[英]Permission Denied Error when using scp to copy a file to Amazon EC2 instance from Mac OS
I have read several StackOverflow articles on this problem and googled other sources with no luck. 我已经阅读了几篇有关此问题的StackOverflow文章,并搜索其他来源,但没有运气。 I've checked AWS documentation and can't resolve the issue.
我检查过AWS文档但无法解决问题。 I have been working on this for several hours and am really stuck.
我已经在这工作了几个小时,我真的被卡住了。
I've found articles referring to similar problems but the issue looks to always be a typo or mistake on the user's part. 我发现文章提到了类似的问题,但问题看起来总是在用户方面犯了错字或错误。 In my case, I'm confident I have ensured there are no typos or errors in what I'm doing.
在我的情况下,我相信我已经确保我正在做的事情没有错别字或错误。
I'm using Mac OS X Yosemite to connect to my AWS EC2 instance. 我正在使用Mac OS X Yosemite连接到我的AWS EC2实例。 I cannot
scp
files from my local machine to my instance, but I have been able to in the past, I believe before I upgraded to Yosemite (although I'm not 100% certain about before or after the upgrade). 我不能将文件从我的本地机器
scp
到我的实例,但我能够在过去,我相信在升级到Yosemite之前(尽管我在升级之前或之后并不是100%肯定)。 Regardless, I'm now getting a permission denied error. 无论如何,我现在收到一个拒绝权限错误。
I am able to ssh
just fine into my instance. 我能够
ssh
就好了我的实例。 I do so like this: 我这样做:
ssh -i mykey.pem ec2-user@myEC2host.myzone.compute.amazonaws.com
Everything works fine with the ssh
. 使用
ssh
一切正常。 But when I attempt scp
like this: 但是当我像这样尝试
scp
:
scp —i mykey.pem ~/Sites/test.html ec2-user@myEC2host.myzone.compute.amazonaws.com:/var/www/html/
I get the following error: 我收到以下错误:
Permission denied (publickey).
权限被拒绝(publickey)。 lost connection
失去了连接
I've been trying this for hours and have confirmed the following: 我已经尝试了几个小时,并确认了以下内容:
ssh
in just fine. ssh
就好了。 .pem
file has 400
permissions and is not viewable to the world. .pem
文件有400
权限,无法查看全世界。 I have correct permissions and ownership in the /var/www
and /var/www/html
folders 我在
/var/www
和/var/www/html
文件夹中拥有正确的权限和所有权
(I went through the amazon setup tutorial again and ensured I used all permission settings as they described. My user is part of the group with access to those folders. (我再次浏览了亚马逊设置教程并确保我按照他们的描述使用了所有权限设置。我的用户是可以访问这些文件夹的组的一部分。
When I run the scp -v
command I can see that scp
does not appear to be even trying to use the specified Identity file. 当我运行
scp -v
命令时,我可以看到scp
似乎甚至没有尝试使用指定的Identity文件。 I get the following output: 我得到以下输出:
(Notice the program being executed has dropped the -i
from the scp
command) (注意正在执行的程序已经从
scp
命令中删除了-i
)
Executing: program /usr/bin/ssh host myEC2host.myzone.compute.amazonaws.com, user ec2-user, command scp -v -d -t /var/www/html/
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to myEC2host.myzone.compute.amazonaws.com [public AWS ip] port 22.
debug1: Connection established.
debug1: identity file /Users/myusername/.ssh/id_rsa type -1
debug1: identity file /Users/myusername/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myusername/.ssh/id_dsa type -1
debug1: identity file /Users/myusername/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA {some hex output}
debug1: Host 'myEC2host.myzone.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/myusername/.ssh/id_rsa
debug1: Trying private key: /Users/myusername/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
lost connection
However, when I run ssh -v
I get the following output which DOES immediately use the correct Identify file: 但是,当我运行
ssh -v
我得到以下输出,它会立即使用正确的Identify文件:
ssh -v -i mykey ec2-user@myEC2host.myzone.compute.amazonaws.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to myEC2host.myzone.compute.amazonaws.com [54.69.211.59] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA {some hex output}
debug1: Host 'myEC2host.myzone.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mike.pem
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to myEC2host.myzone.compute.amazonaws.com ([myEC2IP]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
I'm not sure what else to try or how I might be able to resolve this. 我不知道还有什么可以尝试,或者我怎么能解决这个问题。 I'm hoping somebody will have the same environment and can confirm the issue or supply a resolution.
我希望有人会有相同的环境,可以确认问题或提供解决方案。
Thanks in advance! 提前致谢!
scp —i mykey.pem ~/Sites/test.html ec2-user@myEC2host.myzone.compute.amazonaws.com:/var/www/html/
Executing: program /usr/bin/ssh host myEC2host.myzone.compute.amazonaws.com, user ec2-user, command scp -v -d -t /var/www/html/
The dash in your scp —i...
command is a unicode EM dash, not an ASCII dash. scp —i...
命令中的破折号是一个unicode EM破折号,而不是ASCII破折号。 Scp isn't interpreting it as a command-line option. Scp不会将其解释为命令行选项。
In fact it interpreted "—i", "mykey.pem", and "~/Sites/test.html" as three files to be copied. 事实上,它将“-i”,“mykey.pem”和“〜/ Sites / test.html”解释为三个要复制的文件。 You can tell this because scp added "-d" to the command line for the remote scp instance.
您可以这样说,因为scp将“-d”添加到远程scp实例的命令行。 The "-d" flag tells the remote scp instance that the target has to be a directory.
“-d”标志告诉远程scp实例目标必须是目录。 scp adds that flag to the remote command when it's copying more than one file, but not for copying a single file.
scp在复制多个文件时将该标志添加到远程命令,而不是复制单个文件。
Maybe you copied the scp command from a word processing document? 也许您从文字处理文档中复制了scp命令? Microsoft Word is notorious for changing dashes and quote marks to typesetting versions.
Microsoft Word因将破折号和引号更改为排版版本而臭名昭着。 It's something to be careful about.
这是值得注意的事情。
Kenster correctly pointed out that the dash in the -i
in my code was in fact converted to an EMdash prior to my pasting it into Terminal. Kenster正确地指出我的代码中的
-i
中的破折号实际上在我将其粘贴到终端之前转换为EMdash。 :-s :-s
Retyping the entire command corrected the issue. 重新打印整个命令可以解决问题。
Thanks for catching my oversight. 谢谢你抓住我的疏忽。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.