Amazon AWS EC2 configuration jupyter notebook remote access

Solution

  • Overview method
  • Create SSH tunnel method
    • Possible errors
      • Option One
      • Option II

Overview of methods

Miniconda3 is installed in the Ubuntu system of AWS EC2 and Jupyter Notebook is started. If Jupyter Notebook cannot be successfully opened in the local browser by copying the link given in the terminal, you usually need to check the following aspects:

  1. Check security group settings:
  • Make sure that TCP access is allowed in the security group rules of the EC2 instance, specifically the default 8888 port for Jupyter Notebook (or the port you specify).
  • This can be set in the AWS Management Console under Network & Security -> Security Groups.
  1. Use the correct IP address:
  • The link given by Jupyter Notebook may contain localhost or 127.0.0.1, which are local loopback addresses. When running on a remote server, this part needs to be replaced with the public IP address of the EC2 instance or the bound domain name.
  1. Configure Jupyter Notebook to listen on all interfaces:
  • You can allow access from all IP addresses by adding the –ip=0.0.0.0 parameter when starting Jupyter Notebook.
    The command format is as follows: 
    $ jupyter notebook --ip=0.0.0.0 --no-browser --port=8888
  • The –no-browser option here tells Jupyter Notebook not to try to open the browser. –port=8888 specifies the running port. Make sure that this port is open in the security group.
  1. Create SSH tunnel:
  • If you do not want to perform additional configuration of your Jupyter Notebook, you can securely access the Notebook through an SSH tunnel.
    Run the following command on your local computer to create an SSH tunnel:
$ ssh -L local port:localhost:remote port username@EC2 instance public network IP -i private key file path

  • Jupyter Notebook can then be accessed in a local browser using http://localhost:localport.
    Disable or configure the firewall:

  • If a firewall (such as UFW) is set up on the EC2 instance, make sure the firewall settings allow port communication.

Create SSH tunnel method

The steps to establish an SSH tunnel in a Windows system and find the required information are as follows:

  1. Find the local port:
  • Usually, the local port can be selected by yourself. For example, you can choose an unused port such as 8888 as the local port.
  • You can use the Windows netstat command to see which ports are in use. Open a command prompt or PowerShell and enter netstat -an | find "LISTENING" to find all listening ports.
  1. Determine the remote port of the remote server:
  • For Jupyter Notebook, the default port is 8888. If Jupyter Notebook is started on an EC2 instance, it will usually use this port unless a different port is specified at startup.
  1. Find the private key file path:
  • The private key file is a .pem file generated when creating an EC2 instance and is used for SSH to the EC2 instance.
  • If you generated a key pair and downloaded a .pem file while using AWS, you need to remember where the file was saved. For example, if the file name is my-aws-key.pem and it is saved in the Downloads folder, the private key file path might look like this: 
    C:\Users\your username\ Downloads\my-aws-key.pem
  • Make sure to replace your username in the path with your Windows account username.
    Ultimately, an example SSH tunnel command might look like this:
ssh -L 8888:localhost:8888 [email protected] -i C:\Users\username\Downloads\my- aws-key.pem

In this command, ec2-user is the username of the remote EC2 instance (this may vary based on AMI), ec2-xx-xx-xx-xx.compute-1.amazonaws.com is the public DNS name of the EC2 instance, It needs to be replaced with the actual public IP or DNS name.

Possible errors

After entering the ssh command, the following error may appear:

C:\Users\*****>ssh -L 8888:localhost:8888 [email protected] -i D:\Download\mujiu.pem
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
Permissions for 'D:\Download\mujiu.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "D:\Download\mujiu.pem": bad permissions
[email protected]: Permission denied (publickey).

This issue is caused by the private key file permissions on Windows being set too loosely, causing the SSH client to refuse to use the key due to security concerns. In Linux systems, you need to make sure that the permissions of the private key file are 400 or 600, which means that only the file owner has permission to read or write the file. However, in Windows systems, the concept of permissions is different from that in Linux, and is usually controlled through file attributes.

Option 1

To resolve this issue, you need to change the security attributes of the private key file to only allow access to the current user. Please follow these steps:

  1. Find your .pem file in File Explorer, for example D:\Download\mujiu.pem.

  2. Right-click the file and select “Properties”.

  3. Switch to the “Security” tab in the properties window.

  4. Click the “Advanced” button.

  5. In the Advanced Security Settings window, click the Change link to change the owner to your user account.

  6. Uncheck “Inherit permission entries from parent”.

  7. Click the “Edit” button to change the permissions.

  8. In the pop-up window, you may see accounts such as “Authenticated Users,” “SYSTEM,” “Administrators,” and your username.

  9. For each account or group except your username, select them and click Remove.

  10. Make sure that only your user account remains in the list and that it has Full Control permissions.

  11. Click “Apply” and then OK to close all properties windows

Option 2

  1. Run as administrator using command prompt.

  2. Enter the following command, replacing the path with the actual path to your private key:

icacls "D:\Download\mujiu.pem" /reset
icacls "D:\Download\mujiu.pem" /grant:r "%USERNAME%":(R)
icacls "D:\Download\mujiu.pem" /inheritance:r

These commands will reset file permissions, grant only read permissions to the current user, and remove any inherited permissions.

After modifying the permissions, try your SSH connection command again. If the problem persists, you may want to check whether other security software (such as anti-virus software) may be blocking SSH access to the private key file. In addition, make sure your SSH client (such as PuTTY, OpenSSH, etc.) is the latest version, sometimes older versions may have some compatibility issues.