Amazon EC2 Permission denied (publickey)

Question

Amazon EC2 Permission denied (publickey)

This seems to be a common problem, but my particular case seems a little different.

I installed a new instance of Amazon EC2 using command line tools and connected via SSH, and did some setup work.

Initially, although I could not connect to the instance, I had to stop and restart the instance, after which I was able to connect. Before rebooting, I received a response.

Permission denied (publickey).

That was last night, this morning I am returning to the same instance, and now all I get is

 Permission denied (publickey).

I tried to reload the instance without joy.

Can someone point me in the right direction? The same team that worked last night doesn't work anymore, I'm connecting to my Macbook Pro.

+72

ssh amazon-web-services amazon-ec2

Trevor Jan 28 2018-11-11T00:

source share

14 answers

Trevor · Answer 1 · 2011-01-28 09:50

I am going to answer my question if someone else sees the same ... Last night I did:

 ssh-add ~/.ssh/[keypair name]

then connected to:

 ssh ec2-user@[ec2 instance ip]

This morning I tried the same thing and could not connect. But do

 ssh -i ~/.ssh/[keypair name] ec2-user@[ec2 instance ip]

turns me on.

Using ssh-add in the key pair again makes me log in. I assume ssh-add only works inside the shell in which I released it. When I closed the terminal window and opened another, I no longer had this key pair available without an explicit one.

RyanM · Answer 2 · 2013-05-29 01:28

This was happening to me because I did not use the correct username. I was able to log in using the AMI used in the tutorial that I was running, but when I tried to use another AMI (ubuntu + LAMP from Bitnami), I would get a Permission denied (public key). error Permission denied (public key). . I finally realized that if I changed the username for the ami tutorial from ubuntu to ec2-user , I would get the same error.

So, quick google reports that the username for AMI Bitnami is bitnami . The problem is solved.

Bryan Rink · Answer 3 · 2011-12-09 07:10

I had a similar problem, and it turned out that it resolves the home folder. Fortunately, I still had another existing ssh connection, so I was able to check the log on an ec2 instance:

$ sudo less / var / log / secure

which contained:

 Dec 9 05:58:20 ... sshd[29816]: Authentication refused: bad ownership or modes for directory /home/ec2-user

This was fixed by issuing the command:

$ chmod og-rwx / home / ec2-user

I hope this helps someone else.

Postal · Answer 4 · 2012-01-18 22:10

Note that after restarting the instance, the dns name has changed. I fell for it several times. The key file is still valid, but the "server name" has changed.

Bruno Bronosky · Answer 5 · 2015-03-19 15:55

Thank!

I really appreciate @Trevor's answer here. I am going to add this little trick that I am now using to avoid this problem in the future.

Convenience

Since you need to create a different key pair for each availability zone, it becomes quite a challenge to manage all of them and the teams that use them. When configured correctly in ~/.ssh/config my ssh command is simple as:

 ssh ec2-52-10-20-30.us-west-2.compute.amazonaws.com

This is the full public DNS server in the US West 2 access zone. Because of this, the correct username and key are selected:

 ## ~/.ssh/config Host *.us-west-2.compute.amazonaws.com User ec2-user IdentityFile ~/.ssh/bruno-bronosky-aws-us-west-2.pem

TYMG · Answer 6 · 2017-04-21 04:45

If an EC2 instance uses Ubuntu ami 14.04. Try adding "ubuntu @" before the EC2 ip instance.

 ssh -i [key name] ubuntu@[EC2 instance ip]

Seeker · Answer 7 · 2013-03-12 16:46

Make sure the path to your private key is correct.

If your ssh client cannot find the private key that you are trying to provide, oddly enough, it will not give you an error! he simply will not use this key. It will use what you ever had under the commands .ssh / id_dsa and .ssh / id_ecdsa, which, of course, will weaken public key authentication.

ChrisJF · Answer 8 · 2015-01-21 02:04

I solved this by copying the contents of ~ / .ssh / id_rsa.pub to ~ / .ssh / authorized_keys in an EC2 instance.

This is stated in the documentation: http://docs.aws.amazon.com/opsworks/latest/userguide/security-ssh-access.html

Then I could ssh use this command:

 ssh ec2-user@[ip.address]

FrankCJ · Answer 9 · 2016-10-20 06:32

I searched the Internet all day for an answer. My question is the same. I was busy with the issue of permission, changed back and forth, but no one solved my problem. After testing with a new key and starting / ending several instances, I found that it relates to the same key name in different regions.

Like this: "I was allowed (publication)":
1. Follow the instructions, select us-east-1 as the default zone
2. Create the key name "mykey"
3. Exploring the world of AWS by following the examples in this book.
4. Once you try to check the speed in the Sydney zone, switch to the default Sydney zone.
5. Create another key, calling it "mykey" without hesitation, but do not use it to connect via cli for a couple of days. 6. Try connecting to AWS using cli.
7. Received "Permission denied (publickey)".
8. I worked for many hours to debug the ssh problem until I noticed a problem with the key / zone.

Hope this helps beginners like me.

To avoid this problem, I believe that it is best practice to name a key by joining an area to it.

Alex Yao · Answer 10 · 2016-10-21 16:01

I also got: Permission denied.

I used:

 ssh -v -i ~/.ssh/pemfile ec2-user@xx.xx.xx.xx

and the answer was:

 debug1: No more authentication methods to try.

Enter the command:

 ssh-add -l

But the answer was empty

So, I think there is something wrong with the format in the pen file. Then I found the pen file downloaded from the ec2 website and moved it. Before that, I created a new file and parsed the text from the downloaded pem file into the ".ssh" directory, and then:

 ssh-add filename

It was a success.

gaurav arora · Answer 11 · 2017-08-29 08:12

I changed the permissions to 600, although the permissions for the pem file were already 644. And it worked: p hope this helps

user9357559 · Answer 12 · 2018-04-07 22:59

There was the same problem, here is what you have to do. First of all, if you have Windows, use the Babun command line, which is similar to Linux. After receiving this command line, open it and enter ssh-i [key pair path] [username]@[EC2 public IP]. To find the path for a key pair, go to the file where your key is stored, hold Shift and right-click and click Copy Path, and then paste it to where this path goes in the above command. You will probably get "" marks on the outside of the path you inserted and \ backslash. Remove the "" marks and replace the \ backslash with regular slashes /. It worked in a situation like mine, good luck to you.

tadtab · Answer 13 · 2019-01-16 07:07

Connecting to EC2 from cli is a bit complicated, at least for the first time. If you go to "

Services -> Compute -> EC2 -> Launch Instances> and select the instance you want ssh -> connect

"Then you will see a dialog box describing how to connect to it. Part of this is shown below.

If you use number 4 without the ec2-user@ preceding it, you will get

 Permission denied (publickey).

Just copy and paste the one below in "Example:.

entropy · Answer 14 · 2019-07-25 20:38

In my case, the reason was because I changed the permissions of the root folder using chmod. On the AWS website, they describe a long way to change permissions using a different temporary instance. However, I just interrupted the old instance and started another, and this time did not make any changes to the permissions of the root directory, and everything is in order.

Amazon EC2 Permission denied (publickey)

Thank!

Convenience

More articles: