I'm trying to connect to my AWS Elastic Beanstalk EC2 instance using OpenSSH, which I have downloaded because I'm using Windows.
When running eb ssh I am greeted with the message: "Warning: Unprotected Key File! Permissions 0444 for '(key name)' are too open."
This is frustrating because I went into the .ssh folder and used chmod to set it to 0400, not 0444.
The key I am using was generated using the ssh tool, and I uploaded it to AWS and set it as the key pair so I know it's OpenSSH at fault here, rather than AWS.
I am then prompted to enter the key's passphrase, but doing so just displays the message again.
As a result of this, I cannot connect to the instance.
Does anybody know how I can fix this?
You can use Putty to connect to your server, here is the documentation instructing how to do this -
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html
Related
I am trying to SSH into my AWS EC2 instance. I am not using putty. I am using Virtual Environment and python SDK instead. So before I SSH into the server, I need to activate the virtual environment. But it is not working as I expected. This is what I have done so far.
I activated the virtual environment running the following command.
~\eb-ve\Scripts\activate
It was activated. Then I downloaded the SSH Key in pem format which is attached to my EC2 server. After I have download, the file I changed the permission of the file as follow.
chmod 0400 ForkProd.pem
Then I tried to SSH into the server running the following command.
ssh -i "ForkProd.pem" root#ec2-13-229-232-13.ap-southeast-1.compute.amazonaws.com
Then I got the following error.
Permissions for 'ForkProd.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "ForkProd.pem": bad permissions
root#ec2-13-229-232-13.ap-southeast-1.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I remember I did the same to the other project before and it worked. I am not sure what went wrong this time. What is wrong with the configuration and how can I fix it?
I've definitely had this issue in the past on Windows machines. If I remember correctly and your permissions on the key all check out, then it might be something to do with the .pem key being in your home directory or the root.
If you move the .pem into a less 'global' folder e.g. C:\Users\your-username\Documents\ForkProd.pem you may have better luck.
edit: +1 for the link from jarmod in the comments above
I have created an ec2-intance on AWS. But when im trying to connect to it by using my .pem file, im getting error message: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). I have changed the permission to this file by chmod 400 myfile.pm.
This is the command i use to connect to my instance: ssh -i ec2demo.pem ec2demo#ec2-35-158-140-25.eu-central-1.compute.amazonaws.com
I also searched for the issue on internet, and some people say i need to type chmod 600 myfile.pem. It still not works. Im using macOS Mojave, and the ssh client integrated. Do i need to install the AWS-CLI to make it works? Or should it work without AWS-CLI? And is it better to use ssh client from homebrew, or?
Thanx for help
When launching a new Amazon Linux instance on Amazon EC2, the public half of the keypair is copied to:
/users/ec2-user/.ssh/authorized_keys
You can then login to the instance using the private half of the keypair:
ssh -i key.pem ec2-user#1.2.3.4
(Or, you can use a DNS name instead of an IP address.)
It sounds like you have not logged into this instance yet, so make sure you login as ec2-user instead of ec2demo. The name of the instance does not impact the Linux user on the instance.
I am unable to SSH to the Ubuntu EC2 instance on AWS from macOS terminal.
Tried the following cmd from the terminal :
ssh ubuntu#ec2-13-127-143-37.ap-south-1.compute.amazonaws.com
And
ssh 13.127.143.37#ec2-13-127-143-37.ap-south-1.compute.amazonaws.com
both are giving the same error: Permission denied (publickey).
I tried generating the public key using ssh-keygen and imported it under the key pair options on AWS, but still getting the same error.
Please help me with this.
Thanks,
Nidhi Arora
The command in terminal should be something along the lines of:
ssh -i /path/to/yourkey.pem username#10.0.0.1
Don't forget too you need specific permissions on "yourkey.pem" - chmod 400 yourkey.pem - Reference to answer here
You aren't providing the private key when you establish the connection. You can download your private key when you launch the instance. Navigate to the folder where your private key is saved and run the following command. This is to ensure your private key is not publicly viewable. SSH will not work without this.
chmod 400 private-key.pem
Your final command should look something like this
ssh -i "private-key.pem" ec2-user#ec2-13-127-143-37.ap-south-1.compute.amazonaws.com
On the pane listing your EC2 instances, if you select your instance, the 'Connect' button will get activated. If you click on that, it will give you the connection instructions specific to your instance. Attached screenshot of the button below.
I have encrypted the AWS .pem file with ansible vault to upload to GitHub. I'm running the playbook in Jenkins and is failing with error {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}. If tried to run the playbook manually its asking me to enter passphrase which I haven't set. I'm running the playbook with --vault-password-file. I have set the permissions to 700 before running playbook.
Any idea why ansible started asking for passphrase after encrypting with ansible-vault and how toresolve this issue?
When ssh asks you to enter a passphrase and you know that they .pem file does not have an associated passphrase, it is normally an indication that ssh cannot interpret the file.
This might be because the format has been modified (eg strange linebreak characters) or it does not contain the expected header, key and footer.
Based upon your description, it would appear that ssh is trying to use the encrypted version of your file, which it cannot interpret. You will need to decrypt the file before using it with ssh.
I'm trying to run a Spark cluster on AWS using https://github.com/amplab/spark-ec2.
I've generated a key and and login credentials, and I'm using this command:
./spark-ec2 --key-pair=octavianKey4 --identity-file=credentials3.csv --region=eu-west-1 --zone=eu-west-1c launch my-instance-name
However, I keep getting this:
Warning: SSH connection error. (This could be temporary.)
Host: mec2-myHostNumber.eu-west-1.compute.amazonaws.com
SSH return code: 255
SSH output: Warning: Permanently added 'ec2-myHostNumber.eu-west-1.compute.amazonaws.com,myHostNumber' (ECDSA) to the list of known hosts.
Permission denied (publickey).
If I quit the console and then try to start the cluster again, I get this:
Setting up security groups...
Searching for existing cluster my-instance-name in region eu-west-1...
Found 1 master, 1 slave.
ERROR: There are already instances running in group my-instance-name-master or my-instance-name-slaves
The command is incorrect. Key pair name should be the one you mention in AWS. Identity file is .pem file associated. You can't ssh into a machine with AWS credentials (your csv file is credentials).
./spark-ec2 --key-pair=octavianKey4 --identity-file=octavianKey4.pem --region=eu-west-1 --zone=eu-west-1c launch my-instance-name
Can you add --resume to your spark-ec2 command and try? Your slave may not have the key. --resume will make sure it is transferred to the slave.
Running Spark on EC2
If one of your launches fails due to e.g. not having the right
permissions on your private key file, you can run launch with the
--resume option to restart the setup process on an existing cluster.