How To SSH To Ubuntu Server On EC2

Connecting to an instance in the cloud can be a little bit tricky. Being able to SSH into your running machines is a must however since you will need to do some configuration, maintenance, and debugging. In this post, I will show you how to connect to your Ubuntu-based EC2 instance from the command line. On Windows, we can use a tool like Git Bash or Cygwin to get a Unix-like environment. On Mac and Linux, you can use the built-in terminal without much trouble.

What Is SSH?

SSH stands for Secure Shell or Secure Socket Shell, which is a network protocol that gives system administrators, a highly secure method of accessing a computer over various types of computer networks. Some of these networks may not be entirely secure, so a solution like Secure Socket Shell is needed. SSH also refers to the suite of tools that implement the SSH protocol.

SSH Key Pair

The key to successful SSH communication is the Key Pair. We saw how to generate a key pair in the Create An Ubuntu Server tutorial. This puts the public key on the server for you while the private key is downloaded to your local machine. Make sure you keep this key safe and private to ensure the security of your instance running in the cloud!

Storing the private .pem file

The file that is downloaded from Amazon Web Services when you create a key pair is in the PEM format. PEM files are joined together by certificate containers which are often used in certificate installations when multiple certificates that form a complete chain are being imported as a single file. PEM files are defined as standards in RFCs 1421 through 1424.

It makes perfect sense to simply put the private file, which we have named “lemp.pem” in a directory of our choosing which in our case is simply named “aws”. Ok, the Ubuntu instance is running, and you have your private key file, now what? Well, next up let’s click on the instance in the AWS dashboard and we’ll see an option to “Connect”.

When you click this option, you’ll get some great options to connect to your running Ubuntu server. Note that EC2 Instance Connect only works with the official Amazon AMI Images so that is not an option. You do have the SSH client highlighted by default and that is the choice we will make now.

You may notice the option to Connect to your instance using its Public DNS for example ec2-54-165-120-73.compute-1.amazonaws.com in our case.

We can try this right away and you’ll get some feedback like “

The authenticity of host ‘ec2-54-165-120-73.compute-1.amazonaws.com (54.165.120.73)’ can’t be established. ED25519 key fingerprint is SHA256:cqmUzwyi/Ib8AcM2g4Zoy8j3rlei8P0C6GTFxfTjyD0.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?”

We type “yes“. Upon typing this, we see an alarming message!

Warning: Permanently added ‘ec2-54-165-120-73.compute-1.amazonaws.com’ (ED25519) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for ‘lemp.pem’ are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key “lemp.pem”: bad permissions
ubuntu@ec2-54-165-120-73.compute-1.amazonaws.com: Permission denied (publickey).

Chmod 400

This is why you must follow directions step by step! Here are the complete steps:

  1. Open an SSH client.
  2. Locate your private key file. The key used to launch this instance is lemp.pem
  3. Run this command, if necessary, to ensure your key is not publicly viewable.
  4. chmod 400 lemp.pem
  5. Connect to your instance using its Public DNS:
  6. ec2-54-165-120-73.compute-1.amazonaws.com

For example: ssh -i “lemp.pem” ubuntu@ec2-54-165-120-73.compute-1.amazonaws.com

SSH Connection Successful

Once we follow those steps just above, we’ll get the familiar welcome screen for Ubuntu server which might look something like this.

Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-1011-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Tue Sep 13 21:00:02 UTC 2022

  System load:  0.0               Processes:             98
  Usage of /:   19.1% of 7.58GB   Users logged in:       0
  Memory usage: 21%               IPv4 address for eth0: 172.31.93.141
  Swap usage:   0%

0 updates can be applied immediately.


The list of available updates is more than a week old.
To check for new updates run: sudo apt update


The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

Navigating Ubuntu Once Logged In

Once you’re logged in, it’s easy to navigate your way around the machine using the familiar Linux commands that you know and love.

ubuntu@ip-172-31-93-141:~$ pwd
/home/ubuntu
ubuntu@ip-172-31-93-141:~$ ls -la
total 28
drwxr-x--- 4 ubuntu ubuntu 4096 Sep 13 21:00 .
drwxr-xr-x 3 root   root   4096 Sep 13 20:38 ..
-rw-r--r-- 1 ubuntu ubuntu  220 Jan  6  2022 .bash_logout
-rw-r--r-- 1 ubuntu ubuntu 3771 Jan  6  2022 .bashrc
drwx------ 2 ubuntu ubuntu 4096 Sep 13 21:00 .cache
-rw-r--r-- 1 ubuntu ubuntu  807 Jan  6  2022 .profile
drwx------ 2 ubuntu ubuntu 4096 Sep 13 20:38 .ssh
ubuntu@ip-172-31-93-141:~$ cd /
ubuntu@ip-172-31-93-141:/$ ls -la
total 72
drwxr-xr-x  19 root root  4096 Sep 13 20:38 .
drwxr-xr-x  19 root root  4096 Sep 13 20:38 ..
lrwxrwxrwx   1 root root     7 Jun  9 11:21 bin -> usr/bin
drwxr-xr-x   4 root root  4096 Jun  9 11:25 boot
drwxr-xr-x  17 root root  3220 Sep 13 20:38 dev
drwxr-xr-x  98 root root  4096 Sep 13 20:38 etc
drwxr-xr-x   3 root root  4096 Sep 13 20:38 home
lrwxrwxrwx   1 root root     7 Jun  9 11:21 lib -> usr/lib
lrwxrwxrwx   1 root root     9 Jun  9 11:21 lib32 -> usr/lib32
lrwxrwxrwx   1 root root     9 Jun  9 11:21 lib64 -> usr/lib64
lrwxrwxrwx   1 root root    10 Jun  9 11:21 libx32 -> usr/libx32
drwx------   2 root root 16384 Jun  9 11:23 lost+found
drwxr-xr-x   2 root root  4096 Jun  9 11:21 media
drwxr-xr-x   2 root root  4096 Jun  9 11:21 mnt
drwxr-xr-x   2 root root  4096 Jun  9 11:21 opt
dr-xr-xr-x 159 root root     0 Sep 13 20:37 proc
drwx------   4 root root  4096 Sep 13 20:38 root
drwxr-xr-x  26 root root   840 Sep 13 21:00 run
lrwxrwxrwx   1 root root     8 Jun  9 11:21 sbin -> usr/sbin
drwxr-xr-x   8 root root  4096 Jun  9 11:25 snap
drwxr-xr-x   2 root root  4096 Jun  9 11:21 srv
dr-xr-xr-x  13 root root     0 Sep 13 20:37 sys
drwxrwxrwt  12 root root  4096 Sep 13 20:38 tmp
drwxr-xr-x  14 root root  4096 Jun  9 11:21 usr
drwxr-xr-x  13 root root  4096 Jun  9 11:22 var

Note that all of the information for this particular Ubuntu instance has now been removed as it was only used for demonstration purposes in this tutorial!

Learn More About SSH and Ubuntu on AWS