SSH Config for AWS EC2 Instances
Configure SSH for AWS EC2 instances with key pair authentication. Covers PEM file usage, common AMI usernames, Session Manager alternative, and proxy through bastion.
Detailed Explanation
SSH Config for AWS EC2
AWS EC2 instances use key pair authentication instead of passwords. Setting up proper SSH config entries simplifies connecting to your instances without remembering IP addresses and key file locations.
Example Config
Host my-ec2-web
HostName ec2-52-14-123-45.us-east-2.compute.amazonaws.com
User ec2-user
IdentityFile ~/.ssh/my-ec2-keypair.pem
IdentitiesOnly yes
StrictHostKeyChecking no
ServerAliveInterval 60
ServerAliveCountMax 3
Host my-ec2-ubuntu
HostName 10.0.1.50
User ubuntu
IdentityFile ~/.ssh/my-ec2-keypair.pem
IdentitiesOnly yes
ProxyJump my-ec2-web
Default Usernames by AMI
| AMI Type | Default User |
|---|---|
| Amazon Linux / AL2023 | ec2-user |
| Ubuntu | ubuntu |
| Debian | admin |
| CentOS | centos |
| RHEL | ec2-user |
| SUSE | ec2-user |
PEM File Permissions
AWS-downloaded key pairs have a .pem extension. SSH requires strict permissions:
chmod 400 ~/.ssh/my-ec2-keypair.pem
StrictHostKeyChecking
Setting StrictHostKeyChecking no is common for EC2 because instances are frequently terminated and recreated, producing new host keys. However, this reduces security. For long-lived instances, use StrictHostKeyChecking ask instead.
Using Elastic IPs
If your instance has an Elastic IP, use it in the HostName for a stable address that survives instance stops and starts.
EC2 Instance Connect Alternative
For instances in private subnets, AWS Systems Manager Session Manager provides an alternative to direct SSH that doesn't require inbound security group rules or a bastion host.
Use Case
DevOps engineers and developers who manage AWS EC2 instances and need quick, reliable SSH access with proper key management and connection configuration.