How to connect to EC2 via SSH

Topic: Cloud aws core

Connect to a Linux EC2 instance using the key pair you chose at launch. Set permissions on the private key, use the correct user name for the AMI, and fix security group or network if connection fails. Use this when you cannot SSH to a new or existing instance.

Intent: How-to

Quick answer

  • chmod 600 key.pem so the key is not world-readable. ssh -i key.pem ec2-user@PUBLIC_IP (Amazon Linux); for Ubuntu use ubuntu@; for other AMIs check the vendor (e.g. centos, admin).
  • Security group must allow inbound TCP 22 from your IP (or bastion). If the instance has no public IP, use Session Manager, a bastion, or VPN to reach the private IP.
  • Connection refused: instance not ready, wrong port, or security group blocking. Timeout: wrong IP, NACL, or route; check default gateway and that the instance is in a public subnet if using public IP.

Prerequisites

Steps

  1. Prepare the key

    chmod 600 key.pem. Use the private key that matches the key pair selected at launch; key pair names are region-specific so ensure you are in the correct region.

  2. Use the right user and address

    Amazon Linux: ec2-user@. Ubuntu: ubuntu@. Other AMIs: check documentation. Use the instance public IP or public DNS from the console or describe-instances; ensure the instance state is running.

  3. Allow SSH in security group

    Edit the instance security group: add inbound rule TCP 22 from your IP (e.g. My IP) or from the bastion security group. Save and retry SSH.

  4. If no public IP

    Use EC2 Instance Connect (browser), Session Manager (no inbound 22 needed), or a bastion in a public subnet. SSH to the bastion then to the instance private IP.

Summary

Use the correct key (chmod 600) and AMI user name; allow TCP 22 in the security group from your IP. Use Session Manager or a bastion if the instance has no public IP. Use this to get SSH access to EC2.

Prerequisites

Steps

Step 1: Prepare the key

chmod 600 key.pem; use the key that matches the instance key pair in the same region.

Step 2: Use the right user and address

Use ec2-user (Amazon Linux), ubuntu (Ubuntu), or the AMI default user. Use the instance public IP or DNS.

Step 3: Allow SSH in security group

Add inbound TCP 22 from your IP (or bastion) in the instance security group.

Step 4: If no public IP

Use Instance Connect, Session Manager, or a bastion; then SSH to the private IP.

Verification

SSH login succeeds; you have a shell on the instance.

Troubleshooting

Permission denied (publickey) — Wrong key or user; verify key pair name and AMI user. Connection refused — Security group or instance not listening; check port 22 and state. Timeout — Network: NACL, route, or no public IP; use bastion or Session Manager.

Next steps

Continue to