Vaclav's picture

After installing the EC2 instance from the image and trying to connect directly, I am getting an error message that I can't connect. Is the SSH the only way to connect to the instance?

Forum: 
Jeremy Davis's picture

Hi there.

So first up, it depends how you are launching it. Currently there are 2 ways to launch TurnKey servers on AWS. One is via AWS Marketplace (i.e. OpenVPN on AWSMP). Or you can Launch if from the TurnKey Hub.

It's perhaps also worth noting that if you are using AWS Marketplace or a paid plan on the Hub (including during the free trial), then you are eligible for our "paid support" (no additional cost) via support@turnkeylinux.org (or the chat window in the Hub). You will almost always get a faster response via paid support, than here (although posting here is good and I try to respond ASAP - just paid support is prioritised). If you are using AWS Marketplace, when accessing paid support, please also include your AWS user ID number (I need that to confirm support eligibility).

AWS Marketplace

When launching TurnKey servers from the AWS Marketplace, after the server has finished booting, but before you can use it, you need to log in via SSH as user 'admin' and using the private key of the keypair you selected at launch time.

If you are using Linux or Mac OSX locally, then you can use the ssh client that should be built in. I.e.:

ssh -i /path/to/private.key admin@PUBLIC_IP_OR_DNS_NAME

(Where PUBLIC_IP_OR_DNS_NAME is the public IP of your server, or it's AWS DNS name).

If you are on Windows, you can install OpenSSH too (same as Linux and Mac) or use another 3rd party tool such as PuTTY (SSH only) or WinSCP (SSH & SCP/SFTP). Please consult the relevant docs to see how to use a specific private key to authenticate.

Please note, that if you get a password prompt, then that means that you are using the wrong key (if key authentication it falls back to password authentication - but no password is set at that point).

TurnKey Hub

When using the TurnKey Hub to launch an AWS server the "launch server" form allows you to pre-configure (pre-seed) some aspects (namely the email address & domain) as well as a root password (optional - but if you don't set a root password - be sure to explicitly select a(n existing AWS) keypair to use; or configure the Hub's SSH key.

To generate profiles etc, you will still need to log in via SSH (see above section for more detail on SSH client) and use the relevant helper scripts. E.g. 'openvpn-addclient' :

# openvpn-addclient -h
Syntax: openvpn-addclient client-name client-email [private-subnet] [--pass] [--auth-nocache]
Generate keys and configuration for a new client
Arguments:
    client-name         Unique name for client
    client-email        Client email address
    private-subnet      CIDR subnet behind client (optional)
    --pass              Protect client keys with a password
    --auth-nocache      This will force OpenVPN to immediately forget username/password
                        inputs after they are used. As a result, when OpenVPN needs a
                        username/password, it will prompt for input, which may be
                        multiple times during the duration of an OpenVPN session.
                        
    --port=<NUMBER>     Set client to connect to port  (Default: 1194).
                        Note: this does not change the port that OpenVPN listens on,
                        just the port that the client will connect on (e.g. if you
                        forward OpenVPN to alternate port via router/firewall/etc).

There is also some more info in the TurnKey OpenVPN docs which may or may not be relevant.

Add new comment