I'm working to set up Panda on an Amazon EC2 instance.
I set up my account and tools last night and had no problem using SSH to interact with my own personal instance, but right now I'm not being allowed permission into Panda's EC2 instance.
Getting Started with Panda
I'm getting the following error:
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
Permissions 0644 for '~/.ec2/id_rsa-gsg-keypair' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
I've chmoded my keypair to 600 in order to get into my personal instance last night, and experimented at length setting the permissions to 0 and even generating new key strings, but nothing seems to be working.
Any help at all would be a great help!
Hm, it seems as though unless permissions are set to 777 on the directory, the ec2-run-instances script is unable to find my keyfiles.
I've chmoded my keypair to 600 in order to get into my personal instance last night,
And this is the way it is supposed to be.
From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.
The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.
Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.
Any problems you are having are client side, so be sure to include local OS information with any follow up questions!
Make sure that the directory containing the private key files is set to 700
chmod 700 ~/.ec2
To fix this,
you’ll need to reset the permissions back to default:
sudo chmod 600 ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa.pub
If you are getting another error:
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/geek/.ssh/known_hosts).
This means that the permissions on that file are also set incorrectly, and can be adjusted with this:
sudo chmod 644 ~/.ssh/known_hosts
Finally, you may need to adjust the directory permissions as well:
sudo chmod 755 ~/.ssh
This should get you back up and running.
I also got the same issue, but I fix it by changing my key file permission to 600.
sudo chmod 600 /path/to/my/key.pem
The private key file should be protected. In my case i have been using the public_key authentication for a long time and i used to set the permission as 600 (rw- --- ---) for private key and 644 (rw- r-- r--) and for the .ssh folder in the home folder you will have 700 permission (rwx --- ---). For setting this go to the user's home folder and run the following command
Set the 700 permission for .ssh folder
chmod 700 .ssh
Set the 600 permission for private key file
chmod 600 .ssh/id_rsa
Set 644 permission for public key file
chmod 644 .ssh/id_rsa.pub
Change the File Permission using chmod command
sudo chmod 700 keyfile.pem
On windows, Try using git bash and use your Linux commands there. Easy approach
chmod 400 *****.pem
ssh -i "******.pem" ubuntu#ec2-11-111-111-111.us-east-2.compute.amazonaws.com
Keep your private key, public key, known_hosts in same directory and try login as below:
ssh -I(small i) "hi.pem" ec2-user#ec2-**-***-**-***.us-west-2.compute.amazonaws.com
Same directory in the sense,
cd /Users/prince/Desktop.
Now type ls command
and you should see
**.pem **.ppk known_hosts
Note: You have to try to login from the same directory or you'll get a permission denied error as it can't find the .pem file from your present directory.
If you want to be able to SSH from any directory, you can add the following to you ~/.ssh/config file...
Host your.server
HostName ec2-user#ec2-**-***-**-***.us-west-2.compute.amazonaws.com
User ec2-user
IdentityFile ~/.ec2/id_rsa-gsg-keypair
IdentitiesOnly yes
Now you can SSH to your server regardless of where the directory is by simply typing ssh your.server (or whatever name you place after "Host").
Just to brief the issue, that pem files permissions are open for every user on machine i.e any one can read and write on that file
On windows it difficult to do chmod the way I found was using a git bash.
I have followed below steps
Remove user permissions
chmod ugo-rwx abc.pem
Add permission only for that user
chmod u+rw
run chmod 400
chmod 400 abc.pem
4.Now try ssh -i for your instance
If you are on a windows machine just copy the .pem file into C drive any folder and
re-run the command.
ssh -i /path/to/keyfile.pem user#some-host
In my case, I put that file in downloads and this actually works.
Or follow this https://99robots.com/how-to-fix-permission-error-ssh-amazon-ec2-instance/
I am thinking about something else, if you are trying to login with a different username that doesn't exist this is the message you will get.
So I assume you may be trying to ssh with ec2-user but I recall recently most of centos AMIs for example are using centos user instead of ec2-user
so if you are
ssh -i file.pem centos#public_IP please tell me you aretrying to ssh with the right user name otherwise this may be a strong reason of you see such error message even with the right permissions on your ~/.ssh/id_rsa or file.pem
The solution is to make it readable only by the owner of the file, i.e. the last two digits of the octal mode representation should be zero (e.g. mode 0400).
OpenSSH checks this in authfile.c, in a function named sshkey_perm_ok:
/*
* if a key owned by the user is accessed, then we check the
* permissions of the file. if the key owned by a different user,
* then we don't care.
*/
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("###########################################################");
error("# WARNING: UNPROTECTED PRIVATE KEY FILE! #");
error("###########################################################");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
error("It is required that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return SSH_ERR_KEY_BAD_PERMISSIONS;
}
See the first line after the comment: it does a "bitwise and" against the mode of the file, selecting all bits in the last two octal digits (since 07 is octal for 0b111, where each bit stands for r/w/x, respectively).
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa.pub
The above 3 commands should solve the problem!
Just a note for anyone who stumbles upon this:
If you are trying to SSH with a key that has been shared with you, for example:
ssh -i /path/to/keyfile.pem user#some-host
Where keyfile.pem is the private/public key shared with you and you're using it to connect, make sure you save it into ~/.ssh/ and chmod 777.
Trying to use the file when it was saved elsewhere on my machine was giving the OP's error. Not sure if it is directly related.
thank you for your time.
I have an EC2 instance, but for security reasons i need to change the pem files associated in .ssh/authorized_keys. I do understand that the public pem file goes into authorized_keys.
I do not want to mount the volume of the ec2 instance to a new one. I am considering as a last option since I do have access to the EC2 instance.
How can this be done?
I have tried:
This post Change key pair for ec2 instance the answer by Pat Mcb, but no luck.
Run this command after you download your AWS pem.
ssh-keygen -f YOURKEY.pem -y Then dump the output into
authorized_keys.
Or copy pem file to your AWS instance and execute following commands
chmod 600 YOURKEY.pem and then
ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys
But that didn't work for me. If i follow it exactly download aws key pair key, and follow the instructions by coping the key when ssh into the instance, when i do ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys It asks for a passphrase (never had to input one)
What i am doing is the following.
I create a new key with
ssh-keygen newpem.pem
and the .pub file i copy it in .ssh/authorized_keys
Can someone explain what i am doing incorrectly?
Note the authorized_keys file has the correct permissions.
Seems like you want to deprecate the old key and use a new key instead. These steps may help you -
Create a new key pair using the aws console and download it onto your system.
Retrieve the public key from the private key(.pem) file using the command - "ssh-keygen -y"
SSH into the instance using the old key.
Once you have access to the instance add the public key you got in step 2 into the "~/.ssh/authorized_keys" files and then save the file.
Log out of the instance and then try accessing the instance with the new key.
Hope it helps. Thank You !
You Don't even need to do all of this just mind few things with AWS EC2 you get a private key for default users . like ec2-user /ubuntu etc.
You are doing the right step
ssh-keygen -t rsa -C "your_email#example.com"
if it ask for entering any paraphrase leave it blank.
Just press to accept the default location and file name. If the .ssh directory doesn't exist, the system creates one for you.
Enter, and re-enter, if passphrase prompted
you have that key now .
Copy that key
Login to your Ec2 server.
sudo su
vim ~/.ssh/authorized_keys
paste the key.
:wq!
You'll see a key there copy it and save it as a backup somewhere.
Now paste your newly generated key in that file
and save the file.
now final step to take care is the permission, so run the following command.
sudo chmod 700 .ssh && chmod 600 .ssh/authorized_keys
Now you're good to go you.
Following are the steps to change your keypair on AWS EC2.
Login to AWS Console. Go to the Network and Security >> Keypair.
Give the name of your keypair (mykeypair) and keytype (RSA) and Private
keyformat (.pem). and click on the create keypair. It will ask you to
download .pem file in your local machine. Save it at and remember the
location.
Login to your EC2 instance and go to the .ssh. location. Create a new file called
(mykeypair.pem) and paste the content from the file we downloaded in step no.2
Run the command: sudo chmod 600 mykeypair.pem
Run the command: ssh-keygen -f mykeypair.pem -y and it will generate some
content. Copy that content. Open the file called autherized_keys and
remove all the content from it.
Paste the copied content that we have generated in the previous step. Also enter your file name (mykeypair) in last after entering space.
Reboot your instance. Go to the puttygen and generate the .ppk file
using the pem file you have downloaded from the keypair. You will be able to login your ec2 with the newly generated .ppk from putty.
Okay I figured out my problem. First of all I had been hacked by a hacker apparently because I didn't know that permitpasswordlogin: yes DISABLES pubkey authentication.... I thought it was additional security. So i used a very loose password that could be easily guessed. Anyways, I believe this because I went to the root folder and found that there was actually a new key in the root named "el patrono 1337" which actually means "the master/boss" in spanish... LOL. Anyways... So i changed that back to my secure key (made a new one actually) and then I went to login as ec2-user and couldnt, but could as root. was driving me crazy for 30 minutes or so until I realized I had accidentally changed the owner of my ec2-user folder to root and therefore ssh was not searching the ec2-user .ssh/authorized_keys when I tried to log in. Wow very glad that's over lol. And just fyi guys I don't think the hacker installed anything malicious, but I did get tipped off that he tried to ssh into other people's servers (who claim they get attacked by ssh alot according to the aws abuse report) from my machine. I'm running a very simple website with zero sensitive data etc. He didn't even block me out of the machine by disabling password authentication.(i guess he didn't want me to know?). I will build a new instance from scratch next time I want to add anything(will be pretty soon) just to be on the safe side.
I'm trying to follow along the Upskillcourses.com web dev online course. In lesson 11 I'm supposed to link up cloud9 to github.
I'm trying to get the SSH key. But it's not working:
ec2-user:~/environment $ cat ~/.ssh/id_rsa.pub
cat: /home/ec2-user/.ssh/id_rsa.pub: No such file or directory
I've copied it exactly like the instructor did. I'll be honest in that I don't really know what I'm doing or how to fix. Seems like no one else is having this problem. Thanks for any help
Use ssh-keygen to create a default ssh key pair, for now without passphrase:
ssh-keygen -t rsa -C "MyEmailAddress" -f ~/.ssh/id_rsa -P ""
Then any ssh command will use by default that key.
First, check for existing SSH Key using the following command:
ls -al ~/.ssh
Check the directory listing to see if you already have a public SSH key. By default, the filenames of the public keys are one of the following: id_xxxx.pub (ex: id_rsa.pub). If you don't have an existing public and private key pair, create one using this command:
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
This creates a new ssh key, using the provided email as a label. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location. At the prompt, type a secure passphrase.
If you see an existing public and private key pair listed that you would like to use to connect to GitHub, or once you are done with the above key generation step, you can add your SSH key to the ssh-agent with the following commands:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa (Add -K option, if on MAC OS, as it will add the passphrase in your keychain when you add an ssh key to the ssh-agent.)
Source: https://docs.github.com/
This happened to me when I was simply in a directory other than the one where the SSH key was.
In order to fix this: you need to check the path to the directory where the SSH key was saved. Scroll up to where you created the key and you should see:
Your public key has been saved in /Users/userlocation/.ssh/id_rsa.pub
Now check your working directory:
pwd
If your working directory is different from the one that holds the SSH key, change the directory:
cd /Users/userlocation #find yours!
and then run the command (slightly changed):
cat .ssh/id_rsa.pub
This worked for me! (Remember to run ssh-keygen first!)
Using AWS (Amazon Web Services) I have created an Ubuntu 16.10 instance and I am able to login using a pem file like this:
ssh -i key.pem ubuntu#52.16.73.14.54
After I am logged, I can see that I am able to execute:
sudo su
(with no password), however the file /etc/sudoers does NOT contain any reference to the user current user: ubuntu.
How can I create another user with exactly the same behavior (without touching the sudoers file) from terminal in a NON interactive way?
I tried:
sudo useradd -m -c "adding a test user" -G sudo,adm -s /bin/bash testuser
But after I become "testuser" if I invoke:
sudo su
I have to provide a password. Which is exactly the way I want to avoid.
You can't do this without touching sudo, beacuse the ubuntu user is given passwordless access specifically.
$ for group in `groups ubuntu`; do sudo grep -r ^[[:space:]]*[^#]*$group[[:space:]] /etc/sudoers* ; done
/etc/sudoers.d/90-cloud-init-users:ubuntu ALL=(ALL) NOPASSWD:ALL
/etc/sudoers.d/90-cloud-init-users:ubuntu ALL=(ALL) NOPASSWD:ALL
/etc/sudoers:%sudo ALL=(ALL:ALL) ALL
But what you can do is create a new sudoers file without touching any existing files. sudo is typically configured these days to read all the configurations in a directiory, usually /etc/sudoers.d/, preceisely so that one failing config doesn't effect the rest of sudo.
In your case, you might want to give an admin group sudoless access rather than your user. Then you can add access in the future to other users without changing sudo config.
I've created a new linux instance on Amazon EC2, and as part of that downloaded the .pem file to allow me to SSH in.
When I tried to ssh with:
ssh -i myfile.pem <public dns>
I got:
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for 'amazonec2.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: amazonec2.pem
Permission denied (publickey).
Following this post I tried to chmod +600 the .pem file, but now when I ssh I just get
Permission denied (publickey).
What school-boy error am I making here?
The .pem file is in my home folder (in macOS). Its permissions look like this:
-rw-------# 1 mattroberts staff 1696 19 Nov 11:20 amazonec2.pem
The problem is a wrong set of permissions on the file.
It is easily solved by executing: chmod 400 mykey.pem
This solution is taken from AWS instructions:
Your key file must not be publicly viewable for SSH to work. Use this command if needed: chmod 400 mykey.pem
400 protects it by making it read only and only for the owner.
You are likely using the wrong username to login, because—
Most Ubuntu images have a user ubuntu
Amazon's AMI is ec2-user
Most Debian images have either root or admin
To login, you need to adjust your ssh command:
ssh -l USERNAME_HERE -i .ssh/yourkey.pem public-ec2-host
I know this is very late to the game ... but this always works for me:
##step 1
ssh-add ~/.ssh/KEY_PAIR_NAME.pem
##step 2, simply ssh in :)
ssh user_name#<instance public dns/ip>
e.g.
ssh ec2-user#ec2-198-51-100-1.compute-1.amazonaws.com
Ok man, the only thing that worked for me was:
Change permissions of the key
chmod 400 mykey.pem
Make sure to log in using ec2-user, and the correct ec2-99... address. The ec2-99 address is at the bottom of the aws console when you're logged in and seeing your instance listed
ssh -i mykey.pem ec2-user#ec2-99-99-99-99.compute-1.amazonaws.com
Take a look at this article. You do not use the public DNS but rather the form
ssh -i your.pem root#ec2-XXX-XXX-XXX-XXX.z-2.compute-1.amazonaws.com
where the name is visible on your AMI panel
In windows you can go to the properties of the pem file, and go to the security tab, then to advance button.
remove inheritance and all the permissions. then grant yourself the full control. after all SSL will not give you the same error again.
Change permission for the key file with :
chmod 400 key-file-name.pem
See AWS documentation for connecting to the instance: Tutorial: Get started with Amazon EC2 Linux instances
I know this question has been answered already but for those that have tried them all and you are still getting the annoying "Permission denied (publickey)". Try running your command with SUDO. Of course this is a temporary solution and you should set permissions correctly but at least that will let you identify that your current user is not running with the privileges you need (as you assumed)
sudo ssh -i amazonec2.pem ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com
Once you do this you'll get a message like this:
Please login as the user "ec2-user" rather than the user "root"
Which is also sparsely documented. In that case just do this:
sudo ssh -i amazonec2.pem ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com -l ec2-user
And you'll get the glorious:
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
Feb, 2022 Update:
See the description to ssh to EC2 instance on AWS:
Then, you can find "No.3" saying this below:
So, run the command below as "No.3" says above:
chmod 400 myKey.pem
In Mac terminal, doing "chmod 400 xyz.pem" did not help me, it kept saying permission denied. For ubuntu users I would suggest
ssh-add xyz.pem
ssh -i xyz.pem ubuntu#ec2-54-69-172-118.us-west-2.compute.amazonaws.com (notice the user is ubuntu)
ssh -i /.pem user#host-machine-IP
I think it's because either you have entered wrong credentials
or, you are using a public key rather than private key
or, your port permissions are open for ALL to ssh. This is bad for Amazon.
There can be three reasons behind this error.
Your are using a wrong key.
Your key doesn't have the correct permissions. You need to chmod it to 400.
You are using the wrong user. Ubuntu images have a user ubuntu, Amazon's AMI is ec2-user and debian images have either root or admin
In addition to the other answers, here is what I did in order for this to work:
Copy the key to .ssh folder if you still hadn't:
cp key.pem ~/.ssh/key.pem
Give the proper permissions to the key
chmod 400 ~/.ssh/key.pem
Start ssh-agent (Thanks to https://stackoverflow.com/a/17848593 )
eval `ssh-agent -s`
ssh-add
Then, add the key
ssh-add ~/.ssh/key.pem
Now you should be able to ssh EC2 (:
SSH keys and file permission best practices:
.ssh directory - 0700 (only by owner)
private key/.pem file - 0400 (read only by owner)
public key/.pub file - 0600 (read & write only by owner)
chmod XXXX file/directory
Alternative log-in using PuTTY. Its good but needs a few steps.
Get your .pem that was generated when you first made the EC2 instance.
Convert the .pem file .ppk using PuttyGen since PuTTY does not read .pem.
Open PuTTY and enter your Host Name which is your instance username + Public DNS (Ex. ubuntu#ec2-xxx-xxx-xxx-xxx.region.compute.amazonaws.com). Not your AWS account username.
Then navigate to Connection > SSH > Auth. Then add your .ppk file. Click on Browse where it says "Private key file for authentication".
Click Open and you should be able to immediately establish connection.
Im using PuTTY 0.66 in Windows.
By default whenever you download the keyfile it come with 644 permissions.
So you need to change the permission each time you download new keys.
chmod 400 my_file.pem
In Windows go to the .pem file, right click and select Properties.
Go to Advanced in Security tab
Disable and remove inheritance.
Then press Add and select a principal.
Add account username as object name and press ok.
Give all permission.
Apply and save changes.
Now check the above command
You can find the answer from the ASW guide.
400 protects it by making it read only and only for the owner.
chmod 400 mykey.pem
In windows,
Right click on the pem file. Then select properties.
Select security tab --> Click on the Advanced button --> Disable inheritance --> Remove all inherited permissions from this object
Click on the Add button --> Select a principal --> Enter your username on the inputbox --> Click on the Check Names button --> Click on Ok --> Click on Ok --> Click on Ok --> Click on Ok
Do a chmod 400 yourkeyfile.pem
If your instance is Amazon linux then use ssh -i yourkeyfile.pem ec2-user#ip
for ubuntu
ssh -i yourkeyfile.pem ubuntu#ip
for centos
ssh -i yourkeyfile.pem centos#ip
Just change the permission of pem file to 0600 allowing only for the allowed user and it will work like charm.
sudo chmod 0600 myfile.pem
And then try to ssh it will work perfectly.
ssh -i myfile.pem <<ssh_user>>#<<server>>
BY default permission are not allowing the pem key.
You just have to change the permission:
chmod 400 xyz.pem
and if ubuntu instance then connect using:
ssh -i xyz.pem ubuntu#ec2-youraws.amazonaws.com
The issue for me was that my .pem file was in one of my NTFS partitions. I moved it to my linux partition (ext4).
Gave required permissions by running:
chmod 400 my_file.pem
And it worked.
I have seen two reasons behind this issue
1) access key does not have the right permission. pem keys with default permission are not allowed to make a secure connection. You just have to change the permission:
chmod 400 xyz.pem
2) Also check whether you have logged-in with proper user credentials. Otherwise, use sudo while connecting
sudo ssh -i {keyfile} ec2-user#{ip address of remote host}
Well, looking at your post description I feel there were 2 mistakes done by you:-
Set correct permissions for the private key.
Below command should help you to set correct file permision.
chmod 0600 mykey.pem
Wrong ec2 user you are trying to login.
Looking at your debug log I think you have spawned an Amazon linux instance. The default user for that instance type is ec2-user . If the instance would have been ubuntu then your default user would have been ubuntu .
ssh -i privatekey.pem default_ssh_user#server_ip
Note:
For an Amazon Linux AMI, the default user name is ec2-user.
For a Centos AMI, the default user name is centos.
For a Debian AMI, the default user name is admin or root.
For a Fedora AMI, the default user name is ec2-user or fedora.
For a RHEL AMI, the default user name is ec2-user or root.
For a SUSE AMI, the default user name is ec2-user or root.
For an Ubuntu AMI, the default user name is ubuntu.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
source: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
Key file should not be publicly viewable so use permission 400
chmod 400 keyfile.pem
If above command shows permission error use
sudo chmod 400 keyfile.pem
Now ssh into the ec2 machine, if you still face the issue, use ec2-user
ssh -i keyfile.pem ec2-user#ec2-12-34-56-78.compute-1.amazonaws.com
You're not in root then run this command
sudo chmod 400 -R myfile.pem
Not is root then run this command
chmod 400 -R myfile.pem
If you are connecting from Windows, perform the following steps on your local computer.
Navigate to your .pem file.
Right-click on the .pem file and select Properties.
Choose the Security tab.
Select Advanced.
Verify that you are the owner of the file. If not, change the owner to your username.
Select Disable inheritance and Remove all inherited permissions from this object.
Select Add, Select a principal, enter your username, and select OK.
From the Permission Entry window, grant Read permissions and select OK.
Click Apply to ensure all settings are saved.
Select OK to close the Advanced Security Settings window.
Select OK to close the Properties window.
You should be able to connect to your Linux instance from Windows via SSH.
From a Windows command prompt, run the following commands.
Run the following command to reset and remove explicit permissions:
icacls.exe $path /reset
Run the following command to grant Read permissions to the current user: icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"
Run the following command to disable inheritance and remove inherited permissions : icacls.exe $path /inheritance:r
You should be able to connect to your Linux instance from Windows via SSH.
It is just a permission issue with your aws pem key.
Just change the permission of pem key to 400 using below command.
chmod 400 pemkeyname.pem
If you don't have permission to change the permission of a file you can use sudo like below command.
sudo chmod 400 pemkeyname.pem
Else if nothing works for you just follow this video to change the keys on your EC2 instance. You can install now public / private key pair on your instance.
https://youtu.be/LvLlRCrS8B4
Checklist:
Are you using the right private key .pem file?
Are its permissions set correctly? (My Amazon-brand AMIs work with 644, but Red hat must be at least 600 or 400. Don't know about Ubuntu.)
Are you using the right username in your ssh line? Amazon-branded = "ec2-user", Red Hat = "root", Ubuntu = "ubuntu". User can be specified as "ssh -i pem usename#hostname" OR "ssh -l username -i pem hostname"