how to connect from one ec2 instance to another ec2 instance through ssh

StackOverflow https://stackoverflow.com/questions/21780490

  •  11-10-2022
  •  | 
  •  

Question

I have two amazon ec2 instances

i can connect to those ec2 instance from my windows using putty (by the public key generated from the private key provided by amazon)

now i want to install tungsten replicator into my ec2 instances and tungsten replicator needs ssh access from one ec2 instance to another ec2 instance

i tried to check that ssh is working or not from one ec2 instance to another i tried:

ssh ec2-user@public ip of destination instance
//also tried
ssh ec2-user@private ip destination instance

but its not working

i got following error:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

i have search on google and tried some trick but none of them worked

sometime i got following error:

Address public_ip maps to xxxx.eu-west-1.compute.amazonaws.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

can anyone please tell me how to connect ssh from one ec2 instance to another

Was it helpful?

Solution

I'd suggest you to create a special keypair for the tungsten user.

cd tungsten-user-home/.ssh
ssh-keygen -t rsa
mv id-rsa.pub authorized-keys

And then copy both files to the other host in the same place and permissions.

This will allow tungsten to work without requiring your own key.

OTHER TIPS

Just like when you have to ssh from you local machine to an EC2 instance, you need to provide the ssh command the proper pem file:

ssh -i my_pem_file.pem ec2-user@private-or-public-ip-or-dns

Just in case anyone ponder on this question, here is my 2 cents.

Connecting one EC2 instance from another EC2 instance will work as suggested by "Uri Agassi". Considering best practices and security, it will be good idea to create and assign a role to source EC2 instance.

One way to allow one EC2 instance to connect to another is to set an ingress rule on the target EC2 instance that lets it accept traffic from the source EC2 instance's security group. Here's a Python function that uses Boto3 to do this:

import boto3
ec2 = boto3.resource('ec2')

def allow_security_group_ingress(target_security_group_id, source_security_group_name):
    try:
        ec2.SecurityGroup(target_security_group_id).authorize_ingress(
            SourceSecurityGroupName=source_security_group_name)
        logger.info("Added rule to group %s to allow traffic from instances in "
                    "group %s.", target_security_group_id, source_security_group_name)
    except ClientError:
        logger.exception("Couldn't add rule to group %s to allow traffic from "
                         "instances in %s.",
                         target_security_group_id, source_security_group_name)
        raise

After you've set this, put the private key of the key pair on the source instance and use it when you SSH from the source instance:

ssh -i {key_file_name} ec2-user@{private_ip_address_of_target_instance}

There's a full Python example that shows how to do this on GitHub /awsdocs/aws-doc-sdk-examples.

See, if you have deployed both machines with the same key pair, or different, it's not a problem just go to your host ec2 machine and in .ssh folder make a key file with the same name of the key that is used to create the second machine, now use chmod 400 keypair name and then try ssh -i keyname user-name@IP

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top