Contrast between file creation via EC2 Instance Connect & SSH Client
Using a bastion server can solve many problems but the medium you take to connect to your bastion can introduce some problem. One such problem that I encountered is when I was on my bastion server and created ".pem" file to connect to my private EC2 using EC2 Instance Connect. On SSHing, it asked me to enter passphrase. Which I was never asked on any ssh client. So I tried to use other SSH client (CloudShell in my case) to login to the bastion server. On the bastion, I created ".pem" file to connect to my private EC2. Guess what? I was not asked to enter PassPhrase this time. So I compared both the ".pem" files to check what could be the issue, but still I cannot figure out what the issue is. I request my fellow community to shed some light to the problem. I am attaching details on both the files below - -r-------- 1 root root 1699 Dec 26 19:12 MyKey.pem [on EC2 Instance Connect] -r-------- 1 root root 1675 Dec 26 19:15 MyKey.pem [on SSH Client - CloudShell]
I realize that might not be what you want / looking for, but ..
I would not recommend SSH at all in your environments on AWS, ever since SSM Connect is a thing for EC2 machines. Especially with the new feature that just made it even easier to create Tunnels between your bastion and remote destinations (i.e. RDS).
SSM will give you much easier way to control, audit and log what's going on on your EC2 for the people who are connecting to the instances than native SSH would. That's because via IAM and the agent config, you can configure all of that instead of having to configure each user etc. individually.
Well worth the effort to stop using SSH and go using SSM.
Relevant questions
Contrast between file creation via EC2 Instance Connect & SSH Client
asked 6 months agoWhat is the difference between EC2 Instance Connect and Session Manager SSH connections?
Accepted Answerasked 3 years agossh resets on connections to external interface.
Accepted Answerasked 4 months agohow to connect to private RDS from localhost
asked 7 months agoPlacing a Bastion in a Private Isolated Subnet
asked 5 months agoCan't connect to Aurora cluster from AWS Bastion Host
asked 3 years agoproblem of connecting new EC2 instance
asked 2 years agoUnable to connect to EC2 instance via aws website
Accepted Answerasked 15 days agoConnect to RDS using SSM
Accepted Answerasked 2 years agoRandomly unable to connect to ec2 instance from some networks
asked 5 months ago