I have deployed an on premise instance of GitLab (using the steps described in https://docs.gitlab.com/ee/install/docker.html), created a user, generated a key pair and uploaded the public key by following the steps in https://docs.gitlab.com/ee/ssh/.
The private key is located in directory ~/.ssh with 600 permissions, and file ~/.ssh/config is as follows:
Host gitlab.mycompany.com
Hostname gitlab.mycompany.com
User myusername
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
TCPKeepAlive yes
However, I'm getting error 'Permission denied (publickey)' when trying to establish an SSH connection:
$ ssh -vT git#gitlab.mycompany.com
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/myusername/.ssh/config
debug1: /home/myusername/.ssh/config line 1: Applying options for gitlab.mycompany.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to gitlab.mycompany.com [12.345.678.90] port 22.
debug1: Connection established.
debug1: identity file /home/myusername/.ssh/id_rsa type 0
debug1: identity file /home/myusername/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to gitlab.mycompany.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:9FbhbOAyNvky0M+CtyEOT8tBBimwF8aOpDH0zr+6+2Y
debug1: Host 'gitlab.mycompany.com' is known and matches the ECDSA host key.
debug1: Found key in /home/myusername/.ssh/known_hosts:29
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/myusername/.ssh/id_rsa RSA SHA256:uekBVw1MVUz2V4LgS//w1mAP9wBRr1oomLK5uYtfJDE explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/myusername/.ssh/id_rsa RSA SHA256:uekBVw1MVUz2V4LgS//w1mAP9wBRr1oomLK5uYtfJDE explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git#gitlab.mycompany.com: Permission denied (publickey).
I believe the issue is on the server side because I was able to establish a successful connection to gitlab.com using the same key pair.
Any ideas on how to troubleshoot this issue?
Additional Details
Something I did not mention in my initial description of the issue is that GitLab was deployed as a container, so I'm thinking what might be happening is that the host is reachable over port 22, but it might not be re-directing to the GitLab container.
Check /var/log/auth.log on your Gitlab host. It tends to have more details on authentication errors. Look for sshd entries.
I managed to resolve the issue :)
Turns out, I missed the --publish 22:22 directive when creating the container.
sudo docker run --detach \
--hostname gitlab.mycompany.com \
--publish 443:443 --publish 80:80 --publish 22:22 \
--name gitlab \
--restart always \
--volume $GITLAB_HOME/config:/etc/gitlab:Z \
--volume $GITLAB_HOME/logs:/var/log/gitlab:Z \
--volume $GITLAB_HOME/data:/var/opt/gitlab:Z \
gitlab/gitlab-ee:latest
The resolution was:
Stop the container
$ sudo docker stop gitlab
Turn off docker
$ sudo systemctl stop docker
Edit file /var/lib/docker/containers/[container id]/hostconfig.json to change PortBindings from
"PortBindings":{"443/tcp":[{"HostIp":"","HostPort":"443"}],"80/tcp":[{"HostIp":"","HostPort":"80"}]}
to
"PortBindings":{"443/tcp":[{"HostIp":"","HostPort":"443"}],"80/tcp":[{"HostIp":"","HostPort":"80"}],"2222/tcp":[{"HostIp":"","HostPort":"22"}]}
(I opted to use port 2222 instead)
Start up docker
$ sudo systemctl start docker
Start the container
$ sudo docker start gitlab
The above allowed me to successfully connect:
$ ssh -T git#gitlab.mycompany.com -p 2222
Enter passphrase for key '/home/<username>/.ssh/id_rsa':
Welcome to GitLab, #<username>!
Related
This command for connecting to my aws server works well:
ssh -i my_pem.pem ubuntu#ec2-xx-xx-xx-xx.eu-west-1.compute.amazonaws.com
But this not:
$ scp -v -i my_pem.pem file1 file2 ubuntu#ec2-xx-xx-xx-xx.eu-west-1.compute.amazonaws.com:/home/ubuntu/folder1
UPDATE1:
$ ssh -v -i 123.pem ubuntu#xx-xx-xx-xx.xx-west-1.compute.amazonaws.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com [11.22.33.44] port 22.
debug1: Connection established.
debug1: identity file docs/toh_server.pem type -1
debug1: identity file docs/toh_server.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA xx:bb:cc:dd:ee:fdsfdsfdsfdsfdsfds
debug1: Host 'xx-xx-xx-xx.xx-west-1.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/me123/.ssh/known_hosts:19
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: docs/toh_server.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com ([11.33.44.55]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_HK.UTF-8
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-48-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information disabled due to load higher than 2.0
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
Error:
Executing: program /usr/bin/ssh host ip-xx-xx-xx-xx, user ubuntu, command scp -v -d -t /home/ubuntu/folder1
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
ssh: Could not resolve hostname ip-xx-xx-xx-xx: Name or service not known
lost connection
What's the matter?
See the difference
debug1: Connecting to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com [11.22.33.44] port 22.
and
Executing: program /usr/bin/ssh host ip-xx-xx-xx-xx, user ubuntu, command scp -v -d -t /home/ubuntu/folder1
ssh: Could not resolve hostname ip-xx-xx-xx-xx: Name or service not known
Your scp is connecting somewhere else and since you obfuscated the IPs/addresses I have no idea if that is intention or that the it really does.
The scp is parsing your files and probably found some : character in your file name (first guess about # was false) and parses that filename as host:path? Give it a try with only one of the files, post the real name of files.
Or rather use sftp. It does not care about the syntax on command line. Just sftp your host and then:
cd folder1
put my_file file2
I was using Ubuntu precise32 and switched to 14.04. I use Jeffrey Way's setup (https://github.com/JeffreyWay/Vagrant-Setup) and that works. I can do 'vagrant ssh' and log in, and log into root with username/password root/root.
When I try using Sequel Pro for a GUI, I get the following error:
Used command: /usr/bin/ssh -v -N -o ControlMaster=no -o ExitOnForwardFailure=yes -o ConnectTimeout=10 -o NumberOfPasswordPrompts=3 -i /Users/chrisfarrugia/.vagrant.d/insecure_private_key -o TCPKeepAlive=no -o ServerAliveInterval=60 -o ServerAliveCountMax=1 -p 2222 vagrant#127.0.0.1 -L 52688/127.0.0.1/3306 -L 52689/127.0.0.1/3306
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /Users/chrisfarrugia/.vagrant.d/insecure_private_key type -1
debug1: identity file /Users/chrisfarrugia/.vagrant.d/insecure_private_key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 9d:7c:86:00:20:5a:ca:ef:a0:8a:01:c6:ad:34:cf:de
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
9d:7c:86:00:20:5a:ca:ef:a0:8a:01:c6:ad:34:cf:de.
Please contact your system administrator.
Add correct host key in /Users/chrisfarrugia/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/chrisfarrugia/.ssh/known_hosts:1
RSA host key for [127.0.0.1]:2222 has changed and you have requested strict checking.
Host key verification failed.
What am I doing incorrectly here? Here's a screenshot of my setup in Sequel Pro.
I found my answer. I had to remove the entry already in my known_hosts file for 127.0.0.1 and it worked after that.
The file is located at ~/.ssh/known_hosts
Despite my best efforts, I cannot seem to get agent forwarding on Vagrant. I'm running OS X with the following vagrant/virtualbox combo:
[chrisshorrock:~]$ vboxwebsrv --version
Oracle VM VirtualBox web service Version 4.2.18
(C) 2007-2013 Oracle Corporation
All rights reserved.
4.2.18r88780
[chrisshorrock:~]$ vagrant --version
Vagrant 1.3.5
Firstly - in my vagrant file I have
config.ssh.forward_agent = true
I've confirmed that my key (on my os x box) is added to my ssh agent with:
ssh-add -L
My ~/.ssh/config file contains the following:
Host 127.0.0.1
ForwardAgent yes
I can connect to outside servers, and have confirmed that something like:
ssh -T git#github.com
Works properly (both locally and remotely indicating that ssh agent forwarding functionality seems correct on the OS X box), however, when I connect to my vagrant instance, I have no such luck:
[chrisshorrock:~]$ ssh -v vagrant#127.0.0.1 -p 2222
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/chrisshorrock/.ssh/config
debug1: /Users/chrisshorrock/.ssh/config line 35: Applying options for 127.0.0.1
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /Users/chrisshorrock/.ssh/id_rsa type 1
debug1: identity file /Users/chrisshorrock/.ssh/id_rsa-cert type -1
debug1: identity file /Users/chrisshorrock/.ssh/id_dsa type -1
debug1: identity file /Users/chrisshorrock/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 50:db:75:ba:11:2f:43:c9:ab:14:40:6d:7f:a1:ee:e3
debug1: Host '[127.0.0.1]:2222' is known and matches the RSA host key.
debug1: Found key in /Users/chrisshorrock/.ssh/known_hosts:29
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/chrisshorrock/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to 127.0.0.1 ([127.0.0.1]:2222).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
debug1: Sending env LC_CTYPE = en_CA.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-56-generic x86_64)
* Documentation: https://help.ubuntu.com/
Welcome to your Vagrant-built virtual machine.
Last login: Fri Nov 22 09:58:24 2013 from 10.0.2.2
[vagrant:~]$ ssh -T git#github.com
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
I'm at a loss of things to try.
Problem solved. The box was using oh-my-zsh, which had the plugins defined as:
plugins=(git cp command-not-found git-extras gnu-utils history pip python ruby screen ssh-agent svn)
The culprit here was the ssh-agent helper for oh-my-zsh.
I am trying to setup password-less login into my localhost for a distributed computing tutorial. (I've set it up successfully for multiple remote hosts.) I went through the normal steps of generating an rsa key and appending the public key to authorized_keys but I am still prompted for a password. I've also enabled RSAAuthentication and PubKeyAuthentication in /etc/ssh_config. Following other suggestions I've seen, I tried:
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
But the problem persists.
Here is the output from ssh -v localhost:
(tutorial)bnels21-2:tutorial bnels21$ ssh -v localhost
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/bnels21/.ssh/id_rsa type 1
debug1: identity file /Users/bnels21/.ssh/id_rsa-cert type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 1c:31:0e:56:93:45:dc:f0:77:6c:bd:90:27:3b:c6:43
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/bnels21/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/bnels21/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: id_rsa3
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/bnels21/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
Any suggestions? I'm running OSX 10.8.
Since you seem to have multiple keys I would assign the specific key to a specific connection in ~/.ssh/config.
Example:
Host local
HostName 127.0.0.1
Port 22
User your_username
IdentityFile ~/.ssh/your_key-id_rsa
Then just try to ssh local.
I had same problem. I checked the system passwd and group files, and discovered that my user and group was not present. To build this files (my user was a domain user) I need to run two commands at cygwin shell:
mkpasswd -l -d > /etc/passwd
mkgroup -l -d > /etc/group
After that, ssh works fine!
Elvys Borges
It looks like you are using protocol version 2.0 when connecting to localhost, so try moving authorized_keys to authorized_keys2.
Source: this post explains the difference between the two keys files.
I was at my wits end... I was under the mistaken impression ssh-copy-id was a Linux-only utility. Finally I just swallowed my pride and typed the command is the macOS Terminal and it worked!
ssh-copy-id me#sshd-server
I don't know what magic ssh-copy-id does, but it just worked. I was able to log in without a password successfully with the simple command:
ssh me#sshd-server
I had zero luck with cat id_rsa.pub >> ~/.ssh/authorized_hosts. Every time I tried ssh'ing to the server it just kept asking me for the passphrase. This is with the correct 600 permission on authorized_hosts and 700 on ~/.ssh.
I was connecting my ec2 instance via ssh well,after adding new EBS volume restarted the machine by 'sudo shutdown -r now'
And after that I tried to access by using follwing command:
ssh -v -i primary_key.pem ubuntu#ec2-23-22-245-160.compute-1.amazonaws.com
which is retuning like below:
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/caveman/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to ec2-23-22-245-160.compute-1.amazonaws.com [23.22.245.160] port 22.
debug1: Connection established.
debug1: identity file primary_key.pem type -1
debug1: identity file primary_key.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-23-22-245-160.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/caveman/.ssh/known_hosts:31
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: primary_key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
What is wrong?Any point that I am missing?
This is normal Amazon EC2 behaviour. After restarting the instance, associated public Ip (yours was ec2-23-22-245-160.compute-1.amazonaws.com) will be changed.
There are 2 way to connect your instance via ssh
Log into your Amazon AWS Console and check running instance then copy Public DNS and try to connect with ssh. (ssk key is the same)
If you don't want your instance's public ip to change on every restart/termination use Elastic IP. Elastic Ips associated with account (not the instance) so you can assign Elastic Ip on any instance you want.
You can connect with ssh ssh -v -i primary_key.pem ubuntu#<ElasticIp>
I had the similar issue. Here is what I did..!
ssh -i < .pem file> -vvv <server IP>
The above command will show debug logs and after ECDSA key is accepted you are in.