I am getting Permission denied (publickey) error while copying a public key using this command over ec2 ubuntu instance
root#ip-172-31-5-68:~# ssh-copy-id docadmin#ip-172-31-13-212
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:"/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
docadmin#ip-172-31-13-212: Permission denied (publickey).
Can anyone help me why I am getting this permission issue?
AWS doesn't allow SSH connections to an EC2 instance with private keys that are publicly exposed.
While you're trying to copy a .pub (public key) over to instance 2, you're using ssh-copy-id, which uses ssh under the hood to facilitate the transfer, so you'll first need to lock down your private key on instance 1.
Substituting the last term for your private key .pem filepath, you can accomplish this with:
chmod 400 /path/to/your-private-key.pem
The following post seems to be the canonical reference for this topic, but this is a slightly different scenario, so I'm not going to mark it as a duplicate:
Trying to SSH into an Amazon Ec2 instance - permission error
Related
I am unable to ssh AWS ec2 instance. It shows error Permission denied (public Key).I have tried to generate new pem key
# ssh-keygen -y -f /path/to/keypair.pem
and added it in Instance Settings View/Change User Data
#cloud-config
#ssh_deletekeys: false
#ssh_authorized_keys:
# - ssh-rsa ENTER YOUR PUBLIC KEY HERE ...
#cloud_final_modules: - [ssh, always]
But it didn't work and I also tried this tutorial
https://aws.amazon.com/premiumsupport/knowledge-center/recover-access-lost-key-pair/
Still it is not working.
What you are trying to do wont work. Neither will the answer #Rajeev provided. If it was a file permission error you would see a message indicating the .pem file had unsecure read permissions. What I suspect you'll need to do is kill off that instance and relaunch with a new key. Will be easier than troubleshooting it, and you can make a snapshot to launch a new instance from if you have done a lot of config on it already.
AWS best practices state instances should be treated as ephemeral. Follow those guidelines and you'll save yourself a lot of hassle in the long run.
I was able to install CLI on windows 16 AWS instance. when I try "aws ec2 describe-instances" CLI command, I get the following error
CLI command "describe-instances" throw error "An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials"
In .aws\config file I have following content:
[default]
region = us-west-2
How can authorization fail when it took my access key id and secret access key without any issue.
Verify if your datetime is sync ok.
use: ntpdate ntp.server
bests
I deleted my two configuration files from .aws directory and re-ran "aws config"
That fixed the problem for me.
My Steps:
Go to your .aws directory under Users e.g. "c:\Users\Joe\.aws"
Two files: configure and credential. Delete both files
Rerun configure: "aws configure"
Note when you run aws configure you will need the AWS Access and Secret Key. If you don't have them you can just create another.
Steps:
Goto "My Security Credentials" Under you Account Name in AWS Console.
Expand Access Key panel.
Create New Access Key.
When you first ran aws configure, it just populated the local credentials in %UserProfile%\.aws\credentials; it didn't validate them with AWS.
(aws-cli doesn't know what rights your user has until it tries to do an operation -- all of the access control happens on AWS's end. It just tries to do what you ask, and tells you if it doesn't have access, like you saw.)
That said, if you're running the CLI from an AWS instance, you might want to consider applying a role to that instance, so you don't have to store your keys on the instance.
My Access and Security keys are correct. My server time was good. I got error while using Ap-south-1 region. After I changed my region to us-west-2, it worked without any problem.
I tried setting that too on my windows environment. didn't work and getting error above.
so I tried setting my environment
SET AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY
SET AWS_SECRET_ACCESS_KEY=***YOUR_SECRET_ACCESS_KEY*
and then tried running command like "aws ec2 describe-instance"
I tried many things. Finally, just uninstalling and installing again (not repairing) did the trick. Just make sure to save a copy of your credentials (key and key ID) to use later when calling aws configure.
I am using BitVise to communicate with my AWS instance.
From the last two days, I am not able to login with the pem file. Got the log from aws as follows,
Starting sshd: ##########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
the mistake was happened by setting 777 to ssh unfortunately.
What is the solution for this now? Cant able to connect using SSHClient to make the permission 400.
This is not a problem with pem file permission, the directory ssh has permission of 777.
Assuming that you're using EBS for the root volume, you'd need to launch a new EC2 instance, and attach the root volume of your existing instance to the new one. Then you'd be able to mount the filesystem and change the permissions on the file.
Then re-attach the volume to your other instance and you should be able to get in.
I am new to Amazon AWS, I am trying to connect to my instance so I can upload my files and setup my database.
Initially on connection the console returned an error saying my keys permissions were incorrect, after correcting this the console returned a permission denied error.
imrans-macbook:WORK imran$ ssh -i MYKEY.pem ec2-user#ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com
The authenticity of host 'ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com (xx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is xx:xxx:xx:xxx:xxx:xxx:xxx.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': Yes
Warning: Permanently added 'ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com,xx.xxx.xxx.xxx' (RSA) to the list of known hosts.
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for 'MYKEY.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: MYKEY.pem
Permission denied (publickey).
imrans-macbook:WORK imran$ chmod 400 MYKEY.pem
imrans-macbook:WORK imran$ ssh -i MYKEY.pem ec2-user#ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com
Permission denied (publickey).
What permissions did you change your key to?
The directory containing the key files should be set to 700.
chmod 700 ~/.ec2
The warning is telling you it's too open right now.
Move your key to .ssh
.ssh should be set to 700
key should be 600
-
move your key to ~.ssh\yourkey.pem
rename your key to something else and then set to 600
I resolved this by deleting my key pair and creating a new one along with a new instance. (nothing was on the old instance anyway)
Private key file should have very limited permissions for it to work
Use below command to change permissions
chmod 400 private-key-file.pem
I just created an Ubuntu instance on EC2, but when I try and SSH into the machine, I get:
UNPROTECTED PRIVATE KEY FILE!
permissions 0644 for 'xxxxx.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: xxxxx.pem
Permission denied (publickey).
In creating the key, you only enter a name (without the option of adding a password).
How can I SSH into the machine without this warning popping up?
Private keys must be readable only by the owner ..
Do chmod 400 xxxxx.pem on the machine from which you're connecting