How do I connect to a new Amazon Lightsail instance from my Mac?

Question

I've created a new NodeJS instance on Amazon Lightsail, and wish to connect to it from my Mac's command line. Not sure how to include the required SSH key in the connection command when it says Permission denied (publickey).

Answer 1

1. Go to the "SSH Keys" tab under your Lightsail Account page
2. Select the Default option under your region and download the key pair file
   • Will be a .pem file, ex. LightsailDefaultPrivateKey-us-west-2.pem
3. Open up your terminal and navigate to the directory where the above file is stored
4. Run chmod 600 [fileName] at the command line to restrict file permission so only you can read it
5. Run ssh -i [fileName] [username]@[Public IP] to establish the connection to Lightsail
   • Username and IP are available under the "Connect" tab on the Lightsail web dashboard for your resource

Answer 2

I spent hours figuring out how to add an additional key to login to my Wordpress/Bitnami Lightsail Instance.

I though that by adding new key pairs in [https://lightsail.aws.amazon.com/ls/webapp/account/keys][1], I could get direct access to my instances, but that was not the case. I always got "Permission denied (publickey)" when trying to connect via SSH/SFTP.

How to solve it?

You should add your public keys directly to your Lightsail instance:

1. Connect first to your instance via your Lightsail console. The link should looks like this: https://lightsail.aws.amazon.com/ls/remote/yourzone/instances/instancename/terminal?protocol=ssh

2. nano ~/.ssh/authorized_keys

It should looks something like:

ssh-rsa AFGGS#%NzaC1yc2EFDSGgpCvpVhFyRSpfsdfjhgasdDSduD$

This means that only one key par is allowed to connect via SSH/SFTP to your Lightsail instance (voilà!).

You should add to that file the new public key bellow:

(YOUR PREVIOUS KEY)ssh-rsa AFGGS#%NzaC1yc2EFDSGgpCvpVhFyRSpfsdfjhgasdDSduD$
(ADD NEW PUBLIC KEY) ssh-rsa ASJKAKKFS#%ASDFbsdjfhJHGJvpVhFyRSpfsdfjhgasdDSduD$

3. Restart your server and login from your local terminal:

   ssh bitnami@yourpublicip -i /Users/youruser/.ssh/yourkeyfile

With this, I could also login via SFTP in Filezilla (Mac), adding the private key in the Site Manager.

Answer 3

To use your existing ~/.ssh/id_rsa.pub

• Login to the server using the browser client
• Do nano ~/.ssh/authorized_keys
• Get your local public key with xclip -sel clip < ~/.ssh/id_rsa.pub
• Append the ~/.ssh/authorized_keys with the copied key
• Restart the instance
• Login locally using ssh ubuntu@[instance_public_ip]

Answer 4

To be able to connect to your amazon lightsail instance you need to download the key first.

1. Go to Accounts > SSH Keys ( https://lightsail.aws.amazon.com/ls/webapp/account/keys ) > Download (Make sure that you download the key for the same region where your instance is installed.)

2. Save it in a folder in your local machine. For Example- "Desktop > keys"

3. Open the terminal and navigate to the directory where the key is stored(cd desktop/keys )

4. Enter this command in terminal: chmod 600 keyfilename.pem (replace keyfile name with your actual key name e.g chmod 600 LightsailDefaultKey-eu-west-2.pem )

It is required that your private key files are NOT accessible by others. This is why we have to change the file permissions

5. Run this command ssh -i keyfilename.pem username@ip replace keyfilename.pem with your actual file name, username with your username(e.g bitnami or user) and replace IP with actual IP

You can find your IP and username on your instance page (https://lightsail.aws.amazon.com/ls/webapp/home/instances > Select Instance> Manage)