Aws Ec2 ssh 访问 - 权限被拒绝(公钥)
Aws Ec2 ssh access - permission denied(publickey)
看来我不是第一个遇到这个问题的人。
到目前为止,我可以通过 SSH 访问我的 EC2 实例。到此为止。
无论我做什么,我都会收到权限被拒绝的错误。我检查了我的 ec2 用户无数次,我的安全组参数也是如此。我的 IP 在入站规则中正确注册。
我尝试使用实例 DNS 和 IP。我使用 keygen -r 强制重新生成 keygen。还是一样。我的密钥对文件具有权限 0600.
这可能发生在实例重启后(不是 stop/start,来自 EC2 仪表板,而不是来自 shell)。我的实例 运行 没有任何警报,我的网站显示正确。
这是我的 ssh 命令:
ssh -v -i "~/.ssh/namaste_3.pem" ubuntu@ec2-52-29-237-225.eu-central-1.compute.amazonaws.com
或
ssh -v -i "~/.ssh/keypair.pem" ubuntu@52.29.237.225
这是我的 ssh -v 输出:
OpenSSH_7.2p2 Ubuntu-4, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 52.29.237.225 [52.29.237.225] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/brice/.ssh/namaste_3.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/brice/.ssh/namaste_3.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 52.29.237.225:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:yiGarcstgUfXZmop1URjMPa/pp1J5mak4Rsl6TWuAh4
debug1: Host '52.29.237.225' is known and matches the ECDSA host key.
debug1: Found key in /home/brice/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: bleroux@fluksaqua.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/brice/.ssh/namaste_3.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
有线索吗?我真的不想从头开始一个新实例...
首先尝试从 known_hosts
中删除条目
ssh-keygen -R hostname/IP
然后将Key文件的权限改成400
如果实例是 EBS 根实例,您始终可以通过从实例卸载根卷来诊断它,然后将其挂载到 运行 EC2 实例以检查 EC2 出了什么问题 /home/ubuntu/.ssh/authorized_keys。
在进行任何更改之前为卷创建一个快照。修复后,只需将其安装回实例即可。
尝试强化 EC2 /home/ubuntu/.ssh 不小心使用 chmod 600 总是会导致问题。 ~/.ssh 文件夹至少需要 u+rwx。因为正确的做法是这样。
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
所以,文件夹总是 700。不是 600。
别问我为什么知道这个 ;-)
看来我不是第一个遇到这个问题的人。
到目前为止,我可以通过 SSH 访问我的 EC2 实例。到此为止。
无论我做什么,我都会收到权限被拒绝的错误。我检查了我的 ec2 用户无数次,我的安全组参数也是如此。我的 IP 在入站规则中正确注册。
我尝试使用实例 DNS 和 IP。我使用 keygen -r 强制重新生成 keygen。还是一样。我的密钥对文件具有权限 0600.
这可能发生在实例重启后(不是 stop/start,来自 EC2 仪表板,而不是来自 shell)。我的实例 运行 没有任何警报,我的网站显示正确。
这是我的 ssh 命令:
ssh -v -i "~/.ssh/namaste_3.pem" ubuntu@ec2-52-29-237-225.eu-central-1.compute.amazonaws.com
或
ssh -v -i "~/.ssh/keypair.pem" ubuntu@52.29.237.225
这是我的 ssh -v 输出:
OpenSSH_7.2p2 Ubuntu-4, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 52.29.237.225 [52.29.237.225] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/brice/.ssh/namaste_3.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/brice/.ssh/namaste_3.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 52.29.237.225:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:yiGarcstgUfXZmop1URjMPa/pp1J5mak4Rsl6TWuAh4
debug1: Host '52.29.237.225' is known and matches the ECDSA host key.
debug1: Found key in /home/brice/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: bleroux@fluksaqua.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/brice/.ssh/namaste_3.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
有线索吗?我真的不想从头开始一个新实例...
首先尝试从 known_hosts
中删除条目ssh-keygen -R hostname/IP
然后将Key文件的权限改成400
如果实例是 EBS 根实例,您始终可以通过从实例卸载根卷来诊断它,然后将其挂载到 运行 EC2 实例以检查 EC2 出了什么问题 /home/ubuntu/.ssh/authorized_keys。
在进行任何更改之前为卷创建一个快照。修复后,只需将其安装回实例即可。
尝试强化 EC2 /home/ubuntu/.ssh 不小心使用 chmod 600 总是会导致问题。 ~/.ssh 文件夹至少需要 u+rwx。因为正确的做法是这样。
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
所以,文件夹总是 700。不是 600。
别问我为什么知道这个 ;-)