How to ssh from one ec2 instance to another?

--------------------------------------------------
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Secret Catacombs

--

Chapters
00:00 How To Ssh From One Ec2 Instance To Another?
00:44 Accepted Answer Score 14
01:48 Answer 2 Score 8
03:18 Answer 3 Score 0
03:56 Thank you

--

Full question
https://superuser.com/questions/1135766/...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#ssh #amazonwebservices #amazonec2 #privatekey

#avk47

ACCEPTED ANSWER

Score 14

Method 1 - use the same keys on the servers:

Convert the keys to openssh format and upload the private keys to the servers. When you ssh to the destination host, specify the private key file:

ssh -i mykey.pem private.ip.of.other.server

Method 2 - Create new keys

On each server run:

ssh-keygen

Hit enter enter enter. You'll have two files:

.ssh/id_rsa
.ssh/id_rsa.pub

On Server A, cat and copy to clipboard the public key:

cat ~/.ssh/id_rsa.pub
[select and copy to your clipboard]

ssh into Server B, and append the contents of that to the it's authorized_keys file:

cat >> ~/.ssh/authorized_keys
[paste your clipboard contents]
[ctrl+d to exit]

Now ssh from server A:

ssh -i ~/.ssh/id_rsa private.ip.of.other.server

ANSWER 2

Score 8

There is a 3rd and IMHO the best solution so called ssh agent forwarding:

on local machine configure ~/.ssh/config, by adding following section:

Host <ip-or-name-of-A-server>
  ForwardAgent yes

I assume on server A and B you have your local ~/.ssh/id_rsa.pub added to server's ~/.ssh/authorized_keys

While working on server A your keys can be used in further ssh communication - e.g.:

connecting to other server with ssh client - in this case to server B,
scp (secure copy),
git - you can pull/push using your local identity to your remote git repositories
etc.

To check to see if this works:

connect to server A
check if there is socket connection for key exchange by detecting SSH_AUTH_SOCK env var:

set|grep SSH_AUTH_ # output should be something like this:
SSH_AUTH_SOCK=/tmp/ssh-sEHiRF4hls/agent.12042

Notes:

you need to have ssh agent running - linux: ps -e | grep [s]sh-agent, for windows check putty's utilities pagent and plink
reference: https://help.github.com/articles/using-ssh-agent-forwarding
troubleshooting ssh:
https://confluence.atlassian.com/display/BITBUCKET/Troubleshoot+SSH+Issues

ANSWER 3

Score 0

A new AWS solution for the problem.

EC2 Instance Connect

Here's a blog post for the same:

AWS Blog

Please note:

The SSH public keys are only available for one-time use for 60 seconds in the instance metadata. To connect to the instance successfully, you must connect using SSH within this time window. Because the keys expire, there is no need to track or manage these keys directly, as you did previously.