Currently I have one computer properly set up to SSH into my EC2 instane, however I'm trying to connect another laptop as well. When I went to the AWS console to download another key pair and use it in Terminal to SSH, I get this error: Permission denied (publickey).
I've already tried performing the command chmod 400 /path/sshkey.pem but I still get a public key error. Does anybody know why this is?
Thanks so much!
p.s. the command I'm performing to SSH to my ec2 instance is: ssh -i /path/sshkey.pem ec2-user#ip.compute.amazonaws.com
I'm not totally clear on the scenario here, but I think you're saying you did things in this order:
Create an EC2 instance with keypair #1
Create a new keypair (#2)
Put the private key from keypair #2 on the new laptop
Try to log in to the instance.
If that's what you're describing, then the problem is that keypair #2's public key has never been installed on the EC2 instance. You need the private key on your client, and the matching public key on the server you're connecting to.
Once the instance already exists, creating a new keypair in AWS will not update the key on an existing instance. You'd have to log in to it (with keypair #1), and put the new public key in the proper place.
I haven't done that myself in a while, but according to this page, you'd edit ~ec2-user/.ssh/authorized_keys (a text file) and append the public key from your key pair (which is in a text format, too) to the end of the file. You'd might have to restart the sshd daemon, which the command sudo /sbin/service sshd restart should do. But try logging in with the new key first; if you make a mistake editing the file, you could lock yourself out. (It's safer to create a new account and update its .ssh/authorized_keys to avoid locking the ec2-user account out by mistake.)
If you are creating an ubuntu ec2 instance, you should login with
ssh -i /path/to/my_private_key.pem ubuntu#public-ip-address
Also its a good practise to copy the pem file on to the ~/.ssh/ folder and as you have mentioned 'ro' permission to the user only.
Related
I've done enough search on google and in this site, but I don't find any answer to my problem. I simply want to transfer file from local windows machine into remote ubuntu server.
This is the command I tried:
scp C:/Users/myself/Documents/personal/gd_bundle-g2-g1.crt bitnami#11.123.12.123:/etc/ssl/certs
I get this error:
Permission Denied (Publickey)
Obviously because I didnt key in the keyfile and I dont know where to key in. So please guide me how can I transfer file to remove server with public key specified.
Thanks
edit:
scp -i C:\Users\myself\Documents\personal\ppk\myfile.ppk bitnami#11.123.12.123:/C:/Users/myself/Documents/personal/gd_bundle-g2-g1.crt /etc/ssl/certs
Getting error : wrong format
You need to create an ssh key pair, a public and private key. There are many sites that explain how to do it, usually you run ssh-keygen, such as specified here.
The private key is "id_rsa" and the public key is "id_rsa.pub". On the remote machine you need to place the contents of id_rsa.pub at the end of the $HOME/.ssh/authorized_keys file. If you don't have an authorized_keys file then create one by copying id_rsa.pub there. You will need to use other means than scp to get it there.
Additionally your $HOME/.ssh directory on both machines needs to have good permissions, this is "chmod 700 .ssh" on a unix machine.
I need to establish SSH connection between 2 AMI Ec2 instances.
I have tried by generating new key pair with ssh-keygen method.
Even after copying public key id_rsa.pub from one instance to authorized_keys folder in another instance, I'm facing
"Permission denied (publickey)" error.
I feel I might have missed some simple step in this process.
Please provide steps to be followed in establishing ssh connection between two AMI EC2 instances by generating new key pair using ssh-keygen?
authoried_keys is not a folder, it is a file. Create the file: ~/.ssh/authorized_keys and copy the contents of the public key in the other machine. Once copied, ensure that security groups allow the ports.
The target server is a relatively clean install of Ubuntu 14.04. I generated a new ssh key using ssh-keygen and added it to my server using ssh-copy-id. I also checked that the public key was in the ~/.ssh/authorized_keys file on the server.
Even still, I am prompted for a password every time I try to ssh into the server.
I noticed something weird however. After I log into my first session using my password, the next concurrent sessions don't ask for a password. They seem to be using the ssh key properly. I've noticed this behaviour on two different clients (Mint OSX).
Are you sure your SSH key isn't protected by a password? Try the following:
How do I remove the passphrase for the SSH key without having to create a new key?
If that's not the case, it may just be that ssh is having trouble locating your private key. Try using the -i flag to explicitly point out its location.
ssh -i /path/to/private_key username#yourhost.com
Thank you Samuel Jun for the link to help.ubuntu.com - SSH Public Key Login Troubleshooting !
Just a little caveat:
If you copy your authorized keys file outside your encrypted home directory please make sure your root install is encrypted as well (imho Ubuntu still allows for unencrypted root install coupled with encryption of the home directory).
Otherwise this defeats the whole purpose of using encryption in the first place ;)
If this is happening to you on Windows (I'm on Windows 10)
Try running the program that you're trying to connect via ssh to the server as administrator.
For me I was using powershell with scoop to install a couple of things so that I could ssh straight from it. Anyway... I ran PowerShell as admin and tried connecting again and it didn't ask for my password.
For LinuxSE
Check the SE context with
% ls -dZ ~user/.ssh
Must contain unconfined_u:object_r:ssh_home_t:s0
If not, that was the problem , as root run
# for i in ~user/.ssh ~user/.ssh/*
do
semanage fcontext -a -t ssh_home_t $i
done
# restorecon -v -R ~user/.ssh
It looks like it's related to encryption on your home directory and therefore the authorized_keys file cannot be read.
https://unix.stackexchange.com/a/238570
Make sure your ssh public key was copied to the remote host in the right format. If you open the key file to edit it should read 1 line.
Basically, just do ssh-copy-id username#remote. It will take care of the rest.
I have two amazon ec2 instances
i can connect to those ec2 instance from my windows using putty (by the public key generated from the private key provided by amazon)
now i want to install tungsten replicator into my ec2 instances
and tungsten replicator needs ssh access from one ec2 instance to another ec2 instance
i tried to check that ssh is working or not from one ec2 instance to another
i tried:
ssh ec2-user#public ip of destination instance
//also tried
ssh ec2-user#private ip destination instance
but its not working
i got following error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
i have search on google and tried some trick but none of them worked
sometime i got following error:
Address public_ip maps to xxxx.eu-west-1.compute.amazonaws.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
can anyone please tell me how to connect ssh from one ec2 instance to another
I'd suggest you to create a special keypair for the tungsten user.
cd tungsten-user-home/.ssh
ssh-keygen -t rsa
mv id-rsa.pub authorized-keys
And then copy both files to the other host in the same place and permissions.
This will allow tungsten to work without requiring your own key.
Just like when you have to ssh from you local machine to an EC2 instance, you need to provide the ssh command the proper pem file:
ssh -i my_pem_file.pem ec2-user#private-or-public-ip-or-dns
Just in case anyone ponder on this question, here is my 2 cents.
Connecting one EC2 instance from another EC2 instance will work as suggested by "Uri Agassi". Considering best practices and security, it will be good idea to create and assign a role to source EC2 instance.
One way to allow one EC2 instance to connect to another is to set an ingress rule on the target EC2 instance that lets it accept traffic from the source EC2 instance's security group. Here's a Python function that uses Boto3 to do this:
import boto3
ec2 = boto3.resource('ec2')
def allow_security_group_ingress(target_security_group_id, source_security_group_name):
try:
ec2.SecurityGroup(target_security_group_id).authorize_ingress(
SourceSecurityGroupName=source_security_group_name)
logger.info("Added rule to group %s to allow traffic from instances in "
"group %s.", target_security_group_id, source_security_group_name)
except ClientError:
logger.exception("Couldn't add rule to group %s to allow traffic from "
"instances in %s.",
target_security_group_id, source_security_group_name)
raise
After you've set this, put the private key of the key pair on the source instance and use it when you SSH from the source instance:
ssh -i {key_file_name} ec2-user#{private_ip_address_of_target_instance}
There's a full Python example that shows how to do this on GitHub /awsdocs/aws-doc-sdk-examples.
See, if you have deployed both machines with the same key pair, or different, it's not a problem just go to your host ec2 machine and in .ssh folder make a key file with the same name of the key that is used to create the second machine, now use chmod 400 keypair name and then try ssh -i keyname user-name#IP
I had set up a ubuntu instance with rails package and also deployed my app, it is working fine.
But when i try to do SSH I its not allowing me for the remote login and throws errors like host key verification failed.
The problem seem to be persisting, kindly recommend the solution and I have attached a elastic IP to that and I am not able to see the public DNS, my instance is running in singapure region.
You may need to turn off StrictHostChecking by adding this option to ssh command line
-o StrictHostKeyChecking=no
As answered in more detail in your cross posted question on ServerFault: https://serverfault.com/questions/342228/unable-to-connect-to-the-aws-ec2-instance-host-key-verification-failed/342696#342696
Basically your ec2 elastic IP has previously been used with another server instance and your ssh client known hosts file does not match the new one for this IP. Remove offending line in known_host file. (More detail on Server Fault answer)
You need to log in to your instance with the private key that you set it to use.
Depending on your instance, the user might vary
ssh -i [private key file] [user]#[host]
Where user could be one of the following in my experience (or possibly others)
root
ec2-user
ec2user
bitnami
ubuntu