I have set amazon instance. I configured the proxy correctly.
I am getting this error.
ssh_exchange_identification: Connection closed by remote host.
Here is my .ssh/config file
Host AWS
Hostname 52.76.70.56
Port 22
User ubuntu
IdentityFile Desktop/aws1/tutorial.pem
ProxyCommand /usr/bin/corkscrew 10.3.100.207 8080 %h %p
As seen image, you had used two ssh command and no need to mention key-pair file name using double quote.
Use single ssh command
ssh -i <my-key-pair.pem> <user>#<ip-address>
Check the key-pair has necessary permissions, you can use following command to set permission
chmod 400 <my-key-pair.pem>
And the user will be your instance user name, in case of ec2-instance the user name may be ec2-user and for ubuntu instance the user name is ubuntu
Thanks
Related
Overview
I'm trying to configure ~/.ssh/config to connect my local VSCode to remote (EC2). I've done a lot of testing and can't understand why situation one is working and others are failing. I'm able to get RemoteCommand to work successfully for ssh'ing into EC2 instance after ssh'ing into BastionHost, however I'm unable to achieve the same with ProxyJump or ProxyCommand. VSCode doesn't list the EC2 filesystem when using the RemoteCommand example (just gets to BastionHost), so thinking I'll need to resolve to either ProxyJump/ProxyCommand based on most of the documentation.
I've tried to follow the instructions here exactly along with trying out different approaches from other articles to no avail.
##WORKS
Host dev-ec2
HostName 10.248.000.206
User meme1
RemoteCommand ssh 10.248.000.201
RequestTTY yes
IdentityFile ~/.ssh/mykey
##WORKS
Host bastion-dev
HostName 10.248.000.206
User meme1
IdentityFile ~/.ssh/mykey
RequestTTY yes
##FAILS (times out)
Host dev-ec2-proxycommand
HostName 10.248.000.201
User meme1
ProxyCommand ssh.exe bastion-dev -W %h:%p
##FAILS (Permission denied on public key, even though no issue in the RemoteCommand example)
Host ec2-dev-proxyjump
HostName 10.248.000.201
User meme1
ProxyJump bastion-dev
IdentityFile ~/.ssh/mykey
System Info
OS: Windows 10
Bastion OS: Linux (Amazon Linux AMI)
Disclaimer
I've been trolling StackOverflow and other forums for the past couple days to no avail, and although I've found similar questions none have provided viable answers for resolving.
I suppose this one below is failing because you are using a command from Windows at your bastion, that is Linux.
Command ssh.exe will not work on Linux. Everything that you put on ProxyCommand will run inside your bastion host, in your case it is a Linux OS.
Also make sure your instance Security Group allow connection from bastion IP, not from your computer.
##FAILS (times out)
Host dev-ec2-proxycommand
HostName 10.248.000.201
User meme1
ProxyCommand ssh.exe bastion-dev -W %h:%p
I have the config below on my ~/.ssh/config file and it works fine for me to connect on my instance behind bastion host.
Bastion IP: 172.31.4.238
Host IP (behind bastion): 172.31.11.98
Host 172.31.11.98
HostName 172.31.11.98
User ec2-user
ProxyCommand ssh -W %h:%p ec2-user#172.31.4.238
See it below
$ ssh 172.31.11.98
The authenticity of host '172.31.11.98 (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is SHA256:vy....
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.31.11.98' (ECDSA) to the list of known hosts.
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
[ec2-user#ip-172-31-11-98 ~]$
I have created an EC2 Linux Instance in AWS. I used Ubuntu Server 20.04 LTS (HVM) AMI. After create the instance I was downloaded the key pair file (.pem). I gave it a name "EC2-Key-Pair". Then I launched the instance. Then in my Kali Linux system I open a Linux terminal where I saved the .pem file. After that I used this command:
chmod 400 EC2-Key-Pair
After run this command, I used this command:
ssh -i "EC2-Key-Pair.pem" ubuntu#ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
Where ubuntu is the username and
ubuntu#ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
is the Public IPv4 DNS of my instance. But when I executed this command I get this error:
Host key verification failed.
How to fix this error. I have executed this command using sudo and not using sudo. But both way was failed. Even I searched the error on internet, I found a solution that by using this command I can fix this error:
ssh-keygen -R Hostname
Where I used my instance's public IPv4 DNS as Hostname:
ssh-keygen -R ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
But it shows an error that:
Cannot stat /home/sanniddha/.ssh/known_hosts: No such file or directory
Error after execute the SSH command as root user
Error after execute the SSH command
Error after execute ssh-keygen -R Hostname
This error means that there is something changed in your instance since the last login, and most properly
you created the EC2 instance, with No fixed IP assigned to this instance. so
When you start this instance, it will get (dynamic) IP and a DNS name which will be based on that IP.
If you shutdown the instance and start it again few hours later, it might get a new IP and a new DNS name.
The trouble you are getting because of the ssh key fingerprint changed. In general, it is not a bad thing and you accept the warning but double-check everything.
What is an SSH key fingerprint and how is it generated?
What can cause a changed ssh fingerprint
In your case, it might be because you launched an instance earlier and which has a similar DNS name that got added to ~/.ssh/known_hosts file.
xx.xx.xx.xx ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP2oAPXOCdClEnRzlXuxKtygT3AROcruefiPi6JPdzo+=
You can clean ~/.ssh/known_hosts by issueing following command
ssh-keygen -R ec2-13-232-252-152.ap-south-1.compute.amazonaws.com
As the IP got recycled on AWS side for the instance when you launched a new instance. The new instance has a different ssh fingerprint from the one you have in your ~/.ssh/known_hosts file, hence the warning.
As pointed out already, you need to open port 22 for your IP to access the instance.
If possible use IP address instead of DNS name for ssh. Plus for ssh you don't need sudo
I have my NAT and Bastion set up to login with SSH forwarding:
ssh-add -K keyfile.pem
ssh -A ec2-user#bastionhost
ssh ec2-user#privateSubnetServer
What's the best method for handling ssh and users at this point between hosts in the private subnet?
I get:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
When trying to do it the traditional linux way. I can get to them if I use the AWS created key pairs.
I can't set up or connect to a directory service at this point.
There can be two reasons, either the key is invalid or the proxy command not working as you expecting.
Before that, you set you proxy command like this
host bastion
HostName bastion_Adress
User centos|whatever
identityFile /mykeys/ec2.pem
Now try to ssh to bastion
ssh bastion
If the above then bastion working fine, we can set proxy command now.
host private_server
Hostname 10.0.5.45
user centos
IgnoreUnknown UseKeychain
AddKeysToAgent yes
ProxyCommand ssh bastion -W %h:%p
Now you can ssh to private server
ssh private_server
Normally these are necessary but just in case of mac happen sometime
IgnoreUnknown UseKeychain
AddKeysToAgent yes
.ssh/config: "Bad configuration option: UseKeychain" on Mac OS Sierra 10.12.6
You can debug the issue using this flow
ssh to bastion
copy your private server ssh key to the bastion
ssh to private instance
If the above worked it mean bastion ssh config is not valid
If the above does not work then the key is not valid.
Host bastion.ip.address
User ec2-user
IdentityFile ~/.ssh/bastionkey.pem
CheckHostIP no
Host private.subnet.ip
User ec2-user
IdentityFile ~/.ssh/bastionkey.pem
ProxyCommand ssh ec2-user#bastion.host.ip -W %h:%p
I am trying to ssh into a new EC2 instance. I have followed the instructions and when I attempt to ssh I get Permission denied (publickey).
Below is an image of everything I did in the console according to the instructions. Everything seems to go accordingly until I enter yes. Then it fails. I have followed the instructions twice and get the same result. I also do not have AWS CLI Tools as I believe they are optional.
ssh will use your local username to connect to the instance by default, if you not specified Host, User and IdentityFile in your ~/.ssh/config.
As you call ssh to your instance with the pem specified on the command line you also have to specify the remote user name (which is ec2-user for AWS linux instances and ubuntu for AWS Ubuntu instances).
Try to use this commandline:
ssh -i sub_api.pem ec2-user#ec2-54....
I want to make an SSH connection from my own terminal, not from the browser-based command line interface Amazon provides. How do I know what username and host to use in my SSH command? So far, I'm unable to connect via SSH. I believe I am using the key correctly, but I am getting "permission denied (publickey)".
I have set 400 permissions for the private key file.
Can I use the public IP for the host? Is the username "ubuntu"? Something else?
Right now you can run only two base OS in LightSail:
Amazon Linux 2016.09.0
Default user: ec2-user
Ubuntu 16.04 LTS
Default user: ubuntu
The host name is the public IP, according to step #4 of the documentation at https://lightsail.aws.amazon.com/ls/docs/how-to/article/lightsail-how-to-set-up-putty-to-connect-using-ssh