CHAPTER 05
Beginner
Connecting to EC2 Servers
Updated: May 15, 2026
20 min read
# CHAPTER 5
Connecting to EC2 Servers
1. Introduction
You have launched your EC2 instance, but right now, it is just an empty, headless Linux machine sitting in an AWS data center. There is no monitor, no keyboard, and no mouse attached to it. To control this server, install software, or upload files, you must connect to it remotely over the internet. In this chapter, we will master SSH (Secure Shell), utilize the Key Pair we downloaded previously, and transform our empty server into a live, public-facing web server.2. Learning Objectives
By the end of this chapter, you will be able to:- Understand the mechanics of SSH and asymmetric cryptography.
-
Protect your
.pemkey pair with proper file permissions.
- Connect to an EC2 Linux instance using Mac/Linux Terminal or Windows PuTTY/PowerShell.
- Execute basic Linux commands to update the server.
- Install an Apache web server and host a live HTML page.
3. Beginner-Friendly Explanation
Imagine buying an uncrewed submarine and dropping it into the ocean. You cannot physically get inside the submarine to steer it. Instead, you sit on the beach with a highly encrypted radio controller. You transmit a command: "Turn left." The submarine receives the signal, verifies it's actually you sending it, and turns left.SSH (Secure Shell) is your radio controller. It is a cryptographic network protocol that allows you to open a secure, encrypted text terminal on your laptop that directly controls the EC2 server hundreds of miles away.
4. The Key Pair (Public and Private Keys)
When you launched your EC2 instance in Chapter 4, AWS injected a "Public Key" into the server's lock, and you downloaded the "Private Key" (the.pem file) to your computer.
When you attempt to connect via SSH, the server issues a mathematical challenge that can ONLY be solved by your specific .pem file. Passwords can be guessed; 2048-bit cryptographic keys cannot.
5. Connecting via SSH (Mac / Linux)
Open your native Terminal application.Step 1: Secure the key. SSH will refuse to use a key that is readable by other users on your computer.
bash
Step 2: Connect. Find your EC2 instance's Public IPv4 address in the AWS Console. (Assuming it is 198.51.100.22). The default username for Amazon Linux is ec2-user.
bash
Type yes when prompted to verify the host. You are now inside the cloud server!
6. Connecting via SSH (Windows)
Modern Windows 10/11 has SSH built into PowerShell! You can use the exact same command as Mac/Linux above. *(Older Windows users must download PuTTY, convert the.pem file to a .ppk file using PuTTYgen, and load the key into the PuTTY GUI).*
7. Alternative: EC2 Instance Connect
If you are behind a corporate firewall that blocks Port 22 (SSH), or if you lost your.pem file, AWS offers EC2 Instance Connect.
In the AWS Console, click your instance, click "Connect" at the top, and choose "EC2 Instance Connect." AWS will open a browser-based terminal directly to your server without needing the .pem file!
8. Mini Project: Host a Simple Webpage
Let's install a web server so the world can see our site! Make sure you are connected to your EC2 instance terminal via SSH.Step 1: Update the server.
bash
Step 2: Install Apache Web Server.
bash
Step 3: Start the server and ensure it turns on automatically if the machine reboots.
bash
Step 4: Create a simple HTML page.
bash
Step 5: View the result!
Go to your web browser and type in your EC2 instance's Public IPv4 address (e.g., http://198.51.100.22). You will see your webpage! *(Note: Ensure you type http:// and NOT https://, as we have not configured SSL certificates yet).*
9. Best Practices
-
Never Share Your
.pemFile: If a team member needs access to the server, do not email them your.pemfile. You should generate a brand new SSH key pair for them and manually append their public key to the~/.ssh/authorized_keysfile on the server.
10. Common Mistakes
-
Connection Timed Out: If you run the
sshcommand and the terminal just hangs forever and eventually says "Connection Timed Out," it is almost always a Security Group issue. Go back to the AWS Console and ensure your instance's Security Group has an Inbound Rule allowing SSH (Port 22) from your IP address.
11. Exercises
- 1. What is the default username to log into an Amazon Linux EC2 instance? What is the default for an Ubuntu instance?
-
2.
Explain why changing the file permissions of the
.pemfile (chmod 400) is mandatory before attempting an SSH connection on Mac/Linux.
12. MCQs with Answers
Question 1
When attempting to SSH into a newly launched EC2 instance, you receive an error stating: "Permissions 0644 for 'my-key.pem' are too open." What must you do to fix this?
Question 2
You have successfully connected to your EC2 instance via SSH and installed an Apache web server. However, when you enter the public IP into your browser, the page fails to load. You can still type commands in the SSH terminal. What is the problem?
13. Interview Questions
- Q: Explain the mechanics of asymmetric cryptography used in SSH authentication to an EC2 instance. Where does the public key reside, and where does the private key reside?
-
Q: A junior developer loses their private
.pemkey. Is it possible for AWS Support to recover or extract a copy of that private key for them? Why or why not?
14. FAQs
Q: How do I upload actual website files (like images and CSS) to the EC2 server? A: Instead of standard SSH, you use an SFTP (Secure File Transfer Protocol) client like FileZilla or Cyberduck. You provide the client with your public IP, theec2-user username, and your .pem file, and it will give you a graphical drag-and-drop interface to upload files directly into the Linux server.