I'm dealing with an EC2 instance which suddenly stopped to work via SSM (and a reboot is not fixing it).
The keypair is missing, so no access via SSH.
The only way to access would be using EC2 Serial Console. Using the web client, the screen remains black, so instead, I'm using the alternative version of pushing my key.
The action to push the key is successful.
$ aws ec2-instance-connect send-serial-console-ssh-public-key --instance-id i-123456abcd --serial-port 0 --ssh-public-key file://test.pub --region us-east-1
{
"RequestId": "dsadasdasdasd",
"Success": true
}
However, when I try to SSH, I'm getting a wrong publickey error.
$ ssh -i test i-123456abcd.port0#serial-console.ec2-instance-connect.us-east-1.aws
i-123456abcd.port0#serial-console.ec2-instance-connect.us-east-1.aws: Permission denied (publickey)
For testing's sake, I create a new pair, same error.
Serial Console access is enabled account-wide and my role has AdministratorAccess.
Any ideas about how to proceed?
Related
Hello when creating the instance i have missed to attach a private key to the aws ec2 instance now unable to login via ssh as there is no private key attached
what i did was clone of instance and launched installed and added the key to that instance
added key to it yet dint work
refereed articles https://www.youtube.com/watch?v=XfOsytNUq1w
If you're connecting via the command line ensure that you're specifying the PEM key using the syntax below
ssh -i path/to/key.pem ec2-user#1.2.3.4
Also ensure that the path/to/key.pem has permissions of 400 with the owner as your user.
You can validate this by running ls -lah path/to/key.pem and change the permissions by running chmod 400 path/to/key.pem
I have install git in my EC2 instance.
git version 2.14.5
I have create a new IAM user and give codeCommit permission.
In next, I have follow all the steps one by one from this link. which works fine.
At the 8th step I have add this code in my config file.
Host git-codecommit.*.amazonaws.com
User {{SSH KEY ID}}
IdentityFile ~/.ssh/id_rsa
Then I have assign 600 to config.
And then I have fire this command to test my SSH.
ssh git-codecommit.us-east-2.amazonaws.com
Error
Permission denied (publickey).
Can any one help me to fixed this issue ?
Can you retry the process with 400 permission on the ssh key
chmod 400 <key>.pem
If your goal is to access a repository from CodeCommit, you can do it with:
git clone ssh://git-codecommit.us-east-2.amazonaws.com/repo-name
If you try to ssh directly to CodeCommit, the connection will be denied with the message:
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.
I'm trying to run a Spark cluster on AWS using https://github.com/amplab/spark-ec2.
I've generated a key and and login credentials, and I'm using this command:
./spark-ec2 --key-pair=octavianKey4 --identity-file=credentials3.csv --region=eu-west-1 --zone=eu-west-1c launch my-instance-name
However, I keep getting this:
Warning: SSH connection error. (This could be temporary.)
Host: mec2-myHostNumber.eu-west-1.compute.amazonaws.com
SSH return code: 255
SSH output: Warning: Permanently added 'ec2-myHostNumber.eu-west-1.compute.amazonaws.com,myHostNumber' (ECDSA) to the list of known hosts.
Permission denied (publickey).
If I quit the console and then try to start the cluster again, I get this:
Setting up security groups...
Searching for existing cluster my-instance-name in region eu-west-1...
Found 1 master, 1 slave.
ERROR: There are already instances running in group my-instance-name-master or my-instance-name-slaves
The command is incorrect. Key pair name should be the one you mention in AWS. Identity file is .pem file associated. You can't ssh into a machine with AWS credentials (your csv file is credentials).
./spark-ec2 --key-pair=octavianKey4 --identity-file=octavianKey4.pem --region=eu-west-1 --zone=eu-west-1c launch my-instance-name
Can you add --resume to your spark-ec2 command and try? Your slave may not have the key. --resume will make sure it is transferred to the slave.
Running Spark on EC2
If one of your launches fails due to e.g. not having the right
permissions on your private key file, you can run launch with the
--resume option to restart the setup process on an existing cluster.
I am creating an aws ec2 instance using this tutorial, and I can't find any information on troubleshooting my issue, or any evidence that anyone else has even experienced this!
I used an IAM user with admin permissions to set up an ec2 instance, and when I run
$> aws ec2 get-console-output --instance-id <my-ec2-id>
a blank line is output, followed by
'Output'
and nothing else!
According to the tutorial, this command would enable me to see the remote RSA fingerprint to verify I'm making the right connection.
I can log into my ec2 instance just fine (though I suppose without the previous step there's no way to be absolutely sure).
Additionally, the IAM user I'm working with is not my CLI's default user, and I set up a profile to handle it. But if I try
$> aws ec2 get-console-output --profile <user-profile> --instance-id <my-ec2-id>
I still get the same results as before. The maddening thing is that I have solved this problem before, but I can't remember how.
Certain AWS CLI operations may not explicitly state if the credentials are invalid or if users are lacking the roles/permissions to access the resources defined. In this case, it is likely due to the Access Credentials being invalid - and you can verify this with a describe-instances or similar command.
In older versions of the CLI (~1.7), in order to easier debug this, you can use the --debug argument, such as:
> aws ec2 get-console-output --instance-id i-<id> --debug
<Errors><Error><Code>InvalidInstanceID.NotFound</Code><Message>The instance ID 'i-e7bffa43' does not exist</Message></Error></Errors>
In newer versions of the CLI (1.9) this particular argument gives a bit more detail in its error:
> aws ec2 get-console-output --instance-id i-<id>
A client error (InvalidInstanceID.NotFound) occurred when calling the GetConsoleOutput operation: The instance ID 'i-<id>' does not exist
When following the tutorial instructions for connecting to my JobFlow in EMR, I type following:
./elastic-mapreduce --jobflow j-3FLVMX9CYE5L6 --ssh
and get this error:
Permission denied (publickey)
I'm already able to run other elastic-mapreduce commands just fine to create flows etc, so I'm assuming there's security settings required on the actual master instance for the flow, but nothing in the tutorial explains how to configure this (after all, I need to SSH into it to do the configuration in the first place!)
I found that I need to login as user "hadoop" using the EC2 keypair, and not any of the regular suspects (ec2-user, root, etc.) Like:
ssh -i privatekey.pem hadoop#masternode
Hope this is useful to someone.
Ok now I feel sheepish: I was using the Amazon CloudFront keypair from the my initial account setup rather than keypair associated with my account for accessing EC2 instances, accessible from EC2 > Network & Security > Key Pairs in the AWS Management Console.
The command "ssh -i privatekey.pem hadoop#masternode" worked great. The user "hadoop" must be used for "ec2 elastic mapreduce".