So I have a pem file:
./test.pem
I have a file I want to move to my instance:
path/to/my/file.csv
and I want to move it to my ec2 instance:
ec2-user#11.111.111.11
I try to scp the file to my ec2 home directory using:
scp -i test.pem path/to/my/file.csv ec2-user#11.111.111.11:~
but it prompts me for a password for some reason. Any idea what I have wrong here?
Output from -v:
Executing: program /usr/bin/ssh host 11.111.111.11, user ec2-user, command scp -v -d -t ~
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 11.111.111.11 [11.111.111.11] port 22.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 11.111.111.11:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: xxxx-xxxx-xxxxxxxx
debug1: Host '11.111.111.11' is known and matches the ECDSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:19
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/me/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/me/.ssh/id_dsa
debug1: Trying private key: /Users/me/.ssh/id_ecdsa
debug1: Trying private key: /Users/me/.ssh/id_edxxxxx
debug1: Next authentication method: password
Looks like it's not offering the .pem file you are telling it to. Is that .pem locked down with permissions of 600?
Another thing that might be happening: one or both of the client or server is refusing to try more than a set number of public keys, so add -F /dev/null to your scp command, so that your client does not send any of the extra keys (id_dsa, id_ecdsa, etc).
Related
This answer is specifically designed for this type of question, but it has not yet been as clear to me as to its hundreds of upvoters.
I put my key in Downloads. It's found, but it seems like it's not considered a a public key when I use user ubunto. The output is at the bottom of this post. I changed permissions using sudo chmod 600 ~/downloads/mykey.pem but had the same result. I changed permissions using sudo chmod 700 ~/downloads/mykey.pem and had the same result too. From this answer, I tried sudo chown -R me ~/downloads/mykey.pem, then sudo chgrp -R 501 ~/downloads/mykey.pem where uid=501(me).
I have tried ec-2 and root as users without success.
with root as ec-2
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
with root as user
skipping output lines
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentication succeeded (publickey).
The authentication succeeds, but the connection closes.
skipping output lines
debug1: channel 0: free: port listener, nchannels 2
debug1: channel 1: free: port listener, nchannels 1
Connection to ec2-[myPublicIP].compute-1.amazonaws.com closed.
Transferred: sent 3264, received 2456 bytes, in 10.3 seconds
Bytes per second: sent 316.6, received 238.2
debug1: Exit status 0
Here is the output using user ubunto that the title of this question refers to:
ssh -v -i ~/downloads/mykey.pem -L 60051:localhost:60051 ubunto#ec2-[mypublicIP].compute-1.amazonaws.com
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ec2[mypublicIP].compute-1.amazonaws.com [[mypublicIP]] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-[mypublicIP].compute-1.amazonaws.com:22 as 'ubunto'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:85gcFh6LySYszjod4WIx5wu7BUvKwL4M6EAcZkv0zGw
debug1: Host 'ec2[mypublicIP].compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:11
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
What AMI are you using?
The default user in a stock Ubuntu AMI is ubuntu, not ubunto.
Unless you've created a special AMI that sets up an ubunto user, the user won't exist on the AMI, and hence fail to authenticate.
I have an AWS instance of Bitnami Wordpress.
Trying to connect using this command:
ssh -N -L 8888:127.0.0.1:80 -i wordpress.pem bitnami#52.91.239.245 -v
I get this...
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 52.91.239.245 [52.91.239.245] port 22.
debug1: Connection established.
debug1: identity file wordpress.pem type -1
debug1: identity file wordpress.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 51:1d:50:cd:89:30:dc:7b:8d:17:85:f4:03:45:c1:54
debug1: Host '52.91.239.245' is known and matches the RSA host key.
debug1: Found key in /Users/OWNER/.ssh/known_hosts:18
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: wordpress.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I have .ssh permissions as follows:
sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R OWNER ~/.ssh/
Does this mean the publickey was not found? That it could not be read?
I deleted the instance and started over. This time I created a new .pem instead of reusing an existing one. When I created the instance with that new .pem, I got in. I think reusing the .pem may have been the problem. Thanks for the help folks!
I can't ssh to my remote server even tho I already put there my public_key. Here is the log when I did a "ssh -v ubuntu#website.com":
ssh -v ubuntu#plumbersserver.net
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/kevinyee/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to plumbersserver.net [::1] port 22.
debug1: connect to address ::1 port 22: Connection refused
debug1: Connecting to plumbersserver.net [54.206.17.8] port 22.
debug1: Connection established.
debug1: identity file /Users/kevinyee/.ssh/id_rsa type 1
debug1: identity file /Users/kevinyee/.ssh/id_rsa-cert type -1
debug1: identity file /Users/kevinyee/.ssh/id_dsa type -1
debug1: identity file /Users/kevinyee/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA cf:a8:01:57:1f:f6:3f:9e:6a:2a:8f:e4:0c:ce:8d:a3
debug1: Host 'plumbersserver.net' is known and matches the RSA host key.
debug1: Found key in /Users/kevinyee/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/kevinyee/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/kevinyee/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Please help. I don't know what I'm doing wrong.
Since you are logging in as 'ubuntu' user, in the ec2 instance, your public key should be appended to the file: /home/ubuntu/.ssh/authorized_keys. If the file does not exist, create the file with your public key contents and ensure that the file permissions is set to 600.
Try these troubleshooting steps:
Ensure that your public key has been saved in the correct directory: /home/ec2-user/.ssh
Ensure your public key has the correct permissions assigned to it: 0600
chmod 0600 /home/ec2-user/.ssh/your_public_key
Ensure that you are using the correct private key when connecting by using the -i flag for ssh. ssh -i ~/.ssh/your_private_key.pem ec2-user#website.com
Make sure your private key also has the correct permissions of 0600
If you are unable to connect to the instance at all in order to verify steps 1 & 2 above, then stop the instance, detach the root volume, and attach and mount it to an available instance.
I am trying to connect to my EC2 instance and getting the following error.
Command I'm running: ssh -v -i key.pem ubuntu#[my instance address]
I changed the permissions on the key file to 600 as I've seen in other threads, but that didn't solve the problem.
Output I'm getting:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-54-247-2-128.eu-west-1.compute.amazonaws.com [54.247.2.128] port 22.
debug1: Connection established.
debug1: identity file /Users/avimeir/.ssh/id_rsa type 1
debug1: identity file /Users/avimeir/.ssh/id_rsa-cert type -1
debug1: identity file /Users/avimeir/.ssh/id_dsa type -1
debug1: identity file /Users/avimeir/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ae:42:29:3d:3e:c0:a8:04:7f:19:9c:c0:52:00:a4:1e
debug1: Host 'ec2-54-247-2-128.eu-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/avimeir/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/avimeir/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: ninja.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/avimeir/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Be sure to check:
The SSH keypair file
The username. For example: root, ec2-user, ubuntu, ...
The hostname of your server. For example, if you stop your instance, it will get a new IP address.
If you are using Ubuntu Cloud Guest official image, you can check the Ubuntu EC2 Starter's Guide.
Managed to solve it by editing /etc/ssh_config (on OSX) and adding the following line:
ChallengeResponseAuthentication yes
I read this post:
AWS ssh access 'Permission denied (publickey)' issue
The information there is relevant, but does not help me solve my issue. I used to be able to login to my linux instance on AWS using ec2-user using the following command:
ssh -i key.pem ec2-user#[address].compute-1.amazonaws.com from my MacBook terminal
over the past few weeks, I'm getting this error now:
"Permission denied (publickey)."
I tried
ssh -v -i key.pem ec2-user#[address].compute-1.amazonaws.com from my MacBook terminal
and I get this output:
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to [address].compute-1.amazonaws.com [address] port 22.
debug1: Connection established.
debug1: identity file key.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[address].compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in [path]/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Any advice on what's going on? How to get around this?
I have another user account on this instance that I previously created. I am able to login with that, and sudo into the root. I just cannot login with ec2-user anymore.
Thanks!
You may have to log in as root. If using a bitnami image, login as 'bitnami'
e.g. ssh -v -i key.pem bitnami#[address].compute-1.amazonaws.com