I'm trying to shell to an AWS instance using ssh with public key as shown here:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#having-ec2-create-your-key-pair
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-start-ssh
I've read every StackOverflow post on this topic and tried everything suggested all the way down through every comment.
I've made sure to do as AWS recommends with chmod 400 my-name-nr-managed-aws-services-company-name-us-east-1.pem and the .pem file resides in the ~/.ssh directory which has 755 permissions.
My verbose output for the connection not being successful is as follows (with real addresses obscured):
~ % ssh -v -i .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem ubuntu#ec2-1-234-567-890.compute-1.amazonaws.com
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to ec2-3-234-567-890.compute-1.amazonaws.com port 22.
debug1: Connection established.
debug1: identity file .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem type -1
debug1: identity file .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to ec2-3-234-567-890.compute-1.amazonaws.com:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:vQd/zj9vB89/NevF0gtTAyM+hWVNLAs0JONpLcXvZ/I
debug1: Host 'ec2-3-234-567-890.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:12
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/my-name-nr-managed-aws-services-company-name-us-east-1.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
ubuntu#ec2-1-234-567-890.compute-1.amazonaws.com: Permission denied (publickey).
I also did ssh-keygen -R 1.234.567.890 to regenerate the keys which returned
# Host 1.234.567.890 found: line 12
/Users/myname/.ssh/known_hosts updated.
Original contents retained as /Users/myname/.ssh/known_hosts.old
but that didn't help either.
Any idea what I'm missing?
Related
I'm trying to ssh to AWS server with pem key provided by our client.
I tried the command
ssh -i yrg-labour-uat-securelink.pem ubuntu#uat04.yrgconnect.online -v
Then it asks me for the password while there is no password. I have no access to server so I can't follow instructions found on google. I've tried the command from windows commandline, ubuntu and debian terminals and gave permission 600 to pem key. But nothing works. The output is shown below.
ian#MYPC:~/04-securelink$ ssh -i my_key.pem ubuntu#domain.name -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to domain.name [18.141.54.32] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file yrg-labour-uat-securelink.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file yrg-labour-uat-securelink.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version xxxxxxx
debug1: no match: xxxxxxx
debug1: Authenticating to uat04.yrgconnect.online:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:2M8Zy2YoxfD47hglpTGMYRPX8F+4VKyA5MsFtbbgz18
debug1: Host 'domain.name' is known and matches the RSA host key.
debug1: Found key in /home/ian/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password
debug1: Next authentication method: password
ubuntu#domain.name's password:
Please help me!!!
There can be two reasons for this as I can think of
Maybe you are using the wrong user, check whether ubuntu is the right user
Maybe the server owner has enabled PasswordAuthentication in /etc/ssh/sshd_config
It turns out that the problem is not on client or server machines. What's causing the problem is the firewall from our office wifi which restrict key exchange between client and server machines.
I try to connect to my Linux instance.This is the verbose output
ssh -v -i ~/kljuc/pem.file ubuntu#ec2-52-29-225-243.eu-central-1.compute.amazonaws.com
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-52-29-225-243.eu-central-1.compute.amazonaws.com [52.29.225.243] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/holmes/kljuc/pem.file type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/holmes/kljuc/pem.file-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ec2-52-29-225-243.eu-central-1.compute.amazonaws.com:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:PVlbK2oKtW3ZAIW/usx9IBKw9mjeTwfoGMhl4THBzl8
debug1: Host 'ec2-52-29-225-243.eu-central-1.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/holmes/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: holmes#holmes-System-Product-Name
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/holmes/kljuc/pem.file
Load key "/home/holmes/kljuc/pem.file": Is a directory
debug1: No more authentication methods to try.
Permission denied (publickey).
This is the pem file after chmod 400
ls -la pem.file
ls: cannot access 'pem.file/mm-aws1.pem': Permission denied
ls: cannot access 'pem.file/..': Permission denied
ls: cannot access 'pem.file/.': Permission denied
total 0
d????????? ? ? ? ? ? .
d????????? ? ? ? ? ? ..
-????????? ? ? ? ? ? mm-aws1.pem
I have seen the previous answers.How can I check if I have messed up with pem file?
Should I create new Key Pair?
Or new instance with new Key Pair?
Seems like you are not pointing the .pem file in the ssh command(-i ~/kljuc/pem.file).
Try like: ssh -v -i ~/kljuc/pem.file/mm-aws1.pem ubuntu#ec2-52-29-225-243.eu-central-1.compute.amazonaws.com
Have the pem file name with .pem extension(Ex:somename.pem). Also make sure .pem file content should start with "-----BEGIN RSA PRIVATE KEY-----" and ends with "-----END RSA PRIVATE KEY-----"
make sure .pem file has necessary permission else run
chmod 400 somename.pem
I was using it without any issues. To install Nginx, PHP7, MySQL, Python, Go Lang and MongoDB, I had to change some user permissions in nginx.
Suddenly, I'm unable to ssh anymore!! I didn't touch the Amazon Console either. My colleague is also unable to ssh. I had given him the elaine.pem file
I was able to ssh using ssh -i "elaine.pem" ubuntu#13.127.4.XXX until now. No change and no spelling error.
Any thoughts?
Elaine-MacBook-Pro:key elaine$ ssh -v -i "elaine.pem" ubuntu#13.127.4.XXX
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 13.127.4.xxx [13.127.4.xxx] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file elaine.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file elaine.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 13.127.4.xxx:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Z4mp+ciY2V+zjJn4G6Un3kv4A9xZ7AOZ9lQ2V9FZthw
debug1: Host '13.127.4.xxx' is known and matches the ECDSA host key.
debug1: Found key in /Users/elaine/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: elaine.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: elaine.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Elaine-MacBook-Pro:key elaine$
I have an AWS instance of Bitnami Wordpress.
Trying to connect using this command:
ssh -N -L 8888:127.0.0.1:80 -i wordpress.pem bitnami#52.91.239.245 -v
I get this...
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 52.91.239.245 [52.91.239.245] port 22.
debug1: Connection established.
debug1: identity file wordpress.pem type -1
debug1: identity file wordpress.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 51:1d:50:cd:89:30:dc:7b:8d:17:85:f4:03:45:c1:54
debug1: Host '52.91.239.245' is known and matches the RSA host key.
debug1: Found key in /Users/OWNER/.ssh/known_hosts:18
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: wordpress.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I have .ssh permissions as follows:
sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R OWNER ~/.ssh/
Does this mean the publickey was not found? That it could not be read?
I deleted the instance and started over. This time I created a new .pem instead of reusing an existing one. When I created the instance with that new .pem, I got in. I think reusing the .pem may have been the problem. Thanks for the help folks!
I am trying to connect to my EC2 instance and getting the following error.
Command I'm running: ssh -v -i key.pem ubuntu#[my instance address]
I changed the permissions on the key file to 600 as I've seen in other threads, but that didn't solve the problem.
Output I'm getting:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-54-247-2-128.eu-west-1.compute.amazonaws.com [54.247.2.128] port 22.
debug1: Connection established.
debug1: identity file /Users/avimeir/.ssh/id_rsa type 1
debug1: identity file /Users/avimeir/.ssh/id_rsa-cert type -1
debug1: identity file /Users/avimeir/.ssh/id_dsa type -1
debug1: identity file /Users/avimeir/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ae:42:29:3d:3e:c0:a8:04:7f:19:9c:c0:52:00:a4:1e
debug1: Host 'ec2-54-247-2-128.eu-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/avimeir/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/avimeir/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: ninja.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/avimeir/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Be sure to check:
The SSH keypair file
The username. For example: root, ec2-user, ubuntu, ...
The hostname of your server. For example, if you stop your instance, it will get a new IP address.
If you are using Ubuntu Cloud Guest official image, you can check the Ubuntu EC2 Starter's Guide.
Managed to solve it by editing /etc/ssh_config (on OSX) and adding the following line:
ChallengeResponseAuthentication yes