[英]Allowing users to SSH into EC2 Linux Instance with key pairs
I created a new EC2 Amazon Linux instance. 我创建了一个新的EC2 Amazon Linux实例。 I want to allow a developer to SSH into the EC2 instance. 我想允许开发人员通过SSH进入EC2实例。 To test this, I'm trying it from my windows computer. 为了对此进行测试,我正在Windows计算机上进行尝试。 I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating. 我已按照下面链接中的说明进行操作,但无法使用正在生成的密钥对进行SSH(Putty)连接。
I'm following the instructions here as reference and here 我在这里如下的说明参考和这里
After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions. 使用FireSSH和AWS生成的pem以ec2-user身份登录EC2之后,我使用SSH运行以下命令来创建新用户,.ssh目录和权限。
[ec2-user ~]$ sudo adduser newuser
[ec2-user ~]$ sudo su - newuser
[newuser ~]$ mkdir .ssh
[newuser ~]$ touch .ssh/authorized_keys
[newuser ~]$ chmod 600 .ssh/authorized_keys
[newuser ~]$ vim .ssh/authorized_keys
Then I paste a public key into authorized_keys
using vim
. 然后,我使用vim
公钥粘贴到authorized_keys
中。 I will explain where I get the public key in the next step. 我将在下一步解释从何处获取公钥。
ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....
To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key" 要创建我在上一步中粘贴的公共密钥,我按照本参考中的步骤从“生成SSH密钥”开始
I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". 我从PuttyKeyGen复制了公共密钥,该公共密钥显示在标有“用于粘贴到OpenSSHauthorized_keys的公共密钥”框中的框中。 Then I pasted that into the .ssh/authorized_keys
file on my EC2 instance in the newuser
directory. 然后,将其粘贴到newuser
目录中EC2实例上的.ssh/authorized_keys
文件中。
I log out of the SSH client on EC2. 我注销了EC2上的SSH客户端。 Then I try to login with Putty using the newly created private key on my windows machine. 然后,我尝试使用Windows计算机上新创建的私钥用Putty登录。 I use the newuser
login name. 我使用newuser
登录名。 I get this error in Putty: server refused our key
. 我在Putty中收到此错误: server refused our key
。 There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey)
还有一个对话框,显示已Disconnected: No supported authentication methods available {server sent: publickey)
What am I doing wrong in these steps? 我在这些步骤中做错了什么?
I did two things different and it works now. 我做了两件事,现在可以了。 It's probably the number of bits that made it work. 可能是使它起作用的位数。
I generated a new key pair using PuttyGen but I specified SSH-2 RSA
with 1024
bits instead of the default that PuttyGen was putting in which was like 2048
. 我使用PuttyGen生成了一个新的密钥对,但是我指定了1024
位的SSH-2 RSA
,而不是PuttyGen放入的默认2048
。
When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim. 当我使用SSH重新登录EC2时,我使用nano而不是vim粘贴了公钥。
Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. 始终使用ec2-import-keypair功能来验证对于EC2实例是否良好。 It the import works, then it is good, otherwise, regen a compliance keypair. 如果导入成功,那就很好了,否则,请重新生成合规性密钥对。 If you simply copy a keypair that is not compliance , you will run into trouble. 如果仅复制不符合要求的密钥对,则会遇到麻烦。
Here is the document for import key pair 这是导入密钥对的文档
- OpenSSH public key format (the format in ~/.ssh/authorized_keys) OpenSSH公钥格式(格式为〜/ .ssh / authorized_keys)
- Base64 encoded DER format SSH public key file format as specified in Base64编码的DER格式SSH公钥文件格式,如
RFC4716 DSA keys are not supported . 不支持 RFC4716 DSA密钥。 Make sure your key generator is set up to create RSA keys. 确保将密钥生成器设置为创建RSA密钥。
Supported lengths: 1024, 2048, and 4096 . 支持的长度: 1024、2048和4096 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.