I am trying to connect to my ec2 instance from my chromebook using the secure shell extension but I keep getting the following error:
Loading NaCl plugin... done.
ssh: connect to host (public DNS) port 22: Connection refused
NaCl plugin exited with status code 255.
I have been following the steps on this site but with 0 success.
http://www.mattburns.co.uk/blog/2012/11/15/connecting-to-ec2-from-chromes-secure-shell-using-only-a-pem-file/
Help please.
If you're doing this on your chromebook, you should have developer mode enabled so that you can enter the console and execute Linux commands. Once developer mode is enabled, enter the console with ctrl+alt+t and then type in shell.
First you'll want to change the permissions of your .pem key. The ssh keygen won't run if the permissions aren't restricted enough.
sudo chmod 400 myKeyPair.pem
Next you'll want to generate your own public key with ssh-keygen like mentioned in the other links.
ssh-keygen -y -f myKeyPair.pem > myKeyPair.pub
After this, you'll want to create a file with no extension and the private key pair inside.
touch myKeyPair
After this, copy the contents of the .pem file to the file with no extension, myKeyPair.
sudo cat myKeyPair.pem > myKeyPair
Next you'll want to open up the secure shell extension, which can be found here.
Enter your connection information for your machine and don't forget to specify the port number. When it comes to importing the key pair, select both the myKeyPair.pub and the myKeyPair files using ctrl.
That's it, you should be connected!
Related
I've created a user and copied the public key to .ssh/authorized_key for that new user and also I've set the pubkeyauthentication to yes on /etc/ssh/sshd_config after saving the file restarted the sshd service.
When I try to ssh from the new user I am getting error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Am I missing any step here to ssh from the new user account?
When I check the status for sshd.servive I see error:
AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys xxxx SHA256:84NyibLXFppE4BGIM+1e5iO...status 22
Had the same issue error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys ec2-user.
Make sure the file permission is user only (600) in the $HOME/.ssh directory on the SSH client side host.
"error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys ...snip... failed, status 22" error #20
FYI
To debug:
sudo tail -f /var/log/secure to monitor the reason why SSH refuses the connection.
Make sure $HOME/.ssh/authorized_key content on EC2 instance is correctly match with your ssh private key in the SSH client host.
Make sure correct private key is being used, use -i option to explicitly specify which key you use.
You might want to check the algorithm you are using to generate the key.
I saw exactly the same error message when using the ECDSA algorithm but fixed the problem by using RSA instead (ssh-keygen -t rsa).
If you want to dig deeper you can try
ssh -Q key
to get a list of supported key types.
I am trying to copy a folder from my digital Ocean server to my computer.
I have successfully connected as root to my server and I have the ssh Public key setup
I use command root#my-server_ip to connect successfully.
When I try to copy a file like
scp -r root#my-server_ip:/file/path/ /where/to/put
I get this error Permission denied (publickey).
I can't figure out what the heck is the issue
Permission denied occurs when the server is not able to validate the incoming connection. You need to provide the path to your identity file (ssh key) explicitly when making a request through scp.
Something like this:
scp -i <path_to_identity_file> -r root#my-server_ip:/file/path/ /where/to/put
I am trying to transfer files present on Kaggle, to an EC2 instance. Accoring to this link, the command to be used from Putty is
"scp -i /path/my-key-pair.pem /path/cookies.txt user-name#ec2-xxx-xx-xxx-x.compute-1.amazonaws.com:~".
However, I am getting the following error:
[ec2-user#ip-172-31-32-16 ~]$ scp -i /path/my-key-pair.pem /path/cookies.txt ec2-34-214-179-99.us-west-2.compute.amazonaws.com:~ Warning: Identity file /path/my-key-pair.pem not accessible: No such file or directory. The authenticity of host 'ec2-34-214-179-99.us-west-2.compute.amazonaws.com (172.31.32.16)' can't be established. ECDSA key fingerprint is SHA256:PdEvoAAd7Bc37PbnODNkNiqy/zE2MwoVzCv8jw8McfI. ECDSA key fingerprint is MD5:66:c2:b4:7e:50:a2:a8:67:ec:84:2c:ee:76:02:74:b0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-34-214-179-99.us-west-2.compute.amazonaws.com,172.31.32.16' (ECDSA) to the list of known hosts. Permission denied (publickey). lost connection
Apparently This occurs when the key does not have the right permissions. One suggestion I received is to search for chmod 400 equivalent for windows. I did but did not find anything appropriate. Please help
I cannot connect to any machine I create on EC2 that belongs to the C3 family.
I have no problem connecting with SSH to any other type of machine.
What do I need to do to further debug this?
The steps I've taken:
I create a t1.micro machine with the same image (an ubuntu 13.10 64bit AMI ami-2f252646), and the same key-pair, and hte same security group. It works fine.
I ssh to a t1.micro machine, and then ssh again from that machine to the C3 machine. That tells me the machine is up and running and my problem is connecting to the C3 machine from my PC directly (going through the office router).
I try to telnet to the t1.micro machine on port 22 - I get a connection.
I try to telnet to the C3 machine on port 22 - does not work.
I try to telnet to the C3 machine on port 22 from another PC, not from the office - I get a connection.
I tried this with several C3 type machines, all iwht the same result.
So:
The machine is up and running, and can accept connections.
There is obviously a problem in the coupling between my office connection and the C3 machine.
My office connection works fine with any other type of m1/c1/g1/m2 machine, so it's only the "3" family that has that problem.
I'm at a loss on how to solve this, or even debug this further. Right now I'm tunneling to my machine through a proxy t1.micro machine...
My operating system is itself Ubuntu 13.10
Here is a gist link to the output of my ssh -vvv command
It seems to get stuck at debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Solved it, with the help of AWS professional (paid) services.
The problem is with some of the authentication protocols.
I have a high (9000) MTU (minimal transfer unit) configured in my network connection, I need this to access big chunks of data.
The solution is either to lower the MTU to below 1400 (which is not good for me, because I need it), or to change the SSH config, which worked for me.
sudo vi /etc/ssh/ssh_config
and uncomment the lines starting with Ciphers and MACs
mine says:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-ripemd160
This is a bug from Ubuntu 12.10 and onwards (it works in 12.04 and below)
There is another option besides using just the provided pem with an Ami that you've created yourself.
Go back and spin up the current image on an instance size that you know works. Ssh into the instance as the main user and then create a secondary user and add them to the sudoers group.
sudo useradd -d /home/myuser -m myuser
sudo usermod -a -G sudo myuser
Then change to the new user and go to their home directory and create a .ssh folder, change this to 0700. Go inside the .ssh directory an vi (or your text editor of choice) and create an authorized_keys file.
Insert your PUBLIC key contents into this file.
Change the permissions on this file to 0600.
sudo su myuser
cd ~
mkdir .ssh
chmod 0700 .ssh
cd .ssh
vi authorized_keys
chmod 0600 authorized_keys
Exit out of the user. Before you exit the box you probably want to edit (as sudo) /etc/passwd and change the users shell from sh to bash.
Exit out of the box and test connecting with your new user before returning your new Ami.
Now spin up the new ami as a C3 instance and connect in with your user.
I have just launched a new Amazon AWS EC2 instance. It is a Suse server.
I am attempting to connect to it through SSH using my private key. It has been 'Permanently added' to my 'to the list of known hosts.' with my private key.
However -
I am not logged in to the server. It is requesting a password. Though it is supposed to use my private key without a password. (as described here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html)
What should I do?
--
More details:
I ran it again with debug: added -v: ssh -v -i ...
These are the last few lines in the shell (up to here it seems to be fine) before I am asked for pwd:
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: my-private-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
I have just solved this. It is a bit of a workaround. The problem may have been the type of server used, Suse. I used ec2-user for username, but it may be different for different servers. This is the one for Amazon Linux AMI (and also for Ubuntu I believe), but apparently not for Suse.
I stopped (/terminated) this instance, and launched a new AMI Amazon Linux server instance instead.
Connecting to SSH there worked like a charm. Using ssh -v -i my-private-key.pem ec2-user#publicaddressblahblah.compute.amazonaws.com
I was not asked for a pwd here.
If your local box is Linux
The first thing you want to make sure of is that you have your key loaded into ssh-agent and into ssh-add (on your client machine).
08:10:51 ~$ ssh-agent
SSH_AUTH_SOCK=/var/folders/ps/1dvr90bd6p3blnyrnpyxnryhv45qg1/T//ssh-K8VbUYmYYj4w/agent.9087; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9088; export SSH_AGENT_PID;
echo Agent pid 9088;
Run each of these lines (to declare the variables you need). Then run ssh-add.
08:17:33 ~$ ssh-add
Enter passphrase for /Users/kyle/.ssh/id_rsa:
Identity added: /Users/kyle/.ssh/id_rsa (/Users/kyle/.ssh/id_rsa)
To put it all in one line:
$ eval `ssh-agent`; ssh-add
Workaround to make sure you're loading the right key
You can tell SSH to load a specific key using the -i option.
$ ssh -i ~/.ssh/other_rsa ec2-user#<ip>
Username woes
If this is an Amazon Linux box, the user is ec2-user. For some AMIs, they have other users set up (ubuntu on ubuntu). Check the documentation to see if they have any specific requirements.
$ ssh ubuntu#IP
On trying with user "root", it worked for me.
ssh -i root#server-name
The documentation says the user could be either ec2-user or root:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
i solved this by changing my proxy server from Hk to Japan. my ec2 instance is in japan, but my proxy server is in Hk, so it let me type pwd, but when i change my proxy server to Japan, no need to type the pwd