允许用户使用密钥对通过SSH进入EC2 Linux实例
[英]Allowing users to SSH into EC2 Linux Instance with key pairs
问题描述
I created a new EC2 Amazon Linux instance. 
我创建了一个新的EC2 Amazon Linux实例。 I want to allow a developer to SSH into the EC2 instance. 我想允许开发人员通过SSH进入EC2实例。 To test this, I'm trying it from my windows computer. 为了对此进行测试,我正在Windows计算机上进行尝试。 I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating. 我已按照下面链接中的说明进行操作,但无法使用正在生成的密钥对进行SSH(Putty)连接。
I'm following the instructions here as reference and here 我在这里如下的说明参考和这里
After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions. 使用FireSSH和AWS生成的pem以ec2-user身份登录EC2之后,我使用SSH运行以下命令来创建新用户,.ssh目录和权限。
[ec2-user ~]$ sudo adduser newuser
[ec2-user ~]$ sudo su - newuser
[newuser ~]$ mkdir .ssh
[newuser ~]$ touch .ssh/authorized_keys
[newuser ~]$ chmod 600 .ssh/authorized_keys
[newuser ~]$ vim .ssh/authorized_keys
Then I paste a public key into authorized_keys using vim . 然后,我使用vim公钥粘贴到authorized_keys中。 I will explain where I get the public key in the next step. 我将在下一步解释从何处获取公钥。
ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....
To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key" 要创建我在上一步中粘贴的公共密钥,我按照本参考中的步骤从“生成SSH密钥”开始
I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". 我从PuttyKeyGen复制了公共密钥,该公共密钥显示在标有“用于粘贴到OpenSSHauthorized_keys的公共密钥”框中的框中。 Then I pasted that into the .ssh/authorized_keys file on my EC2 instance in the newuser directory. 然后,将其粘贴到newuser目录中EC2实例上的.ssh/authorized_keys文件中。
I log out of the SSH client on EC2. 我注销了EC2上的SSH客户端。 Then I try to login with Putty using the newly created private key on my windows machine. 然后,我尝试使用Windows计算机上新创建的私钥用Putty登录。 I use the newuser login name. 我使用newuser登录名。 I get this error in Putty: server refused our key . 我在Putty中收到此错误: server refused our key 。 There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey) 还有一个对话框,显示已Disconnected: No supported authentication methods available {server sent: publickey)
What am I doing wrong in these steps? 我在这些步骤中做错了什么?
2 个解决方案
解决方案1
1 2015-01-16 18:30:37
I did two things different and it works now. 我做了两件事,现在可以了。 It's probably the number of bits that made it work. 可能是使它起作用的位数。
I generated a new key pair using PuttyGen but I specified SSH-2 RSA with 1024 bits instead of the default that PuttyGen was putting in which was like 2048 . 我使用PuttyGen生成了一个新的密钥对,但是我指定了1024位的SSH-2 RSA ,而不是PuttyGen放入的默认2048 。
When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim. 当我使用SSH重新登录EC2时,我使用nano而不是vim粘贴了公钥。
解决方案2
0 2016-05-03 16:46:44
Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. 始终使用ec2-import-keypair功能来验证对于EC2实例是否良好。 It the import works, then it is good, otherwise, regen a compliance keypair. 如果导入成功,那就很好了,否则,请重新生成合规性密钥对。 If you simply copy a keypair that is not compliance , you will run into trouble. 如果仅复制不符合要求的密钥对,则会遇到麻烦。
Here is the document for import key pair 这是导入密钥对的文档
- OpenSSH public key format (the format in ~/.ssh/authorized_keys)
- Base64 encoded DER format SSH public key file format as specified in
RFC4716 DSA keys are not supported .
Supported lengths: 1024, 2048, and 4096 .
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.