Today I tried to ssh to my AWS instance, as usual but got a "Permision denied" error with -v giving me the following:
debug1: Next authentication method: publickey
debug1: Offering RSA public key: localuser#localmachine
debug1: Authentications that can continue: publickey
debug1: Trying private key: serverkey.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
If I try to log as root#my-ip.com it will authenticate, but show the message: "Please login as the user "ubuntu" rather than the user "root"."
Last time I logged I created a new user for a web page within a new group "webapps". I assigned the home directory of this user to be the same as the ubuntu user since it was convenient. I have also tried to log in as this user with no success.
Also, I tried generating a new pair of keys (loacally and uploading the public key, and from the AWS console and saving the private key locally).
I would really appreciate if someone can help me!
Edit:
The command I use normally is ssh -i serverkey.pem ubuntu#my-ip.com after failing I generated the ssh key locally and uploaded it to AWS and used ssh ubuntu#my-ip.com with the key stored at ~/.ssh
You can't change the key after created ec2 instance.
Do you have the backup of serverkey.pem, if not, you can't login this instance any more. Recreate the ec2 instance with new key is the only way to go.
debug1: Trying private key: serverkey.pem
debug1: key_parse_private2: missing begin marker
Did you edit your private key file? Can you check the first line exactly is like this?
-----BEGIN RSA PRIVATE KEY-----
For anyone stumbling here I think my problem was assigning the second user's home folder to ubuntu's home folder. Since this is insecure it messes with the SSH connection. I had to make another instance and recover the info attaching the old volume to the new server instance.
Related
I have an instance of an Ubuntu Server, I'm trying to connect via PuTTY but it keeps asking my password, so I think this means my keypair I generated is not working?
I tried this solutions and all of them result in the same thing, asking for password (of course, I did not type any password when generating my private key)
1.- In hostname I put my IP address
2.- In hostname I put DNS public name
3.-In hostname I put ubuntu#DnsPublicName
4.-In Connection -> Data I tried with and without ubuntu in the auto-login username
5-In connection -> SSH -> Auth I have use either a private ppk key and public. None worked
6.- Tried KiTTY instead of PuTTY and the result is the same
7.- The strangest of all: I tries to connect to a co-worker's instance that it is working well and he connects all the time to it, and the same case: Prompt asks for password
8.- I created an elastic IP and assoiciated to the instance and connected to it.
9.- I generated again my private key but using a key passphrase, I put something like "12345" and then when I connected I types this password, and it says access denied
10.- I tried to use the ssh command in windows with the -v argument to debug whats going on: ssh -v -i default_keypair.pem ubuntu#myHost, this is the output:
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug1: Connecting to 52.9.100.77 [52.9.100.77] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file default_keypair.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file default_keypair.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
debug1: Remote protocol version 2.0, remote software version xxxxxxx
debug1: no match: xxxxxxx
debug1: Authenticating to 52.9.100.77:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:HyUi5jL0iOh06FZFW8cnvyKKdnu0eKqx1aiRWmCbQMw
debug1: Host '52.9.100.77' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\Praxis/.ssh/known_hosts:2
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
ubuntu#52.9.100.77's password:
For what I see it seems I need some files, but I have no idea how to get them. Another detail is that no matter what password I put (empty, root, admin) I always get the Access Denied error
Also, a few data about my PC and my server:
-My PC: Windows 10 x64
-My server: Ubuntu Server 14.04 LTS (HVM)
So, do you think you could guide me a bit?
Thanks!
Your EC2 instance is NOT configured to use a key pair. The first method offered by the SSH server is password. Note: You are not using putty in your example, you are using the SSH command line tool. Also, you cannot regenerate your private key without uploading and installing the public key to the instance. That is why you received an access denied error.
Go to the AWS EC2 Console. Select your instance. In the bottom window pane look for Key pair name. If this is empty, this confirms that no key pair is assigned. If there is a key pair name there, then I am wrong about password authentication. Double check that you are using the correct key pair and you are actually connecting to the correct IP address assigned to the EC2 instance.
You can use AWS Session Manager to connect to instances that have broken SSH configurations. Tip: The first item is to update the SSM agent as this feature is not present in the SSM agent in the current AMIs.
New – AWS Systems Manager Session Manager for Shell Access to EC2 Instances
I can't connect to aws-ec2 centos. I get:
disconnected no supported authentication methods available (server
sent publickey) sent publickey gssapi keys with mic
Inside putty ssh we need to configure the ppk file. they only we can able to access the server through ssh. make sure you're mapped correctly. and check again.
Looking at Image in Error Msg I think you are entering wrong user name try centos not root.
Hope it Helps!
Unfortunately the .pem private key file downloaded from the EC2 console when you create a keypair is not compatible with PuTTY by default! Putty expects a converted .ppk file for keypair authentication over SSH. See this answer for a tutorial on how to do this.
I am currently using ssh to connect my remote aws instance which is ubuntu
.At first I could connect to it perfectly. However, after I move the ssh key(.pem file) of ec2 instance from Download to .ssh folder on my own laptop, it shows that Could not resolve hostname mypath/myssh.pem provided, or not known. I am pretty sure that nothing wrong over username and the server name.
Is there something that I am missing to set ?
Besides, while ssh -v it shows that debug1: Trying private key: Mypathtokey/my.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
edit
my command
ssh -i ~/.ssh/my.pem ubuntu#myawsDNSserver.com
I also set ssh aws in ssh_config. while using ssh -vvv aws, it shows that
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/mypath/.ssh/ssh.pem
debug2: storing passphrase in keychain
debug3: Search for existing item with query: {
acct = "/Users/mypath/.ssh/ssh.pem";
agrp = "com.apple.ssh.passphrases";
class = genp;
labl = "SSH: /Users/mypath/.ssh/ssh.pem";
nleg = 1;
"r_Ref" = 1;
svce = OpenSSH;
}
debug3: Item already exists in the keychain, updating.
debug3: sign_and_send_pubkey: RSA SHA256: my rsa sha256 keyvalue
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
Did you check the permission of your .pem file ? try changing it to 600 and connect. Hope that will solve the problem.
In order to deploy an instance of a Rails application on AWS OpsWorks, I have to define an SSH key for the instance. I followed the steps provided in the help page: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-ssh.html#workinginstances-ssh-third
I created the key pair and downloaded the .pem file: AWSRails.pem
I've changed the chmod of the file to 600
In the stack page, I added the default SSH key to the previously created one (step 1)
In the Instance page, I get the public DNS name: ec2-54-72-154-78.eu-west-1.compute.amazonaws.com
In the same page, I get the Operating system: Amazon Linux
In the terminal, I attempted to establish a ssh connection to the instance:
ssh -v -i ~/Downloads/AWSRails.pem ec2-user#ec2-54-72-154-78.eu-west-1.compute.amazonaws.com
I had the following output:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to ec2-54-72-154-78.eu-west-1.compute.amazonaws.com [54.72.154.78] port 22.
debug1: Connection established.
debug1: identity file AWSRails.pem type -1
debug1: identity file AWSRails.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA f0:52:63:a5:cf:d9:62:bc:f7:b9:f9:04:a7:05:93:5e
debug1: Host 'ec2-54-72-154-78.eu-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/Hassen/.ssh/known_hosts:12
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Hassen/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: AWSRails.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Reading the debug message, the connexion was established and everything works fine, until publickey authentication method. I tried many of the same issues found on StackOverflow, but none worked.
Do you have any idea? Thanks.
Two potential solutions:
Do you have SSH turned on for your user? Check your Permissions (from the dashboard IIRC). If it's just you on the stack then probably you already have permissions, but I know I've had to make sure to turn it when adding members to my development team. For more details see the AWS OpsWorks page on SSH
All my "ssh into OpsWorks instances" scripts always do ssh add-key ec2-keypair.pem before actually trying to SSH. I believe this is the key given to you during initial stack creation??? or something? Anyway, if you have that key around, try ssh add-key. It may also depend on how you have your OpsWorks set up (personal keys vs one default key)...
It’s worth checking if the username is what you expect it to be. I had exactly the same error, and it was because I was using Ubuntu instances rather than Amazon Linux, but this may not be the only reason for having a different username.
The Opsworks console’s SSH login page suggests userexamplecom as the SSH username for an AWS/IAM user with user#example.com as a login. But for Ubuntu it’s ubuntu, Amazon Linux or Red Hat it’s ec2-user, and Debian it’s admin. More details here (I haven’t used all of these personally).
A good tip from the linked article is to try:
$ ssh root#hostname
As some systems will respond with something like:
Please login as the user "ubuntu" rather than the user "root".
i had an ssh key on aws instance (let's call it key a); however, it wasn't allowing me to access my github account, so i generated a new ssh key (key b). the good thing is that i was able to access github, but the bad thing is that i now can't access my aws instance through ssh.
any idea what i can do? i've tried changing the permissions on the pem file to no avail. i'm running ubuntu 12.04 on aws remotely and a windows machine locally.
additional info: when i created key b and named it rsa_id.pub, i didn't intentionally or explicitly overwrite key a. i've tried two syntaxes, ssh (my default) and the ssh -i xxx.pem ubuntu#ec2-xxx-xx-xxx-x.compute-1.amazonaws.com. neither of these syntaxes are working.
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/xx/.ssh/config
debug1: /home/xx/.ssh/config line 1: Applying options for awshost1
debug1: Connecting to ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com [54.201.134.83] port 22.
debug1: Connection established.
debug1: identity file /home/xx/.ssh/xx.pem type -1
debug1: identity file /home/xx/.ssh/xx.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Host 'ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/xx/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xx/.ssh/xx.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
If your instance is EBS-backed (and it should be), all is not lost. You can move the instance to a machine and set a new key in the process:
http://blog.celingest.com/en/2013/11/14/replace-lost-keypair-ec2-instance/
There are two important pieces of information missing here:
did you create a new key, or did you overwrite your existing one (on your local machine)
how specifically are you attempting to ssh, that is to say what is the exact ssh syntax?
Assuming that you generated a new key to access your github account, that shouldn't affect your existing key pair to your AWS instance. You should be running something along the lines of
ssh -i /path/to/key.pem ubuntu#your-public-dns-name
Additionally, you should make sure that your key file has the appropriate permissions.