Accessing Instances in Linux and UNIX
Authorizing Network Access to Your Instances
To authorize access to your instance
-
Enter the
ec2-authorize
command to allow all IP addresses to access your instance through the port 80 (public web) IP address.PROMPT>
PERMISSION default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
-
Get the public IP address of your local machine by going to a search engine, entering "what is my IP address," and using one of the provided services.
-
Enter the
ec2-authorize
command to open port 22 (SSH port) to your IP address.PROMPT>
your_ip_address
/32PERMISSION default ALLOWS tcp 22 22 FROM CIDR
your_ip_address
/32This command allows access from your IP address only. If your IP address is dynamic, you need to use this command each time it changes. To allow additional IP address ranges, use this command for each range.
Connecting to your Instance
To connect to your instance
-
Open a web browser and go to
http://<hostname>/
, where<hostname>
is your instance's public hostname as returned by ec2-describe-instances (ec2-67-202-51-223.compute-1.amazonaws.com
in the example).A webpage welcoming you to your instance displays.
Note If the website times out, your instance might not have finished starting up. Wait a couple of minutes and try again.
-
Whenever you launch a public AMI that you have not rebundled, run the
ec2-get-console-output
command and locate theSSH HOST KEY FINGERPRINTS
section.PROMPT>
instance_id
... ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 2048 bc:89:29:c6:45:4b:b3:e2:c1:41:81:22:cb:3c:77:54 /etc/ssh/ssh_host_key.pub ec2: 2048 fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66 /etc/ssh/ssh_host_rsa_key.pub ec2: 1024 b5:cd:88:6a:18:7f:83:9d:1f:3b:80:03:10:17:7b:f5 /etc/ssh/ssh_host_dsa_key.pub ec2: -----END SSH HOST KEY FINGERPRINTS-----
...Note the fingerprints. You will need to compare them in the next step.
-
Use the following command to login as root and exercise full control over this instance as you would any host.
$
ec2-67-202-51-223.compute-1.amazonaws.com
The authenticity of host 'ec2-67-202-51-223.compute-1.amazonaws.com (216.182.225.42)' can't be established. RSA key fingerprint is fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66. Are you sure you want to continue connecting (yes/no)?
yes
Warning: Permanently added 'ec2-67-202-51-223.compute-1.amazonaws.com' (RSA) to the list of known hosts. Last login: Wed Jun 21 08:02:08 2006root@ec2-67-202-51-223 #
If you are launching a public AMI, verify the fingerprint matches one of the fingerprints from the output of the
ec2-get-console-output
command. If it doesn't, someone might be attempting a "man-in-the-middle" attack.
Note | |
---|---|
Your machine might have a different name for the preceding ssh command or use different command line options. |