Cannot connect to code-server in GCP - Permission denied (publickey) - google-cloud-platform

I am attempting to install and access vscode in an instance of Compute Engine of GCP using the instructions on Coder.1
I have also been going through their instructions on exposing code-server using SSH2, however, when I try and run the command ssh -N -L 8080:127.0.0.1:8080 [user]#<instance-ip> swapping out [user] and ip address, I get the following:
The authenticity of host 'ip address (ip address)' can't be established.
ECDSA key fingerprint is SHA256:"hash".
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ipaddress' (ECDSA) to the list of known hosts.
[user]#<instance-ip>: Permission denied (publickey).
Code server should be running as when trying to execute I get:
info code-server 4.9.1
info Using user-data-dir ~/.local/share/code-server
error listen EADDRINUSE: address already in use 127.0.0.1:8080
Attempting to login using http:\\127.0.0.1:80 on Firefox making sure Don’t enable HTTPS-Only Mode is on, page cannot be found.
Admittedly, I have little experience with Linux and SSH.
Any way I can troubleshoot this?

Permission denied: states that you are not authorized to use SSH to access the remote server. You should make sure that the private key for your SSH keychain has been added to your SSH keychain and that the SSH public key for your user account has been uploaded to the server in order to resolve this issue. When running the ssh command, you can also try specifying the path to your private key file by using the -i flag. For instance:
ssh -i /path/to/private_key [user]#<instance-ip>
ssh -i /path/to/private_key -N -L 8080:127.0.0.1:8080 [user]#instance-ip>
If the private key file is protected by a passphrase, you will also need to provide the correct passphrase and the -p flag.
Attaching a troubleshooting doc for reference.

Related

ssh AWS ec2 bastion permission denied

When I try to connect to an EC2 in a private network through a bastion server I get this message:
<username>#<ec2-server>: Permission denied (publickey)
However, I can ssh to bastion from my local machine, and I can ssh to the EC2 from the bastion server,
Here is the .ssh/config I'm using:
Host <ec2-servers>*
IdentityFile ~/.ssh/id_rsa
User <username>
Here is the command I use to ssh:
ssh -J <bastion-server> <ec2-server>
Note: Permissions are good (700 for ~/.ssh/ and 600 for ~/.ssh/*)
Thanks in advance for your help!
There is likely no user on the remote system called 'username'. Make sure both systems have the same username and public key.
can you try the following configuration as the username you mentioned as same for both jump host and actual instance you are trying to connect to?
Host 10.2.2.* #ec2 servers cidr range
ProxyJump jumpuser#proxy.example.com
I think specifying the IdentityFile ~/.ssh/id_rsa might not be needed as that seems like the default key on your system you are using.
Make sure jumpuser exists with appropriate permissions.
Just fo debugging purposes , run this manually with debug options
ssh -vvv -J username#host1:port username#host2:port
will give plenty of information and you might be able to see where the problem is.
If you are using ssh-agent it remove all the identities and trying might also help.
ssh-add -D
How to Access a Remote Server Using a Jump Host
How to Set Up an SSH Jump Server
Just note that RSA keys are being depreciated, and later versions of operating systems disable their use on the CLIENT. That is, where you ssh from. To re-enable it on the client, in your ~/.ssh/config file, enter the following line:
PubkeyAcceptedKeyTypes +ssh-rsa
Note: there are security implications of doing this, so read up on the security issues of rsa if you are concerned. For instance, the following article:
https://www.thesslstore.com/blog/is-it-still-safe-to-use-rsa-encryption/
says:
....RSA encryption provides less than 99.8% security.
That sounds negligible, it’s about two in every 1,000.
But does that mean RSA is cracked? Not quite, just vulnerable..
Fixed it by adding local ssh public key in the authorized_keys of the remote ec2 instance.

scp to EC2 failing because of permission error

I'm trying to scp a project onto my EC2 instance. I have my .pem keys but the scp seems not to be able to find my keys, despite giving it the full address. Any insights?
[ec2-user#ip-172-31-19-174 ~]$ scp -i /Users/.../my_keys.pem -r /Users/.../project ec2-user#....us-west-1.compute.amazonaws.com:~/
Warning: Identity file /Users/.../my_keys.pem not accessible: No such file or directory.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
lost connection
Btw, I can ssh into the instance with
ssh -i /Users/.../my_keys.pem ec2-user#ec2-user#....us-west-1.compute.amazonaws.com
(albeit with the following warning)
The authenticity of host '[host_name]' can't be established.
ECDSA key fingerprint is [fingerprint_name].
Are you sure you want to continue connecting (yes/no)?
Are you trying to scp content from your local pc into an AWS instance?
If you are it looks like you are running your scp from your ec2 instance and not your local:
[ec2-user#ip-172-31-19-174 ~]$ scp -i /Users/.../my_keys.pem -r /Users/.../project ec2-user#....us-west-1.compute.amazonaws.com:~/
Note the start of your line: [ec2-user#ip-172-31-19-174 ~]
You should be doing the scp from your local machine, if that's what you're trying to achieve.
In short, you're already ssh'd onto the server.

Cannot create an SSH tunnel to Zeppelin web display on aws, using Putty on windows

The following instructions are given for the ec2 instance that I'm trying to connect to:
To access your instance: Open an SSH client. (find out how to connect
using PuTTY)
CHECK!
Locate your private key file (keypair.pem). The wizard automatically
detects the key you used to launch the instance.
I launched Putty with a .ppk and I also still have the .pem sitting on my local machine. However, how does this help once I am in the aws Linux terminal?
It sounds to me that the .pem should now be located on the remote machine, not my local one.
Your key must not be publicly viewable for SSH to work. Use this
command if needed: chmod 400 keypair.pem
This is fine once the previous step is clearer.
Connect to your instance using its Public DNS:
ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
Example: ssh -i "keypair.pem"
root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
I am currently typing this in (also trying ec2-user instead of root) but I get the following:
Warning: Identity file keypair.pem not accessible: No such file or directory.
Permission denied (publickey).
Please note that in most cases the username above will be correct,
however please ensure that you read your AMI usage instructions to
ensure that the AMI owner has not changed the default AMI username.
In case this is important, what user name are they referring to here?
I have also made sure the I can SSH into the security group from all locations.
Christopher, I am not sure if you have access to the AWS console, but If you do, then it will be easy to find out the correct user name of your EC2 machine. click on the check mark box to pick your instance, then click Connect, and it will show you the correct user name. If it is an amazon AMI image, it will most likely be ec2-user, other images can have root, ubuntu, bitnami, or any other user configured by the AMI creator.
Your error message: " Warning: Identity file keypair.pem not accessible" indicates an issue with your private key not being accessible.
You said you converted the .pem to ppk for putty, which will enable you to SSH via putty. If you need to SSH from an EC2 machine to another EC2 machine, you will need that private key with the "pem" extension.
Think of your private key as your password, except that it's stored in a file.
ssh -i "keypair.pem" root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
This command says: Log me in via SSH protocol to server xxxx.eu... using password file (Private key) "keypair.pem" that resides in the current directory.
if you do an "ls" and you don't see "keypair.pem" then that is your issue.
I hope that helps!

AWS EC2 ssh can't be established. ECDSA key fingerprint

While creating an EC2 instance, let AWS create the key, download to local Mac, then chmod 400 my-key.pem.
At the local terminal:
ssh -i "my-key.pem" ubuntu#<public DNS>
The authenticity of host '<public DNS> (<public ip>)' can't be established.
ECDSA key fingerprint is SHA256:GO...4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<public DNS>,<public ip>' (ECDSA) to the list of known hosts.
ssh_packet_read: Connection closed
$ssh -i "my-key.pem" ubuntu#<public DNS>
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-92-generic x86_64)
...
ubuntu#ip-<private ip>:~$ls
ubuntu#ip-<private ip>:~$
I am confused as to what has happened. First why the authenticity of host could not be established, after all I got this key from AWS when creating another instance and used the same key to connect to this instance which when this instance was created, it was given the same key pair name.
When answering 'yes' to the question, what exactly did it do?
after all the key is chmod to 400, so no write access.
What is the high level description of what went on between the local machine ssh and AWS?
Thanks
Replace ubuntu with onetick in:
ssh -i "keyfile.pem" ubuntu#[public DNS]
to
ssh -i "keyfile.pem" onetick#[public DNS]

How to install PHP modules on AWS EC2 without SSH knowledge?

Is there any way to install PHP modules on AWS without much SSH knowledge? I need to install PHP mcrypt, but I'm pretty new with SSH. I use putty for simple stuff like transferring files from server or compressing stuff, so the instructions on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html are pretty complex for me. Or if anyone has nan easy step by step to follow for putty?
To login to remote machine, you need to do SSH (Secure SHell for remote machine login)
To achieve you need to have SSH client your local machine and SSH server running to remote machine.
I believe in your topology, your machine is your ssh client and AWS server is SSH server
(Your machine/laptop) -> you may need to install any SSH client like putty, SecureCRT etc
If you are using linux machine then you may already have openssh already installed.
You can try by running command : ssh -h or ssh -V
AWS server: it is already running SSH server so you don't have to do anything.
Now, you may need to run a command to on your ssh client to connect to ssh server
ssh -i [user identity file path] username#ip/host
where -i : user publickey/fingerprint file location path.
(Generally instead of normal password based authentication, it is used to do publickey based user authentication which is more secure than password)
During SSH connection, there are two authentication happens,
1) Server/host authentication -> It happens first.
This for client to verify whether the ssh server it is going to connect is valid or trusted host or not. SSH client generally does this by verify the server/host fingerprint (publickey or identity file) supplied by SSH server during SSH connection with stored/saved list fingerprint file on local system. If SSH client doens't find fingerprint sent by SSH server then it will prompt to user whether to trust and add this fingerprint in trusted list or not.
i.e
The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)'
can't be established.
RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f.
Are you sure you want to continue connecting (yes/no)?
2) user/client authentication: -> Once server is authenticated in step 1, user authentication starts.
This is your client/user account authentication on SSH server. It is used to verify that whether user is allowed or not for login into the device. During SSH connection, SSH client software sends this info to SSH server and SSH server verify this. You must have this file present with you.
I hope once you follow above steps successfully, you would able to login to AWS server and then you can go ahead with your remaining task like install PHP, run some command etc.