I am trying to access an ec2 instance using a different (mac) computer. In order to do so, I created a new keypair, used chmod 600 to set the permission, and then used ssh-add. When I try to ssh into my ec2 instance, I get "permission denied (publickey)". I'm sure my error is something idiotic and simple, but I can't seem to find it, can anyone help me out?
You need to ensure the ~/.ssh/id_rsa.pub (if it's an RSA key) from your Mac is appended to the ~/.ssh/authorized_keys file on the target machine. Normally, if this is a default Amazon API, the user is "ec2-user" -- ~ec2-user/.ssh/authorized_keys
REMEMBER TO APPEND and not remove other entries in that file -- else, you risk locking yourself out of that machine ...
is your private key on the new computer?
You need to put that on the computer you ssh in with. I usually keep mine on a flash drive.... I am not running linux atm so i forget the default directory it checks. Maybe this joggs your memory some. I think the directory would be like ~/.id_rsa/ or something?
Related
I would like to connect to a Windows server via SSH with private and public key from my local Windows machine.
The problem is that I can not figure out how and am asked to enter the password every time.
Eventually I want to setup remote coding with vs code but as the ssh program faces the same problem as in VS code I think we can leave VS code out of the picture.
Generally the connection to the server is working. So if I type ssh {myuser}#{servername} I am prompted to write my password and afterwards the console is connected to the server.
Now I would like to set it up in a way that I do not need to write my password every time, there for I setup public and private key following this tutorial.
But the system still ask my for a password each time. Does anyone know what the problem might be?
I would guess that the permissions might be an issues. In the link listed above they mentioned that I should set the permissions to 700 for the .ssh folder and 640 for the authorized_keys file. As Windows does not hove the chmod command (or at least it does not seem to change the permissions) this could be the problem.
I have also put the public key in the authorized_keys file of the .ssh folder of the user I am using.
Also as the copying with cat and | did not work I moved the files there manually but otherwise is sticked to the tutorial.
Does anyone know what the issue is?
Furthermore I managed to connect both the server and the client to a bit bucket server using ssh key with out a problem.
After allowing an application to install ssh keys on my local machine, I can no longer connect to my Digital Ocean shell. (The app is not related to DO; totally different.) I get a
Permission denied (public key)
error that, with -vvv, debugs to
Trying private key: /Users/macbook/.ssh/id_dsa
no such identity: path/.ssh/id_dsa: No such file or directory
My keys are rsa. I have no idea why the machine is asking for dsa.
My .ssh/config file (which I have never read until now) has only information about the application I allowed access. Maybe it was overwritten. If this is the case, could you tell me how to rewrite my .ssh/config file?
My keys on my cloud server (accessed through a DO gui shell) and on my machine still match up. The folder permissions are ok. I've been using this for months with no trouble until now.
Any suggestions?
Edit:
This was probably a result of the third party application overwriting my .ssh/config file. Because the writing of this file was always automated for me, I never took any notice of it. If you try:
regenerating new keys
appending the new public key to the authorized_keys file on your server on a new line
writing a new .ssh/config file as so:
-
Host 111.11.11.1
User bob
IdentityFile ~/.ssh/new_file.pem
then you might make it. Somehow now I can't get a passphrase to work on the new keys.
I spent some time logged into a server (Debian) trying to get Samba access to work better from my Mac.
After logging out and attempting to log back in I was unable to log in using my private key which has been working for years.
Private key login worked for another user from the same client machine, and I was able to modify the sshd.config to allow password login so that I could log back onto the server.
What could I have done to break the keyed login just for my username and why?
I was messing around with creating a Samba password for my username, and I also made my home folder 777 to try to get write access working from Samba. (This was NOT a recursive chmod so the folders below are not 777.)
Your home directory should never be ugo+rwx (777). You should not allow other users to write to your home directory. The ssh daemon checks for file system permissions and will refuse to use the contents of ~/.ssh/ if it or its parent (~/) is writable by other users.
See http://www.openssh.org/faq.html question # 3.14.
Also see 'man sshd_config' and StrictModes (don't turn it off).
Hope this helps.
You can turn on logging in your sshd config if it isn't already. That'll tell you exactly what went wrong. It's often a permission problem on the files in ~/.ssh
The logfile is usually in either /var/log/secure or /var/log/auth.log
There is another possibility that none of the earlier answers have raised: SELinux. If this is active, it will prevent the .ssh folder from being accessed via a Samba share.
It is easy to test: temporarily disable SELinux ("setenforce 0") and see if the .ssh folder can be accessed.
I've followed a couple of tutorials for creating an Amazon EC2 instance using the command line tools
http://www.zabada.com/tutorials/deploying-a-rails-application-to-production-on-amazon-ec2.php
http://www.smartfrog.org/wiki/display/sf/Starting+an+EC2+Image+by+Hand
and all is well, i
ec2-add-keypair (directing the output of ec2-add-keypair directly to a file in ~/.ssh)
chmod 600 the keypair
ec2-run-instance
ec2-describe-instances
then, when the new instance is running try to ssh on
ssh -i ~/.ssh/ec2-keypair ec2-user#foo.bar.amazon.com
At this point i'm ALWAYS prompted for a password. Obviously there's no password so it always refuses me access.
My question is, what am i doing wrong here? Why am i being prompted for a password and how can i put this right so i can ssh onto the machine i've just started?
I'm guessing this is something to do with my local setup, but as far as i know this machine hasn't had anything custom done with .ssh (there's certainly no config file or anything like that lying around that might be screwing with things).
Anyone have any ideas or suggestions?
ec2-user# ? Why not root# ?
I guess I'm being a little hesitant but I deal with vcs's occasionally and always get asked for some sort of prompt, of course I'm attempting to access an external machine which I'm sshing into.
Basically my question is, say I don't have root access on this machine, would it still be possible to set this up? I've skimmed through reading it a couple times and I'm pretty sure I got the method down - you generate pub/private keys, sftp to the machine and throw your public into some authorized_keys directory. How is this managed with multiple users for example? Could the generic file name ( the .pub ) get overwritten, or am I completely misunderstanding the process here and it's setup to allow multiple keys natively?
If I'm not a sudoer and one of the server's directories needs to be chmod'd to say 700 whereas it's 655, I can't really do anything other than ask for su access, right?
If you have ssh access to the remote machine, you can generate the key pair on your local machine, add the public key to the authorized_users file on the remote machine, and then use this for authentication. You don't need root privileges to do this. The keys and authorized_files usually reside under your home directory ( myhome/.ssh/authorized_keys etc) so they don't get confused between users.
Your questions about setting directory permissions is unrelated, but if you own the directory or its parent (or its parent...) you will be able to set any permissions on the file in that directory.
Sounds to me like it might be time to curl up with a general *nix administration book, perhaps? Not light reading, but it can be useful and I always find it most informative to learn the details when I'm actually struggling with them.
I ssh all the time into a machine that allows su or sudo. But, it's set up not to allow ssh via "ssh root#machine". So to answer your question, yes it's possible.
You can only change the directory permissions if you own the directory or if you have root access.