This is a short tutorial on on using Amazon Web Service's EC2 instances and in particular accessing them through SSH using the provided PEM key. This is a basic one user setup.

When creating an EC2 instance you will be prompted to download a private key, or import one you've already been using. After downloading it will likely be saved to your /Downloads folder. You have a few options now. The default behavior you can work with is to use your console to SSH into your instance now. Not recommended.

The general format for using SSH and indicating you will be using a key is the following: ?> ssh -i ~/path/to/key.pem ec2UserNameForInstance@PublicDNSvalueForInstance

That command might look like:

?> ssh -i /home/USER/Downloads/YOUR-PEM-KEY.pem ec2-user@ec2-11-22-33-444.us-west-1.compute.amazonaws.com

Let's begin improving this iteratively.

You can shorten the Public DNS to its IPv4 Public IP address. (You can see it in the Public DNS.)

?> ssh -i ~/USER/Downloads/YOUR-PEM-KEY.pem ec2-user@11.22.33.444

SSH key storage

That's as short as you can make the target of your access. Now let's improve the security of your PEM key. Keeping it in your Downloads folder is certainly possible, but if you ever clear your Downloads, poof, you can never access your instance again. Amazon will not and cannot provide you a replacement.

It is common practice to store your SSH keys in your SSH folder. Found here: ~/.ssh/

This folder is . hidden and is also conveniently where your SSH can be configured.

IdentityFile

There are different ways of configuring your PEM key to be used automatically. Once configured you won't need to specify -i and include the path to your key.

Access ~/.ssh/config and add 'IdentityFile path/to/key.pem'. If you've moved your key to where I recommended, your line will read 'IdentityFile ~/.ssh/key.pem'.

This method worked for me, there are other ways of doing this through specifying Host etc. You should pursue this when working with many keys.

Your log in command now reads:

?> ssh ec2-user@11.22.33.444

Now of course I've shortened it further through an alias. Edited my ~/.bashrc to add:

alias aws1='ssh ec2-user@11.22.33.444'

chmod

If you had a problem logging in from the very first command, it is likely a file permissions issue. You might want to read more on this elsewhere, but I'll give my take and what worked for me.

SSH requires your key to not be Readable and Writeable by all users. A quick way of checking your permissions is to navigate to ~/.ssh/ and typing 'ls -la'. You should see something like '-r--r--r--' to the left for your key. The proper setting changes depending on which user you are. Try setting your file permission to the one I suggested.

This is done through the 'chmod' Linux command.

?> chmod 444 aws-key.pem

Each number corresponds to a column. The third number and column should be 4 or r-- if you want to ssh with that key as your current user.