Permission denied (publickey,gssapi-keyex,gssapi-with-mic) - EC2 AWS - amazon-web-services

I am trying to connect to my EC2 instance via the Terminal on Mac. My key is stored in /downloads folder and I have already ran the following command :
chmod 600 mykey.pem
before running the following :
ssh -t mykey.pem root#public-ip4-address
I have tried other usernames also - "ec2-user", "root", "admin" etc. But nothing seems to work.
hostkeys_find_by_key_hostfile: hostkeys_foreach failed for /Users/abhisheksharma/.ssh/known_hosts: Not a directory
The authenticity of host 'xxxxxxxxxxxxxxxxx' can't be established.
ED25519 key fingerprint is SHA256:Uw1xxxxxxxxxxxxxxxxxxxxxSIb57A.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Failed to add the host to the list of known hosts (/Users/abhisheksharma/.ssh/known_hosts).
root#xxxxxxxxxxxxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
More Details :
abhisheksharma#Abhisheks-MacBook-Air downloads % ssh -i storme.pem root#xxxxxxxxxxxxxxxx.compute.amazonaws.com -v
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to xxxxxxxxxxxxxxxx.compute.amazonaws.com port 22.
debug1: Connection established.
debug1: identity file storme.pem type -1
debug1: identity file storme.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: compat_banner: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to xxxxxxxxxxxxxxxxcompute.amazonaws.com:22 as 'root'
debug1: load_hostkeys: fopen /Users/abhisheksharma/.ssh/known_hosts: Not a directory
debug1: load_hostkeys: fopen /Users/abhisheksharma/.ssh/known_hosts2: Not a directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacxxxxxx#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chaxxxxxxx#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-xxxxxxxx SHA256:Uw1ljnksxxxxxxxxxxxxxxxxSIb57A
debug1: load_hostkeys: fopen /Users/abhisheksharma/.ssh/known_hosts: Not a directory
debug1: load_hostkeys: fopen /Users/abhisheksharma/.ssh/known_hosts2: Not a directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
hostkeys_find_by_key_hostfile: hostkeys_foreach failed for /Users/abhisheksharma/.ssh/known_hosts: Not a directory
The authenticity of host 'ec2-xxxxxxxxxxxxxxxx.compute.amazonaws.com (xxxxxxxxxxxxxxxx)' can't be established.
ED25519 key fingerprint is SHA256:Uw1ljnkxxxxxxxxxxxxxxxxIb57A.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Failed to add the host to the list of known hosts (/Users/abhisheksharma/.ssh/known_hosts).
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: storme.pem explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: storme.pem
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
root#ec2-xxxxxxxxxxxxxxxx.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Use like this
ssh -i Downloads/<pemfile>.pem ubuntu#<publicip>
if created machine is of ubuntu

Try this :
chmod 400 mykey.pem
Instead of
chmod 600 mykey.pem
and instead of root try adding ec2-user
It worked for me!

Related

Permission denied (publickey) on AWS instance

I'm trying to shell to an AWS instance using ssh with public key as shown here:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#having-ec2-create-your-key-pair
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-start-ssh
I've read every StackOverflow post on this topic and tried everything suggested all the way down through every comment.
I've made sure to do as AWS recommends with chmod 400 my-name-nr-managed-aws-services-company-name-us-east-1.pem and the .pem file resides in the ~/.ssh directory which has 755 permissions.
My verbose output for the connection not being successful is as follows (with real addresses obscured):
~ % ssh -v -i .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem ubuntu#ec2-1-234-567-890.compute-1.amazonaws.com
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to ec2-3-234-567-890.compute-1.amazonaws.com port 22.
debug1: Connection established.
debug1: identity file .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem type -1
debug1: identity file .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to ec2-3-234-567-890.compute-1.amazonaws.com:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:vQd/zj9vB89/NevF0gtTAyM+hWVNLAs0JONpLcXvZ/I
debug1: Host 'ec2-3-234-567-890.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:12
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
ubuntu#ec2-1-234-567-890.compute-1.amazonaws.com: Permission denied (publickey).
I also did ssh-keygen -R 1.234.567.890 to regenerate the keys which returned
# Host 1.234.567.890 found: line 12
/Users/myname/.ssh/known_hosts updated.
Original contents retained as /Users/myname/.ssh/known_hosts.old
but that didn't help either.
Any idea what I'm missing?

SSH permission denied,Load key pem.file": Is a directory

I try to connect to my Linux instance.This is the verbose output
ssh -v -i ~/kljuc/pem.file ubuntu#ec2-52-29-225-243.eu-central-1.compute.amazonaws.com
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-52-29-225-243.eu-central-1.compute.amazonaws.com [52.29.225.243] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/holmes/kljuc/pem.file type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/holmes/kljuc/pem.file-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ec2-52-29-225-243.eu-central-1.compute.amazonaws.com:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:PVlbK2oKtW3ZAIW/usx9IBKw9mjeTwfoGMhl4THBzl8
debug1: Host 'ec2-52-29-225-243.eu-central-1.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/holmes/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: holmes#holmes-System-Product-Name
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/holmes/kljuc/pem.file
Load key "/home/holmes/kljuc/pem.file": Is a directory
debug1: No more authentication methods to try.
Permission denied (publickey).
This is the pem file after chmod 400
ls -la pem.file
ls: cannot access 'pem.file/mm-aws1.pem': Permission denied
ls: cannot access 'pem.file/..': Permission denied
ls: cannot access 'pem.file/.': Permission denied
total 0
d????????? ? ? ? ? ? .
d????????? ? ? ? ? ? ..
-????????? ? ? ? ? ? mm-aws1.pem
I have seen the previous answers.How can I check if I have messed up with pem file?
Should I create new Key Pair?
Or new instance with new Key Pair?
Seems like you are not pointing the .pem file in the ssh command(-i ~/kljuc/pem.file).
Try like: ssh -v -i ~/kljuc/pem.file/mm-aws1.pem ubuntu#ec2-52-29-225-243.eu-central-1.compute.amazonaws.com
Have the pem file name with .pem extension(Ex:somename.pem). Also make sure .pem file content should start with "-----BEGIN RSA PRIVATE KEY-----" and ends with "-----END RSA PRIVATE KEY-----"
make sure .pem file has necessary permission else run
chmod 400 somename.pem

AWS suddenly throwing ssh error: Permission denied (publickey)

I was using it without any issues. To install Nginx, PHP7, MySQL, Python, Go Lang and MongoDB, I had to change some user permissions in nginx.
Suddenly, I'm unable to ssh anymore!! I didn't touch the Amazon Console either. My colleague is also unable to ssh. I had given him the elaine.pem file
I was able to ssh using ssh -i "elaine.pem" ubuntu#13.127.4.XXX until now. No change and no spelling error.
Any thoughts?
Elaine-MacBook-Pro:key elaine$ ssh -v -i "elaine.pem" ubuntu#13.127.4.XXX
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 13.127.4.xxx [13.127.4.xxx] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file elaine.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file elaine.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 13.127.4.xxx:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Z4mp+ciY2V+zjJn4G6Un3kv4A9xZ7AOZ9lQ2V9FZthw
debug1: Host '13.127.4.xxx' is known and matches the ECDSA host key.
debug1: Found key in /Users/elaine/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: elaine.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: elaine.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Elaine-MacBook-Pro:key elaine$

Amazon ssh permission denied (public key) with error message

I just set up my AWS Deep Learning instance and paired it to a new key pairs file I created.
However, when I try to ssh with the following command:
ssh -v -i /Users/username/aws-deep-learning-ami.pem ubuntu#INSTANCE_IP.compute.amazonaws.com
I get the rather long error message: permission denied (public key).
Printing the details with -v shows this:
OpenSSH_7.2p2, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 57: Applying options for *.com
debug1: /etc/ssh_config line 67: Applying options for *.*
debug1: /etc/ssh_config line 77: Applying options for *
debug1: Connecting to instance.amazonaws.com [ip] port 22.
debug1: using TCP window size of 65536 / 65536
debug1: Connection established.
debug1: key_load_private_cert: No such file or directory
debug1: key_load_cert: No such file or directory
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/aws-deep-learning-ami.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/aws-deep-learning-ami.pem-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/localhost/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/localhost/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/clusterhost/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/clusterhost/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to instance as 'ubuntu'
debug1: Miscellaneous failure (see text)
No credentials cache file found
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: key
debug1: kex: host key algorithm: key
debug1: kex: server->client cipher: key MAC: <implicit> compression: none
debug1: kex: client->server cipher: key MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: key
debug1: Host 'instance.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/username/.ssh/known_hosts:7
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering ECDSA public key: publickey
debug1: Authentications that can continue: publickey
debug1: Offering ECDSA-CERT public key: corp/normal
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/username/aws-deep-learning-ami.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/username/.ssh/id_rsa
debug1: Trying private key: /Users/username/.ssh/localhost/id_rsa
debug1: Trying private key: /Users/username/.ssh/clusterhost/id_rsa
debug1: No more authentication methods to try.
Permission denied (publickey).
In general, default usernames are:
Amazon Linux uses ec2-user
Ubuntu AMIs use ubuntu
Amazon EMR uses hadoop
As stdunbar mentioned I had to use ec2-user instead of ubuntu

Previously working EC2 ssh hangs when trying to connect at 'Sending environment...'

I have an EC2 instance that has been around for a few months, I was able to ssh in then but I haven't used it in a while and now I can't. Here is the debug output, at the end after the line debug1: Sending env LANG = en_US.UTF-8 it just stalls indefinitely.
ssh -vT -i ~/.ssh/lambdaTools-temp.pem ec2-user#ec2-52-3-65-199.compute-1.amazonaws.com
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/nhahn/.ssh/config
debug1: /Users/nhahn/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ec2-52-3-65-199.compute-1.amazonaws.com [52.3.65.199] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/nhahn/.ssh/lambdaTools-temp.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/nhahn/.ssh/lambdaTools-temp.pem-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/nhahn/.ssh/SqorAgain.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/nhahn/.ssh/SqorAgain.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-52-3-65-199.compute-1.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Hr+Y5O57rjABvZsydfKZcJmtXdE+cbFF0aZRUUNireU
Warning: Permanently added 'ec2-52-3-65-199.compute-1.amazonaws.com,52.3.65.199' (ECDSA) to the list of known hosts.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/nhahn/.ssh/lambdaTools-temp.pem
debug1: Authentication succeeded (publickey).
Authenticated to ec2-52-3-65-199.compute-1.amazonaws.com ([52.3.65.199]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
^Cdebug1: channel 0: free: client-session, nchannels 1
Killed by signal 2.
Removed the -T command as per Christian Cerri's comment, it worked.