I want to establish a SSH connection to EC2 Instances on AWS using the onboard OpenSSH client on windows 11.
The Client is installed and running (checked with Get-Service sshd).
I also created a .ssh\config in my $Home Folder.
I put the following the config file:
Host my_host
HostName localhost
User my-username
IdentityFile .ssh\xxx.pem
Then I created a Keypair on AWS - keypair.pem. I moved it into the .ssh\ directory After that I added it to the config:
ssh-add xxx.pem
But i never showed up in the .ssh\config...
I checked the properties of the .pem file and made sure, I am the owner and have full control.
When I try to connect like this:
ssh ec2-user@ec2-x-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com
I get the following error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Question 1: where is the info stored, when I add the .pem file (ssh-add xxx.pem)? Question 2: How can I solve the permission error with the file, is there anything I'm missing?
Thanks in advance
A
ssh-add adds keys to the SSH agent, not the SSH config. The SSH agent stores keys securely in memory so that they're ready for use; it's a timesaver overall, especially if you use SSH often, and especially if you have a passphrase on your private key. You can use ssh-add -l to see a list of the fingerprints of the keys that ssh-agent already knows about. (You will not be able to see the keys themselves - that would defeat the purpose of a secure agent.)
As for why the EC2 isn't working... well, there isn't really enough information here, but:
ec2-x-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com doesn't match any Host stanzas in your SSH config, so the SSH config you defined won't do anything. If you want to use the my_host parameters (hostname, username, and key) then you need to ssh my_host.my_host as an alias for that set of parameters, but HostName localhost means that my_host will only point traffic back to your own system. If you want my_host to point to your EC2 instance then you'll need to set the HostName to ec2-x-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com (and then you'll need to use it, as defined above).IdentityFile as .ssh/xxx.pem, but that's a relative path and it needs to be an absolute path. I'm not sure how your formatting will need to be, but you can often put something like ~/.ssh/xxx.pem or $HOME/.ssh/xxx.pem instead (~ is shorthand for the current user's home directory).~/.ssh/authorized_keys, but you need to do that. (Only the public key in that file. Do not put a private key in there.)ssh -v ec2-user@ec2-x-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com will provide that detail.