All geek questions in one place

Failed to execute ssh for Amazon EC2 account. (public key error)

I just started an EC2 instance, and it's hard for me to start an ssh connection. Note that I had a previous EC2 instance that worked fine for ssh using the same key. I got confused because I started this new instance of EC2 using the same key pair.

Below I have tried. Any expert advice on what could happen here? And how to fix it?

me@ubuntu :~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4 The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established. RSA key fingerprint is aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts. Permission denied (publickey). me@ubuntu :~/keys$ chmod 400 mykey.pem me@ubuntu :~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4 Permission denied (publickey). me@ubuntu :~/keys$ ssh -v -i mykey.pem ubuntu@1.2.3.4 OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22. debug1: Connection established. debug1: identity file mykey.pem type -1 debug1: identity file mykey.pem-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc debug1: Host '1.2.3.4' is known and matches the RSA host key. debug1: Found key in /home/me/.ssh/known_hosts:10 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: mykey.pem debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
+4
source share
3 answers

The key-key that you use must be incorrect / lost, and you cannot recover the private key pair, as I once lost the .pem file and must recreate the instance as well. It as a password and Amazon do not save the private key for security reasons.

To fix it.

Go to the aws management console 1. stop the instance and create an AMI image of the same. 2. Launch a new instance using the created AMI image and a new key pair attached to it. 3. Then assign the elastic IP that was previously assigned to the old instance. 4. If everything works fine, delete the old instance.

And therefore, save the XXXX.pem file somewhere on the Internet.

+2
source

Try:

 chmod 600 [FULL_PATH_TO_KEYFILE_DIRECTORY]/mykey.pem

instead.

And if your AMI is Amazon AMI , use ec2-user for your username.

If you are still not working, try putting the following in your ~/.ssh/config :

 IdentitiesOnly yes KeepAlive yes ServerAliveInterval 60 Host ALAIS_FOR_YOUR_HOST User ubuntu HostName HOST_IP IdentityFile FULL_PATH_TO_KEY_FILE
0
source

The key debug log is the following:

 debug1: Roaming not allowed by server

Have you connected from a 3g / 4g access point? Amazon EC2 explicitly ignores your pem file.

0
source

Source: https://habr.com/ru/post/1410793/

More articles:


All Articles