I have a working m3.large instance on Amazon AWS that I'm able to login to using a username and a password via ssh. I've cloned it by creating an AMI of it and then spinning up another m3.large instance based on that AMI, but I cannot ssh into it. In putty, after typing in my username, I get "Server refused our key"
followed by Disconnected: No supported authentication methods available (server sent: publickey). Shouldn't the new cloned instance behave exactly like the one the AMI came from? Shouldn't the only difference be their IP addresses?
Ok i figured out that the problem was in the original instance, the one I'd cloned. In its /etc/ssh/sshd_config, i'd neglected to include the line PasswordAuthentication yes For some reason even with it set to no I could login on the original instance, but not on the clone.
Related
I am trying to connect to an EC2 instance with the key. But I get an error saying
No supported authentication methods available (the server sent: public key")
In the command window I get:
Using username "ec2-user"
Server refused our key
. Please help me
I will try to help! Suppose you are trying to connect using the PuTTY SSH client on your local machine. (Connecting with an FTP client like WinSCP is very similar).
Short answer: You need to let PuTTY know your ec2user IP address and associate the private key of the EC2 instance with the PuTTY session. On the AWS side you need to create a security group that allows inbound access from your IP address to your EC2 instance for SSH on port 22.
__
Long answer 😊:
Go to your EC2 page and click [CONNECT]
[]1
Copy the ec2User IP address to PuTTY.
When you created the EC2 instance, you were prompted to download the public/private key pair. You need that private key. If you don’t have that file, things are more complicated. (See Change key pair for ec2 instance).
But hopefully, you can find the private PuTTY Private Key file downloaded on your local machine:
Save the session. PuTTY should be all set up now.
Now on the AWS side, you need to make a new security Group:
Create the group and ADD an Inbound Rule:
Go back to EC2 and add security group to EC2.
In the dialog that pops up, check the security group that you just created for PuTTY remote access and click [Assign Security Groups]
Now give it a try!
I hope this works for you like it does for me.
ONE FINAL TIP: Make sure that you associate an Elastic IP address to the instance. Otherwise, this connection might stop working when someday you reboot your EC2. The elastic IP pins it down.
Verify that you are connecting with the appropriate user name for your AMI. Type the user name in User name in the PuTTY Configuration window.
The appropriate user names are as follows:
For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
For a CentOS AMI, the user name is centos.
For a Debian AMI, the user name is admin or root.
For a Fedora AMI, the user name is ec2-user or fedora.
For a RHEL AMI, the user name is ec2-user or root.
For a SUSE AMI, the user name is ec2-user or root.
For an Ubuntu AMI, the user name is ubuntu.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk).
I'm trying to use elastic beanstalk to deploy an application and one of the things I need to do is be able to log into the underlying ec2 instance and add dependencies. I added a key pair to the instance and put the private key file in ~/.ssh on my computer. Next I specified the key pair for the ec2 instance and it restarted and eventually the status was green
When I try to ssh into the ec2 instance I get the following error:
$ ssh ec2-user#myinstance.us-east-1.elasticbeanstalk.com
ec2-user#myinstance.us-east-1.elasticbeanstalk.com: Permission denied (publickey).
In the docs is says this could be due to an incorrect username.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
Does anyone know what the default username is for ec2 instances created by elastic beanstalk?
Also if I'm doing this all wrong would appreciate some pointers there too.
1.To make sure that the there's no mistake the way you connect:
Go to EC2-> Instances
Select your instance
And press Connect
You should get the command to connect from the instructions from the Connect Popup. The correct username is mentioned there plus instructiins on how to set the correct permissions on the pem (applies to linux)
2.
Make sure that you modified the security group of the instance you're trying to connect do that it allows ssh from the ip of your pc. (This is not the case for the question, since the error is Permission denied (publickey), it means that it's not an sg issue, thx #diego)
3.
Also if you connect from a corporate network, try connecting from another network. It might be firewall issue.
4.
Last but not least make sure you ssh inside the .ssh path, or provide the correct pem path
New to Amazon AWS here. I setup a new ubuntu instance but cannot SSH to the instance. How do I find the login/password for SSH? I don't remember one being shared with me when I created that instance.
I added my IP to inbound traffic for the security group
I setup a key and am using the key with my Putty connection
I am able to get to the login step, but when I enter 'root' as the login (or any value), I get:
Server refused our key
Disconnected: No supported authentication methods available (server send: publickey)
when you deploy an EC2 instance in AWS, you'll be asked to select existing key-pair or create new one. if you choose to create new one, AWS will give you the keypair.
after new key-pair is downloaded, you need to change the key permission.
If you deploy an Ubuntu instance, the user usually ubuntu.
ssh -i key.pem ubuntu#yourinstanceIP
or you can select the instance, and you can click on Connect button.
I am using mac terminal and I want to connect my machine with server instance EC2 in aws with SSH. Since I am using Mac OS X is not necessary to use PUTTY. The problem is that when I download the key it is with extension .ppk but when i need to run it on terminal i need to use a command in which i have to use .pem extension . I tried to run it in that way and it said to me permission denied. Can someone help me what to do in this case? Do i have to change the permission or to convert my key from .ppk to .ppm?
You need to know the .pem file folder you download, and then follow steps below:
download the keypair(.pem file)
cd to keypair(.pem file) location (Note that you can use absolute path name for key pair instead)
chmod 400 [your_key_name].pem (Note that to make SSH work, your key must not be publicly viewable. Use this command if needed.)
ssh -i "[your_key_name].pem" ec2-user#[your ec2 dns name]
You will have to convert your "ppk" file to "pem" file follow this steps.
http://www.ramsmusings.com/2014/02/20/converting-a-putty-ppk-file-to-a-pem-file-for-accessing-aws-ec2-instances/
After you convert connect to the instance using the SSH command and converted "pem" file.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
Quick answer
Instead of working directly with SSH keys I would consider working with AWS ec2-instance-connect.
It saves you the the management of the SSH keys and is much safer then sharing SSH keys for each EC2 machine between team members.
After authentication with the aws credentials (by referring to a profile in .aws/config file or using environment variables ) you can connect to the instance very easily by providing the instance ID:
./bin/mssh <instance-ID>
Installation of this tool can be done via pip or directly from the github repo.
Additional information
Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH).
With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principles to control SSH access to your instances, removing the need to share and manage SSH keys.
When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes a one-time-use SSH public key to the instance metadata where it remains for 60 seconds. An IAM policy attached to your IAM user authorizes your IAM user to push the public key to the instance metadata.
The SSH daemon uses AuthorizedKeysCommand and AuthorizedKeysCommandUser, which are configured when Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance.
You can use Instance Connect to connect to your Linux instances using a
browser-based client,
the Amazon EC2 Instance Connect CLI,
or the SSH client of your choice.
(*) Amazon Linux 2 2.0.20190618 or later and Ubuntu 20.04 or later comes preconfigured with EC2 Instance Connect.
For other supported Linux distributions, you must set up Instance Connect for every instance that will support using Instance Connect. This is a one-time requirement for each instance.
Links:
Connect using EC2 Instance Connect
Securing your bastion hosts with Amazon EC2 Instance Connect
I am not able to remote desktop into a T2.micro instance that I spawned from the AWS Java API. Here is what I did:
Created an instance using the Amazon console
Successfully remoted into it
Created an AMI of the instance
Wrote a Java program to runInstance using the same security group, availability zone, subnet, and keyname as the original
Ran the program and saw it start successfully
Tried to connect and got the message: "Password is not
available. This instance was launched from a custom AMI, or the
default password has changed. A password cannot be retrieved for
this instance. If you have forgotten your password, you can reset it
using the Amazon EC2 configuration service"
Am I missing something? Shouldn't this work?
When you say Tried to connect and got the message "Password is not available", do you mean you connected with RDP or do you mean that you were in the AWS console, you right-clicked the EC2 instance and you selected "Get Windows Password"?
Unless you explicitly did something to prevent it (see below), I would expect the administrator password of the new instance to be the same as the old instance.
If you want a new administrator password for the new instance, then you need to use the EC2ConfigService on the original instance and configure it so that a new password is generated on next boot. Then you can stop the instance and create an AMI from it. When a new instance is launched from the AMI, it should then allow you to retrieve a new password.