Hello when creating the instance i have missed to attach a private key to the aws ec2 instance now unable to login via ssh as there is no private key attached
what i did was clone of instance and launched installed and added the key to that instance
added key to it yet dint work
refereed articles https://www.youtube.com/watch?v=XfOsytNUq1w
If you're connecting via the command line ensure that you're specifying the PEM key using the syntax below
ssh -i path/to/key.pem ec2-user#1.2.3.4
Also ensure that the path/to/key.pem has permissions of 400 with the owner as your user.
You can validate this by running ls -lah path/to/key.pem and change the permissions by running chmod 400 path/to/key.pem
Related
I'm creating a new VM instance. I've clean all the meta data. Then I'm running the following command in the cloud shell:
gcloud beta compute ssh --zone "europe-west2-c" "vmname" --project "myprojectname"
then I've been asking to enter a passphrase (which I don't know). I press enter until I get the following error Permission denied (publickey) error
I've delete and recreated my instance multiple time but I always have the same error. What should I do?
Troubleshooting Steps:
Logon using UI ssh. This creates an ephemeral ssh key, Google Agent also executes the codepath to refresh .ssh/authorized_keys and address any invalid dir/file permissions for both .ssh/ and .ssh/authorized_keys. This approach will address common gcloud compute ssh issues that relates to corrupted keys, missing dir/file or invalid dir/file permission. Try the gcloud again after performing the UI ssh.
Make sure that account has authenticated to gcloud as an IAM user with the compute instance admin role; for example, run gcloud auth revoke --all, gcloud auth login [IAM-USER] then try gcloud compute ssh again.
Verify that persistent SSH Keys metadata for gcloud is set for either the project or instance. Look in Compute Engine > Metadata, then click SSH Keys. Persistent keys do not have the expireOn attribute.
It's possible the account has lost the private key, mismatched a keypair, etc. You can force gcloud to generate a new SSH keypair by doing the following:
Move ~/.ssh/google_compute_engine and ~/.ssh/google_compute_engine.pub if present.
For example:
mv ~/.ssh/google_compute_engine.pub ~/.ssh/google_compute_engine.pub.old
mv ~/.ssh/google_compute_engine ~/.ssh/google_compute_engine.old
Try gcloud compute ssh [INSTANCE-NAME] again. A new keypair will be created and the public key will be added to the SSH keys metadata.
Verify that the Linux Google Agent scripts are installed, up-to-date, and running. See Determining Google Agent Status. If the Linux Google Agent is not installed, re-install it. See guest-environment.
Verify account home owner/permission is correct. Make sure that account home directory has the correct ownership and is not globally writable. If not using os-login (which is default), your's .ssh folder must have mode 0700, .ssh/authorized_keys file must have mode 0600. Review /var/log/auth.log for any errors.
Commands:
sudo chmod 700 /home/[user-id]/.ssh
sudo chmod 600 /home/[user-id]/.ssh/authorized_keys
If os-login is enabled and the Virtual Machine instance is using a service account (default). Add the following roles to the account.
roles/compute.osLogin
roles/iam.serviceAccountUser
For more information troubleshooting SSH.
The possible causes for a Permission denied (publickey) error are:
Your key expired and Compute Engine deleted your
~/.ssh/authorized_keys file.
You used an SSH key stored in metadata to connect to a VM that has
OS Login enabled.
You used an SSH key stored in an OS Login profile to connect to a VM
that doesn't have OS Login enabled.
You connected using a third-party tool and your SSH command is
misconfigured.
The sshd daemon isn't running or isn't configured properly.
You can find more information on how to troubleshoot SSH key errors in this link
I have the same issue sometimes . Cause and solution according to GCP troubleshooting link is:
Your key expired and Compute Engine deleted your
~/.ssh/authorized_keys file. If you manually added SSH keys to your VM
and then connected to your VM using the Google Cloud Console, Compute
Engine created a new key pair for your connection. After the new key
pair expired, Compute Engine deleted your ~/.ssh/authorized_keys file
in the VM, which included your manually added SSH key.
To resolve this issue, try one of the following:
Connect to your VM using the Google Cloud Console or the gcloud
command-line tool. Re-add your SSH key to metadata. For more information, see Add SSH keys to VMs that use metadata-based SSH keys.
I use terraform so in this case I instructed the workflow to destroy the VM and rebuild it.
To fix this issue when you cannot start ssh:
Edit VM and enable Serial port
Start serial console
Edit ~/.ssh/authorized_keys
On your desktop/client,
edit /Users/[yourdesktopuser]/.ssh/id_rsa.pub
copy contents to clipboard
Paste this content to the end of authorized_keys file in the VM serial console
Save and close
This will then recognize the public key from your desktop
I have created an ec2-intance on AWS. But when im trying to connect to it by using my .pem file, im getting error message: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). I have changed the permission to this file by chmod 400 myfile.pm.
This is the command i use to connect to my instance: ssh -i ec2demo.pem ec2demo#ec2-35-158-140-25.eu-central-1.compute.amazonaws.com
I also searched for the issue on internet, and some people say i need to type chmod 600 myfile.pem. It still not works. Im using macOS Mojave, and the ssh client integrated. Do i need to install the AWS-CLI to make it works? Or should it work without AWS-CLI? And is it better to use ssh client from homebrew, or?
Thanx for help
When launching a new Amazon Linux instance on Amazon EC2, the public half of the keypair is copied to:
/users/ec2-user/.ssh/authorized_keys
You can then login to the instance using the private half of the keypair:
ssh -i key.pem ec2-user#1.2.3.4
(Or, you can use a DNS name instead of an IP address.)
It sounds like you have not logged into this instance yet, so make sure you login as ec2-user instead of ec2demo. The name of the instance does not impact the Linux user on the instance.
I am unable to SSH to the Ubuntu EC2 instance on AWS from macOS terminal.
Tried the following cmd from the terminal :
ssh ubuntu#ec2-13-127-143-37.ap-south-1.compute.amazonaws.com
And
ssh 13.127.143.37#ec2-13-127-143-37.ap-south-1.compute.amazonaws.com
both are giving the same error: Permission denied (publickey).
I tried generating the public key using ssh-keygen and imported it under the key pair options on AWS, but still getting the same error.
Please help me with this.
Thanks,
Nidhi Arora
The command in terminal should be something along the lines of:
ssh -i /path/to/yourkey.pem username#10.0.0.1
Don't forget too you need specific permissions on "yourkey.pem" - chmod 400 yourkey.pem - Reference to answer here
You aren't providing the private key when you establish the connection. You can download your private key when you launch the instance. Navigate to the folder where your private key is saved and run the following command. This is to ensure your private key is not publicly viewable. SSH will not work without this.
chmod 400 private-key.pem
Your final command should look something like this
ssh -i "private-key.pem" ec2-user#ec2-13-127-143-37.ap-south-1.compute.amazonaws.com
On the pane listing your EC2 instances, if you select your instance, the 'Connect' button will get activated. If you click on that, it will give you the connection instructions specific to your instance. Attached screenshot of the button below.
I'm having some problems using SSH to get into my running AWS EC2 instance. According to the instructions, I need to create a Key Pair, which downloads a .pem private key file, which I have named QARTH.pem. From the directory where this file has been saved, I'm supposed to execute command:
ssh -i "QARTH.pem" ubuntu#ec2-XX-XX-XX-XXX.us-west-2.compute.amazon.com
However, I get the error:
Permission denied (publickey).
I'm using the auto-generated launch-wizard security group, which allows port 22 incoming access to all IPs.
I've also used the example procedure to convert the .pem file to a PuTTy private key .ppk file, and used the PuTTy client. I get the same error.
This seems like a pretty straightforward procedure, so I don't know what I could be doing wrong. If you have any ideas, I'd love to hear them. However, I'm not strong in network security, so please make responses lay-person friendly.
You are either using the wrong key pair (QARTH.pem), the wrong username, connecting to the wrong system or QARTH.pem is not set to be read-only.
STEP 1: Add debugging options to ssh to help determine what is wrong:
ssh -v -i QARTH.pem ubuntu#ec2-XX-XX-XX-XXX.us-west-2.compute.amazon.com
STEP 2: Make sure that the key pair file is read-only.
LINUX:
To make the key pair file read-only execute this command: chmod 400 QARTH.pem while in the same directory as the file.
WINDOWS:
Commands to run on a Windows system (as administrator) to make a key pair read-only and satisfy ssh:
Note replace %USERNAME% with your user name.
REM Disable inheritance on QARTH.pem
icacls QARTH.pem /inheritance:d
REM Delete "NT AUTHORITY\Authenticated Users" from having any rights
icacls QARTH.pem /remove "NT AUTHORITY\Authenticated Users"
REM Delete "BUILTIN\Users" from having any rights
icacls QARTH.pem /remove "BUILTIN\Users"
REM Grant Read-Only rights to me
icacls QARTH.pem /GRANT:R "%USERNAME%:(R)"
STEP 3: Make sure that you are using the correct username for the EC2 AMI:
Usernames for popular EC2 AMIs:
For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
For a Centos AMI, the user name is centos.
For a Debian AMI, the user name is admin or root.
For a Fedora AMI, the user name is ec2-user or fedora.
For a RHEL AMI, the user name is ec2-user or root.
For a SUSE AMI, the user name is ec2-user or root.
For an Ubuntu AMI, the user name is ubuntu.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
TL;DR
Try using the manually generated SSH key pair via AWS Console
Well, colleagues, I have NO IDEA WHY exactly (no idea YET), but when I generate the keys with a CLI command, the SSH connectivity does NOT WORK:
aws --region us-east-1 ec2 create-key-pair --key-name "KeyPair"
BUT, when I am creating the SSH key pai manually using the AWS Console it works perfectly fine:
1. Go to AWS Console
2. EC2 :: Network & Security (in left menu) :: Key Pairs :: Create Key Pair
3. <As soon as I am specifying the name of a key pair Amazon downloads the keys into a default download directory>
4. chmod 400 KeyPair.pem
5. ssh -i ./SSHKeys.pem ec2-user#ec2-54-162-166-40.compute-1.amazonaws.com
6. ENJOY!
P.S. I am pretty sure I have messed up something during the response copy-paste from a CLI ¯\_(ツ)_/¯
I'm trying to run a Spark cluster on AWS using https://github.com/amplab/spark-ec2.
I've generated a key and and login credentials, and I'm using this command:
./spark-ec2 --key-pair=octavianKey4 --identity-file=credentials3.csv --region=eu-west-1 --zone=eu-west-1c launch my-instance-name
However, I keep getting this:
Warning: SSH connection error. (This could be temporary.)
Host: mec2-myHostNumber.eu-west-1.compute.amazonaws.com
SSH return code: 255
SSH output: Warning: Permanently added 'ec2-myHostNumber.eu-west-1.compute.amazonaws.com,myHostNumber' (ECDSA) to the list of known hosts.
Permission denied (publickey).
If I quit the console and then try to start the cluster again, I get this:
Setting up security groups...
Searching for existing cluster my-instance-name in region eu-west-1...
Found 1 master, 1 slave.
ERROR: There are already instances running in group my-instance-name-master or my-instance-name-slaves
The command is incorrect. Key pair name should be the one you mention in AWS. Identity file is .pem file associated. You can't ssh into a machine with AWS credentials (your csv file is credentials).
./spark-ec2 --key-pair=octavianKey4 --identity-file=octavianKey4.pem --region=eu-west-1 --zone=eu-west-1c launch my-instance-name
Can you add --resume to your spark-ec2 command and try? Your slave may not have the key. --resume will make sure it is transferred to the slave.
Running Spark on EC2
If one of your launches fails due to e.g. not having the right
permissions on your private key file, you can run launch with the
--resume option to restart the setup process on an existing cluster.