ssh conection> Permission denied (publickey). Ubuntu 12.04 EC2 - amazon-web-services

I was using my EC2 instance 1 hour ago, I uploaded my web page using scp to my server and everything was fine. I closed the connection with exit command and now I am trying to log in using the same command as before and I'm getting this:
$ ssh -v -i /cygdrive/c/tsearch.pem ubuntu#tsearch.com.mx
OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012
debug1: Connecting to tsearch.com.mx [54.201.232.244] port 22.
debug1: Connection established.
debug1: identity file /cygdrive/c/tsearch.pem type -1
debug1: identity file /cygdrive/c/tsearch.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 3f:d4:cb:c0:db:7b:49:5e:0a:dc:1b:ec:4f:23:14:c3
debug1: Host 'tsearch.com.mx' is known and matches the ECDSA host key.
debug1: Found key in /home/Fernando/.ssh/known_hosts:6
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/tsearch.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I have searched over the web, and I have found different answers, but none has worked (and I dont want to delete my amazon instance). Any ideas?

Worst case to recover the data in the instance. You can create an AMI from the instance, without rebooting. Then restart another instance using the AMI that you just created. Later, you can change your DNS (or Elastic IP) to point to your new instance.

Related

Permission denied (publickey) while accessing aws through ssh

I am trying to connect to my ec-2 free(t2.micro) instance through ssh from my PC.
I have created instance with default VPC. I am not able to connect it from my PC.
It is throwing me permission denied error.
I have checked the rules in the security group.
I have gone through the below url's to check the answer but no success.
AWS SSH connection error: Permission denied (publickey)
Troubleshooting Connecting to Your Instance
SSH: Permission denied (publickey)
Also when I run below command
sudo ssh -v -i tep-keyPair.pem ubuntu#ec2-52-XX-XXX-XX.us-west-2.compute.amazonaws.com
The below error came:
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-52-XX-XXX-XX.us-west-2.compute.amazonaws.com [52.XX.XXX.XX] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file tep-keyPair.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file tep-keyPair.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-52-XX-XXX-XX.us-west-2.compute.amazonaws.com:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ZeJ4XQUfgLkaMUEvjGohL/6FWKN9Gq4AXrPwL/i9t3M
debug1: Host 'ec2-52-XX-XXX-XX.us-west-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /var/root/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: tep-keyPair.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Please help me.. I am really stuck here
The fact that you are receiving a Permission denied (publickey) error indicates that you are successfully communicating with the instance, so the problem is not related to networking nor security groups.
Rather, the instance is not accepting a connection via the keypair you are providing. Therefore, you either need to provide it with the keypair it expects, or you can copy a new keypair to the instance.
To copy a different keypair to the instance, follow instructions on this StackOverflow answer, which is written for Ubuntu: Change key pair for ec2 instance

ElasticBeanstalk key pair update

You can change an EC2 instance key pair when deploying with ElasticBeanstalk, which is great. EB supposedly terminates current instance and launches a new one with whatever key pair you specified. So I created a new key pair (AWS console), downloaded a new *.pem file, updated my machine to use the key pair in EB. All good so far, EB re-launched the server. One little issue with this is that I can't ssh into the instance using the latest *.pem file. This is what I get (and I did do "chmod 400" on the pem file):
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 52.1.*.* [52.1.*.*] port 22.
debug1: Connection established.
debug1: identity file mypem.pem type -1
debug1: identity file mypem.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 6b:5a:e2:0c:c5:98:ff:34:6e:c6:2c:84:ea:a0:88:0f
debug1: Host '52.1.*.*' is known and matches the RSA host key.
debug1: Found key in /Users/sergey.novgorodsky/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mypem.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Could it be an EB issue? Any ideas?

AWS EC2 SSH: Permission denied (publickey)

I've configured my EC2 instance, and connected with SSH. But when I created a new Security Group with port rules I couldn't access via SSH anymore. Currently, my custom Security Group rules are:
SSH 0.0.0.0/0
HTTP 0.0.0.0/0
HTTPS 0.0.0.0/0
When I try ssh -v -i bodruk.pem ubuntu#ec2-54-149-134-92.us-west-2.compute.amazonaws.com I have the following error:
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Connecting to ec2-54-149-134-92.us-west-2.compute.amazonaws.com [54.149.
134.92] port 22.
debug1: Connection established.
debug1: identity file bodruk.pem type -1
debug1: identity file bodruk.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubu
ntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000
000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e2:13:af:e1:1b:70:f9:70:3b:cd:1d:7f:14:de:ce:90
debug1: Host 'ec2-54-149-134-92.us-west-2.compute.amazonaws.com' is known and ma
tches the ECDSA host key.
debug1: Found key in /c/Users/Thiago/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: bodruk.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Already tried this solution, but doesn't work. I changed the Key Pair twice and deleted the known_hosts file with no success.
Any idea?
Can you telnet to the instance with the ssh port? (telnet 'ip' 'port')
If you can telnet, so the problem probably in the Key Pair or something in your computer. And if not, its probably something with the Security Group and network.
I ran into this issue recently and the funny part is my pem file was owned by root instead of my user. When I did sudo chown user:group {pem file name}, I was able to ssh in without a problem.

AWS SSH connect from OSX keep asking for password for SSH Key

As per Ben's answer, I created a key pair, downloaded the private key into ~/.ssh , changed the permissions to 600 and tried to ssh the instance ... but got unauthorized erro :
$ ssh -v -i ~/.ssh/aws-erwin16.pem jack#ec2-nn-nn-nnn-nnn.us-west-2.compute.amazonaws.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/jack/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-nn-nn-nnn-nnn.us-west-2.compute.amazonaws.com [54.69.113.179] port 22.
debug1: Connection established.
debug1: identity file /Users/jack/.ssh/aws-erwin16.pem type -1
debug1: identity file /Users/jack/.ssh/aws-erwin16.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 85:e4:69:56:21:4d:32:1c:e9:5c:83:a5:cc:28:03:39
debug1: Host 'ec2-nn-nn-nnn-nnn.us-west-2.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/jack/.ssh/known_hosts:22
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jack/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/jack/.ssh/aws-erwin16.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
if I change the user name for ubuntu , and it runs fine... get connecte d..;
You have confused the X.509 Certificates with the Amazon EC2 Keypairs. EC2 Keypairs are used to log in to EC2 instances.
In the EC2 console, find the keypairs section on the left, generate a keypair, and save the private key locally to your disk. OpenSSH searches the ~/.ssh directory by default. Run chmod 600 ~/.ssh/<filename> to set the correct permissions. You can then use that key to access your instance via SSH.

Permission denied (publickey)

ssh -i [full path to keypair file] ec2-user#[EC2 instance hostname or IP address]
I did this and it worked before and suddenly I am getting Permission denied (publickey) error.
mac-pro:aws me$ ssh -i key.pem ubuntu#elastic_ip_address -v
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to elastic_ip_address [elastic_ip_address] port 22.
debug1: Connection established.
debug1: identity file key.pem type -1
debug1: identity file key.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu4
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'elastic_ip_address' is known and matches the RSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Incidentally, I am using the same key for three different EC2 instances. I am not sure this is the reason why I am getting this error. I can access two other EC2 instances over ssh using the same key. BUT I can not access only one instance.
correct user? ec2-user# or root#