I am trying to connect to an EC2 instance with the key. But I get an error saying
No supported authentication methods available (the server sent: public key")
In the command window I get:
Using username "ec2-user"
Server refused our key
. Please help me
I will try to help! Suppose you are trying to connect using the PuTTY SSH client on your local machine. (Connecting with an FTP client like WinSCP is very similar).
Short answer: You need to let PuTTY know your ec2user IP address and associate the private key of the EC2 instance with the PuTTY session. On the AWS side you need to create a security group that allows inbound access from your IP address to your EC2 instance for SSH on port 22.
__
Long answer 😊:
Go to your EC2 page and click [CONNECT]
[]1
Copy the ec2User IP address to PuTTY.
When you created the EC2 instance, you were prompted to download the public/private key pair. You need that private key. If you don’t have that file, things are more complicated. (See Change key pair for ec2 instance).
But hopefully, you can find the private PuTTY Private Key file downloaded on your local machine:
Save the session. PuTTY should be all set up now.
Now on the AWS side, you need to make a new security Group:
Create the group and ADD an Inbound Rule:
Go back to EC2 and add security group to EC2.
In the dialog that pops up, check the security group that you just created for PuTTY remote access and click [Assign Security Groups]
Now give it a try!
I hope this works for you like it does for me.
ONE FINAL TIP: Make sure that you associate an Elastic IP address to the instance. Otherwise, this connection might stop working when someday you reboot your EC2. The elastic IP pins it down.
Verify that you are connecting with the appropriate user name for your AMI. Type the user name in User name in the PuTTY Configuration window.
The appropriate user names are as follows:
For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
For a CentOS AMI, the user name is centos.
For a Debian AMI, the user name is admin or root.
For a Fedora AMI, the user name is ec2-user or fedora.
For a RHEL AMI, the user name is ec2-user or root.
For a SUSE AMI, the user name is ec2-user or root.
For an Ubuntu AMI, the user name is ubuntu.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk).
Related
I got stuck when connecting to my EC2 instance. I did try both SSH with .pem file or EC2 Instance Connect. Everything was ok in the first time. But after that, something went wrong.
I tried to terminate my instance and launch new one once. But the new instance get this error too. Too weird.
This is error text when connecting via EC2 Instance Connect.
And this is log when connecting via SSH with verbose
And this is the security rules for my instance
Does anyone know solution for this case? Thank in advance.
-- UPDATE 1--
Result after run Reachability Analyzer with source (gateway) and destination (instance)
yes, all problems in ssh is in the user name inside of the instance, So follow these steps to solve your problem:
go to ec2 dashboard and check what is the user name inside your
instance.
make new connect with instance and download new file ".pem" from
ec2 dashboard.
make new file and named it "config" in local machine with this
path :
~/.ssh/config
write this code below in your config file
# Enter the alias of the ECS instance to connect to the instance by using an SSH key pair.
Host ec2
#Enter the public IP address of the instance.
HostName <public IP>
#Enter the port number. The default port number is 22.
Port 22
#Enter the logon account.
User <put the user name you found in your instance>
#Enter the address of the .pem private key file on your PC.
IdentityFile <~/Desktop/myservice.pem>
if you want to ssh it just do like this
ssh ec2
After I created a ubuntu VM(Amazon EC2 instance), I see below entry in "view instances":
I see public dns as Public DNS: ec2-13-58-17-118.us-east-2.compute.amazonaws.com
Instance: i-08c551d9713dfcd06 (ubuntu_VM)
Security groups: sg_ubuntu. view inbound rules. view outbound rules
To connect to this Amazon EC2 instance(ubuntu VM), am using below syntax from my ubuntu laptop:
ssh -i "ubuntu_key.pem" ubuntu#ec2-13-58-17-118.us-east-2.compute.amazonaws.com
and it works, but I do not know the reason, for its working
I understand that ec2-13-58-17-118.us-east-2.compute.amazonaws.com is domain name
1) What is ubuntu in ubuntu#ec2-13-58-17-118.us-east-2.compute.amazonaws.com?
2) Why Amazon EC2 instance creation process does not ask for assigning hostname to the EC2 instance, on aws website? after sshing, I see some dynamic hostname assigned(ip-172-31-30-203) which is not good for me...
3) What is security group? amidst creation of EC2 instance...
1) ubuntu is the username of that particular ec2 instance. In this case, since your instance is using Ubuntu, then by default you get that username. If you had created an instance using Amazon Linux 2, it would of have been ec2-user. You can check more here.
If you intend to change this username, you can in fact. Just like you would in any Linux OS, except for a few extra steps you need to follow in order to connect using SSH with this new username.
2) Each time you stop and restart your Amazon EC2 instance (unless you are using an Elastic IP address), the public IPv4 address changes, and so does your public DNS name, system hostname, and shell prompt. This is found in the user guide. If you want to have a static IP, you must create an Elastic IP address, although, it has a cost.
3) The security group, is a set of rules of how to access (inbound rules) your instance and what can your server reach (outbound rules). By default, if not mistaken, in your inbound rules, you should only have your SSH connection available.
ubuntu is the username on the server
I'm not sure why this is, but you are able to change it using the command sudo hostnamectl set-hostname your-desired-hostname. You can read more in the AWS UserGuide
Security groups are firewall rules that you can use to protect your VM from the outside world. You can block access to specific ports, only allow access to specific ports from an IP address or IP range. For example, you can use it to restrict access to SSH only to your office IP address to prevent anyone else from logging into your EC2 instance.
New to Amazon AWS here. I setup a new ubuntu instance but cannot SSH to the instance. How do I find the login/password for SSH? I don't remember one being shared with me when I created that instance.
I added my IP to inbound traffic for the security group
I setup a key and am using the key with my Putty connection
I am able to get to the login step, but when I enter 'root' as the login (or any value), I get:
Server refused our key
Disconnected: No supported authentication methods available (server send: publickey)
when you deploy an EC2 instance in AWS, you'll be asked to select existing key-pair or create new one. if you choose to create new one, AWS will give you the keypair.
after new key-pair is downloaded, you need to change the key permission.
If you deploy an Ubuntu instance, the user usually ubuntu.
ssh -i key.pem ubuntu#yourinstanceIP
or you can select the instance, and you can click on Connect button.
The following instructions are given for the ec2 instance that I'm trying to connect to:
To access your instance: Open an SSH client. (find out how to connect
using PuTTY)
CHECK!
Locate your private key file (keypair.pem). The wizard automatically
detects the key you used to launch the instance.
I launched Putty with a .ppk and I also still have the .pem sitting on my local machine. However, how does this help once I am in the aws Linux terminal?
It sounds to me that the .pem should now be located on the remote machine, not my local one.
Your key must not be publicly viewable for SSH to work. Use this
command if needed: chmod 400 keypair.pem
This is fine once the previous step is clearer.
Connect to your instance using its Public DNS:
ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
Example: ssh -i "keypair.pem"
root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
I am currently typing this in (also trying ec2-user instead of root) but I get the following:
Warning: Identity file keypair.pem not accessible: No such file or directory.
Permission denied (publickey).
Please note that in most cases the username above will be correct,
however please ensure that you read your AMI usage instructions to
ensure that the AMI owner has not changed the default AMI username.
In case this is important, what user name are they referring to here?
I have also made sure the I can SSH into the security group from all locations.
Christopher, I am not sure if you have access to the AWS console, but If you do, then it will be easy to find out the correct user name of your EC2 machine. click on the check mark box to pick your instance, then click Connect, and it will show you the correct user name. If it is an amazon AMI image, it will most likely be ec2-user, other images can have root, ubuntu, bitnami, or any other user configured by the AMI creator.
Your error message: " Warning: Identity file keypair.pem not accessible" indicates an issue with your private key not being accessible.
You said you converted the .pem to ppk for putty, which will enable you to SSH via putty. If you need to SSH from an EC2 machine to another EC2 machine, you will need that private key with the "pem" extension.
Think of your private key as your password, except that it's stored in a file.
ssh -i "keypair.pem" root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
This command says: Log me in via SSH protocol to server xxxx.eu... using password file (Private key) "keypair.pem" that resides in the current directory.
if you do an "ls" and you don't see "keypair.pem" then that is your issue.
I hope that helps!
I created a VM using Hyper-V on my local machine which I can RDP onto fine. I exported the VHDX to VHD and then uploaded it to AWS via the API.
This created a new EC2 instance for me but I cannot connect to it as it has no security keypair associated.
Thus I created a private AMI from the instance and re-instantiated a new EC2 instance from this AMI, setting the keypair in the process to ensure HTTP, RDP etc are permitted. The EC2 instance is running, but when I download teh RDP shortcut if fails to connect. I've tried rebooting the instance several times (as this was one of the suggested solutions on here when I searched) but it hasn't helped.
I also cannot ping any of these instances via the public DNS or private DNS.
Any idea what I'm doing wrong? I'm not even getting as far as the password prompt, its the connectivity is the problem.
Thanks
I had a similar problem - this is the tip from the AWS documentation that helped me solve it:
Verify that the route table for the subnet has a route that sends all traffic
destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC
Additional debugging tips for this problem can be found here: Remote Desktop can't connect to the remote computer
The problem is probably the security group configuration attached to the instance. Make sure you have inbound TCP port 3389 permitted to be able to connect via RDP.
in username type:
.\Administrator
....and your decrypted password
See, this is local user. but you dont know real local hostname, that different from public DNS name.
Was helpful for me, hope for you too.
My guess for the reason you aren't getting anywhere has to do with the host certificates.
Be mindful that each computer connecting to the server via RDP needs to have an IAM user in AWS with an X.509 certificate uploaded to their account.
When importing or creating a windows AMI it is best to install and configure the EC2Config service.
The EC2 Config service does the following when you launch the instance:
At initial setup:
Sets the hostname to the private DNS name
Generates and sets a random password on the Administrator account
Initializes and formats the ephemeral disks
Generates and installs the host certificate used for Terminal
Services
Syncs the instance clock with a time server
After initial setup:
Writes the last three entries in the System event log to the Amazon
EC2 console so you can debug startup problems.
Prepares instances for bundling
Also, by default, security groups do not allow you to ping the instances. You must enable ICMP in the security group.
Hope that helps.
EDIT: Here is the link to the 64bit version of the EC2Config Installer
I also had the same problem. This is what I got from EC2.
Public DNS ec2-23-22-109-251.compute-1.amazonaws.com
User name Administrator
Password MyPassword
On the remote desktop, enter the domain and user name as
ec2-23-22-109-251\Administrator
If you paste the password is may not work, try to paste it but reenter the last 1 or 2 characters. Once you get the security certificate prompt accept/install it and your connection should open soon.
This is what worked for me:
Use your cell phone as a "hot spot" - which gives you a static IP address. That worked. Now, I'll need to contact my Internet provider to assign a static IP to my wireless router. Currently, it is spitting out DHCP IP addresses.
UPDATE:
12.7.2016
You need to go to the Security Group, select the Instance, then EDIT the RDP. If you click "MyIP" that should work for those of us working from home. If you are onsite, you may need to put in a custom CIDR.
After rebooting an EC2 instance, I found that I needed to reassociate the Elastic IP address associated with the instance. You click the button below then select the instance and private instance IP address when prompted.
RDP access worked after this step.
After patching Windows 2019 on my server, I couldn't access the instance anymore despite all my working settings didn't change. I used EC2Rescue to fix my issue
Please refer to the link below for details on how to use it: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshoot-connect-windows-instance.html#AWSSupport-ExecuteEC2Rescue