Control an Amazon EC2 server from an Apple iPad using SSH and VNC

March 2, 2015

I recently configured an Amazon EC2 instance so that I could run the XFCE desktop environment on it and control it from my local laptop computer using SSH and VNC. But what if I want to use my iPad to do control the remote Amazon EC2 server?

I want to experiment with complex network simulations running on open-source networking software when I happen have the time, from any location with a WiFi connection. I do not always have my laptop with me, but I usually have either my iPad or iPhone.


In this blog post, I will show how to configure and use an iPad (and iPhone) VNC viewer app to view and control the desktop environment running on my Amazon EC2 server.

iPad software

screens-iosTo connect to a remote server from an iPad, we need a VNC viewer app. The VNC viewer app I use is Screens.

I use the Edovia Screens iPad app, which displays the full-screen desktop environment running on the remote server. There are other VNC viewer apps in the App Store but Screens seems to have a lot of functionality and I was confident it would support SSH tunneling. Screens is also a universal iOS app and works on both the iPad and the iPhone.

Set up remote server

I assume you already have an Amazon EC2 server running, with a VNC server configured and running on it. If not, please see my previous posts on setting up a remote server on Amazon’s EC2 cloud computing service.

To summarize:

Transfer the EC2 instance private key to the iPad

To connect to the remote server, the iPad VNC viewer app will require the private key of the remote Amazon EC2 sever. Since I used my laptop computer to set up the EC2 instance, the SSH Key Pair file is stored on it. I need to copy the private key from my laptop computer to my iPad. This will allow me to access the remote server from both my laptop and from my iPad.

iTunes file transfer

If I had set up my Amazon EC2 instance from either an Apple Mac or a Windows PC, I could just use iTunes File Transfer to copy the private key .pem file to the VNC viewer app on the iPad. This is the most secure method of transferring the key, if you use a Mac or PC.

I used my laptop computer, which runs Linux, to set up my Amazon EC2 instance so I need another way to transfer the private key to my iPad.

Using a cloud service to transfer keys

In my case, I just used my DropBox account to transfer the file. I used a non-obvious filename for the key file and deleted the file from DropBox after I completed the transfer.

For a higher level of security, you may consider using SpiderOak. I’ve not tried SpiderOak but I understand that it offers encrypted storage and has apps on all major mobile and PC operating systems, including Linux. SpiderOak appears to offer features similar to DropBox.

Here are the steps I used to transfer the private key from my Laptop computer to my iPad using DropBox:

  1. On the computer that has the private key file, I view contents of the private key file using a text editor or the `cat` command. For example: in my case, I located the private key file, Ubuntu-2-keypair.pem, on my computer and displayed its contents on my screen.
  2. I selected the entire text of the file and copied it to the clipboard.
  3. I opened a text editor and pasted the text into it. Then I saved the file in my ~/DropBox folder with an innocuous filename like list.txt.
  4. DropBox automatically syncs this file with the DropBox app on my iPad.
  5. When I need the key in the next step, I open the list.txt file in DropBox and copy-and-past the key text into the remote-access app’s configuration (see next step)
  6. When the remote-access app is configured, I delete the file list.txt from DropBox.

Copy the SSH key to the iPad clipboard

Open the DropBox (or other cloud storage service) app and view the contents of the text file in which you stored the SSH private key for the remote Amazon EC2 server.

Select all the text, and copy it to the iPad clipboard.

Copy SSH key to the iPad's clipboard

Copy SSH key to the iPad’s clipboard

Now the EC2 server’s SSH private key is stored in the iPad clipboard and we will import the key into Screens from the clipboard in a later step.

Configure the Screens iPad VNC client

I encountered some frustrations when trying to configure Screens to use SSH Port Fording for the VNC connection. Here are some points to be aware of, so you avoid problems:

  • When connecting to an Amazon EC2 server, configure Screens using IP addresses, not host names or interface names. For example: localhost will not work, but the loopback address will work.
  • When using SSH port forwarding, which Screens calls Secure Connection, the Address field in the first server configuration box will be the loopback address of the remote Amazon EC2 server.
  • The public IP address of the remote Amazon EC2 server is entered in the second configuration box, after you click on Secure Connection.

Now let’s walk through the configuration procedure step-by-step.

Screens app: create custom server

Open the screens app. To create a new connection, click on the Discovered button in the upper right corner of the display. Then click on Create Custom Screen.

Create new server

Create new server

Server settings

In the server settings dialogue screen, you configure the VNC viewer information. Enter the following information in each field:

  • Computer Info
    • Name: The name you wish to use to describe the server in the Screens app.
    • Address: We plan to use SSH to connect to the remote server so in this address field, enter the loopback address of the remote server. For an Amazon EC2 server, the interface name localhost will not work. Use the loopback IP address:, instead.
    • Port: The VNC port used by the VNC server running on the remote Amazon EC2 server. In my case, it is port 5901.
    • Operating System: Linux
  • Authentication
    • Method: VNC Password
    • Password: Enter the password you configured on the VNC Server running on the Amazon EC2 server.
  • Secure Connection
    • Enabled: Click the button to select “Enabled”
    • Advanced: Click “advanced” to open the Secure Connection configuration box.
Server settings configuration

Server settings configuration

Secure Connection settings

After clicking on the Advanced setting, you see the Secure Connections configuration screen. In this screen, you configure the SSH connection information.

  • Username: The user id on the Amazon EC2 server
  • Password: Clear the password and use only the SSH key. To import the key, see “Import SSH key”, below.
  • Host: The public IP address of the Amazon EC2 server
  • Port: Leave at the default setting, port 22.
  • Enable on local network: Leave this at the default setting, enabled.
SSH settings configuration

SSH settings configuration

Import SSH key

To use the Amazon EC2 server’s private SSH key as the authentication method, you must import the key. To do this, click on the small “key” symbol on the Password line in the Secure Connection configuration box.

Then, click on the “Imported Key” option. This will import the SSH key you previously copied to the iPad clipboard.

Import SSH key from clipboard

Import SSH key from clipboard

Test the connection

Save the server settings. Go back to the Screen Settings configuration box and click on “Save”.

Now you should see an icon representing the server on you Screens app’s home screen. In this example, it is named AWS-server.

Screens home screen showing new server, AWS-server

Screens home screen showing new server, AWS-server

Click on AWS-server to connect to the remote Amazon EC2 server. Screens should automatically connect and you should see the Linux desktop.

Linux desktop on Amazon EC2 server, viewed on an iPad

Linux desktop on Amazon EC2 server, viewed on an iPad

We have now successfully configured Screens to connect to a remote Amazon EC2 server. To learn how to use the Screens VNC viewer app to control the server, consult the Screens user documentation.

Terminal app

Having an SSH command-line terminal is useful when setting up a new remote server or when troubleshooting VNC problems on a remote server.

prompt-iosThe terminal app I use is Prompt. This app provides a command-line interface for the remote server and is useful for configuring the remote server and for troubleshooting connection problems that may occur while using the VNC viewer app. There are only a few terminal apps in the App Store that also support SSH tunneling. To me, Prompt seemed to be the best tool in this category.

Configuring a remote connection in the Prompt app is fairly simple. If you can configure the Screens VNC viewer, you will have no problem setting up Prompt.


We successfully set up a VNC viewer app on the iPad to connect to and control the Linux desktop running on a remote Amazon EC2 server.

We saw that we had to use IP addresses, not DNS names or interface names, when configuring the VNC viewer to connect to the Amazon EC2 remote server.

2 responses to Control an Amazon EC2 server from an Apple iPad using SSH and VNC

  1. This is a great article. I could not connect to my EC2 instance using my iPad and the Prompt SSH app. I would email the contents of my .pem file to myself, open the email, then do a copy/paste in to the Prompt app. This didn’t work.

    What solved if for me was how you renamed your .pem file to .txt in Dropbox. This allowed Dropbox to preview the file. At that point, I could do a copy/paste of my private key to the Prompt app.

    I’m guessing that the copy/paste via email was adding CRs or something similar. Hopefully this comment will save someone the two hours it took me.

    Thanks for a great write up!