Cloud Security
Published in

Cloud Security

SSH to an AWS EC2 Instance with a Chromebook

I teach a cloud security class that involves 4–5 labs (plus bonus labs!) each day. The class covers AWS, Google, and Azure. I hire people to help me test the labs — most often, my niece, as I wrote about in my prior blog post but also my nephews. When my nephew asked if he could do the labs with a Chromebook, I said, “I don’t know, let’s try it!” Come to find out, Chromebooks are a little different. We figured out how to do it, and the steps are as follows:

1. Login to aws.amazon.com on your Chromebook.

2. Launch an AWS EC2 instance (virtual machine), create, and download a new .pem file. It appears your downloads folder.

If you’re not familiar with how to do #2 refer to this AWS EC2 getting started documentation.

3. To get to the Downloads folder on your Chromebook, click the file folder icon on right below.

4. You should see the file you saved with .pem at the end.

Mine is named chromebook-aws.pem. Replace any instructions below that refer to chromebook-aws.pem with the name you gave your .pem file.

5. Click My files with two fingers. Create a new folder called aws.

6. Click the .pem file in your Downloads folder with two fingers. Choose copy.

7. Click your aws folder. Click paste to copy your .pem file into the aws folder.

Note: We copy the file for two reasons. First, the Downloads folder is temporary, and files in it periodically get deleted. Secondly, we should not share the entire Downloads folder with the Linux container on Chrome, where we want to connect to AWS. We only want it to have access to the files it needs — a good security practice!

8. Click the icons at the bottom right. Then click the gear icon for settings (2nd to the right at the top).

9. In settings, click Linux (Beta) on the left then click Turn on.

10. Click Install.

Note: After Linux installs, you can run standard Linux commands such as pwd to see the name of the current directory. You don’t see any of the files on your Chrome OS. This functionality is for security reasons. Linux poses some additional security risk, and anything you run in Linux is in a separate “container” from things running on your Chromebook. You need to specifically share the files with Linux that you want it to see. Only share the specific files you want the container to access, not the whole operating system, as explained above. Granting too much access is a common security misconfiguration by people who don’t understand container security.

11. Go back to your aws folder and click on it with two fingers. Choose Share with Linux.

12. Now return to your Linux container. Type the following commands to mount the directory in your Linux container and verify you can see your files:

cd /mnt/chromeos/MyFiles/awsls

13. Now you should see the file! Remember, your file name may be different.

In all the commands below, replace chromebook-aws.pem with the name of your file.

Note: If you try to change the permissions of the .pem file with the following command, you’ll get a permissions error.

chmod 400 chromebook-aws.pem

That is normal. The mounted and shared files are read-only and non-executable for security reasons. Rather than change those settings, which again poses a security risk, let’s copy the file to a directory where we can edit it.

15. Type these commands to copy the file to your home directory and verify it exists there:

cp chromebook-aws.pem ~/chromebook-aws.pemcd ~ls

Now you have a copy of the .pem file in your home directory, and you should be able to edit it.

16. Type the chmod command again.

It works now because you are in a directory where you have permission to edit the file.

17. Go back to your EC2 instance in AWS. Right-click and choose Connect.

18. Copy the SSH command ~ make sure you are using the correct user name.

19. Type yes.

20. You are connected!

Have fun connecting your Chromebook to an AWS EC2 Instance!

Teri Radichel

If you liked this story please clap and follow:

Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research

© 2nd Sight Lab 2020

____________________________________________

Want to learn more about Cloud Security?

Check out: Cybersecurity for Executives in the Age of Cloud.

Cloud Penetration Testing and Security Assessments

Are your cloud accounts and applications secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Cloud Security Training

Virtual training available for a minimum of 10 students at a single organization. Curriculum: 2nd Sight Lab cloud Security Training

Have a Cybersecurity or Cloud Security Question?

Ask Teri Radichel by scheduling a call with IANS Research.

____________________________________

2020 Cybersecurity and Cloud Security Podcasts

Cybersecurity for Executives in the Age of Cloud with Teri Radichel

Teri Radichel on Bring Your Own Security Podcast

Understanding What Cloud Security Means with Teri Radichel on The Secure Developer Podcast

2020 Cybersecurity and Cloud Security Conference Presentations

RSA 2020 ~ Serverless Attack Vectors

AWS Women in Tech Day 2020

Serverless Days Hamburg

Prior Podcasts and Presentations

RSA 2018 ~ Red Team vs. Blue Team on AWS with Kolby Allen

AWS re:Invent 2018 ~ RedTeam vs. Blue Team on AWS with Kolby Allen

Microsoft Build 2019 ~ DIY Security Assessment with SheHacksPurple

AWS re:Invent and AWS re:Inforce 2019 ~ Are you ready for a Cloud Pentest?

Masters of Data ~ Sumo Logic Podcast

Azure for Auditors ~ Presented to Seattle ISACA and IIA

OWASP AppSec Day 2019 — Melbourne, Australia

Bienvenue au congrès ISACA Québec 2019 KeynoteQuebec, Canada (October 7–9)

Cloud Security and Cybersecurity Presentations

White Papers and Research Reports

Securing Serverless: What’s Different? What’s Not?

Create a Simple Fuzzer for Rest APIs

Improve Detection and Prevention of DOM XSS

Balancing Security and Innovation with Event-Driven Automation

Critical Controls that Could have Prevented the Target Breach

Packet Capture on AWS

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Teri Radichel

Teri Radichel

Cloud Security Training and Penetration Testing | GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN | AWS Hero | Infragard | IANS Faculty | 2ndSightLab.com