How to SSH into AWS EC2 Instances Without Explicitly Specifying PEM Key Path in Linux


2 views

When working with AWS EC2 instances, the standard authentication method involves specifying the PEM key path explicitly with ssh -i /path/to/key.pem. This becomes cumbersome when frequently accessing multiple instances. The ideal scenario would be having SSH automatically use the correct key without manual path specification.

First, ensure your PEM key is properly stored and secured:

mv NAME.pem ~/.ssh/
chmod 600 ~/.ssh/NAME.pem

Then add the key to your SSH agent:

eval ssh-agent
ssh-add ~/.ssh/NAME.pem

The most reliable solution is creating a ~/.ssh/config file with these contents:

Host ec2-*
    User ubuntu
    IdentityFile ~/.ssh/NAME.pem
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

Now you can simply connect using:

ssh ec2-user@your-instance-ip

For Windows users working with Putty, convert the PEM to PPK format:

puttygen NAME.pem -o NAME.ppk -O private

If you still encounter Permission denied (publickey) errors:

# Verify key permissions
ls -la ~/.ssh/

# Test connection with verbose output
ssh -vvv ubuntu@your-instance-ip

# Ensure the key is added to agent
ssh-add -l

For managing multiple EC2 instances with different keys:

Host production-*
    User ec2-user
    IdentityFile ~/.ssh/prod_key.pem

Host staging-*
    User ubuntu  
    IdentityFile ~/.ssh/staging_key.pem

Many developers face this common frustration when working with EC2 instances - needing to constantly specify the full PEM key path for SSH authentication. The goal is to configure our Ubuntu system to automatically use the key without the -i flag.

By default, SSH looks for private keys in ~/.ssh/ with specific naming conventions. The standard expected names are:

id_rsa
id_dsa
id_ecdsa
id_ed25519

When you use a non-standard key name (like NAME.pem), SSH won't automatically detect it.

1. Proper Key File Conversion

First convert your PEM key to the standard format:

mv NAME.pem id_rsa
chmod 600 id_rsa

2. SSH Config Setup

Create or modify your SSH config file:

nano ~/.ssh/config

Add these lines (replace values as needed):

Host myserver
    HostName EC2_IP_OR_DNS
    User ubuntu
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes

3. SSH Agent Management

Ensure your SSH agent is running and has the key loaded:

eval ssh-agent -s
ssh-add ~/.ssh/id_rsa

4. Test Connection

Now you can connect simply with:

ssh myserver

If you need to maintain multiple keys, here's a better pattern:

# Move original key to standard location
mkdir -p ~/.ssh/keys
mv NAME.pem ~/.ssh/keys/

# Update SSH config
Host *
    AddKeysToAgent yes
    IdentityFile ~/.ssh/keys/NAME.pem
  • File permissions (must be 600 for key, 700 for .ssh directory)
  • Key format issues (convert with ssh-keygen -p -f NAME.pem if needed)
  • SSH agent not properly initialized

Check your SSH debug output to verify key selection:

ssh -v myserver

Look for these key lines in output:

debug1: Offering public key: /home/ubuntu/.ssh/id_rsa RSA SHA256:...
debug1: Authentication succeeded (publickey)