Figured I’d write this one out, because I couldn’t find this documented anywhere else. You do NOT need to open a connection FIRST to your local machine, and THEN to Amazon, as I’d been doing:

dkabal-macbookpro:~ dkabal$ ssh -i ~/[pem file location].pem ec2-user@[hostname]

You can open a connection directly to the remote server:

  1. Copy the .pem file to the ~/.ssh/ directory. Make sure permissions are right:
    chmod 700 ~/.ssh/[pem file name].pem
  2. Then add the following lines to your ~/.ssh/config:
    HOST [hostname, * works if you use the same .pem file for multiple hosts]
    IdentityFile "~/.ssh/[pem file name].pem"

Stolen unabashedly from here.