I’ve recently started using Amazon’s EC2 could based web servers which has been great but it requires a PEM (privacy enhanced email) certificate in order to login and access the server. This is fine for Terminal access using
ssh but it took a bit of trial and error to get it working for GUI apps such as Panic’s awesome Transmit client. If you’re trying to do the same here’s the quick how-to (at least for Mac OS X 10.6 / Snow Leopard).
First, copy your Amazon EC2 .pem file to your local ssh directory in
/Users/your_user_name/.ssh. You can open this directory easily by entering the following command in the Terminal app:
$ open ~/.ssh
Assuming the file is called
server.ssh you can test it using the Terminal command:
$ ssh -i ~/.ssh/server.pem root@your_amazon_server
If that worked then your certificate is good.
Next, you need to add an ssh configuration option to let your apps know about the PEM. Open (or create)
~/.ssh/config and add the following line (again, assuming your file is called
config changes and then use the Terminal to alter the permissions of your PEM file to
700 (otherwise ssh may not allow you to use the file):
$ chmod 700 ~/.ssh/server.pem
Lastly, you need to restart the SSH dameon. Either restart your entire computer (slow and lame) or just quickly drop into the Terminal again and use the
launchctl command (you’ll need to be root):
# launchctl launchd% stop com.openssh.sshd launchd% start com.openssh.sshd launchd% quit
Now all you have to do is use Transmit to connect to your Amazon EC2 server via SFTP, using the root user and leave the password field blank.
You may also find it useful to add a HOST block around the config changes. I found the above configuration started to conflict with my GIT repos so I modified the config to:
Host amazonaws.com IdentityFile "~/.ssh/server.pem"
that way it only applies to the