To connect Amazone EC2 instances with SSH, it needs to specify its identity(private key, a keypair from EC2). Explicitly, this can be done with ‘ssh -i keypair_file hostname’. To apply this in the system wide, it needs to expose the identity(key pair) file in a user’s “$HOME/.ssh”. This is very useful for a tool, pssh (parallel ssh), in which it does not support explicit way of specifying the identity file. I use pssh to make changes on multiple EC2 instances with one script from my Macbook.
Recently, I upgraded my Macbook to Lion (GM Seed version). I found the OpenSSH’s identity doesn’t work any more. After some debugging on that, I figured out that it needs to specify the identity file with ‘config’ file. Before that, I just placed a EC2 keypair file in “$HOME/.ssh”.
A ‘config’ file of SSH maps a hostname and its identity file as follows:
$HOME/.ssh/config:
Host host1.amazon.com
IdentityFile ~/.ssh/identityHost host2.amazon.com
IdentityFile ~/.ssh/identityHost 1.2.3.4
IdentityFile ~/.ssh/identity
It needs to add the FQDN and the IP address hostname of a host seperately.
Now, we can see that SSH refers the config file.
debug1: Reading configuration data /Users/ghost/.ssh/config
debug1: Applying options for xxxx.com
debug1: Reading configuration data /etc/ssh_config
debug1: Trying private key: /Users/ghost/.ssh/identity
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
