Unable to ssh to Amazon EC2 account. (public key e

2019-05-07 18:32发布

站内问答 / 前沿技术
1113 3 6

I just started an EC2 instance and I am having difficulty initiating an ssh connection. Note that I had a previous EC2 instance that worked fine for ssh using this same key. I am confused because i started this new EC2 instance using the same key pair.

Below is what I have tried. Any expert advice on what might be going on here? And how to fix it?

me@ubuntu:~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
RSA key fingerprint is aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts.
Permission denied (publickey).

me@ubuntu:~/keys$ chmod 400 mykey.pem
me@ubuntu:~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4
Permission denied (publickey).

me@ubuntu:~/keys$ ssh -v -i mykey.pem ubuntu@1.2.3.4
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc
debug1: Host '1.2.3.4' is known and matches the RSA host key.
debug1: Found key in /home/me/.ssh/known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mykey.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

3条回答
We Are One
2楼-- · 2019-05-07 19:19

Try:

chmod 600 [FULL_PATH_TO_KEYFILE_DIRECTORY]/mykey.pem

instead.

And if your AMI is Amazon AMI, use ec2-user for your user name.

If still not working, try put the following to your ~/.ssh/config:

IdentitiesOnly yes
KeepAlive yes
ServerAliveInterval 60
Host ALAIS_FOR_YOUR_HOST
    User ubuntu
    HostName HOST_IP
    IdentityFile FULL_PATH_TO_KEY_FILE
查看更多
0人赞 添加讨论(0) 举报
别忘想泡老子
3楼-- · 2019-05-07 19:25

The keypair which You are using must be wrong/lost and there is no way you can recover the Private key pair as i had once lost the .pem file and have to recreate and instance. Its like a password and Amazon don't save the private key for security reasons.

To fix it.

Go to the aws management console 1. stop the instance and create an AMI image of the same. 2. Launch a new instance using the AMI Image created and a new keypair attached to it. 3. Then assign the elastic IP Which was previously assigned to the old instance. 4. If everything works fine remove the old instance.

And hence forth save the XXXX.pem file somewhere online.

查看更多
0人赞 添加讨论(0) 举报
Juvenile、少年°
4楼-- · 2019-05-07 19:30

The key debug log is this:

debug1: Roaming not allowed by server

Were you connecting from a 3g/4g hotspot? Amazon EC2 is blatantly ignoring your pem file.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)