Contrast between file creation via EC2 Instance Connect & SSH Client

0

Using a bastion server can solve many problems but the medium you take to connect to your bastion can introduce some problem. One such problem that I encountered is when I was on my bastion server and created ".pem" file to connect to my private EC2 using EC2 Instance Connect. On SSHing, it asked me to enter passphrase. Which I was never asked on any ssh client. So I tried to use other SSH client (CloudShell in my case) to login to the bastion server. On the bastion, I created ".pem" file to connect to my private EC2. Guess what? I was not asked to enter PassPhrase this time. So I compared both the ".pem" files to check what could be the issue, but still I cannot figure out what the issue is. I request my fellow community to shed some light to the problem. I am attaching details on both the files below - -r-------- 1 root root 1699 Dec 26 19:12 MyKey.pem [on EC2 Instance Connect] -r-------- 1 root root 1675 Dec 26 19:15 MyKey.pem [on SSH Client - CloudShell]

Nandan
asked 2 years ago255 views
1 Answer
0

I realize that might not be what you want / looking for, but ..

I would not recommend SSH at all in your environments on AWS, ever since SSM Connect is a thing for EC2 machines. Especially with the new feature that just made it even easier to create Tunnels between your bastion and remote destinations (i.e. RDS).

SSM will give you much easier way to control, audit and log what's going on on your EC2 for the people who are connecting to the instances than native SSH would. That's because via IAM and the agent config, you can configure all of that instead of having to configure each user etc. individually.

Well worth the effort to stop using SSH and go using SSM.

profile picture
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions