Nice solution :)
Good article
Don't you need a pem file for the keys to your instance?
Does it work without the pem file?
So I did all this but have a "Could not establish connection to "i-xxxxxxxxxx": Permission denied (publickey,gssapi-keyex,gssapi-with-mic)." on both Ubuntu and AL2. My instance is in a public net with an IPv4, and has no pem key. What is wrong?
Unfortunately, it is not working. I experienced same case as @Olivier.. This article should provide additional guide. :(
So I did all this but have a "Could not establish connection to "i-xxxxxxxxxx": Permission denied (publickey,gssapi-keyex,gssapi-with-mic)." on both Ubuntu and AL2. My instance is in a public net with an IPv4, and has no pem key. What is wrong?
This, (like many blog posts) leaves steps out or glosses over them. This one leaves out that you have to create and use a pem key with this mechanism. You must also be using working profiles or your remote-ssh session won't be able to connect to aws. I was using the copy/paste method from AWS SSO and had to figure out aws sso configure and how to use it to set up a profile.
This blog has a bunch of stuff I didn't need, but it was more complete https://aws.amazon.com/blogs/architecture/field-notes-use-aws-cloud9-to-power-your-visual-studio-code-ide/
Good, comprehensive guide. But indeed, the part where you add the Key file to the ssh config is missing. Update the ~/.ssh/config
by adding an IdentityFile
with a reference to the key file like this:
Host i-00aa22bb33cc44dd5
User ec2-user
ProxyCommand sh -c "aws sso login --profile <SSO_PROFILE_NAME>; export AWS_PROFILE=<SSO_PROFILE_NAME>; export AWS_REGION=<REGION>; aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
IdentityFile "~/.ssh/MyPrivateKey.pem"
Also, make sure the key has the right (restrictive) permissions in order for it to be usable by SSH, by first running
chmod 600 ~/.ssh/MyPrivateKey.pem