I have been trying to use Ansible over AWS.
I am using ppk file to login to AWS. I want to use the same with Ansible.
This ppk file was extracted from pem file which i got from AWS.
This is the command i am using.
ansible all -m ping -u ubuntu --private-key /opt/keys/privateKey.ppk
I get the following
Enter passphrase for key '/opt/keys/privateKey.ppk
172.31.50.XX | FAILED => SSH Error: Permission denied (publickey).
while connecting to 172.31.50.XX:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
I did not create the keys with a passphase so not sure why I am getting this error
Ansible uses OpenSSH under the covers so you'll need to use the original pem file that AWS generated for you.
Related
I am able to connect to Amazon Ec2 instance but unable to ssh from my windows 10 machine to the Public ip. I am using command :
Attaching supportive screenshots:
1> Path of EC2Tutorial.pem:
2> Command for SSh:
Have followed some of the solutions given by people. chmod 400 EC2Tutorial.pem
also failed with error.
ssh -i EC2Tutorial.pem ec2-user#3.85.176.195
Resulted an error as below:
[ec2-user#ip-172-31-43-19 ~]$ ssh -i EC2Tutorial.pem ec2-user#3.85.176.195
Warning: Identity file EC2Tutorial.pem not accessible: No such file or directory .
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I am following "Ultimate AWS Certified Developer Associate course on Udemy. and want to ssh the same way as suggested. not getting the same result. plz suggest.enter image description here:
Path to EC2Tutorial.pem file.
enter image description here
CHMOD 400 EC2Tutorial.pem
is a typical linux command to change the permission of the public key,so that it is no longer available for other users to access, in Windows I'm not sure if that is the best idea.
From windows it is recommended that you use an SSH Client like Putty(which is free to use) as that would help setup the configuration. You have to first install Puttygen and change the public *.pem file into a *.ppk file(which you can use in Putty to log in to the server.)
Here is a documentation on how to do that.
AWS Document Link for Using SSH with Putty
I have created an ec2-intance on AWS. But when im trying to connect to it by using my .pem file, im getting error message: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). I have changed the permission to this file by chmod 400 myfile.pm.
This is the command i use to connect to my instance: ssh -i ec2demo.pem ec2demo#ec2-35-158-140-25.eu-central-1.compute.amazonaws.com
I also searched for the issue on internet, and some people say i need to type chmod 600 myfile.pem. It still not works. Im using macOS Mojave, and the ssh client integrated. Do i need to install the AWS-CLI to make it works? Or should it work without AWS-CLI? And is it better to use ssh client from homebrew, or?
Thanx for help
When launching a new Amazon Linux instance on Amazon EC2, the public half of the keypair is copied to:
/users/ec2-user/.ssh/authorized_keys
You can then login to the instance using the private half of the keypair:
ssh -i key.pem ec2-user#1.2.3.4
(Or, you can use a DNS name instead of an IP address.)
It sounds like you have not logged into this instance yet, so make sure you login as ec2-user instead of ec2demo. The name of the instance does not impact the Linux user on the instance.
I have encrypted the AWS .pem file with ansible vault to upload to GitHub. I'm running the playbook in Jenkins and is failing with error {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}. If tried to run the playbook manually its asking me to enter passphrase which I haven't set. I'm running the playbook with --vault-password-file. I have set the permissions to 700 before running playbook.
Any idea why ansible started asking for passphrase after encrypting with ansible-vault and how toresolve this issue?
When ssh asks you to enter a passphrase and you know that they .pem file does not have an associated passphrase, it is normally an indication that ssh cannot interpret the file.
This might be because the format has been modified (eg strange linebreak characters) or it does not contain the expected header, key and footer.
Based upon your description, it would appear that ssh is trying to use the encrypted version of your file, which it cannot interpret. You will need to decrypt the file before using it with ssh.
I am very new to ansible.
I have managed to install it and set up the ec2.py file via the git and set up the IAM root user. but my question is I already have a ec2 instance online that uses a .pem file that amazon has created. i use windows and have created the relative .ppk file when i try to ssh into that ec2 instance from another ec2 instance I see that via
cd ~/.ssh/ the files authorized_keys and known_hosts are created
but when i run ssh ubuntu#ec2-xx-xxx-xx-xxx.us-west-2....
I get a permission denied (puplickey)
I examined the contents of the authorized_keys file and the ppk and pem file and it seems that the public key is stored in the authorized_keys file correctly and the user is correct.
Am I correct in thinking that I need to copy the private key into this file?(although I don't really want to) or is it because I need a passphrase?
and in relation to ansible
How do I utilise this key to manage the host in the same VPC?
Edit (extra): I found out that the authorized_keys file is the file that contains the public key and fingerprint. when i edited the file i was no longer able to access the EC2 instance and it kept asking for a password and saying that the fingerprint had changed. so I guess that's why its best practice to create a ssh-key on the ansible system and then import into AWS
If you can ssh to the host in question via putty with key.ppk file, then:
convert key.ppk back into key.pem
place key.pem somewhere onto the control host (where Ansible is installed)
define inventory (hosts file) for Ansible:
myserver ansible_host=ip-or-dns-of-your-server ansible_user=your-user ansible_ssh_private_key_file=path/to/key.pem
run ansible myserver -m ping to confirm connectivity
This way Ansible will try to connect to your server aliased myserver at ip-or-dns-of-your-server with your-user account using path/to/key.pem private key.
I'm trying to connect to my AWS Elastic Beanstalk EC2 instance using OpenSSH, which I have downloaded because I'm using Windows.
When running eb ssh I am greeted with the message: "Warning: Unprotected Key File! Permissions 0444 for '(key name)' are too open."
This is frustrating because I went into the .ssh folder and used chmod to set it to 0400, not 0444.
The key I am using was generated using the ssh tool, and I uploaded it to AWS and set it as the key pair so I know it's OpenSSH at fault here, rather than AWS.
I am then prompted to enter the key's passphrase, but doing so just displays the message again.
As a result of this, I cannot connect to the instance.
Does anybody know how I can fix this?
You can use Putty to connect to your server, here is the documentation instructing how to do this -
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html