How to ssh from one ec2 instance to another?
Method 1 - use the same keys on the servers:
Convert the keys to openssh format and upload the private keys to the servers. When you ssh to the destination host, specify the private key file:
ssh -i mykey.pem private.ip.of.other.server
Method 2 - Create new keys
On each server run:
ssh-keygen
Hit enter enter enter. You'll have two files:
.ssh/id_rsa
.ssh/id_rsa.pub
On Server A, cat and copy to clipboard the public key:
cat ~/.ssh/id_rsa.pub
[select and copy to your clipboard]
ssh into Server B, and append the contents of that to the it's authorized_keys file:
cat >> ~/.ssh/authorized_keys
[paste your clipboard contents]
[ctrl+d to exit]
Now ssh from server A:
ssh -i ~/.ssh/id_rsa private.ip.of.other.server
There is a 3rd and IMHO the best solution so called ssh agent forwarding:
- on local machine configure ~/.ssh/config, by adding following section:
Host <ip-or-name-of-A-server> ForwardAgent yes
- I assume on server A and B you have your local ~/.ssh/id_rsa.pub added to server's ~/.ssh/authorized_keys
While working on server A your keys can be used in further ssh communication - e.g.:
- connecting to other server with ssh client - in this case to server B,
- scp (secure copy),
- git - you can pull/push using your local identity to your remote git repositories
- etc.
To check to see if this works:
- connect to server A
- check if there is socket connection for key exchange by detecting SSH_AUTH_SOCK env var:
set|grep SSH_AUTH_ # output should be something like this: SSH_AUTH_SOCK=/tmp/ssh-sEHiRF4hls/agent.12042
Notes:
- you need to have ssh agent running - linux:
ps -e | grep [s]sh-agent
, for windows check putty's utilities pagent and plink - reference: https://help.github.com/articles/using-ssh-agent-forwarding
- troubleshooting ssh:
https://confluence.atlassian.com/display/BITBUCKET/Troubleshoot+SSH+Issues