SSH to AWS EC2 private server without sharing SSH key with team

Updated - 2 min read

Managing SSH access for AWS EC2 server running in AWS VPC private subnet has its own challenges. Traditionally, people do SSH agent forwarding while doing SSH to AWS EC2 server running in AWS VPC private subnet, but with known potential security risks. In this blog post, you will learn how to SSH to AWS EC2 server running in AWS VPC private subnet, without sharing SSH key with the team using SloopEngine. It is recommended to know the potential security risks involved in sharing SSH keys with the team when providing SSH access. With SloopEngine, you can totally avoid SSH agent forwarding, therefore, ensuring maximum security. Let's see how to do it.

Do a quick search across the internet, to know more on security risks involved in SSH agent forwarding.

Configure AWS EC2 security group

To allow SSH connection from SloopEngine, you need to write an inbound rule on your AWS EC2 security group to whitelist SloopEngine Gateway IP's. Check out the AWS EC2 documentation to know how to manage security groups.

Download SSH key pair from AWS EC2 console

Create new SSH key pair from AWS EC2 console. Once the SSH key pair is created, the private SSH key will be automatically downloaded to your machine, but the public SSH key won't. But you have to retrieve the public SSH key using the downloaded private SSH key with the help of AWS EC2 documentation. Then you must add an Identity to your SloopEngine Account, where you have to copy and paste the contents of private and public SSH key.

You cannot download the public SSH key directly from AWS EC2 console.

Boot AWS EC2 server on AWS VPC public subnet

First, you have to boot an AWS EC2 server within AWS VPC public subnet, which serves as SSH bastion host. Make sure you properly attach correct SSH key pair with this AWS EC2 server. Below are the list of things to be done, once its up and running.

  1. Add this AWS EC2 server on your SloopEngine Account.
  2. Deploy SloopEngine CLI on this AWS EC2 server.
  3. Sync SSH key pair on this AWS EC2 server.

Boot AWS EC2 server on AWS VPC private subnet

Second, you have to boot an AWS EC2 server within AWS VPC private subnet. Also make sure you properly attach correct SSH key pair with this AWS EC2 server. Below are the list of things to be done, once its up and running.

  1. Deploy SloopEngine CLI on this AWS EC2 server.
  2. Sync SSH key pair on this AWS EC2 server.

SSH to AWS EC2 server from SloopEngine

All you have to do is to create an access rule on SloopEngine Account to assign SSH access to any of your team member. Once thats done, your team member can SSH to AWS EC2 server running in AWS VPC private subnet in single click from your SloopEngine Account.

Interested? Signup today for free! Thank you.

Solution
AWS
SSH Key Management
SSH Access Management

Related blog posts

Coronavirus: Work from home with 100% productivity Reduce IT operational costs of tech teams upto 90% Best browser SSH terminal client with built-in auditing features Security risks involved in sharing SSH keys with the team How to securely manage public & private SSH keys in the cloud? How to protect software source code from the developer team?