Nội Dung Chính

Set up to connect to your instance

To set up to connect to a Windows instance, see Prerequisites in the Amazon EC2 User Guide for Windows Instances.

Perform the tasks in this topic to set up to connect to your Amazon EC2 Linux instance. For
prerequisites specific to connection types, such as SSH, EC2 Instance Connect, OpenSSH, PuTTY,
and more, see the following options for connecting from Linux, macOS X, or
Windows.

Linux or macOS X

If your local computer operating system is Linux or macOS X, the following options to
connect to your instance are supported:

Windows

If your local computer operating system is Windows, the following options to
connect to your instance are supported:

Troubleshoot connecting to your instance

Troubleshoot connecting to your
instance

Get information about
your instance

To prepare to connect to an instance, get the following information from the Amazon EC2 console or by using the AWS CLI.

The Instances pane of the Amazon EC2 console.

Get the public DNS name of the instance.

You can get the public DNS for your instance from the Amazon EC2 console. Check the
Public IPv4 DNS column of the
Instances pane. If this column is hidden, choose the
settings icon (

) in the top-right corner of the screen, and select
Public IPv4 DNS. You can also find the public DNS in the
instance information section of the Instances pane. When you
select the instance in the Instances pane of the Amazon EC2 console,
information about that instance will appear on the lower half of the page. Under the
Details tab, look for Public IPv4
DNS.

If you prefer, you can use the describe-instances
(AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) commands.

If no Public IPv4 DNS is displayed, verify that the
Instance state is Running, and that
you have not launched the instance in a private subnet. If you launched your
instance using the launch instance
wizard, you may have edited the Auto-assign public
IP field under Network settings and changed the
value to Disable. If you disable the Auto-assign
public IP option, the instance is not assigned a public IP address
when it is launched.
(IPv6 only) Get the IPv6 address of the
instance.

If you assigned an IPv6 address to your instance, you can optionally connect to
the instance using its IPv6 address instead of a public IPv4 address or public IPv4
DNS hostname. Your local computer must have an IPv6 address and must be configured
to use IPv6. You can get the IPv6 address of your instance from the Amazon EC2 console.
Check the IPv6 IPs column of the Instances
pane. Or, you can find the IPv6 address in the instance information section. When
you select the instance in the Instances pane of the Amazon EC2
console, information about that instance will appear on the lower half of the page.
Under the Details tab, look for IPv6
address.

If you prefer, you can use the describe-instances
(AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) commands. For more information about IPv6,
see IPv6 addresses.
Get the user name for your instance.

You can connect to your instance using the username for your user account or the default
username for the AMI that you used to launch your instance.
- Get the username for your user account.
  
  For more information about how to create a user account, see Manage users on your Linux instance.
- Get the default username for the AMI that you used to launch your instance:
  
  AMI used to launch instance
  Default username
  
  Amazon Linux 2023
  
  Amazon Linux 2
  
  Amazon Linux
  
  ec2-user
  
  CentOS
  centos or ec2-user
  
  Debian
  admin
  
  Fedora
  fedora or ec2-user
  
  RHEL
  ec2-user or root
  
  SUSE
  ec2-user or root
  
  Ubuntu
  ubuntu
  
  Oracle
  ec2-user
  
  Bitnami
  bitnami
  
  Other
  Check with the AMI provider

Locate the private key and set the
permissions

You must know the location of your private key file to connect to your instance. For SSH
connections, you must set the permissions so that only you can read the file.

For information about how key pairs work when using Amazon EC2, see Amazon EC2 key pairs and Linux instances.

Locate the private key

Get the fully-qualified path to the location on your computer of the
.pem file for the key pair that you specified when you launched the
instance. For more information, see Identify the public key specified at launch. If you can’t find your
private key file, see I’ve lost my private key. How can I connect to my Linux instance?

If you are connecting to your instance using Putty and need to convert the
.pem file to .ppk, see Convert your private key using PuTTYgen in the
Connect to your Linux instance from Windows using PuTTY topic in this
section.
Set the permissions of your private key so that only
you can read it
- Connect from macOS or Linux
  
  If you plan to use an SSH client on a macOS or Linux computer to connect to your Linux
  instance, use the following command to set the permissions of your private key file so that
  only you can read it.
```
chmod 400 key-pair-name.pem
```
  If you do not set these permissions, then you cannot connect to your instance using this
  key pair. For more information, see Error: Unprotected private key file.
- Connect from Windows
  
  Open File Explorer and right-click on the .pem file. Select
  Properties > Security
  tab and choose Advanced. Choose
  Disable inheritance. Remove access to all
  users except for the current user.

(Optional) Get the instance fingerprint

To protect yourself from man-in-the-middle attacks, you can verify the fingerprint of your
instance when you connect to it. Verifying the fingerprint is useful if you
launch your instance from a public AMI provided by a third party.

Task overview

First, get the instance fingerprint. When you connect to the instance, you are prompted to
verify the fingerprint. Compare the fingerprint you obtained with the fingerprint
displayed. If the fingerprints don’t match, someone might be attempting a man-in-the-middle attack. If they match, you can
confidently connect to your instance.

Prerequisites to get the instance fingerprint

To get the instance fingerprint, you must use the AWS CLI. For information about installing
the AWS CLI, see Installing the AWS Command Line Interface
in the AWS Command Line Interface User Guide.
The instance must not be in the pending state. The fingerprint is available
only after the first boot of the instance is complete.

To get the instance fingerprint

On your local computer (not on the instance you are connecting to), use
the get-console-output (AWS CLI) command as follows to obtain the
fingerprint of the instance. You must be the instance owner to get the
console output. If the output is large, you can pipe it
to a text file, where it might be easier to read. Note that you
must specify an AWS Region when you use the AWS CLI, either explicitly or by
setting a default Region. For information about how to set or specify a
Region, see Configuration
basics in the AWS Command Line Interface User Guide.
```
aws ec2 get-console-output --instance-id instance_id --output text > temp.txt
```

The following example output shows what you should look for when you run the get-console-output command. The exact output can vary by
operating system, AMI version, and whether AWS created the key
pairs.

ec2: ############################################################# ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 1024 SHA256:7HItIgTONZ/b0CH9c5Dq1ijgqQ6kFn86uQhQ5E/F9pU root@ip-10-0-2-182 (DSA) ec2: 256 SHA256:l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY root@ip-10-0-2-182 (ECDSA) ec2: 256 SHA256:kpEa+rw/Uq3zxaYZN8KT501iBtJOIdHG52dFi66EEfQ no comment (ED25519) ec2: 2048 SHA256:L8l6pepcA7iqW/jBecQjVZClUrKY+o2cHLI0iHerbVc root@ip-10-0-2-182 (RSA) ec2: -----END SSH HOST KEY FINGERPRINTS----- ec2: #############################################################

Set up to connect to your instance – Amazon Elastic Compute Cloud