Connect to your Linux instance from Linux or macOS using SSH - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Connect to your Linux instance from Linux or macOS using SSH

You can use Secure Shell (SSH) to connect to your Linux instance from a local machine that runs a Linux or macOS operating system, or you can use a platform independent connection tool, such as EC2 Instance Connect or Amazon Systems Manager Session Manager. For more information about platform independent tools, see Connect to your Linux instance.

This page explains how to connect to your instance with an SSH client. To connect to your Linux instance from Windows, see Connect from Windows.

Note

If you receive an error while attempting to connect to your instance, make sure that your instance meets all of the SSH connection prerequisites. If it meets all of the prerequisites, and you're still not able to connect to your Linux instance, see Troubleshoot connecting to your instance.

SSH connection prerequisites

Before you connect to your Linux instance, complete the following prerequisites.

Check your instance status

After you launch an instance, it can take a few minutes for the instance to be ready so that you can connect to it. Check that your instance has passed its status checks. You can view this information in the Status check column on the Instances page.

Get the public DNS name and user name to connect to your instance

To find the public DNS name or IP address of your instance and the user name that you should use to connect to your instance, see Get information about your instance.

Locate the private key and set the permissions

To locate the private key that is required to connect to your instance, and to set the key permissions, see Locate the private key and set permissions.

Install an SSH client on your local computer as needed

Your local computer might have an SSH client installed by default. You can verify this by typing ssh at the command line. If your computer doesn't recognize the command, you can install an SSH client.

  • Recent versions of Windows Server 2019 and Windows 10 – OpenSSH is included as an installable component. For more information, see OpenSSH in Windows.

  • Earlier versions of Windows – Download and install OpenSSH. For more information, see Win32-OpenSSH.

  • Linux and macOS X – Download and install OpenSSH. For more information, see https://www.openssh.com.

Connect to your Linux instance using an SSH client

Use the following procedure to connect to your Linux instance using an SSH client. If you receive an error while attempting to connect to your instance, see Troubleshoot connecting to your instance.

Connect to your instance using SSH
  1. In a terminal window, use the ssh command to connect to the instance. You specify the path and file name of the private key (.pem), the user name for your instance, and the public DNS name or IPv6 address for your instance. For more information about how to find the private key, the user name for your instance, and the DNS name or IPv6 address for an instance, see Locate the private key and set permissions and Get information about your instance. To connect to your instance, use one of the following commands.

    • (Public DNS) To connect using your instance's public DNS name, enter the following command.

      ssh -i /path/key-pair-name.pem instance-user-name@instance-public-dns-name
    • (IPv6) Alternatively, if your instance has an IPv6 address, to connect using your instance's IPv6 address, enter the following command.

      ssh -i /path/key-pair-name.pem instance-user-name@instance-IPv6-address

    You see a response like the following:

    The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com.cn (198-51-100-1)' can't be established.
    ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY.
    Are you sure you want to continue connecting (yes/no)?
  2. (Optional) Verify that the fingerprint in the security alert matches the fingerprint that you previously obtained in (Optional) Get the instance fingerprint. If these fingerprints don't match, someone might be attempting a man-in-the-middle attack. If they match, continue to the next step.

  3. Enter yes.

    You see a response like the following:

    Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com.cn' (ECDSA) to the list of known hosts.

Transfer files to Linux instances using an SCP client

One way to transfer files between your local computer and a Linux instance is to use the secure copy protocol (SCP). This section describes how to transfer files with SCP. The procedure is similar to the procedure for connecting to an instance with SSH.

Prerequisites

The following procedure steps you through using SCP to transfer a file using the instance's public DNS name, or the IPv6 address if your instance has one.

To use SCP to transfer files between your computer and your instance
  1. Determine the location of the source file on your computer and the destination path on the instance. In the following examples, the name of the private key file is key-pair-name.pem, the file to transfer is my-file.txt, the user name for the instance is ec2-user, the public DNS name of the instance is instance-public-dns-name, and the IPv6 address of the instance is instance-IPv6-address.

    • (Public DNS) To transfer a file to the destination on the instance, enter the following command from your computer.

      scp -i /path/key-pair-name.pem /path/my-file.txt ec2-user@instance-public-dns-name:path/
    • (IPv6) To transfer a file to the destination on the instance if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets ([ ]), which must be escaped (\).

      scp -i /path/key-pair-name.pem /path/my-file.txt ec2-user@\[instance-IPv6-address\]:path/
  2. If you haven't already connected to the instance using SSH, you see a response like the following:

    The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com.cn (10.254.142.33)'
    can't be established.
    RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f.
    Are you sure you want to continue connecting (yes/no)?

    (Optional) You can optionally verify that the fingerprint in the security alert matches the instance fingerprint. For more information, see (Optional) Get the instance fingerprint.

    Enter yes.

  3. If the transfer is successful, the response is similar to the following:

    Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com.cn' (RSA) 
    to the list of known hosts.
    my-file.txt                                100%   480     24.4KB/s   00:00
  4. To transfer a file in the other direction (from your Amazon EC2 instance to your computer), reverse the order of the host parameters. For example, you can transfer my-file.txt from your EC2 instance to the a destination on your local computer as my-file2.txt, as shown in the following examples.

    • (Public DNS) To transfer a file to a destination on your computer, enter the following command from your computer.

      scp -i /path/key-pair-name.pem ec2-user@instance-public-dns-name:path/my-file.txt path/my-file2.txt
    • (IPv6) To transfer a file to a destination on your computer if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets ([ ]), which must be escaped (\).

      scp -i /path/key-pair-name.pem ec2-user@\[instance-IPv6-address\]:path/my-file.txt path/my-file2.txt