I am new to Amazon AWS, I am trying to connect to my instance so I can upload my files and setup my database.
Initially on connection the console returned an error saying my keys permissions were incorrect, after correcting this the console returned a permission denied error.
imrans-macbook:WORK imran$ ssh -i MYKEY.pem ec2-user#ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com
The authenticity of host 'ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com (xx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is xx:xxx:xx:xxx:xxx:xxx:xxx.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': Yes
Warning: Permanently added 'ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com,xx.xxx.xxx.xxx' (RSA) to the list of known hosts.
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for 'MYKEY.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: MYKEY.pem
Permission denied (publickey).
imrans-macbook:WORK imran$ chmod 400 MYKEY.pem
imrans-macbook:WORK imran$ ssh -i MYKEY.pem ec2-user#ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com
Permission denied (publickey).
What permissions did you change your key to?
The directory containing the key files should be set to 700.
chmod 700 ~/.ec2
The warning is telling you it's too open right now.
Move your key to .ssh
.ssh should be set to 700
key should be 600
-
move your key to ~.ssh\yourkey.pem
rename your key to something else and then set to 600
I resolved this by deleting my key pair and creating a new one along with a new instance. (nothing was on the old instance anyway)
Private key file should have very limited permissions for it to work
Use below command to change permissions
chmod 400 private-key-file.pem
Related
I am getting Permission denied (publickey) error while copying a public key using this command over ec2 ubuntu instance
root#ip-172-31-5-68:~# ssh-copy-id docadmin#ip-172-31-13-212
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:"/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
docadmin#ip-172-31-13-212: Permission denied (publickey).
Can anyone help me why I am getting this permission issue?
AWS doesn't allow SSH connections to an EC2 instance with private keys that are publicly exposed.
While you're trying to copy a .pub (public key) over to instance 2, you're using ssh-copy-id, which uses ssh under the hood to facilitate the transfer, so you'll first need to lock down your private key on instance 1.
Substituting the last term for your private key .pem filepath, you can accomplish this with:
chmod 400 /path/to/your-private-key.pem
The following post seems to be the canonical reference for this topic, but this is a slightly different scenario, so I'm not going to mark it as a duplicate:
Trying to SSH into an Amazon Ec2 instance - permission error
I am unable to ssh AWS ec2 instance. It shows error Permission denied (public Key).I have tried to generate new pem key
# ssh-keygen -y -f /path/to/keypair.pem
and added it in Instance Settings View/Change User Data
#cloud-config
#ssh_deletekeys: false
#ssh_authorized_keys:
# - ssh-rsa ENTER YOUR PUBLIC KEY HERE ...
#cloud_final_modules: - [ssh, always]
But it didn't work and I also tried this tutorial
https://aws.amazon.com/premiumsupport/knowledge-center/recover-access-lost-key-pair/
Still it is not working.
What you are trying to do wont work. Neither will the answer #Rajeev provided. If it was a file permission error you would see a message indicating the .pem file had unsecure read permissions. What I suspect you'll need to do is kill off that instance and relaunch with a new key. Will be easier than troubleshooting it, and you can make a snapshot to launch a new instance from if you have done a lot of config on it already.
AWS best practices state instances should be treated as ephemeral. Follow those guidelines and you'll save yourself a lot of hassle in the long run.
I have created an instance and its pem file named as demo.pem, But due to some security i have to change my old demo.pem file with demos.pem for the same instance.
I do not want to create new instance for changing pem file => Is it possible? | Help?
It's worth understanding how keypairs work...
When logging into Linux using keypairs, you specify a username and a keypair, eg:
ssh -i demo.pem ec2-user#54.11.22.33
Linux then looks in the .ssh/authorized_keys file belonging to that user, eg:
/home/users/ec2-user/.ssh/authorized_keys
If looks for the public key in that file that matches the private key used for login. It then does keypair magical stuff and determines whether to allow the person to login.
Therefore, to enable login on an instance using a new keypair:
Add the public half of the keypair to the ~/.ssh/authorized_keys file in the appropriate user's home directory
If desired, remove an old key from that file to remove access permissions
You can have multiple keys in that file, which permit login via any of the authorized keypairs.
Answer from A to Z:
create a pem key pair in the aws interface at (example)
https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs:
then go to your download files and modify access mode
chmod 400 yourNewPemName.pem
then generate the public key:
ssh-keygen -y -f yourNewPemName.pem > yourNewPemName.pub
connect to the ec2 instance:
cd ~ / .ssh
then replace the contents of the authorized_keys file, with the contents of your public key contents generated above step 3
I am using BitVise to communicate with my AWS instance.
From the last two days, I am not able to login with the pem file. Got the log from aws as follows,
Starting sshd: ##########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
the mistake was happened by setting 777 to ssh unfortunately.
What is the solution for this now? Cant able to connect using SSHClient to make the permission 400.
This is not a problem with pem file permission, the directory ssh has permission of 777.
Assuming that you're using EBS for the root volume, you'd need to launch a new EC2 instance, and attach the root volume of your existing instance to the new one. Then you'd be able to mount the filesystem and change the permissions on the file.
Then re-attach the volume to your other instance and you should be able to get in.
I just created an Ubuntu instance on EC2, but when I try and SSH into the machine, I get:
UNPROTECTED PRIVATE KEY FILE!
permissions 0644 for 'xxxxx.pem' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: xxxxx.pem
Permission denied (publickey).
In creating the key, you only enter a name (without the option of adding a password).
How can I SSH into the machine without this warning popping up?
Private keys must be readable only by the owner ..
Do chmod 400 xxxxx.pem on the machine from which you're connecting