By using AWS re:Post, you agree to the
AWS re:Post
Terms of Use
re:Post
It looks like there are two distinct ways that I can SSH from my local laptop into into my instances without manually managing keys:
- Session Manager: You can enable users in your AWS account to use the AWS CLI to establish Secure Shell (SSH) connections to instances using Session Manager. Users who connect using SSH can also copy files between their local machines and managed instances using Secure Copy Protocol (SCP). You can use this functionality to connect to instances without opening inbound ports or maintaining bastion hosts.
- EC2 Instance Connect: Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH). You can use Instance Connect to connect to your Linux instances using a browser-based client, the Amazon EC2 Instance Connect CLI, or the SSH client of your choice. When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes a one-time-use SSH public key to the instance metadata where it remains for 60 seconds.
What are the differences between these options? It sounds like EC2 Instance Connect is fairly simple and Session Manager potentially does a lot more. How does Session Manager actually work? Does it actually open a direct SSH connection between my machine and the EC2 instance, or is the connection being proxied via some EC2 service?
Topics
Compute
Tags
AWS Systems ManagerAmazon EC2
Language
English
AWS-User-7411548lg...
asked 5 years ago11446 viewslg...
2 Answers
- Newest
- Most votes
- Most comments
3
Accepted Answer
There many nuanced differences between these services but the basic idea is that EC2 Instance Connect allows for a convenient and secure native SSH connection using short-lived keys while Session Manager permits an SSH connection tunneled over a proxy connection.
The session manager agent establishes a reverse connection to the service so it is not necessary to, for example, open port 22 on the host. EC2 Instance Connect requires the host security group to permit ssh traffic inbound.
A few other things of note: EC2 Instance Connect supports only Linux EC2 hosts while Session Manager supports Windows and Linux hosts both EC2 Instances and On-prem.
Hope that helps.
EXPERT
JDBlg...
answered 5 years agolg...
EXPERT
Oleksii Bebychlg...
reviewed 3 months agolg...
EXPERT
Kallulg...
reviewed 6 months agolg...
techieGuy
a year ago
If I understand well, using EC2 instance connect is better than traditional SSH, integrate with legacy access method but it's worse than Session Manager.With Session Manager, we don't need to open port 22 and much simpler configuration. Why don't we just use Session Manager?
The simple answer to this is that after deploying your EC2 instance you want to connect to it ans use it the same way you would use a computer in front of you. Now coming down to the question.1.)SSH connect-It basically allows you to control a remote machine , all using the command line
- you can configure all the required parameters necessary for doing SSH using the free tool putty2.) EC2 Instance connect
- Connect to EC2 instance within your browser
- No need to use the key file that you have downloaded
- The best part is that the temporary key is uploaded onto EC2 instance by AWSHope that helps!
Manibhlg...
answered 2 years agolg...
Relevant content
Unable to ssh into my ES2 Instance
Kevinlg...
asked a year agolg...
trying to ssh into an ec2 instance
joelg...
asked 2 years agolg...
Can't SSH into AWS EC2 INSTANCE
rePost-User-1866201lg...
asked a year agolg...
SSH connection from my local terminal to EC2 ubuntu instance is timed out.
Muhammad Imranlg...
asked 2 years agolg...
How can I troubleshoot connecting to my Amazon EC2 Linux instance using SSH?
AWS OFFICIALUpdated a year ago
Where can I find SSH login credentials so that I can connect to my Lightsail instance from an SSH client?
AWS OFFICIALUpdated 4 months ago
What methods can I use to connect to my EC2 Linux instance?
AWS OFFICIALUpdated a year ago
How do I troubleshoot "Connection refused" or "Connection timed out" errors when I use SSH to connect to my EC2 instance with SSH?
AWS OFFICIALUpdated a month ago
How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
EXPERT
Faraz_AWSlg...
published 2 years agolg...
Detecting EC2 Instances Exposed to Unrestricted SSH Access
EXPERT
Yaniv Rozenboimlg...
published a month agolg...
