Accessing Instances in Linux and UNIX

Amazon Elastic Compute Cloud: 2009-10-31

previous page next page

Accessing Instances in Linux and UNIX

This section describes how to access Linux and UNIX instances using SSH.

How to Authorize Network Access to Your Instances

Before accessing your instance, you must authorize access.

To authorize access to your instance

Enter the ec2-authorize command to allow all IP addresses to access your instance through the port 80 (public web) IP address.
```
PROMPT>  ec2-authorize default -p 80
PERMISSION     default  ALLOWS  tcp     80      80      FROM    CIDR   0.0.0.0/0 
```
Get the public IP address of your local machine by going to a search engine, entering "what is my IP address," and using one of the provided services.
Enter the ec2-authorize command to open port 22 (SSH port) to your IP address.
```
PROMPT>  ec2-authorize default -p 22 -s your_ip_address/32
PERMISSION     default  ALLOWS  tcp     22      22      FROM    CIDR   your_ip_address/32
```
This command allows access from your IP address only. If your IP address is dynamic, you need to use this command each time it changes. To allow additional IP address ranges, use this command for each range.

How to Connect to your Instance

This section describes how to connect to your instance.

To connect to your instance

Open a web browser and go to http://<hostname>/, where <hostname> is your instance's public hostname as returned by ec2-describe-instances (ec2-67-202-51-223.compute-1.amazonaws.com in the example).

A webpage welcoming you to your instance displays.

Note

If the web site times out, your instance might not have finished starting up. Wait a couple of minutes and try again.

Whenever you launch a public AMI that you have not rebundled, run the ec2-get-console-output command and locate the SSH HOST KEY FINGERPRINTS section.

PROMPT> ec2-get-console-output instance_id ... ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 2048 bc:89:29:c6:45:4b:b3:e2:c1:41:81:22:cb:3c:77:54 /etc/ssh/ssh_host_key.pub ec2: 2048 fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66 /etc/ssh/ssh_host_rsa_key.pub ec2: 1024 b5:cd:88:6a:18:7f:83:9d:1f:3b:80:03:10:17:7b:f5 /etc/ssh/ssh_host_dsa_key.pub ec2: -----END SSH HOST KEY FINGERPRINTS----- ...

Note the fingerprints. You will need to compare them in the next step.

Use the following command to login as root and exercise full control over this instance as you would any host.

$ ssh -i id_rsa-gsg-keypair root@ec2-67-202-51-223.compute-1.amazonaws.com The authenticity of host 'ec2-67-202-51-223.compute-1.amazonaws.com (216.182.225.42)' can't be established. RSA key fingerprint is fc:8d:0c:eb:0e:a6:4a:6a:61:50:00:c4:d2:51:78:66. Are you sure you want to continue connecting (yes/no)?yes Warning: Permanently added 'ec2-67-202-51-223.compute-1.amazonaws.com' (RSA) to the list of known hosts. Last login: Wed Jun 21 08:02:08 2006 root@ec2-67-202-51-223 #

If you are launching a public AMI, verify the fingerprint matches one of the fingerprints from the output of the ec2-get-console-output command. If it doesn't, someone might be attempting a "man-in-the-middle" attack.

Note

Your machine might have a different name for the preceding ssh command or use different command line options.

	Note
If the web site times out, your instance might not have finished starting up. Wait a couple of minutes and try again.

	Note
Your machine might have a different name for the preceding ssh command or use different command line options.

previous page start next page