Home » Groups » Amazon Web Services (S3, EC2)

SSH Authentication with Private Keys

Submitted by RyNy on Sat, 2009-11-07 19:19

Hello,

I've managed to authenticate. My first missteps were not understanding that ports 80 and 22 had to be open. I get the concept but for a non-sysadmin I assumed the EC2 defaults for Security Groups would be set to work automatically. I did finally manage to get to root using Terminal though once these ports were open.

Since I prefer a GUI I'm now trying to get past having to use Terminal on the Mac, but I can't really find a Mac SSH client that works with EC2's private keys. They all want me to authenticate with a username/pw.

I'm highly interested in using Panic's Coda tool (http://www.panic.com/coda/). Does anyone know how to configure my Mac to authenticate without having to pass the key to EC2. I've read a bit online about placing the key inside my ~/.ssh folder, but get really get a good handle on this. Any ideas? Anyone have any experience getting a GUI client like Transmit or Coda to work with EC2?

Thank you!

Groups:
Amazon Web Services (S3, EC2)
Login to post comments

Some Success!

RyNy - Sat, 2009-11-07 20:52

I think that I've managed to get Coda to authenticate with the EC2 private key. Can someone please verify that what I did makes sense.

  1. I created a new file: ~/.ssh/config
  2. I added the following to the config file:
    Host myserver
    HostName 1.2.3.4
    User root
    IdentityFile /Users/username/keys/myserver.key
  3. In CODA I created a "site" and for the server supplied "myserver". The Hostname, User, and Indentity File are passed by the config file

Login to post comments

I had the same issue with the ports

KentBye's picture
KentBye - Mon, 2009-11-09 23:45

I'm brand new to Amazon EC2, and in the introductory video, the default server settings were already configured.

And so it took me a while to find these instructions, which walk through setting up the default security group as following:

security-group

There's also a warning that says:

In this example, you enable any IP address to access ports 22 and 3389 of the instance. Although this might be acceptable for testing purposes, it is extremely unsafe for production environments. For production systems, you must obtain your public IP address ranges and grant access to those ranges only. For example, if your IP address is 103.55.22.234, you specify 103.55.22.234/32.

Does this mean that you should change the default group settings when you're ready to go live to production?
Or create a separate group with the specific settings?
Also, does this mean that we need to press the "Allocate New Address button to reserve an Elastic IP address" before we should go live as well?

Just curious how these security groups evolve over time.


Login to post comments

Good Question

RyNy - Tue, 2009-11-10 00:27

I opened ports 22 and 80. What is port 3389 for? Any other's that should be open/closed?


Login to post comments

3389

nullvariable's picture
nullvariable - Wed, 2009-11-11 03:39

3389 should only be open if you need access to the mysql server from another machine. I would recommend against leaving this port open in most cases.

Doug
http://twitter.com/nullvariable | http://www.nullvariable.com

Doug
http://twitter.com/nullvariable | http://www.nullvariable.com


Login to post comments