SSH to an AWS EC2 Instance with a Chromebook
I teach a cloud security class that involves 4–5 labs (plus bonus labs!) each day. The class covers AWS, Google, and Azure. I hire people to help me test the labs — most often, my niece, as I wrote about in my prior blog post but also my nephews. When my nephew asked if he could do the labs with a Chromebook, I said, “I don’t know, let’s try it!” Come to find out, Chromebooks are a little different. We figured out how to do it, and the steps are as follows:
1. Login to aws.amazon.com on your Chromebook.
2. Launch an AWS EC2 instance (virtual machine), create, and download a new .pem file. It appears your downloads folder.
If you’re not familiar with how to do #2 refer to this AWS EC2 getting started documentation.
3. To get to the Downloads folder on your Chromebook, click the file folder icon on right below.
4. You should see the file you saved with .pem at the end.
Mine is named chromebook-aws.pem. Replace any instructions below that refer to chromebook-aws.pem with the name you gave your .pem file.
5. Click My files with two fingers. Create a new folder called aws.
6. Click the .pem file in your Downloads folder with two fingers. Choose copy.
7. Click your aws folder. Click paste to copy your .pem file into the aws folder.
Note: We copy the file for two reasons. First, the Downloads folder is temporary, and files in it periodically get deleted. Secondly, we should not share the entire Downloads folder with the Linux container on Chrome, where we want to connect to AWS. We only want it to have access to the files it needs — a good security practice!
8. Click the icons at the bottom right. Then click the gear icon for settings (2nd to the right at the top).
9. In settings, click Linux (Beta) on the left then click Turn on.
10. Click Install.
Note: After Linux installs, you can run standard Linux commands such as pwd to see the name of the current directory. You don’t see any of the files on your Chrome OS. This functionality is for security reasons. Linux poses some additional security risk, and anything you run in Linux is in a separate “container” from things running on your Chromebook. You need to specifically share the files with Linux that you want it to see. Only share the specific files you want the container to access, not the whole operating system, as explained above. Granting too much access is a common security misconfiguration by people who don’t understand container security.
11. Go back to your aws folder and click on it with two fingers. Choose Share with Linux.
12. Now return to your Linux container. Type the following commands to mount the directory in your Linux container and verify you can see your files:
13. Now you should see the file! Remember, your file name may be different.
In all the commands below, replace chromebook-aws.pem with the name of your file.
Note: If you try to change the permissions of the .pem file with the following command, you’ll get a permissions error.
chmod 400 chromebook-aws.pem
That is normal. The mounted and shared files are read-only and non-executable for security reasons. Rather than change those settings, which again poses a security risk, let’s copy the file to a directory where we can edit it.
15. Type these commands to copy the file to your home directory and verify it exists there:
cp chromebook-aws.pem ~/chromebook-aws.pemcd ~ls
Now you have a copy of the .pem file in your home directory, and you should be able to edit it.
16. Type the chmod command again.
It works now because you are in a directory where you have permission to edit the file.
17. Go back to your EC2 instance in AWS. Right-click and choose Connect.
18. Copy the SSH command ~ make sure you are using the correct user name.
19. Type yes.
20. You are connected!
Have fun connecting your Chromebook to an AWS EC2 Instance!
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2020
Want to learn more about Cloud Security?
Check out: Cybersecurity for Executives in the Age of Cloud.
Cloud Penetration Testing and Security Assessments
Cloud Security Training
Virtual training available for a minimum of 10 students at a single organization. Curriculum: 2nd Sight Lab cloud Security Training
Have a Cybersecurity or Cloud Security Question?
2020 Cybersecurity and Cloud Security Podcasts
2020 Cybersecurity and Cloud Security Conference Presentations
Prior Podcasts and Presentations
Azure for Auditors ~ Presented to Seattle ISACA and IIA
OWASP AppSec Day 2019 — Melbourne, Australia
Bienvenue au congrès ISACA Québec 2019 — Keynote — Quebec, Canada (October 7–9)
White Papers and Research Reports