How to connect to EC2 instance over SSH on Windows 11

Question

I am attempting to connect to an AWS EC2 ubuntu instance over SSH on a windows 11 PC. I have done the following:

1. Followed the OpenSSH installation instructions here .

2. Set up OpenSSH key management as described here .

3. Imported the public generated key that was created in step 2 to my EC2 instance through the AWS console.

4. Run the SSH command ssh -i “C:\Users\{user name}\.ssh\{private key name}” ubuntu@{EC2 domain name}

Following these steps gives me the following error: Permission denied (publickey).

Troubleshooting Steps Taken:

• Changed the keys permissions so that only my user account has access as described here . (I've also tried changing the permissions so that instead of giving the user full control the user only gets read access).

• Tried generating both RSA and ED25519 keys.

• Tried changing permissions using chmod through WSL.

• I found a good description here about what permissions should be, but I'm not sure how it would apply to a windows system.

I definitely think this is a key problem and not an OpenSSH problem because I am able to SSH into systems with just a username and password, but obviously that option is not viable for a AWS EC2 instance. I can use a key generated in the.ppk format with Putty and successfully connect, but I need to get OpenSSH working for what I am trying to do. Any help would be greatly appreciated.

Solution: For those who find this post, I figured out that my problem was I did not actually import the public key into my EC2 instance as I thought I did. Once I added my public key to the.ssh/authorized_keys folder on my server, I was able to connect.

Answer 1

On windows, follow the below command on PowerShell and not on cmd

$path = ".\Testkey1.pem"
# Reset to remove explict permissions
icacls.exe $path /reset
# Give current user explicit read-permission
icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"
# Disable inheritance and remove inherited permissions
icacls.exe $path /inheritance:r

After that run command on cmd:

ssh -i file.pem username@ip-address

Answer 2

High level steps are as follows (see the reference article below for screenshots):

1. Verify that the instance is ready
2. Verify the general prerequisites for connecting to your instance
3. Install PuTTY on your local computer
4. Convert your private .pem key to .ppk using PuTTYgen
5. Connect to your Linux instance (using the user name from AWS)

This article also provides some useful instructions:

• Transfer files to your Linux instance using the PuTTY Secure Copy client
• Transfer files to your Linux instance using WinSCP

Reference Doc: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

Answer 3

After doing more research, I found that you need to change the authorized keys in Ubuntu itself, not just on the AWS console. I'm not really sure how the key manager works in AWS if it doesn't update the authorized keys automatically, but after editing the authorized_keys file I am now able to succesfully connect.

Edit: This is what I am referring to when I say I attempted to change authorized_keys in AWS Console. I'm realizing now that this key pair dashboard might just be for generating keys, which initially have nothing to do with the EC2 instance, rather than a way to change the instance keys. Image