Automating ssh key passphrases on MacOS

As a reminder, here’s how to use ssh keys to access remote hosts:

Adding hosts to a ~/.ssh/config file to use different keys with different git hosts is something I find I only need to do once in a while, but I made a note here because I can never remember how this is configured:

#Edit ~/.ssh/config and for each repo add the following block:
host hostname-of-repo
user your-id-for-this-repo
identityfile ~/.ssh/filename-of-key
view raw gistfile1.txt hosted with ❤ by GitHub

If you are required to use passphrases with ssh keys, being prompted to enter your passphrase every time you use a key can get tiresome. On MacOS however you can automate using your passphrase with by adding:

UseKeychain yes

to your ~/.ssh/config file (suggestion from this post here).

AWS Lightsail default ssh userid

To ssh into AWS ec2 instances the default user id is usually ‘ec2-user’ (see my ec2 ssh checklist here).

Lightsail vps instances appear to use different default userids, depending on the OS. For example, for an Ubuntu Lightsail instance the default ssh userid is ‘ubuntu’:

ssh -i path-to-your-ssh-pen-file ubuntu@your-instance-ip

SSH to AWS EC2: ‘permissions 0644 are too open’ error

To connect to an EC2 instance over SSH, if the permissions on your .pem file are too broad then you’ll see this error:

Permissions 0644 for ‘keypair.pem’ are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

chmod the .pem file to 0400 and then you should be good. This is described here.

Checklist for accessing an AWS EC2 instance with ssh

Quick checklist of items to check for enabling ssh instance into a running EC2 instance:

  • EC2 instance is started (check from AWS console)
  • From AWS console, check Security Group for the instance has an inbound rule for SSH – if only accessing remotely from your current IP, you can press ‘My IP’ to set your current public IP
  • From Network & Security, create a keypair and download the .pem file
  • Check the public DNS name for your EC2 instance from theĀ console
  • chmod 400 your .pem file, otherwise you’ll get an error that it’s publicly readable

Connect with:

ssh -i path-to-.pem-fileĀ ec2-user@ec2-your-instance-name.compute-xyz.amazonaws.com