How to ssh from one ec2 instance to another?

I have created two EC2 instances on AWS. I created a key pair for each of them. I downloaded the .pem private keys and converted them into .ppk format. I can connect to each of my ec2 instances using PuTTY and their .ppk private key. But how do I SSH from one of my ec2 instance to the other? I can ping the Public DNS of either of them from the other. But if I try ssh from one to the other, I get:

Permission denied (publickey).


Method 1 - use the same keys on the servers:

Convert the keys to openssh format and upload the private keys to the servers. When you ssh to the destination host, specify the private key file:

ssh -i mykey.pem private.ip.of.other.server

Method 2 - Create new keys

On each server run:

ssh-keygen

Hit enter enter enter. You'll have two files:

.ssh/id_rsa
.ssh/id_rsa.pub

On Server A, cat and copy to clipboard the public key:

cat ~/.ssh/id_rsa.pub
[select and copy to your clipboard]

ssh into Server B, and append the contents of that to the it's authorized_keys file:

cat >> ~/.ssh/authorized_keys
[paste your clipboard contents]
[ctrl+d to exit]

Now ssh from server A:

ssh -i ~/.ssh/id_rsa private.ip.of.other.server

There is a 3rd and IMHO the best solution so called ssh agent forwarding:

  • on local machine configure ~/.ssh/config, by adding following section:
Host <ip-or-name-of-A-server>
  ForwardAgent yes
  • I assume on server A and B you have your local ~/.ssh/id_rsa.pub added to server's ~/.ssh/authorized_keys

While working on server A your keys can be used in further ssh communication - e.g.:

  • connecting to other server with ssh client - in this case to server B,
  • scp (secure copy),
  • git - you can pull/push using your local identity to your remote git repositories
  • etc.

To check to see if this works:

  • connect to server A
  • check if there is socket connection for key exchange by detecting SSH_AUTH_SOCK env var:
set|grep SSH_AUTH_ # output should be something like this:
SSH_AUTH_SOCK=/tmp/ssh-sEHiRF4hls/agent.12042

Notes:

  • you need to have ssh agent running - linux: ps -e | grep [s]sh-agent, for windows check putty's utilities pagent and plink
  • reference: https://help.github.com/articles/using-ssh-agent-forwarding
  • troubleshooting ssh:
    https://confluence.atlassian.com/display/BITBUCKET/Troubleshoot+SSH+Issues