Home > cloud book, cloud computing > A quick overview of PuTTY and SSH for AWS Newbies

A quick overview of PuTTY and SSH for AWS Newbies

Linux Access with SSH & PuTTY

This post will (attempt) to explain what SSH and PuTTY are so that as a user you understand the terminology of AWS and so that you can be productive in the environment. This post will not attempt to make you an expert in SSH. For best practices in implementing SSH, I strongly recommend a book dedicated to hardening *nix (Linux, Unix, Solaris, etc).

SSH

In the early days, not that long ago really, of networking, very simple tools were used to work with remote computers: telnet as a console, ftp for file copying, rsh for remote command execution and others. These were easy to configure and use tools. They were client server in that a software component needed to run on both the local machine (client) and the remote machine (server).

While easy to use, they were very insecure. They made no pretense at verifying that the calling host really was the calling host. Everything was username/password based and both the username and the password were passed around the network in cleartext. If you intercepted the little data packages that were being routed around the network (with a sniffer for example), you would be able to extract the login credentials. Even if you encrypted all of your data, your credentials were still in the clear.

SSH is an attempt (quite successful) to fix those insecurities without making things anymore complex than they need to be. SSH stands for Secure SHell. However, SSH is not really a command shell, it is rather a protocol that encrypts communications. That means that programs that use SSH can work like telnet or ftp but will be more secure.

Note: Technically, SSH is also a tool. There is a client terminal program called SSH. It’s a non-graphical command line tool that provides a window which executes a command shell on the remote system.

SSH offers multiple modes of connecting but for the purposes of AWS, we will talk about key based access. To make things more secure, EC2 uses a key based authentication. Before starting an instance, you need to create a key pair.

Note: The below explanation of SSH is a gross over simplification. I am just trying to give you a feel for what is going on. If you really want to understand the technical details, I really do recommend that you purchase a book. My personal recommendation is SSH, The Secure Shell: The Definitive Guide from O’Reilly.

When an instance starts up for the first time, EC2 copies the ssh key that you created to the proper directory on the remote server. The remote server will be running the SSH Server software.

You will then use an SSH client to connect to the server. The client will ask for some information proving that the server really is who it says it is. The first time you connect to a server, the client won’t have that information available so it will prompt you to vertify that the server is legitimate.

You verify that information by comparing a thumbprint. Verifying a host is a bit beyond this book but do an internet search for for “ssh host thumbprint”. You’ll find a variety of articles explaining it in detail.

Once the client accepts the host, the client will send secret information to the host. This is your key data. If the host is able to make a match, it will authenticate you and let you login in. If the host then asks for a password, you key did not work and something is not configured properly. In my experience, it will probably be that your client key file is not in the place your client is expecting it to be.

What happens next depends on the tool you are using. If you are using a terminal program, ssh for example, you will now have a command prompt. If you are using sftp or scp, you will be able to copy files.

In addition to command line tools, there are GUI tools that use the SSH protocol. WinSCP is an excellent SCP client for Windows.

Regardless of the tools you use, SSH is busy encrypting everything you send over the wire. The SSH protocol has evolved over the years, and will probably evolve even more in the future, but it is currently running a very secure form of encryption.

If you are running Linux, you are pretty much finished at this point. SSH ships with every Linux distribution that I am aware of. If you are using Windows, however, you either need to install CyWin (a unix environment that runs in windows), or you’ll want to get PuTTY.

PuTTY

You can download all of the programs discussed in this section at:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

I honestly have no idea why PuTTY is spelled PuTTY. I can figure the TTY part of it is from the Unix command that output a display. I’m not sure bout the Pu though.

I do know what PuTTY is though. PuTTY is a very simple implementation of an MS-Windows SSH terminal client. When I say it is simple, I mean that as a complement. This is a tool that does not get in the way.

You tell PuTTY to connect to a remote server and, as long as your keys are configured, it will connect you. If are not using keys, you can connect with passwords (if the host allows that). As a best practice, keys are recommends over passwords.

PuTTY is the terminal client but you can get a couple of other tools from the same author. PSFTP and PSCP offer secure file transfers. These tools are as easy to use as PuTTY and work pretty much the same way.

For command line syntax and configuration, take a look at the documentation at the link above.

A note about SSH keys and PuTTY, they are not compatible. This same web site offers a utility called PuTTYgen. When you create a key pair for EC2, you download that file to your local machine. PuTTYgen converts that file (a .pem file) to a private key file (a .ppk file).

PuTTY Key Generator

PuTTY Key Generator

The tool is named puttygen.exe. Run the executable and the above window pops up. To convert an amazon key to a PuTTY key, use the menu option Conversions ? Import Key. Load the .pem file that you downloaded and press the Save Private Key button.

It will warn you about leaving the passphrase blank. That’s ok.

Save the file to the location that PuTTY has been configured to look in for it’s keys.

  1. November 7th, 2009 at 18:18 | #1

    Lew,

    Very useful blog! Great info!

    This is the first blog I have ever found where I not only
    read the current article and subscribed to the RSS feed
    for future articles, but also went back and read every
    single old article. Lots of good stuff here. Thanks!

    I had already written my own series of tips on Cloud
    Computing at:
    http://bristle.com/Tips/CloudComputing.htm
    and had already prepared and delivered my own talk on
    Cloud Computing at:
    http://bristle.com/Presentations/CloudComputing
    using my own open source HTML/JavaScript-based
    PowerPoint-like software available at:
    http://bristle.com

    I have now gone back and added “For more info” links to
    several of your blog articles from several of my tips and
    slides.

    Thanks!
    –Fred Stluka

  2. Joe Negron
    December 7th, 2009 at 17:59 | #2

    Thank you for breaking it down. I lost hours trying to get it to go. I read the PuTTY manual and the AWS docs but was still floundering. I didn’t download the KeyGen.

    You just took the “Pu” out of PuTTY, for me. It stunk before I found your article.

  3. justintime
    March 12th, 2010 at 17:00 | #3

    I just can’t believe that in this day and age we are still forced to use command lines for simple tasks…and people talk crap about MS RDP. They deserve a praise.

  4. Daminda
    March 14th, 2010 at 09:46 | #4

    Hi bro,

    Thank you for this help…
    I had a hard time for connecting to the intances via putty.
    Thank you again. Please publish this link on voxilla web page also.
    http://voxilla.com/2009/02/13/asterisk-amazon-ec2-1178#comment-430

    BR
    Daminda

  5. David Sumner
    November 8th, 2010 at 06:06 | #5

    Thank you! This is one of those irritating things that would burn an hour (or more) trying to figure out on your own. It’s great that people take the time out to share their knowledge.

  6. January 14th, 2011 at 18:31 | #6

    Thanks a lot for the info however it doesn’t actually tell me how I setup Putty to work with AWS.

  7. Lew
    January 14th, 2011 at 22:51 | #7

    I cover ssh on aws in depth on several posts. Do a search on “site:clouddb.info ssh aws”. Hopefully that will give you what you’re looking for.

  8. Ty
    September 16th, 2011 at 00:00 | #8

    help please.

    I cannot get passed Login as:

    I fairly certain Ive entered everything correctly to this point. I see my ec2 public dns in the banner.

    I tried $ ssh =1 … with my public key, ami, public dns

    I tried login as “root”

    I copied everything from the dashboard, what am I missing?

    help please. Ty

  9. September 18th, 2011 at 03:39 | #9

    http://docs.amazonwebservices.com/AWSEC2/latest/GettingStartedGuide/
    Here is the complete connection instruction

  10. rumovoice
    August 28th, 2012 at 16:20 | #10

    Also there is a tool that lets you SSH to your Amazon EC2 instances more quickly (still using putty) https://github.com/poma/AwsSsh

  1. June 16th, 2010 at 20:46 | #1
  2. January 14th, 2011 at 13:04 | #2
  3. September 3rd, 2011 at 15:43 | #3
  4. September 25th, 2011 at 21:14 | #4
  5. November 21st, 2011 at 17:30 | #5
  6. March 16th, 2012 at 08:35 | #6


6 + = fourteen