Got permission denied in ssh in aws instance - amazon-web-services

I have install git in my EC2 instance.
git version 2.14.5
I have create a new IAM user and give codeCommit permission.
In next, I have follow all the steps one by one from this link. which works fine.
At the 8th step I have add this code in my config file.
Host git-codecommit.*.amazonaws.com
User {{SSH KEY ID}}
IdentityFile ~/.ssh/id_rsa
Then I have assign 600 to config.
And then I have fire this command to test my SSH.
ssh git-codecommit.us-east-2.amazonaws.com
Error
Permission denied (publickey).
Can any one help me to fixed this issue ?

Can you retry the process with 400 permission on the ssh key
chmod 400 <key>.pem

If your goal is to access a repository from CodeCommit, you can do it with:
git clone ssh://git-codecommit.us-east-2.amazonaws.com/repo-name
If you try to ssh directly to CodeCommit, the connection will be denied with the message:
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.

Related

Can't connect to GCP VM Permission denied (publickey) error

I'm creating a new VM instance. I've clean all the meta data. Then I'm running the following command in the cloud shell:
gcloud beta compute ssh --zone "europe-west2-c" "vmname" --project "myprojectname"
then I've been asking to enter a passphrase (which I don't know). I press enter until I get the following error Permission denied (publickey) error
I've delete and recreated my instance multiple time but I always have the same error. What should I do?
Troubleshooting Steps:
Logon using UI ssh. This creates an ephemeral ssh key, Google Agent also executes the codepath to refresh .ssh/authorized_keys and address any invalid dir/file permissions for both .ssh/ and .ssh/authorized_keys. This approach will address common gcloud compute ssh issues that relates to corrupted keys, missing dir/file or invalid dir/file permission. Try the gcloud again after performing the UI ssh.
Make sure that account has authenticated to gcloud as an IAM user with the compute instance admin role; for example, run gcloud auth revoke --all, gcloud auth login [IAM-USER] then try gcloud compute ssh again.
Verify that persistent SSH Keys metadata for gcloud is set for either the project or instance. Look in Compute Engine > Metadata, then click SSH Keys. Persistent keys do not have the expireOn attribute.
It's possible the account has lost the private key, mismatched a keypair, etc. You can force gcloud to generate a new SSH keypair by doing the following:
Move ~/.ssh/google_compute_engine and ~/.ssh/google_compute_engine.pub if present.
For example:
mv ~/.ssh/google_compute_engine.pub ~/.ssh/google_compute_engine.pub.old
mv ~/.ssh/google_compute_engine ~/.ssh/google_compute_engine.old
Try gcloud compute ssh [INSTANCE-NAME] again. A new keypair will be created and the public key will be added to the SSH keys metadata.
Verify that the Linux Google Agent scripts are installed, up-to-date, and running. See Determining Google Agent Status. If the Linux Google Agent is not installed, re-install it. See guest-environment.
Verify account home owner/permission is correct. Make sure that account home directory has the correct ownership and is not globally writable. If not using os-login (which is default), your's .ssh folder must have mode 0700, .ssh/authorized_keys file must have mode 0600. Review /var/log/auth.log for any errors.
Commands:
sudo chmod 700 /home/[user-id]/.ssh
sudo chmod 600 /home/[user-id]/.ssh/authorized_keys
If os-login is enabled and the Virtual Machine instance is using a service account (default). Add the following roles to the account.
roles/compute.osLogin
roles/iam.serviceAccountUser
For more information troubleshooting SSH.
The possible causes for a Permission denied (publickey) error are:
Your key expired and Compute Engine deleted your
~/.ssh/authorized_keys file.
You used an SSH key stored in metadata to connect to a VM that has
OS Login enabled.
You used an SSH key stored in an OS Login profile to connect to a VM
that doesn't have OS Login enabled.
You connected using a third-party tool and your SSH command is
misconfigured.
The sshd daemon isn't running or isn't configured properly.
You can find more information on how to troubleshoot SSH key errors in this link
I have the same issue sometimes . Cause and solution according to GCP troubleshooting link is:
Your key expired and Compute Engine deleted your
~/.ssh/authorized_keys file. If you manually added SSH keys to your VM
and then connected to your VM using the Google Cloud Console, Compute
Engine created a new key pair for your connection. After the new key
pair expired, Compute Engine deleted your ~/.ssh/authorized_keys file
in the VM, which included your manually added SSH key.
To resolve this issue, try one of the following:
Connect to your VM using the Google Cloud Console or the gcloud
command-line tool. Re-add your SSH key to metadata. For more information, see Add SSH keys to VMs that use metadata-based SSH keys.
I use terraform so in this case I instructed the workflow to destroy the VM and rebuild it.
To fix this issue when you cannot start ssh:
Edit VM and enable Serial port
Start serial console
Edit ~/.ssh/authorized_keys
On your desktop/client,
edit /Users/[yourdesktopuser]/.ssh/id_rsa.pub
copy contents to clipboard
Paste this content to the end of authorized_keys file in the VM serial console
Save and close
This will then recognize the public key from your desktop

Git clone bitbucket repository inside aws ec2 using ssm , can't see ssh public keys?

when I try to clone my private repository from bitbucket to my ec2 instance using ssm agent I get
Permission denied (publickey).
fatal: Could not read from remote repository.
after invistagation I found that ssm command for some resone cant see any of my public keys in ~/.ssh/ , how to git clone from bitbucket using ssm ?
The problem was that SSM or any command like startup commands when machine run as root and what I found that root doesn't have permissions to read or any access to ssh public and private keys.
So my solution "I think it is work around but work for me"
Change current user to root sudo su
Go to shh directory cd .ssh
copy key files or regenerate ssh keys here

Rails Capistrano 3: Permission denied (publickey) on AWS EC2

I am trying to deploy my rails (4.2) application on Amazon ec2 through bitbucket. I have added my id_new_rsa.pub key in authorized_keys on the server. Also added same SSH keys in my bitbucket account. Added agent as well for same keys using these commands eval "$(ssh-agent -s)" and ssh-add ~/.ssh/id_new_rsa
By using this id_new_rsa.pub key, I can access both the servers (root and deploy) but when I trying to deploy my application, getting below errors.
I have spent 3 days to figure out the solution but no luck yet. Please help.
deploy.rb
production.rb
Almost there, but there is missing thing. You use publickey slightly incorrect for the auth method. Just add the following into your :ssh_options.
auth_methods: ["publickey"]
This is working example from with EC2 and capistrano:
set :ssh_options, {
forward_agent: true,
user: fetch(:user),
auth_methods: ["publickey"],
keys: ["/path/to/key.pem"]
}
Make sure do give 0600 permissions to your key file.

permission denied (publickey) - AWS EC2

I am trying to get a Django app running on Amazon EC2. I currently have my .pem file saved in the root of my Django project.
When I try this
chmod 600 oby.pem
ssh -i oby.pem ubuntu#52.0.215.90
in my mac terminal, I receive this error: Permission denied (publickey).
To begin, am I saving the my oby.pem file in the right location? If not, where should it go?
Furthermore, what are the necessary steps to correctly set up the ssh key?
Thank you!

couldn't get root access to aws ec2

I'm trying to access aws instance using ssh with private keys downloaded from aws.
I got access using ec2-user which their documentation suggested.
$ ssh -i upd_prayag.pem ec2-user#ec2-54-209-155-100.compute-1.amazonaws.com
Apparently, I find two users there,
ec2-user
prayagupd
What I want is ls the user prayagupd to check whether the directory I have cloned from github exists there.
Unfortunately I see permission denied message on that user.
I get Permission denied (publickey) on
$ sudo ssh -i upd_prayag.pem ec2-user#ec2-54-209-155-100.compute-1.amazonaws.com
They suggest sudo su - should work but it has been asking password, some of the links I found through google is making me anxious that I can't get root access.
Reference
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
If the instance is created from an AWS image, then you cannot get root access.