Hey there! Since you're already logged into one Amazon Linux EC2 instance via PuTTY from your Windows machine, connecting to a second EC2 instance from that first one is totally straightforward—let’s walk through clear, beginner-friendly steps first, then cover the general methods that work for any scenario.

Step-by-Step Guide for Your Current Setup #

1. Gather Required Information & Files #

• Target EC2 Instance Details: Grab either its private IP (if both instances are in the same VPC and network traffic is allowed between them) or public IP (if you need to access it over the internet). You can find these in the AWS EC2 Console under the instance's details.
• Target Instance's Key Pair: You’ll need the .pem file associated with the target EC2 instance. If you only have the PuTTY .ppk version, you can re-download the original .pem from AWS (where you created the key pair) or convert the .ppk back to .pem using PuTTYgen.

2. Transfer the .pem Key to Your Connected EC2 Instance #

You have two easy ways to get the .pem file onto the first EC2 instance:

Option A: Use PuTTY's pscp Tool (From Windows CMD)

Open Windows Command Prompt, then run this command (replace placeholders with your actual paths/IPs):

pscp -i "C:\path\to\your\first-instance-key.ppk" "C:\path\to\target-instance-key.pem" ec2-user@your-first-ec2-public-ip:/home/ec2-user/

• -i: Points to the PuTTY key you use to connect to the first EC2 instance.
• The last part specifies where to save the key on the first EC2 instance (we’re using the ec2-user home directory for simplicity).

Option B: Copy-Paste the Key Content Directly

1. On your Windows machine, open the .pem file in Notepad, select all text, and copy it.
2. In your PuTTY terminal (connected to the first EC2), run:

   nano target-key.pem
   

3. Paste the copied key content into the nano editor.
4. Save and exit: Press Ctrl+O, hit Enter, then Ctrl+X.

3. Fix Key File Permissions (Critical!) #

Linux enforces strict permissions for SSH keys to keep them secure. Run this command to set the correct permissions:

chmod 400 target-key.pem

• 400 means only the file owner can read the key—this is required for SSH to accept the key.

4. Connect to the Target EC2 Instance #

Run the SSH command with your key and target IP:

ssh -i target-key.pem ec2-user@target-ec2-ip-address

• Replace target-ec2-ip-address with either the private or public IP of the second instance.
• If everything works, you’ll be logged into the target EC2 instance!

General Methods to Connect Between Amazon Linux EC2 Instances #

These methods apply regardless of how you’re connected to the first instance:

1. Key-Based Authentication (AWS Recommended) #

This is the default and most secure method, which we covered above. The core steps are:

• Ensure you have the target instance’s .pem key on the source instance (or use SSH agent forwarding, below).
• Set proper permissions on the key (chmod 400).
• Use ssh -i key-file.pem username@target-ip to connect.

2. SSH Agent Forwarding (No Need to Upload Keys) #

If you want to avoid storing your private key on the source EC2 instance, use PuTTY’s agent forwarding feature:

1. When configuring your PuTTY session to connect to the first EC2 instance:
   • Go to Connection > SSH > Auth.
   • Check the box for Allow agent forwarding.
2. Save the PuTTY session and reconnect to the first EC2 instance.
3. Now, you can connect directly to the target EC2 without uploading the key:

   ssh ec2-user@target-ec2-ip-address
   

PuTTY will forward your local key to the source instance, letting you authenticate securely.

3. Password Authentication (Not Recommended) #

AWS disables password login by default for security reasons, but if you’ve enabled it on the target instance:

• Run ssh ec2-user@target-ec2-ip-address.
• When prompted, enter the password you set for the ec2-user account.
• Note: This is less secure than key-based auth, so only use it if absolutely necessary.

Important Notes #

• Security Groups: Make sure the source EC2’s security group allows outbound SSH (port 22) to the target instance’s IP. The target EC2’s security group must allow inbound SSH (port 22) from the source instance’s IP (or private IP range if using VPC internal connections).
• Default Username: For Amazon Linux 2 and Amazon Linux 2023, the default username is ec2-user—don’t use root directly unless you’ve enabled it.

内容的提问来源于stack exchange，提问作者Kamal Yadav