I've created a user and copied the public key to .ssh/authorized_key for that new user and also I've set the pubkeyauthentication to yes on /etc/ssh/sshd_config after saving the file restarted the sshd service.
When I try to ssh from the new user I am getting error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Am I missing any step here to ssh from the new user account?
When I check the status for sshd.servive I see error:
AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys xxxx SHA256:84NyibLXFppE4BGIM+1e5iO...status 22
Had the same issue error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys ec2-user.
Make sure the file permission is user only (600) in the $HOME/.ssh directory on the SSH client side host.
"error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys ...snip... failed, status 22" error #20
FYI
To debug:
sudo tail -f /var/log/secure to monitor the reason why SSH refuses the connection.
Make sure $HOME/.ssh/authorized_key content on EC2 instance is correctly match with your ssh private key in the SSH client host.
Make sure correct private key is being used, use -i option to explicitly specify which key you use.
You might want to check the algorithm you are using to generate the key.
I saw exactly the same error message when using the ECDSA algorithm but fixed the problem by using RSA instead (ssh-keygen -t rsa).
If you want to dig deeper you can try
ssh -Q key
to get a list of supported key types.
Related
I can't ssh into my VM, the firewall is open with port 22, my IP, and IAP IP range, I'm the owner of the project, so I go to the serial port to find out why.
I just found those error logs, but I don't quite understand all of them.
GCEGuestAgent Error non_windows_accounts.go:158: Error updating SSH keys for {USER}: mkdir /home/{USER}/.ssh: no such file or directory.
OSConfigAgent Warning: Error waiting for task (attempt 1 of 10): rpc error: code = Unavailable desc = 502:Bad Gateway
OSConfigAgent Warning: Error waiting for task (attempt 1 of 10): rpc error: code = Unavailable desc = transport is closing
I found some Groups conversation with your same issue "Unable to SSH to instance", seems your error is from the guest agent.
And also if the first resolution step is not working, try this documentation Metadata-managed SSH connections to change linux username, and creates an ephemeral SSH key pair.
Since I just did some tests. I found where is the problem which is the VM is missing the directory and the guest agent is not able to make a new directory . Therefore, the approach is to create manually a path with /home/{USER}/.ssh
After that, try to ssh into VM again, you would work well. and you will see the /home/{USER}/.ssh/authorized_keys this file.
I don't know why the guest agent was not able to mkdir the folder. But this approach works for me.
I am trying to copy a folder from my digital Ocean server to my computer.
I have successfully connected as root to my server and I have the ssh Public key setup
I use command root#my-server_ip to connect successfully.
When I try to copy a file like
scp -r root#my-server_ip:/file/path/ /where/to/put
I get this error Permission denied (publickey).
I can't figure out what the heck is the issue
Permission denied occurs when the server is not able to validate the incoming connection. You need to provide the path to your identity file (ssh key) explicitly when making a request through scp.
Something like this:
scp -i <path_to_identity_file> -r root#my-server_ip:/file/path/ /where/to/put
I am trying to transfer files present on Kaggle, to an EC2 instance. Accoring to this link, the command to be used from Putty is
"scp -i /path/my-key-pair.pem /path/cookies.txt user-name#ec2-xxx-xx-xxx-x.compute-1.amazonaws.com:~".
However, I am getting the following error:
[ec2-user#ip-172-31-32-16 ~]$ scp -i /path/my-key-pair.pem /path/cookies.txt ec2-34-214-179-99.us-west-2.compute.amazonaws.com:~ Warning: Identity file /path/my-key-pair.pem not accessible: No such file or directory. The authenticity of host 'ec2-34-214-179-99.us-west-2.compute.amazonaws.com (172.31.32.16)' can't be established. ECDSA key fingerprint is SHA256:PdEvoAAd7Bc37PbnODNkNiqy/zE2MwoVzCv8jw8McfI. ECDSA key fingerprint is MD5:66:c2:b4:7e:50:a2:a8:67:ec:84:2c:ee:76:02:74:b0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-34-214-179-99.us-west-2.compute.amazonaws.com,172.31.32.16' (ECDSA) to the list of known hosts. Permission denied (publickey). lost connection
Apparently This occurs when the key does not have the right permissions. One suggestion I received is to search for chmod 400 equivalent for windows. I did but did not find anything appropriate. Please help
I am trying to connect to my ec2 instance from my chromebook using the secure shell extension but I keep getting the following error:
Loading NaCl plugin... done.
ssh: connect to host (public DNS) port 22: Connection refused
NaCl plugin exited with status code 255.
I have been following the steps on this site but with 0 success.
http://www.mattburns.co.uk/blog/2012/11/15/connecting-to-ec2-from-chromes-secure-shell-using-only-a-pem-file/
Help please.
If you're doing this on your chromebook, you should have developer mode enabled so that you can enter the console and execute Linux commands. Once developer mode is enabled, enter the console with ctrl+alt+t and then type in shell.
First you'll want to change the permissions of your .pem key. The ssh keygen won't run if the permissions aren't restricted enough.
sudo chmod 400 myKeyPair.pem
Next you'll want to generate your own public key with ssh-keygen like mentioned in the other links.
ssh-keygen -y -f myKeyPair.pem > myKeyPair.pub
After this, you'll want to create a file with no extension and the private key pair inside.
touch myKeyPair
After this, copy the contents of the .pem file to the file with no extension, myKeyPair.
sudo cat myKeyPair.pem > myKeyPair
Next you'll want to open up the secure shell extension, which can be found here.
Enter your connection information for your machine and don't forget to specify the port number. When it comes to importing the key pair, select both the myKeyPair.pub and the myKeyPair files using ctrl.
That's it, you should be connected!
I have just launched a new Amazon AWS EC2 instance. It is a Suse server.
I am attempting to connect to it through SSH using my private key. It has been 'Permanently added' to my 'to the list of known hosts.' with my private key.
However -
I am not logged in to the server. It is requesting a password. Though it is supposed to use my private key without a password. (as described here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html)
What should I do?
--
More details:
I ran it again with debug: added -v: ssh -v -i ...
These are the last few lines in the shell (up to here it seems to be fine) before I am asked for pwd:
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: my-private-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
I have just solved this. It is a bit of a workaround. The problem may have been the type of server used, Suse. I used ec2-user for username, but it may be different for different servers. This is the one for Amazon Linux AMI (and also for Ubuntu I believe), but apparently not for Suse.
I stopped (/terminated) this instance, and launched a new AMI Amazon Linux server instance instead.
Connecting to SSH there worked like a charm. Using ssh -v -i my-private-key.pem ec2-user#publicaddressblahblah.compute.amazonaws.com
I was not asked for a pwd here.
If your local box is Linux
The first thing you want to make sure of is that you have your key loaded into ssh-agent and into ssh-add (on your client machine).
08:10:51 ~$ ssh-agent
SSH_AUTH_SOCK=/var/folders/ps/1dvr90bd6p3blnyrnpyxnryhv45qg1/T//ssh-K8VbUYmYYj4w/agent.9087; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9088; export SSH_AGENT_PID;
echo Agent pid 9088;
Run each of these lines (to declare the variables you need). Then run ssh-add.
08:17:33 ~$ ssh-add
Enter passphrase for /Users/kyle/.ssh/id_rsa:
Identity added: /Users/kyle/.ssh/id_rsa (/Users/kyle/.ssh/id_rsa)
To put it all in one line:
$ eval `ssh-agent`; ssh-add
Workaround to make sure you're loading the right key
You can tell SSH to load a specific key using the -i option.
$ ssh -i ~/.ssh/other_rsa ec2-user#<ip>
Username woes
If this is an Amazon Linux box, the user is ec2-user. For some AMIs, they have other users set up (ubuntu on ubuntu). Check the documentation to see if they have any specific requirements.
$ ssh ubuntu#IP
On trying with user "root", it worked for me.
ssh -i root#server-name
The documentation says the user could be either ec2-user or root:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
i solved this by changing my proxy server from Hk to Japan. my ec2 instance is in japan, but my proxy server is in Hk, so it let me type pwd, but when i change my proxy server to Japan, no need to type the pwd