Table of Contents
Managing files on your Amazon EC2 instances can often feel like navigating a complex maze, especially when you prefer a visual interface over the command line. This comprehensive guide simplifies that process by walking you through every step of connecting to your EC2 instance using WinSCP. Whether you’re uploading website files, downloading logs, or simply organizing your server directories, WinSCP provides an intuitive graphical SFTP client that makes remote file management straightforward. By the end of this article, you’ll be confidently and securely transferring data to and from your EC2 instances with ease.
What is WinSCP?
WinSCP (Windows Secure Copy) is a popular, free, and open-source SFTP, FTP, WebDAV, Amazon S3, and SCP client and file manager for Microsoft Windows. In short, its main purpose is to securely transfer files between your local Windows computer and a remote server, often using encrypted protocols like SFTP (SSH File Transfer Protocol) over SSH. It provides a user-friendly graphical interface, making file management on remote servers much easier than using command-line tools.
Pre-requisites:
- A running EC2 instance
- EC2 public IP or public DNS
- The .pem key file downloaded during instance launch
- WinSCP is installed on your Windows system
- Download WinSCP – https://winscp.net/eng/download.php
- Installation guide: https://winscp.net/eng/docs/guide_install
- (Optional) PuTTY installed if .pem needs to be converted to .ppk
Step-by-Step Guide to Access EC2 via WinSCP
Step 1: Convert your EC2 .pem
key file to WinSCP’s compatible format .ppk
format using PuTTYgen (if you haven’t already).
WinSCP uses .ppk format for key authentication.
1. First, you have to download and install PuTTYgen – using this URL https://puttygen.com/
2. Launch PuTTYgen
3. Load your .pem file
The PuTTY Key will generate the window: Then, you have to click on the “Load” button.

You will be redirected to a page where loading will begin.
b. After that, you have to browse the location where your .pem key file is stored.
c. Important to note: By default, PuTTYgen only displays files with the .ppk extension. To see your .pem file, you need to change the file filter to “All Files (.)” from the drop-down menu.

d. Then, select your .pem file and click “Open“.

PuTTYgen will import the key and you will see a confirmation message. Just click on the “Yes” button.
4. Save your private key as a .ppk file
a. Click on the “Save private key” button.

b. PuTTYgen will ask you for confirmation whether you want to save the key without a passphrase.
To make the process easy, you can click on the “Yes” button. For production environments, adding a passphrase is recommended.
c. Look for a location to save your .ppk file with
a name (PuTTYgen will automatically add the. ppk extension), and click “Save”.

5. Choose a location and a name for your new .ppk
file (e.g., my-key-pair.ppk
) and click Save. Remember this location.
Configure WinSCP for EC2 Connection
Open WinSCP.
In the Login dialog box, ensure New Site is selected on the left.
Configure the following settings under the Session section:

- File protocol: Select
SFTP
- Host name: Paste the Public IPv4 DNS or Public IPv4 address of your EC2 instance (copied in Step 1).
- Port number:
22
(This is the default for SSH/SFTP). - User name: Enter the default username for your EC2 instance’s AMI (e.g.,
ec2-user
for Amazon Linux,ubuntu
for Ubuntu).
- For Amazon Linux/Amazon Linux 2: ec2-user
- For Ubuntu: ubuntu
- For CentOS/RHEL: centos or ec2-user
- For SUSE Linux: ec2-user
- For Fedora: ec2-user
- Password: Leave this field blank, as we’ll be using key-pair authentication.
Click the Advanced… button.
In the “Advanced Site Settings” dialog box, navigate to SSH > Authentication in the left pane.
Under Private key file, click the […] button.
Browse to and select your .ppk
private key file (created in Step 2). Click Open.
- If you skipped PuTTYgen and are directly selecting a
.pem
file, WinSCP might prompt you to convert it to.ppk
. Click OK to allow it, and then save the.ppk
file when prompted.
Click OK to close the “Advanced Site Settings” dialog.
Save and Connect to Your EC2 Instance
Back in the WinSCP Login dialog, click Save.
You’ll be prompted to save the session. Give it a descriptive name (e.g., My EC2 Instance – Ubuntu) and choose whether to save the password (if you set one, which is unlikely for key-based authentication) and your private key passphrase (if you set one). Click OK.
With your saved session selected, click Login.
If the connection is successful, WinSCP will open a dual-pane interface:
- The left pane shows your local Windows file system.
- The right pane shows the remote file system of your EC2 instance.