scp to EC2 failing because of permission error - amazon-web-services

I'm trying to scp a project onto my EC2 instance. I have my .pem keys but the scp seems not to be able to find my keys, despite giving it the full address. Any insights?
[ec2-user#ip-172-31-19-174 ~]$ scp -i /Users/.../my_keys.pem -r /Users/.../project ec2-user#....us-west-1.compute.amazonaws.com:~/
Warning: Identity file /Users/.../my_keys.pem not accessible: No such file or directory.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
lost connection
Btw, I can ssh into the instance with
ssh -i /Users/.../my_keys.pem ec2-user#ec2-user#....us-west-1.compute.amazonaws.com
(albeit with the following warning)
The authenticity of host '[host_name]' can't be established.
ECDSA key fingerprint is [fingerprint_name].
Are you sure you want to continue connecting (yes/no)?

Are you trying to scp content from your local pc into an AWS instance?
If you are it looks like you are running your scp from your ec2 instance and not your local:
[ec2-user#ip-172-31-19-174 ~]$ scp -i /Users/.../my_keys.pem -r /Users/.../project ec2-user#....us-west-1.compute.amazonaws.com:~/
Note the start of your line: [ec2-user#ip-172-31-19-174 ~]
You should be doing the scp from your local machine, if that's what you're trying to achieve.
In short, you're already ssh'd onto the server.

Related

Cannot connect to code-server in GCP - Permission denied (publickey)

I am attempting to install and access vscode in an instance of Compute Engine of GCP using the instructions on Coder.1
I have also been going through their instructions on exposing code-server using SSH2, however, when I try and run the command ssh -N -L 8080:127.0.0.1:8080 [user]#<instance-ip> swapping out [user] and ip address, I get the following:
The authenticity of host 'ip address (ip address)' can't be established.
ECDSA key fingerprint is SHA256:"hash".
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ipaddress' (ECDSA) to the list of known hosts.
[user]#<instance-ip>: Permission denied (publickey).
Code server should be running as when trying to execute I get:
info code-server 4.9.1
info Using user-data-dir ~/.local/share/code-server
error listen EADDRINUSE: address already in use 127.0.0.1:8080
Attempting to login using http:\\127.0.0.1:80 on Firefox making sure Don’t enable HTTPS-Only Mode is on, page cannot be found.
Admittedly, I have little experience with Linux and SSH.
Any way I can troubleshoot this?
Permission denied: states that you are not authorized to use SSH to access the remote server. You should make sure that the private key for your SSH keychain has been added to your SSH keychain and that the SSH public key for your user account has been uploaded to the server in order to resolve this issue. When running the ssh command, you can also try specifying the path to your private key file by using the -i flag. For instance:
ssh -i /path/to/private_key [user]#<instance-ip>
ssh -i /path/to/private_key -N -L 8080:127.0.0.1:8080 [user]#instance-ip>
If the private key file is protected by a passphrase, you will also need to provide the correct passphrase and the -p flag.
Attaching a troubleshooting doc for reference.

Unable to connect to EC2 Linux instance in AWS. Error: Host key verification failed

I have created an EC2 Linux Instance in AWS. I used Ubuntu Server 20.04 LTS (HVM) AMI. After create the instance I was downloaded the key pair file (.pem). I gave it a name "EC2-Key-Pair". Then I launched the instance. Then in my Kali Linux system I open a Linux terminal where I saved the .pem file. After that I used this command:
chmod 400 EC2-Key-Pair
After run this command, I used this command:
ssh -i "EC2-Key-Pair.pem" ubuntu#ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
Where ubuntu is the username and
ubuntu#ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
is the Public IPv4 DNS of my instance. But when I executed this command I get this error:
Host key verification failed.
How to fix this error. I have executed this command using sudo and not using sudo. But both way was failed. Even I searched the error on internet, I found a solution that by using this command I can fix this error:
ssh-keygen -R Hostname
Where I used my instance's public IPv4 DNS as Hostname:
ssh-keygen -R ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
But it shows an error that:
Cannot stat /home/sanniddha/.ssh/known_hosts: No such file or directory
Error after execute the SSH command as root user
Error after execute the SSH command
Error after execute ssh-keygen -R Hostname
This error means that there is something changed in your instance since the last login, and most properly
you created the EC2 instance, with No fixed IP assigned to this instance. so
When you start this instance, it will get (dynamic) IP and a DNS name which will be based on that IP.
If you shutdown the instance and start it again few hours later, it might get a new IP and a new DNS name.
The trouble you are getting because of the ssh key fingerprint changed. In general, it is not a bad thing and you accept the warning but double-check everything.
What is an SSH key fingerprint and how is it generated?
What can cause a changed ssh fingerprint
In your case, it might be because you launched an instance earlier and which has a similar DNS name that got added to ~/.ssh/known_hosts file.
xx.xx.xx.xx ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP2oAPXOCdClEnRzlXuxKtygT3AROcruefiPi6JPdzo+=
You can clean ~/.ssh/known_hosts by issueing following command
ssh-keygen -R ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
As the IP got recycled on AWS side for the instance when you launched a new instance. The new instance has a different ssh fingerprint from the one you have in your ~/.ssh/known_hosts file, hence the warning.
As pointed out already, you need to open port 22 for your IP to access the instance.
If possible use IP address instead of DNS name for ssh. Plus for ssh you don't need sudo

Can't open a ssh tunnel from my linux shell (EC2 exposing an RDS db)

I'm struggling trying to open an ssh tunnel to access an RDS MySql instance through an EC2 bastion host. Using desktop clients (Navicat, MysqlWorkBench) with ssh tunnel set everything works as expected but when I run ssh -i keys.pem user#ec2-instance -L 3307:rds-mysql-instance:3306 -N in my terminal the command hangs indefinitely.
I can access my EC2 instance using ssh -i keys.pem user#ec2-instance and from my EC2 instance I can access the RDS database
Am I missing something in the configuration?
I also tried to open all ports on my Security Group just to be sure that it wasn't a port related issue.
Any help/idea?
Based on the comments.
To identify the issue, more verbose output from ssh can be requested using -v, -vv or even -vvv flags. Thus, the command for debugging can be:
ssh -i keys.pem user#ec2-instance -L 3307:rds-mysql-instance:3306 -N -vv
The detailed output allowed to identify the issue with the connection and fix it.

Cannot create an SSH tunnel to Zeppelin web display on aws, using Putty on windows

The following instructions are given for the ec2 instance that I'm trying to connect to:
To access your instance: Open an SSH client. (find out how to connect
using PuTTY)
CHECK!
Locate your private key file (keypair.pem). The wizard automatically
detects the key you used to launch the instance.
I launched Putty with a .ppk and I also still have the .pem sitting on my local machine. However, how does this help once I am in the aws Linux terminal?
It sounds to me that the .pem should now be located on the remote machine, not my local one.
Your key must not be publicly viewable for SSH to work. Use this
command if needed: chmod 400 keypair.pem
This is fine once the previous step is clearer.
Connect to your instance using its Public DNS:
ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
Example: ssh -i "keypair.pem"
root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
I am currently typing this in (also trying ec2-user instead of root) but I get the following:
Warning: Identity file keypair.pem not accessible: No such file or directory.
Permission denied (publickey).
Please note that in most cases the username above will be correct,
however please ensure that you read your AMI usage instructions to
ensure that the AMI owner has not changed the default AMI username.
In case this is important, what user name are they referring to here?
I have also made sure the I can SSH into the security group from all locations.
Christopher, I am not sure if you have access to the AWS console, but If you do, then it will be easy to find out the correct user name of your EC2 machine. click on the check mark box to pick your instance, then click Connect, and it will show you the correct user name. If it is an amazon AMI image, it will most likely be ec2-user, other images can have root, ubuntu, bitnami, or any other user configured by the AMI creator.
Your error message: " Warning: Identity file keypair.pem not accessible" indicates an issue with your private key not being accessible.
You said you converted the .pem to ppk for putty, which will enable you to SSH via putty. If you need to SSH from an EC2 machine to another EC2 machine, you will need that private key with the "pem" extension.
Think of your private key as your password, except that it's stored in a file.
ssh -i "keypair.pem" root#ec2-xxxxxxxxxxxxx.eu-west-1.compute.amazonaws.com
This command says: Log me in via SSH protocol to server xxxx.eu... using password file (Private key) "keypair.pem" that resides in the current directory.
if you do an "ls" and you don't see "keypair.pem" then that is your issue.
I hope that helps!

AWS ssh into instance giving Permission denied (publicly)

I am trying to ssh into a new EC2 instance. I have followed the instructions and when I attempt to ssh I get Permission denied (publickey).
Below is an image of everything I did in the console according to the instructions. Everything seems to go accordingly until I enter yes. Then it fails. I have followed the instructions twice and get the same result. I also do not have AWS CLI Tools as I believe they are optional.
ssh will use your local username to connect to the instance by default, if you not specified Host, User and IdentityFile in your ~/.ssh/config.
As you call ssh to your instance with the pem specified on the command line you also have to specify the remote user name (which is ec2-user for AWS linux instances and ubuntu for AWS Ubuntu instances).
Try to use this commandline:
ssh -i sub_api.pem ec2-user#ec2-54....