ubuntu .ssh]$ vi authorized_keys

ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************qwerty-keypair

# server-a public-key should be appended below.
ssh-rsa ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************eden@tst-rhel
Enter fullscreen mode Exit fullscreen mode
  1. Trust should always be two-way. On server-b, generate the rsa keys (step 1), copy the public key (step 2), and then go back to server-a to append server-b's public key to the authorized_keys file (step 3).

  2. From server-a, try to SSH to server-b.
    From server-b, try to SSH to server-a.

If something goes wrong

  • Confirm that the IP you're using on the SSH command is still valid. The EC2 instances' public IP changes when stopped and started unless the instances are using Elastic IPs.
  • Check NACLs are set to default - they're normally unchanged
  • Ensure that they're on the same security group
  • Ensure that SSH through port 22 is allowed in the Inbound Rules section of the security group.
  • Try creating another destination EC2 instance in the same public subnet/Availability zone
  • You may also create another VPC and instances inside that VPC

References

These are some links that I find to be useful. You may find some others

Final Reminders!

  • Yes, even if you've done the steps a couple of times in the past, you might still forget how to do it. This is the why of this notes
  • Having said, always good to document.
  • Never ever share your Private key. That's yours and yours alone!
  • It is recommended to use key-based authentication instead of password-based authentication
  • You may try to search easier methods of connecting by using passwords but remember, passwords can be brute-forced!
  • Lastly, enjoy!

Image of Quadratic

Free AI chart generator

Upload data, describe your vision, and get Python-powered, AI-generated charts instantly.

Try Quadratic free

Top comments (0)

AWS Security LIVE! Stream

Stream AWS Security LIVE!

The best security feels invisible. Learn how solutions from AWS and AWS Partners make it a reality on Security LIVE!

Learn More

👋 Kindness is contagious

Install the lightweight Forem app for a better DEV experience

Let's go