I read this post:
AWS ssh access 'Permission denied (publickey)' issue
The information there is relevant, but does not help me solve my issue. I used to be able to login to my linux instance on AWS using ec2-user using the following command:
ssh -i key.pem ec2-user#[address].compute-1.amazonaws.com from my MacBook terminal
over the past few weeks, I'm getting this error now:
"Permission denied (publickey)."
I tried
ssh -v -i key.pem ec2-user#[address].compute-1.amazonaws.com from my MacBook terminal
and I get this output:
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to [address].compute-1.amazonaws.com [address] port 22.
debug1: Connection established.
debug1: identity file key.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[address].compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in [path]/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Any advice on what's going on? How to get around this?
I have another user account on this instance that I previously created. I am able to login with that, and sudo into the root. I just cannot login with ec2-user anymore.
Thanks!
You may have to log in as root. If using a bitnami image, login as 'bitnami'
e.g. ssh -v -i key.pem bitnami#[address].compute-1.amazonaws.com
Related
I made a new EC2 instance on AWS including a new key pair and adding SSH to the security group. Here's the output trace:
ssh.exe : OpenSSH_7.1p2, OpenSSL 1.0.2h 3 May 2016 At line:1 char:4
+ ssh <<<< -v -i .\CHEFtutorial.pem ec2-54-148-153-153.us-west-2.compute.amazo naws.com 2> out.txt
+ CategoryInfo : NotSpecified: (OpenSSH_7.1p2, ....2h 3 May 2016 :String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to
ec2-54-148-153-153.us-west-2.compute.amazonaws.com [54.14
8.153.153] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file .\CHEFtutorial.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file .\CHEFtutorial.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_7.2p2 Ubun tu-4ubuntu2.1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat
0x04000000 debug1: Authenticating to
ec2-54-148-153-153.us-west-2.compute.amazonaws.com:22 as 'i861009'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com
none
debug1: kex: client->server chacha20-poly1305#openssh.com
none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:8jkpw+J1G8Lx8eamhiOYm0xTtCA
+ElsRgJznVyK7Rnw
debug1: Host 'ec2-54-148-153-153.us-west-2.compute.amazonaws.com' is
known and matches the ECDSA host key.
debug1: Found key in /c/Users/i861009/.ssh/known_hosts:2
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey debug1: Trying private
key: .\CHEFtutorial.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try. Permission denied
(publickey).
The input was ssh -v -i .\CHEFtutorial.pem ec2-54-148-153-153.us-west-2.compute.amazonaws.com. For what reason would the server be rejecting the key? I have not played with any permissions information, which other answers to this question have noted as an issue.
You have to also mention the name of the user you're doing ssh to on that server.
E.g. if the machine is an Ubuntu instance I'll have to do
ssh -v -i .\CHEFtutorial.pem ubuntu#ec2-54-148-153-153.us-west-2.compute.amazonaws.com
Try to find out the corresponding user for your machine. You can get it in AWS docs, I guess. Then just prefix username# before the server address.
Please make sure the permission of the pem file is 400
Go the Directory where pem file exist and execute
sudo chmod 400 CHEFtutorial.pem
then execute
ssh -v -i CHEFtutorial.pem username#ec2-54-148-153-153.us-west-2.compute.amazonaws.com
If it is an ubuntu servers provide username as ubuntu and for rhel or centos servers provide username as ec2-user.
Note:- if the owner of the pem file is root , provide the command with sudo
This answer is specifically designed for this type of question, but it has not yet been as clear to me as to its hundreds of upvoters.
I put my key in Downloads. It's found, but it seems like it's not considered a a public key when I use user ubunto. The output is at the bottom of this post. I changed permissions using sudo chmod 600 ~/downloads/mykey.pem but had the same result. I changed permissions using sudo chmod 700 ~/downloads/mykey.pem and had the same result too. From this answer, I tried sudo chown -R me ~/downloads/mykey.pem, then sudo chgrp -R 501 ~/downloads/mykey.pem where uid=501(me).
I have tried ec-2 and root as users without success.
with root as ec-2
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
with root as user
skipping output lines
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentication succeeded (publickey).
The authentication succeeds, but the connection closes.
skipping output lines
debug1: channel 0: free: port listener, nchannels 2
debug1: channel 1: free: port listener, nchannels 1
Connection to ec2-[myPublicIP].compute-1.amazonaws.com closed.
Transferred: sent 3264, received 2456 bytes, in 10.3 seconds
Bytes per second: sent 316.6, received 238.2
debug1: Exit status 0
Here is the output using user ubunto that the title of this question refers to:
ssh -v -i ~/downloads/mykey.pem -L 60051:localhost:60051 ubunto#ec2-[mypublicIP].compute-1.amazonaws.com
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ec2[mypublicIP].compute-1.amazonaws.com [[mypublicIP]] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-[mypublicIP].compute-1.amazonaws.com:22 as 'ubunto'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:85gcFh6LySYszjod4WIx5wu7BUvKwL4M6EAcZkv0zGw
debug1: Host 'ec2[mypublicIP].compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:11
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
What AMI are you using?
The default user in a stock Ubuntu AMI is ubuntu, not ubunto.
Unless you've created a special AMI that sets up an ubunto user, the user won't exist on the AMI, and hence fail to authenticate.
I have an AWS instance of Bitnami Wordpress.
Trying to connect using this command:
ssh -N -L 8888:127.0.0.1:80 -i wordpress.pem bitnami#52.91.239.245 -v
I get this...
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 52.91.239.245 [52.91.239.245] port 22.
debug1: Connection established.
debug1: identity file wordpress.pem type -1
debug1: identity file wordpress.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 51:1d:50:cd:89:30:dc:7b:8d:17:85:f4:03:45:c1:54
debug1: Host '52.91.239.245' is known and matches the RSA host key.
debug1: Found key in /Users/OWNER/.ssh/known_hosts:18
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: wordpress.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I have .ssh permissions as follows:
sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R OWNER ~/.ssh/
Does this mean the publickey was not found? That it could not be read?
I deleted the instance and started over. This time I created a new .pem instead of reusing an existing one. When I created the instance with that new .pem, I got in. I think reusing the .pem may have been the problem. Thanks for the help folks!
I can't ssh to my remote server even tho I already put there my public_key. Here is the log when I did a "ssh -v ubuntu#website.com":
ssh -v ubuntu#plumbersserver.net
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/kevinyee/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to plumbersserver.net [::1] port 22.
debug1: connect to address ::1 port 22: Connection refused
debug1: Connecting to plumbersserver.net [54.206.17.8] port 22.
debug1: Connection established.
debug1: identity file /Users/kevinyee/.ssh/id_rsa type 1
debug1: identity file /Users/kevinyee/.ssh/id_rsa-cert type -1
debug1: identity file /Users/kevinyee/.ssh/id_dsa type -1
debug1: identity file /Users/kevinyee/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA cf:a8:01:57:1f:f6:3f:9e:6a:2a:8f:e4:0c:ce:8d:a3
debug1: Host 'plumbersserver.net' is known and matches the RSA host key.
debug1: Found key in /Users/kevinyee/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/kevinyee/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/kevinyee/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Please help. I don't know what I'm doing wrong.
Since you are logging in as 'ubuntu' user, in the ec2 instance, your public key should be appended to the file: /home/ubuntu/.ssh/authorized_keys. If the file does not exist, create the file with your public key contents and ensure that the file permissions is set to 600.
Try these troubleshooting steps:
Ensure that your public key has been saved in the correct directory: /home/ec2-user/.ssh
Ensure your public key has the correct permissions assigned to it: 0600
chmod 0600 /home/ec2-user/.ssh/your_public_key
Ensure that you are using the correct private key when connecting by using the -i flag for ssh. ssh -i ~/.ssh/your_private_key.pem ec2-user#website.com
Make sure your private key also has the correct permissions of 0600
If you are unable to connect to the instance at all in order to verify steps 1 & 2 above, then stop the instance, detach the root volume, and attach and mount it to an available instance.
I am trying to connect to my EC2 instance and getting the following error.
Command I'm running: ssh -v -i key.pem ubuntu#[my instance address]
I changed the permissions on the key file to 600 as I've seen in other threads, but that didn't solve the problem.
Output I'm getting:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-54-247-2-128.eu-west-1.compute.amazonaws.com [54.247.2.128] port 22.
debug1: Connection established.
debug1: identity file /Users/avimeir/.ssh/id_rsa type 1
debug1: identity file /Users/avimeir/.ssh/id_rsa-cert type -1
debug1: identity file /Users/avimeir/.ssh/id_dsa type -1
debug1: identity file /Users/avimeir/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ae:42:29:3d:3e:c0:a8:04:7f:19:9c:c0:52:00:a4:1e
debug1: Host 'ec2-54-247-2-128.eu-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/avimeir/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/avimeir/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: ninja.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/avimeir/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Be sure to check:
The SSH keypair file
The username. For example: root, ec2-user, ubuntu, ...
The hostname of your server. For example, if you stop your instance, it will get a new IP address.
If you are using Ubuntu Cloud Guest official image, you can check the Ubuntu EC2 Starter's Guide.
Managed to solve it by editing /etc/ssh_config (on OSX) and adding the following line:
ChallengeResponseAuthentication yes