Accessing Instances in Linux and UNIX
This section describes how to access Linux and UNIX instances using SSH.
How to Authorize Network Access to Your Instances
Before accessing your instance, you must authorize access.
To authorize access to your instance
ec2-authorizecommand to allow all IP addresses to access your instance through the port 80 (public web) IP address.
PERMISSION default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
Get the public IP address of your local machine by going to a search engine, entering "what is my IP address," and using one of the provided services.
ec2-authorizecommand to open port 22 (SSH port) to your IP address.
PERMISSION default ALLOWS tcp 22 22 FROM CIDR
This command allows access from your IP address only. If your IP address is dynamic, you need to use this command each time it changes. To allow additional IP address ranges, use this command for each range.
How to Connect to your Instance
This section describes how to connect to your instance.
To connect to your instance
Open a web browser and go to
<hostname>is your instance's public hostname as returned by ec2-describe-instances (
ec2-67-202-51-223.compute-1.amazonaws.comin the example).
A webpage welcoming you to your instance displays.
If the web site times out, your instance might not have finished starting up. Wait a couple of minutes and try again.
Whenever you launch a public AMI that you have not rebundled, run the
ec2-get-console-outputcommand and locate the
SSH HOST KEY FINGERPRINTSsection.
... ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 2048 bc:89:29:c6:45:4b:b3:e2:c1:41:81:22:cb:3c:77:54 /etc/ssh/ssh_host_key.pub ec2: 2048 fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66 /etc/ssh/ssh_host_rsa_key.pub ec2: 1024 b5:cd:88:6a:18:7f:83:9d:1f:3b:80:03:10:17:7b:f5 /etc/ssh/ssh_host_dsa_key.pub ec2: -----END SSH HOST KEY FINGERPRINTS-----...
Note the fingerprints. You will need to compare them in the next step.
Use the following command to login as root and exercise full control over this instance as you would any host.
The authenticity of host 'ec2-67-202-51-223.compute-1.amazonaws.com (188.8.131.52)' can't be established. RSA key fingerprint is fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66. Are you sure you want to continue connecting (yes/no)?
yesWarning: Permanently added 'ec2-67-202-51-223.compute-1.amazonaws.com' (RSA) to the list of known hosts. Last login: Wed Jun 21 08:02:08 2006
[email protected] #
If you are launching a public AMI, verify the fingerprint matches one of the fingerprints from the output of the
ec2-get-console-outputcommand. If it doesn't, someone might be attempting a "man-in-the-middle" attack.
Your machine might have a different name for the preceding ssh command or use different command line options.