Connecting to Amazon EC2 using Transmit

I’ve recently started using Amazon’s EC2 could based web servers which has been great but it requires a PEM (privacy enhanced email) certificate in order to login and access the server. This is fine for Terminal access using sftp or ssh but it took a bit of trial and error to get it working for GUI apps such as Panic’s awesome Transmit client. If you’re trying to do the same here’s the quick how-to (at least for Mac OS X 10.6 / Snow Leopard).

First, copy your Amazon EC2 .pem file to your local ssh directory in /Users/your_user_name/.ssh. You can open this directory easily by entering the following command in the Terminal app:

 $ open ~/.ssh

Assuming the file is called server.ssh you can test it using the Terminal command:

$ ssh -i ~/.ssh/server.pem root@your_amazon_server

If that worked then your certificate is good.

Next, you need to add an ssh configuration option to let your apps know about the PEM. Open (or create) ~/.ssh/config and add the following line (again, assuming your file is called server.pem):

IdentityFile "~/.ssh/server.pem"

Save the config changes and then use the Terminal to alter the permissions of your PEM file to 700 (otherwise ssh may not allow you to use the file):

$ chmod 700 ~/.ssh/server.pem

Lastly, you need to restart the SSH dameon. Either restart your entire computer (slow and lame) or just quickly drop into the Terminal again and use the launchctl command (you’ll need to be root):

# launchctl
launchd% stop com.openssh.sshd
launchd% start com.openssh.sshd
launchd% quit

Now all you have to do is use Transmit to connect to your Amazon EC2 server via SFTP, using the root user and leave the password field blank.


You may also find it useful to add a HOST block around the config changes. I found the above configuration started to conflict with my GIT repos so I modified the config to:

    IdentityFile "~/.ssh/server.pem"

that way it only applies to the servers.