EC2 – ssh configuration with .pem keys

How can I ssh to my aws ec2 instance? That is quite often asked question.

This short article explains how to connect to EC2 server using your ssh command and how to configure ssh to avoid passing additional parameters every single time.

Connecting to Amazon EC2

Before you get connected you will have to download Amazon EC2 .pem file and copy it into your secured location. Good place to store the key would be your local ssh folder:

/Users/your_user_name/.ssh/ec2.pem or /home/your_user_name/.ssh/ec2.pem

To test ssh connection you would need to run below command from your console, replacing with your server name.

If you got connected certification worked as it should. Otherwise make sure you are running this command from the right folder and you passing right location to your file. Also remember that EC2 standard user is not root but ec2-user.

Configuring shortcut for even quicker access

Open or create ~/.ssh/config file using your favorite editor like pico, nano or vim.

and then paste following line replacing with the id you want to use and location to .pem file with correct one.

Next save config changes and set right permissions of your PEM file to 700 to (1) protect it from unauthorized eyes and (2) to give your ssh client exactly what  is required.

You are ready to go. Just type:

If you need root access use:

Freelance developer, IT enthusiast, blogger with entrepreneurial spirit and passion for making games

Tagged with:
, , , , ,
Posted in
16 comments on “EC2 – ssh configuration with .pem keys
  1. DJ Burdick says:

    should be noted that the default user is not always “ec2-user”. i launched an ubuntu instance and the default there is: “ubuntu”

  2. admin says:

    @DJ Burdick: yes… that is true. Thank you for mentioning that. “ec2-user” is login for standard, Centos based, AWS Ami

  3. NP says:

    Thanks, very useful. I keep running into an issue that the host name I specify in the first line of the .ssh/config file is not recognized (I get the error ssh: Could not resolve hostname aws1: hostname nor servname provided, or not known).
    It works OK if I specify the full (and very long) host name of the EC2 instance. Do I need to edit the known_hosts file to allow me to use my own shortened version of the EC2 hostname? Can the known_hosts file be updated automatically?
    By the way, I’m running cygwin on a windows machine to connect to the EC2 instance.

    • admin says:

      Hi NP. I never tried that solution on Cygwin but as never had problem with short host names I would assume that it might be Cygwin related. How does you known_hosts file look like at the moment. Why do you run Cygwin and not linux in virtual machine for example?

  4. dkent76 says:


    Is it possible to make two config files? I have 2 instances running and would like to have two separate shortcuts

    • admin says:

      Well… one config file is enough to create shortcuts for multiple instances.
      You could go like this:

  5. Josir says:

    First of all, thanks for your post! Shortcut was a must.

    What if I need to grant access to another user ? Is it possible to add a new user with a distinct pem file ?

    • admin says:

      Well… if you mean another user account in your system then create another config file for that user. If however you mean another user to the same server (not sure why would you want to do it though) just extend current config. It could look something like this:

      • Josir says:

        I have a single server and I want to grant access to several developers. Each user will have his linux login. I understand that the only way to connect via ssh is using the .pem file, correct ?

        Thanks for the reply!

        • admin says:

          Nope you can create regular SSH access on your EC2 server. It is slightly outside of this scope but google will be your friend here, just remember to keep right ports open. If you want to stick with pem keys I am sure there is a way to do it as well but again… google is your friend ^_^

      • Josir says:

        Let me see if I get it: with the above solution, whoever has the .pem file can access all users with the same .pem authorization in their .ssh/authorized_keys :/

        Is it to possible to create several .pem files on a Amazon server?

        • admin says:

          @Josair – pem file is being generated as a result of creating key pair, which is assigned to your server at the time of spawning an instance. Unless I missed something you can only use one key_pair per server

  6. Mark says:

    The step for adding the “User ec2-user” to the ~/.ssh/config helped me tremendously. I was trying to locally run a git fetch against a remote git repository that is hosted on my EC2.

    Thanks again!

  7. Marcus LeFlore says:

    This is a very good article on SSH login without password. One that worked for me when I first started doing this. It’s very simple, concise and easy to understand.

5 Pings/Trackbacks for "EC2 – ssh configuration with .pem keys"
  1. [...] you are Unix based OS user here is good tutorial: EC2 – ssh configuration with .pem keys , which will guide you through and demonstrate [...]

  2. [...] machine.  Set up a .ssh/config file where you define the host and identity.  Good directions are here. The result is that establishing an ssh  connection should be as easy [...]

  3. [...] EC2 – ssh configuration with .pem keys | [...]

  4. [...] For Linux/IOS: EC2 – ssh configuration with .pem keys [...]

  5. [...] Here’s how you set up an SSH shortcut for easy login. [...]

Leave a Reply