Secure SSH & SCP Connections with AWS Sessions Manager (4 Steps)
top of page

How to protect your SSH and SCP Connections with AWS Sessions Manager in 4 simple steps

Updated: Jul 10

In certain scenarios, establishing secure SSH or SCP connections with EC2 instances within our protocol becomes necessary. AWS Sessions Manager offers a robust solution to accomplish this, allowing us to avoid the exposure of critical ports and enhance overall security.


Step# 1: Install the latest version of the AWS CLI and the AWS Sessions Manager plugin

To begin, install the latest versions of the AWS CLI and the Sessions Manager plugin. The following links provide detailed instructions for installation:


Step# 2: Modify ssh config file

Locate your SSH config file, which can be found at "~/.ssh" for Linux and Mac distributions, or "C:\Users<username>.ssh" for Windows.


Add the following line to the config file:


host i-* mi-*

ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"


Step# 3: Configure the SSM instance and the EC2 instance profile of your instances


Follow the SSM agent installation instructions provided in the documentation:



In my case, I’m installing it on an Ubuntu machine with the following commands:


sudo snap install amazon-ssm-agent --classic

sudo snap list amazon-ssm-agent


Additionally, attach the AmazonSSMManagedInstanceCore policy to the EC2 instances you wish to access, ensuring the necessary permissions for AWS Systems Manager service core functionality.


Step# 4: Start SSH/SCP session in your local environment


Before initiating SSH/SCP sessions with your EC2 instances, specify your AWS Profile or the region of the EC2 instances if you are using temporal credentials using the following command:


export AWS_REGION=<region-name>

export AWS_PROFILE=<profile-name>

# ssh command

ssh -i id_rsa ubuntu@i-xxxxxxxxx

# scp command

scp -i id-rsa ubuntu@i-xxxxxxxxx:/<dir-or-file-path> <local-file-path>


By following these steps, you can confidently protect your SSH and SCP connections using AWS Sessions Manager. This comprehensive guide empowers you to establish secure access while minimizing potential security risks.


Happy coding and see you next time, in the Cloud!


""




Juan Bermudez

Cloud Engineer

Teracloud







If you want to know more about Cloud Security, we suggest checking Best Security Practices, Well-Architected Framework





Buscar por tags
bottom of page