One of the unique features of Amazon Lightsail is its browser-based SSH client, which makes it very simple to get a remote ssh connection to our server.

This browser-based client has been serving me very well. However there is an undesirable aspect, which is that the client will time-out if not used for a few minutes.

This was enough of a push for me to install a proper terminal.
Which has taken the form of installing Ubuntu (a distribution of GNU/Linux) onto my laptop and utilising the default terminal.

Now it is simply a matter of configuring the Ubuntu terminal to access the Lightsail server.

Lighsail creates a default ssh key for each region, which is what we’ll use, at least to begin with.
For Sydney this is called: LightsailDefaultPrivateKey-ap-southeast-2.pem

Download the key file (.pem) and place it in your ~/.ssh/ (home ssh) folder.

Before we can use the keyfile we need to restrict the permissions as ssh requires restricted access to keyfiles.

  1. Restrict the permissions over the key:

    $ chmod 600 ~/.ssh/[keyfile]

  2. Test access to our server using our terminal:

    $ ssh -i ~/.ssh/[keyfile] [user]@[public ip]

Note: we can use our website address (e.g. instead of our [public ip].

This should connect us to our server.
However, this is a lot to remember and type.
Instead lets setup an alias, to simplify the connection process.

Our alias will be stored in an ssh configuration file.

  1. Create a configuration file:

    $ touch ~/.ssh/config

  2. Open the configuration file and add an alias:

    $ nano ~/.ssh/config Host [alias] HostName [public ip] User [user] IdentityFile ~/.ssh/[keyfile]

  3. Test access to our server using our alias:

    $ ssh alias

This is a simpler method of connecting to our server.
However, we’ve relied on the Lightsail default key.
Another option is to create a private ssh key (just for our computer) and to use that for all ssh connections by default.
Digital Ocean provide a nice guide on how to achieve this.

  1. Create the local keyfile

    $ ssh-keygen

  2. Add our public key to our server’s authorised keys file:

    $ cat ~/.ssh/ ssh [alias] “mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat » ~/.ssh/authorized_keys”
  3. Now delete the Lightsail default key, and remove it’s reference from the alias file

    $ rm ~/.ssh/[keyfile] $ nano ~/.ssh/config Host [alias] HostName [public ip] User [user]

  4. Test access to our server using our alias and local keyfile

    ssh [alias]

We have now configured our terminal and Lightsail server to be able to connect via a private key that is unique to our computer.