I am following instructions on:
https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/getting-started-guides/coreos/coreos_multinode_cluster.md
I am trying to launch a Master with master.yaml file as a UserData. I am able to successfully launch the instance in EC2 but i cant seem to ssh to it via aws ssh key..
backend-service viralcarpenter$ ssh -i ~/Downloads/viral-kubernetes-acad-key.pem core#54.153.63.240
core#54.153.63.240's password:
Is there something that i am missing?
You need to have a Key Pair configured in your EC2 region and specify it when creating the instance in order to be able to SSH into it.
--key-name <keypair>
Related
I'm attempting to scp to an EC2 inside a VPC and getting timed out.
Established facts:
I can ssh into the VPC itself - the keypair works and the instance subnet is open to the internet.
The folder I'm attempting to transfer to on the EC2 has permissions 700
The command I'm running is:
scp -i mykey.pem dumbtest.txt ubuntu#ec2-<my-ip>.compute-1.amazonaws.com:/home/ubuntu
Are there additional steps I need to take to scp into EC2's on a VPC?
I'm trying to connect to master cluster in kubernetes as ssh -i ~/.ssh/id_rsa ubuntu#api.demo.k8s.testcheck.tk
It throws error as
ubuntu#api.demo.k8s.testcheck.tk: Permission denied (publickey).
I am using kops as a deployment utility. Can someone help here please
Can you change the username from ubuntu to ec2-user? I think the default user of EKS nodes is ec2-user
If you used a later version of kOps, it does not by default add an SSH key. You need to supply one with the create command like this: kops create cluster --ssh-public-key ~/.ssh/id_rsa.pub .... After the cluster has been created, you can create an ssh key kops create secret --name <cluster name> sshpublickey admin -i ~/.ssh/id_rsa.pub.
Instead of using static SSH keys, I do recommend using mssh from ec2-instance-connect
To connect to EC2 via SSH with public key, you need the corresponding private key configured in the authorized_keys file in the root volume. When kops provisioned the EC2, does it provide you which keys to use?
If not, if the EC2 is using a newer AMI, you should be able to alternatively connect via EC2 instance connect.
Else, you need to manually modify the authorized_keys file.
I am setting up a new EC2 Amazon Linux 2 AMI and am having a try at setting up EC2 Instance Connect as it's preinstalled on my new instance.
From what I've understood the docs to mean, I should be able to create an IAM user, add a public key to that user and then SSH into the box using the IAM user's (public) key without having to create the .ssh folder on the EC2 instance.
What I've done is:
Create a user on the EC2 instance which my IAM user should map to (let's call him bob)
Uploaded my public OpenSSH key to the IAM user
Created a permission policy which allows the action ec2-instance-connect:SendSSHPublicKey (as per the docs)
Once these are all done, if I try to SSH into the box, it doesn't work and in my /var/log/secure I see a preauth failure.
If I create the .ssh/authorized_keys file and set the permissions correctly, everything works fine.
However, my understanding of the EC2 Instance Connect approach is that it gives me a central way to manage public-key based access to my instances.
Am I correct?
Am I missing something in how I'm setting this up?
I'm finding the documentation a little unclear, so some insight would be helpful.
Thank!
EC2 Instance Connect works as follows:
You issue a command that pushes a temporary public key to the instance, such as:
$ aws ec2-instance-connect send-ssh-public-key --instance-id i-001234a4bf70dec41EXAMPLE --availability-zone us-west-2b --instance-os-user ec2-user --ssh-public-key file://my_rsa_key.pub
You then establish an SSH connection to the instance using the private half of the keypair
Within the instance, the EC2 Instance Connect software interfaces with the ssh process and checks whether the SSH key provided matches the public key that was pushed with send-ssh-public-key (and it is within 60 seconds of receiving that key)
If they match, the SSH session is permitted
See: Connect Using EC2 Instance Connect - Amazon Elastic Compute Cloud
EC2 Instance Connect also provides a web-based interface that can both initiate the above process (using a temporary random keypair) and provide an SSH interface. When doing so, the SSH connection appears to come from within AWS, not your own IP address. This is because the web interface uses HTTPS to AWS, then AWS establishes the SSH connection to the instance. This has an impact on security group configuration.
I have a question to ask about AWS EC2. I created an EC2 instance before with a ppk file and associated my EC2 instance with that PPK file on Putty.
Thereafter, I created a separate EC2 instance with additional storage and I tried to associate my ppk file with this instance too.
However, When I ssh onto Putty, it gives me this error
Using username "ec2-storage".
Server refused our key
Is it because once a EC2 instance is using a keypair I cant use it for another EC2 instance? However, if this is the case why does the AWS console give us the option to choose an existing key pair?
Any advice?
Adrian
If you are launching an Amazon EC2 instance based on the Amazon Linux AMI, the username is ec2-user.
I have two instances
1. Bastion host instance
2. Amazon linux instance.
I can login in to bastion host instance and have added key of another Amazon linux instance in which i want to allow ssh access but when i try to run command in bastion host instance it doesn't work.My security group of both ec2 instances bastion host instance and amazon linux have set inbound traffic allow to all, more over VPC and subnet are also set with proper internet gateway.
ssh -A ec2-user#ip
Can any one tell what am i missing?
You have to use the path to key of the instance you are trying to connect and "-i" instead of "-A" check below command.
ssh -i /path-to-key/key.pem ec2-user#ip
You can run ssh in verbose mode (-v) to see if the relevant key is getting used or if any other issue:
ssh -v -A ec2-user#ip
Also the #IP in use is instance private IP address?
you have to use private key of the ec2 instance to login into it from the bastion host instance. You have to set the pem file to have permissions of 600. Also you can rename the key-file.pem to key-file just to avoid any unwanted attention to it. So the command would be :
ssh -i /path_to_key-file/key-file ec2-user#ec2_instance_ip