Amazon EC2 instance: Server refused our key while using amazon server as well as Ubuntu server.please help me how to resolve this issue. i am very new to AWS services..i have strucked from 2 days ..please help me get out this.
You have to edit this file in the ubuntu server
cat /etc/ssh/sshd_config
...
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
What is the error you are getting ! Try
$chmod 400 key.pem
and then try to ssh using
$ ssh -i key.pem ubuntu#IPAddress
Another mistake which people generally make is using right user. If your server is ubuntu; then user name should be ubuntu; else try user ec2-user
If you are re-using a connection configuration in putty you were using previously to connect to a different ec2 instance of a different type, make sure you change the name (located in Connection -> Data) to ubuntu
Related
I am having a strange issue with my GCE Proxy.
I used to have a docker image with an application that would use the GCE proxy to connect to the mysql database(second generation). Everything worked fine, but I had to stop the services for like a month.
Now I need them back up and for some reason I am not able to connect to the dabase(configuration did not basically chang, and I am using the same docker image with the code)
On closer inspection I see in logs:
Caused by: java.sql.SQLException: Access denied for user 'my-usr'#'cloudsqlproxy~SOME_IP' (using password: YES)
The problem is, that the "SOME_IP" is not actually the sql instance IP and I have no idea from where that IP is coming from.
Does anyone have an idea on how to fix this issue?
I did try to:
-recreate the database user
-recreate the service account
Any advice is welcomed
You can use Cloud SQL proxy to connect your mysql instance, see the step by step below:
Download the proxy:
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
Make the proxy executable:
chmod +x cloud_sql_proxy
Using the proxy to connect to multiple instances
./cloud_sql_proxy -instances=yourProject:us-central1:myInstance=tcp:3306,yourProject:us-central1:myInstance2=tcp:3307 &
mysql -u myUser --host 127.0.0.1 --port 3307
Try to connect your database
mysql -h127.0.0.1 -u$YOUR_CLOUD_SQL_USER -p$YOUR_CLOUD_SQL_PASSWORD
Hoping it helps you!
I am currently successfully using Ansible to run tasks on hosts that are in a private subnet in AWS, which the below group_vars is setting up:
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q ec2-user#bastionhost#example.com"'
This is working fine.
For Windows instances not in a private subnet the following group_vars works:
---
ansible_user: "AnsibleUser"
ansible_password: "Password"
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Now, trying to get Ansible to deploy to a Windows server behind the bastion by just using the ProxyCommand won't work - which I understand.
I believe though that there is a new protocol/module I can use called psrp.
I imagine that my group_vars for my Windows hosts needs to change to something like this:
---
ansible_user: "AnsibleUser"
ansible_password: "Password"
ansible_port: 5986
ansible_connection: psrp
ansible_psrp_cert_validation: ignore
If I run with just the above changes against instances that are publicly available (and not trying to connect via a bastion), my task seems to work fine:
Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/windows/win_shell.ps1
<10.100.11.14> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.100.11.14
PSRP: EXEC (via pipeline wrapper)
I know there must be more changes before I can try this on a windows server behind a bastion, but ran it anyway to see what errors I get to give me clues on what to do next. Here is the result when running this on an instance behind a bastion server:
Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
<10.100.11.14> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.100.11.14
The full traceback is:
.
.
.
.
ConnectTimeout: HTTPSConnectionPool(host='10.100.11.14', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x110bbfbd0>, 'Connection to 10.100.11.14 timed out. (connect timeout=30)'))
It seems like Ansible is ignoring my group_vars for the ProxyCommand - which I'm not sure if that's expected.
I'm also not sure on what the next steps are to enable Ansible to deploy to Windows servers behind a bastion.
What config am I missing?
The doc says, the ansible_ssh_common_args setting is appended to sftp, scp, and ssh commands. So it sounds normal to me that is not taking into account when using winrm or psrp ansible_connection.
As explained in the link provided by Pouyan in the comments, ansible_psrp_proxy variable will be used to provide proxy information.
ansible_connection: psrp
ansible_psrp_proxy=socks5h://localhost:1234
More info on the creation of the socks proxy can be found on: https://www.bloggingforlogging.com/2018/10/14/windows-host-through-ssh-bastion-on-ansible/
Im pulling my hair out with this one. I've managed to get a site running on Digital Ocean through Forge and also SSH into the server so I know that the SSH keys are setup correctly.
But when trying to connect via Navicat, I keep getting the error "Unable to load key". Does anyone know what this is in reference to or what the problem is.
regards
There is an answer from 2015 on Navicat forum, indicating there could be issue with ssh key support.
If you can connect via ssh, do an ssh tunnel to your server manually:
ssh -v servername -L 3306:127.0.0.1:3306 -N
Afterwards, you connect to remote mysql as it was on your localhost (you should not have one running on 3306, otherwise map to another local port)
I am trying to connect to my ec2 instance from my chromebook using the secure shell extension but I keep getting the following error:
Loading NaCl plugin... done.
ssh: connect to host (public DNS) port 22: Connection refused
NaCl plugin exited with status code 255.
I have been following the steps on this site but with 0 success.
http://www.mattburns.co.uk/blog/2012/11/15/connecting-to-ec2-from-chromes-secure-shell-using-only-a-pem-file/
Help please.
If you're doing this on your chromebook, you should have developer mode enabled so that you can enter the console and execute Linux commands. Once developer mode is enabled, enter the console with ctrl+alt+t and then type in shell.
First you'll want to change the permissions of your .pem key. The ssh keygen won't run if the permissions aren't restricted enough.
sudo chmod 400 myKeyPair.pem
Next you'll want to generate your own public key with ssh-keygen like mentioned in the other links.
ssh-keygen -y -f myKeyPair.pem > myKeyPair.pub
After this, you'll want to create a file with no extension and the private key pair inside.
touch myKeyPair
After this, copy the contents of the .pem file to the file with no extension, myKeyPair.
sudo cat myKeyPair.pem > myKeyPair
Next you'll want to open up the secure shell extension, which can be found here.
Enter your connection information for your machine and don't forget to specify the port number. When it comes to importing the key pair, select both the myKeyPair.pub and the myKeyPair files using ctrl.
That's it, you should be connected!
I have just launched a new Amazon AWS EC2 instance. It is a Suse server.
I am attempting to connect to it through SSH using my private key. It has been 'Permanently added' to my 'to the list of known hosts.' with my private key.
However -
I am not logged in to the server. It is requesting a password. Though it is supposed to use my private key without a password. (as described here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html)
What should I do?
--
More details:
I ran it again with debug: added -v: ssh -v -i ...
These are the last few lines in the shell (up to here it seems to be fine) before I am asked for pwd:
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: my-private-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
I have just solved this. It is a bit of a workaround. The problem may have been the type of server used, Suse. I used ec2-user for username, but it may be different for different servers. This is the one for Amazon Linux AMI (and also for Ubuntu I believe), but apparently not for Suse.
I stopped (/terminated) this instance, and launched a new AMI Amazon Linux server instance instead.
Connecting to SSH there worked like a charm. Using ssh -v -i my-private-key.pem ec2-user#publicaddressblahblah.compute.amazonaws.com
I was not asked for a pwd here.
If your local box is Linux
The first thing you want to make sure of is that you have your key loaded into ssh-agent and into ssh-add (on your client machine).
08:10:51 ~$ ssh-agent
SSH_AUTH_SOCK=/var/folders/ps/1dvr90bd6p3blnyrnpyxnryhv45qg1/T//ssh-K8VbUYmYYj4w/agent.9087; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9088; export SSH_AGENT_PID;
echo Agent pid 9088;
Run each of these lines (to declare the variables you need). Then run ssh-add.
08:17:33 ~$ ssh-add
Enter passphrase for /Users/kyle/.ssh/id_rsa:
Identity added: /Users/kyle/.ssh/id_rsa (/Users/kyle/.ssh/id_rsa)
To put it all in one line:
$ eval `ssh-agent`; ssh-add
Workaround to make sure you're loading the right key
You can tell SSH to load a specific key using the -i option.
$ ssh -i ~/.ssh/other_rsa ec2-user#<ip>
Username woes
If this is an Amazon Linux box, the user is ec2-user. For some AMIs, they have other users set up (ubuntu on ubuntu). Check the documentation to see if they have any specific requirements.
$ ssh ubuntu#IP
On trying with user "root", it worked for me.
ssh -i root#server-name
The documentation says the user could be either ec2-user or root:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
i solved this by changing my proxy server from Hk to Japan. my ec2 instance is in japan, but my proxy server is in Hk, so it let me type pwd, but when i change my proxy server to Japan, no need to type the pwd