I am starting with fi-lab Cloud at at http://lab.fi-ware.org, then I created security key pair before start to create an instance. Associating the floating ip address to an instance and using this key pair under a ssh session is the only way to have terminal access to the created instance:
1 - tab security > key pairs > create
2 - given a name to keypair "kpname"
3- resulting in: The keypair "kpname" should download automatically. If not use the link below.
Download Keypair
Well, the "automatically download" doesn't started on google chrome browser (windows 7 and mac os 10.8.5)
No problem, I clicked on the provided link (blob:https%3A//cloud.lab.fi-ware.org/850xxxsnipedxxxxecd4), get the "kpname.pem" file, changed the file mode permission (chmod 600) and used with ssh command.
The problem is when I need to use another computer and not keep the key file stored on my hands (pendrive, dropbox, email...). This way I cannot access my virtual machine, neither creating a new keypair from fi-lab cloud site, because there is no function to associate a new key pair in a created instance. The only place to associate the keypair is on the creation instance workflow. That is, creating a new instance.
I dont know where to click to download again the same keypair. If not exists I believe the platform could offer download keypair in the context menu (action) from each created key pair.
The only "action" from each keypair is to delete a selected keypair.
thanks for help.
Related
I am doing a wordpress installation on GCP, this is done through deploying a wordpress in market:
After the successful deployment, I also set a static IP address to the instance:
I need to use FileZilla or WinSCP to connect to the instance or at least SSH into the instance in order to do some customization work.
Can anyone enlighten me on how to get it done? I see SSH keys created for some most likely deleted resource during my practice:
[UPDATE]:
I double checked the Firewall rules and see there is a rule allowing SSH:
[Update]
I tried SSH from the console (Compute Engine -> VM Instances), I got into somewhere, here is the detail:
Connected, host fingerprint: ssh-rsa 0 AD:45:62:ED:E3:71:B1:3B:D4:9F:6D:9D:08:16
:0C:55:0F:C1:55:70:97:59:5E:C5:35:8E:D6:8E:E8:F9:C2:4A
Linux welynx-vm 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3 (2019-09-02) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
xenonxie#welynx-vm:~$ ls
xenonxie#welynx-vm:~$ pwd
/home/xenonxie
xenonxie#welynx-vm:~$
Where is the Wordpress installation?
What is the footprint showing up here? pub key of the instance?
[SOLUTION]
Since the issue is now sorted out, I would like to add more specific screenshots here to help future readers on similar questions like mine:
Where is the wordpress installation?
You would need to SSH into the instance to find out there, there are couple ways to SSH into the instance:
1.1 Once you deploy a wordpress (or other Blog&CMS from Market), an instance is also created for that deployment, you can go to Compute Engine -> VM instances, the new instance will be displayed there.
Note: You would need to change the ip address to "static", otherwise the ip gets changed when instance is restarted.
1.2 on the very right end, you can SSH into the instance directly.
SSH through third party tool like PuTTY:
set up a session with config like below:
2.1 Create a new key pair with Putty Keygen as below:
2.2 Save the public key in Compute Engiine -> Metadata -> SSH Keys
2.3 Save the private key somewhere in your local, you will need it later
With the instance has the public key, you can proceed to create a putty session as below:
Note the IP address is the instance's static ip address, remember to include the user name
In the SSH tab, attach the private key saved earlier:
Now connect to the instance:
Similarly you can do this in WinSCP:
Big thanks to #gcptest_cloud, to make the post more intruitive and understandable to future readers, I recap it as below:
Where is the wordpress installation?
The original wordpress installation in in /var/www/html(thank you #gcptest_cloud) on the instance of the wordpress installation.
How to access the wordpress installation?
You would need to SSH into the instance to find out there, there are couple ways to SSH into the instance:
1.1 Once you deploy a wordpress (or other Blog&CMS from Market), an instance is also created for that deployment, you can go to Compute Engine -> VM instances, the new instance will be displayed there:
Note: You would need to change the ip address to "static", otherwise the ip gets changed when instance is restarted.
1.2 on the very right end, you can SSH into the instance directly:
SSH through third party tool like PuTTY:
2.1 Create a new key pair with Putty Keygen as below:
2.2 Save the private key somewhere in your local, you will need it later
2.3 Save the public key in Compute Engine -> Metadata -> SSH Keys
Note: You can also manually create the key with the copy and paste in .ssh folder in your home directory in the instance
With the instance has the public key, you can proceed to create a putty session as below:
Note the IP address is the instance's static ip address, remember to include the user name
In the SSH tab, attach the private key saved earlier:
Now connect to the instance:
Similarly you can do this in WinSCP:
Since this is a marketplace image, make sure you have firewall rule allowing port 22 and attach the target TAG to network tags of your VM.
After that, Click on the SSH button in the console, near the VM name. This is the simplest way to login into GCP instances
I referred this stackoverflow answer:
ssh key of newly created ec2 instance using boto
where if the keypair doesn't exist, it creates a new one and saves the private keypair.
However, I wish to save the keypair in s3 or some common place between mac and windows users. I know the directory hierarchy is different for both OS so how do I hard code a value that works for both?
My current code:
# Check to see if specified keypair already exists.
# If we get an InvalidKeyPair.NotFound error back from EC2,
# it means that it doesn't exist and we need to create it.
try:
key = ec2.get_all_key_pairs(keynames=[keypair_name])[0]
except ec2.ResponseError, e:
if e.code == 'InvalidKeyPair.NotFound':
print 'Creating keypair: %s' % keypair_name
# Create an SSH key to use when logging into instances.
key = ec2.create_key_pair(keypair_name)
key.save('https://s3.amazonaws.com/' + bucket_name)
else:
raise
The key.save line makes the url something like "https://s3.amazonaws.com/bucket_name\launch.pem"
The boto.ec2.keypair.KeyPair object's .save function saves the material (the unencrypted PEM encoded RSA private key) of a newly created KeyPair to a local file.
It is invalid syntax to use key.save('https://s3.amazonaws.com/' + bucket_name). Amazon S3 is not a local filesystem.
To store the file on S3, first download it to the local computer, then upload it via the S3 API calls.
It's worth mentioning that EC2 Key Pairs are provided for initial access to EC2 instances. Once you login to an instance, you should implement your own security for the instance, such as creating users and adding your own keypairs, or connecting to an LDAP or Active Directory server.
I'm trying to change my EC2 public key for myself, the rest of my team who uses AWS, and also for running instances.
So the old key was (for example) 'my_key', and I made a new key called 'my_key2'.
I made the new key, saved the .pem file alongside the old one, so both 'my_key.pem' and 'my_key2.pem' are residing in my ~/.ssh folder.
Now, I'm trying to ssh into other instances to change they authorization_keys to share my public key, but when I try to ssh, I get
amy$ ssh ***-**-**-***-***.foo.com
Permission denied (publickey).
I tried taking the new 'my_key2' file out of the .ssh folder, and the same problem occurs. I didn't have this problem before I started mucking around. Any tips on getting ssh to recognize my old certificates so that I can get everyone going on the new keys?
You will need to stop the instance (if EBS-backed instance) in order to change the key pair to be used for the instance. If not EBS-backed volume you will just need to start another instance from your AMI with the the new key pair.
If you are not able to easily restart the instance or create a new instance, there is this method which purports to being able to change public keys on a running instance, but I haven;t tried it. Really the right way to do it is by stopping/starting or creating new instances.
http://seabourneinc.com/2011/01/19/change-key-pairs-on-aws-ec2-instance/
http://seabourneinc.com/2011/01/19/change-key-pairs-on-aws-ec2-instance/
This solution works. I checked it.
In simple steps.
login to AWS console, create a new pem key, it will ask you to save it to local, save it.
run the following command.
ssh-keygen -y | tee my_key.pub
type the path to where you have saved the new pem key file along with the file name.
the above command will display the contents on the screen, copy it, and paste into the
authorized_keys file of the EC2 instance, save and close.
now you can use the saved/downloaded new pem key file to access the EC2 instance.
I am a newbie to Amazon web services, was trying to launch an Amazon instance and SSH to it using putty from windows. These are the steps I followed:
Created a key pair.
Added a security group rule for SSH and HTTP.
Launched and instance of EC2 using the above key pair and security group.
Using PuTTYgen converted the *.pem file to *.ppk
Using putty tried connecting to the public DNS of the instance and provided the *.ppk file.
I logged in using 'root' and 'ec2-user', and created the PPK file using SSH1 and SSH2, for all these attempts I get the following error in putty,
"Server refused our key"
Can you guys please help, any suggestions would be greatly appreciated.
I assume that the OP figured this out or otherwise moved on, but the answer is to use ubuntu as the user (if the server is ubuntu).
1) Make sure you have port 22 (SSH) opened in Security Group of EC2 Instance.
2) Try connecting with Elastic IP instead of public DNS name.
I hope you have followed these steps Connecting EC2 from a Windows Machine Using PuTTY
Another situation where I got the "Server refused our key" error when using putty, from windows, to ssh to an EC2 instance running ubuntu:
The private key was wrongly converted from .pem to .ppk.
puttygen has two options for "converting keys".
Load your .pem file into puttygen using the File->Load Private Key option and then save as .ppk file using the Save Private Key Button.
DO NOT use the menu option Conversions->Import Key to load the .pem file generated by EC2.
See the puttygen screenshots below, with the two menu options marked.
Check the username, it should be "ubuntu" for your machine.
Check if traffic is enabled on port 22 in Security group.
Check if you are using the correct url i.e ubuntu#public/elasticip
Maybe worth of checking one more thing. Go to AWS console, right mouse click on the instance and choose "Connect...". It will show you the DNS name that you want to use. If you restarted that instance at some point, that DNS name could have changed.
I had a similar problem when I tried to connect an instance created automatically by the Elastic Beanstalk service (EBS). But, once I linked my existing key name to the EBS (under Environment Details -> Edit Configuration -> Server Tab -> Existing Key Pair), I was able to login with 'ec2-user' and my existing key file (converted to .ppk) with putty.
This, however, terminates the running instance and rebuilds a new instance with access through the key pair named above.
Just in case it helps anyone else, I encountered this error after changing the permissions on the home folder within my instance. I was testing something and had executed chmod -R 777 on my home folder. As soon as this had occurred, once I had logged out I was effectively locked out.
You won't face this error if you SSH AWS directly using ".pem" file instead of converted ".ppk" file.
1) Use Git Bash instead of putty. Since you can run all the Linux commands in Git Bash. By installing Git you get to access Git Bash Terminal
2) Right click from the folder where you have ".pem" and select "Git Bash Here".
3) Your key must not be publicly viewable for SSH to work. So run "chmod 400 pemfile.pem".
4) Connect to your instance using its Public DNS - "ssh -i "pemfile.pem" ec2-user#ec2-x-x-x-x.us-west-1.compute.amazonaws.com"
5) Make sure to whitelist your Network IP for SSH in your_instance->security_group->inbound_rules
I assume you're following this guide, and connecting using the instructions on the subsequent page. Verify a couple of things:
You converted the key correctly, e.g. selected the right .pem file, saved as private key, 1024-bit SSH-2 RSA
The Auth settings (step 4 in the connection tutorial) are correct
I was having the same trouble (and took the same steps) until I changed the user name to 'admin' for the debian AMI I was using.
You should lookup the user name ofthe AMI you are using. The debian AMI is documented here
http://wiki.debian.org/Cloud/AmazonEC2Image/Squeeze
I have had this same problem. The AMI you are using is the one that is also used by the "Cloud Formation" templating solution.
In the end I gave up with that, and created a Red Hat instance. I was then able to connect by SSH fine using the user root.
The instructions here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html work fine using a Red Hat instance but not using an Amazon Linux instance. I assume they have some username that I didn't think to try (root, ec2-user, and many other obvious ones, all were refused)
Hope that helps someone!
I use Debain AMI and I try ec2-user, root but correct login is 'admin'.
I was getting the same error when I tried to create a new key pair and tried to use that new pem/ppk file. I noticed that the Key Pair Name field on the instance was still the old one and in poking around. Apparently, you can't change a key pair. So I went back to the original key pair. Fortunately, I didn't delete anything so this was easy enough.
Try an alternative SSH client, like Poderosa. It accepts pem files, so you will not need to convert the key file.
If you already have a key pair, follow these steps:
Convert *.pem to *.ppk using PuTTYgen (Load pem file key then Save ppk)
Add ppk auth key file to Putty SSH>Auth options
Enter "Host Name (or IP address)" field: ubuntu#your-ip-address-of-ubuntu-ec2-host))
I couldn't find any basic info for designers (on a mac) for how SSH keys work - so thought I'd ask them here.
If I want to connect my work workstation to:
Github
A DEV server
A LIVE server
Do I generate one ssh key on the workstation and add it to all those servers or do I generate multiple keys - one for each server?
Once I've generated a key (or keys), do I copy it into the id_rsa file in my user account on that server (I realize I may have to create the id_rsa file)?
And if I now want to access the same server but from my home laptop, do I add the laptop's ssh key to the same id_rsa file on the server or do I create a new file?
If I need to create a new file, does it matter what the file is called - laptop_rsa?
I basically want to disable root login on my servers but I don't really understand how SSH applies to multiple machines and multiple servers.
Any help or pointers in the right direction would be much appreciated.
Cheers
You only need one key for the local machine that you are connecting
to all three servers.
For the DEV server and the LIVE server, you can add the contents of
your id_rsa.pub file to the
authorized_keys file on each of the target servers.
This file will be in the ~/.ssh directory. You will
need to create the file if it's not there (touch
~/.ssh/authorized_keys). Adding your public key to this file
will let you login with your passphrase rather than a password.
Place all authorized keys (i.e. your laptops id_rsa.pub) in the same
authorized_keys file on the target server.
Adding your keys to authorized_keys doesn't affect root login (that is a separate setting), however, it will prevent people from attempting to brute-force your password if you then turn off password login.