Suddenly My sequel pro does not work well.
I get sequel connect RDS via EC2.
The setting seems to be correct.
I have chosen correct pem fale to connect SSH.
I don't know why "No more authentication methods to try."happen
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/abc/.ssh/id_rsa
debug1: Will attempt key: /Users/abc/.ssh/id_dsa
debug1: Will attempt key: /Users/abc/.ssh/id_ecdsa
debug1: Will attempt key: /Users/abc/.ssh/id_ed25519
debug1: Will attempt key: /Users/abc/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/abc/.ssh/id_rsa
debug1: Trying private key: /Users/abc/.ssh/id_dsa
debug1: Trying private key: /Users/abc/.ssh/id_ecdsa
debug1: Trying private key: /Users/abc/.ssh/id_ed25519
debug1: Trying private key: /Users/abc/.ssh/id_xmss
debug1: No more authentication methods to try.
ec2-user#ec2-23-214-216-2.ap-northeast-1.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Amazon RDS is a managed database service. No access is provided to the underlying infrastructure.
If you wish to connect to an Amazon RDS database, you will need to connect your SQL Client directly to the database via its designated port (eg MySQL port 3306). It is not possible to connect via SSH.
See: Connecting to an Amazon RDS DB instance - Amazon Relational Database Service
Related
The difference between this question and all the others comes down to this: yesterday, I could connect via SSH just fine using this command:
ssh -i "~/.ssh/[.cer file]" ubuntu#[Public IPv4 DNS]
(A .cer file is created instead of .pem since I use Chrome.) Then I shut down the instance and deleted the volume (after creating a snapshot) then I went home.
Today, I did the following:
Created a new volume from the snapshot, and attached it to the instance
Created an Elastic IP address and assigned it to the instance
Started the instance
Tried connecting via SSH using the new Public IPv4 DNS. I got a Permission denied (publickey) error.
Thinking it may have something to do with the Elastic IP, I dissociated the Elastic IP and rebooted the instance to get a new temporary IP.
I tried using ssh using the same command (with the new Public DNS) and am still getting the Permission denied (publickey) error.
Here is the log I get when adding -v to the command:
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/WonderWolff/.ssh/config
debug1: /Users/WonderWolff/.ssh/config line 14: Applying options for *.compute.amazonaws.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to ec2-13-57-238-91.us-west-1.compute.amazonaws.com port 22.
debug1: Connection established.
debug1: identity file /Users/WonderWolff/.ssh/rei_development.cer type -1
debug1: identity file /Users/WonderWolff/.ssh/rei_development.cer-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10
debug1: compat_banner: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 pat OpenSSH_6.6.1* compat 0x04000002
debug1: Authenticating to ec2-13-57-238-91.us-west-1.compute.amazonaws.com:22 as 'ubuntu'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: umac-128-etm#openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-128-etm#openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:LnRbxnhhpoLZeIUFXFzOybmc+cPvutkYqZCmUmq+zVw
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
Warning: Permanently added 'ec2-13-57-238-91.us-west-1.compute.amazonaws.com' (ED25519) to the list of known hosts.
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/WonderWolff/.ssh/rei_development.cer explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
Unauthorized use is strictly prohibited. All access and activity
is subject to logging and monitoring.
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/WonderWolff/.ssh/rei_development.cer
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
ubuntu#ec2-13-57-238-91.us-west-1.compute.amazonaws.com: Permission denied (publickey).
If it worked yesterday after multiple stops and reboots (I stopped and rebooted multiple times yesterday), what could possibly be the issue? Was attaching a new volume created from a snapshot the issue?
UPDATE: I created a new instance using the same keys. Connecting to that instance works, no problem. But I would still like to understand why either the removal and re-association of a volume, OR the assigning an Elastic IP address, OR a different reason I don't yet know causes me to get a Permission Denied error with the first instance.
I have downloaded the default private key and am able to connect via SSH with no problem using that private key. In my Lightsail instance, I went to the SSH Keys tab, created a new key pair and downloaded the new private key (savng it in the correct location on my local machine with proper permissions). However, i am unable to connect using that new private key. Here is the output I get from the command: ssh -v -i ~/.ssh/test.pem me#x.x.x.x
OpenSSH_7.8p1, LibreSSL 2.6.2
debug1: Reading configuration data /Volumes/Norman Data/daveh0/.ssh/config
debug1: /Volumes/Norman Data/daveh0/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to x.x.x.x port 22.
debug1: Connection established.
debug1: identity file .ssh/test.pem type -1
debug1: identity file .ssh/test.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to x.x.x.x:22 as 'me'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Bajjqc9SJlMHTB/OrEWKl4ATi6/wI+fB1C351fi5Iwk
debug1: Host 'x.x.x.x' is known and matches the ECDSA host key.
debug1: Found key in /Volumes/Norman Data/daveh0/.ssh/known_hosts:10
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/test.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
me#x.x.x.x : Permission denied (publickey).
I've got to be missing a step on the SSH Keys screen, but I can't seem to figure out what it would be. Can anyone help?
Keypairs are a feature of Linux. The way it works is:
Somebody tries to connect to the Linux computer using SSH, eg ssh -i key.pem username#IP-ADDRESS
The Linux computer looks in /home/USERNAME/.ssh/authorized_keys
If it finds a public key that matches the private key supplied in key.pem, then the connection is permitted
Therefore, since you created a new keypair, you will need to add the new keypair to the appropriate user's ~/.ssh/authorized_keys file.
Your example shows you as logging in as a user called me, so the public keypair should be added to /home/me/.ssh/authorized_keys.
When first launching a Lightsail or EC2 instance, you can specify a keypair and software on the instance will automatically add the associated public key to the authorized_keys file. However, you will need to do this step manually for an already-running instance.
For AWS Lightsail, I was able to login via SSH by appending my public key id_rsa.pub to remote authorized_keys, I used SFTP (Filezilla) to update authorized_keys file. For SFTP connection I downloaded ssh key from Accounts page.
I have a Wowza instance purchased from Marketplace, about 4 hrs ago I was able to connect it and was doing some operations on it. But now when I am trying to connect it gives Permission denied (publickey) error. I used chmod command to give 777 permissions on ./ And here is the real cause I think.
From this solution when I am trying to attach the root volume of this instance to other instance of same type it is giving the same error, but when voulme is detached it is being connected successfully. The volume of marketplace instance can be attached to similar type of instance only.
Now how can I change the permission of that .ssh directory? Can you please help me out.
Here are the logs when I am trying to connect with the instance:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 54.69.133.11 [54.69.133.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file Desktop/Shivam/mypemfile.pem type -1
debug1: identity file Desktop/Shivam/mypemfile.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 6a:48:f5:14:13:9a:a1:79:e8:44:bb:0d:6b:8d:b7:59
The authenticity of host '54.69.133.11 (54.69.133.11)' can't be established.
ECDSA key fingerprint is 6a:48:f5:14:13:9a:a1:79:e8:44:bb:0d:6b:8d:b7:59.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '54.69.133.11' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: Desktop/Shivam/mypemfile.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Products launched from the AWS Marketplace have restrictions that non-marketplace instances don't have mainly to enforce licensing. You have run into one of the restrictions.
Here is a relevant thread on the AWS Forums that may be of use, especially the final post in the thread:
If a volume has an AWS Marketplace product code:
The volume can only be attached to a stopped instance.
You must be subscribed to the AWS Marketplace code that is on the volume.
The configuration (instance type, operating system) of the instance must support that specific AWS Marketplace code. For example, you
cannot take a volume from a Windows instance and attach it to a Linux
instance.
AWS Marketplace product codes are copied from the volume to the instance.
I did not check, but you can try this trick.
You can specify user data to configure an instance or run a configuration script during launch.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-shell-scripts
When you create a new instance
Choose AMI from Market Place
Choose Instance Type
Configure Instance -> Advanced Details -> Used data.
Put here you bash script to change permissions back.
Add Storage
Change root device or add a new one from the snapshot of your EBS.
Tag Instance
Configure Security Group
Review and Launch
I've configured my EC2 instance, and connected with SSH. But when I created a new Security Group with port rules I couldn't access via SSH anymore. Currently, my custom Security Group rules are:
SSH 0.0.0.0/0
HTTP 0.0.0.0/0
HTTPS 0.0.0.0/0
When I try ssh -v -i bodruk.pem ubuntu#ec2-54-149-134-92.us-west-2.compute.amazonaws.com I have the following error:
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Connecting to ec2-54-149-134-92.us-west-2.compute.amazonaws.com [54.149.
134.92] port 22.
debug1: Connection established.
debug1: identity file bodruk.pem type -1
debug1: identity file bodruk.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubu
ntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000
000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e2:13:af:e1:1b:70:f9:70:3b:cd:1d:7f:14:de:ce:90
debug1: Host 'ec2-54-149-134-92.us-west-2.compute.amazonaws.com' is known and ma
tches the ECDSA host key.
debug1: Found key in /c/Users/Thiago/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: bodruk.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Already tried this solution, but doesn't work. I changed the Key Pair twice and deleted the known_hosts file with no success.
Any idea?
Can you telnet to the instance with the ssh port? (telnet 'ip' 'port')
If you can telnet, so the problem probably in the Key Pair or something in your computer. And if not, its probably something with the Security Group and network.
I ran into this issue recently and the funny part is my pem file was owned by root instead of my user. When I did sudo chown user:group {pem file name}, I was able to ssh in without a problem.
I am trying to SSH to an EC instance.
These are the steps I followed and below is the error I got.
In the Amazon Console, I created a Key Pair and downloaded it
Changed the permissions of that pem file to 400(as written here)
Went to the running instances in the console and got my Public DNS
Added an inbound rule(SSH),0.0.0.0/0 to the group with description 'SecurityGroup for ElasticBeanstalk environment.' in the Security Groups tab in console
Executed this in consolessh -i <>my_key_filename>.pem ec2-user#<Public DNS>
And this is the output for that:
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-54-254-148-94.ap-southeast-1.compute.amazonaws.com [54.254.148.94] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA a1:2b:92:f6:cf:e3:ed:8a:60:0e:34:c0:27:24:6f:f7
The authenticity of host 'ec2-54-254-148-94.ap-southeast-1.compute.amazonaws.com (54.254.148.94)' can't be established.
RSA key fingerprint is a1:2b:92:f6:cf:e3:ed:8a:60:0e:34:c0:27:24:6f:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-54-254-148-94.ap-southeast-1.compute.amazonaws.com,54.254.148.94' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: aws_key.pem
debug1: Authentications that can continue: publickey
debug1: Offering DSA public key: id_dsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: mailid#gmail.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: mykey.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Also, the instance I am trying to connect to is an Amazon Linux instance.
From your comments below your question : it looks like the order of your steps where incorrect.
First you need to create the keypair
then you need to tell ElasticBeanstak to use that key pair when it will start your instances
Public keys are injected into the instances at first boot. It is not possible for AWS to change the keypair after the instance has been started - AWS has no technical way to connect to your instance. (you can do it manually by upload files in ~/.ssh directory)
To learn more about how to use keypair with ElasticBeanstalk, have a look at this screenshot
Or just create an .ebextensions directory with an application.config file containing
- namespace: aws:autoscaling:launchconfiguration
option_name: EC2Keyname
value: "keyname"
More details about customising ElasticBeanstalk environment : http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-options
Possible values are listed here http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-launchconfig.html
More details about keypair can be found here : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
--Seb