AWS Linux实例上的权限被拒绝(公钥)
[英]Permission denied (public key) on AWS Linux instance
问题描述
Issue: I cannot SSH into my amazon web service (AWS) instance. 
问题:我无法通过SSH进入我的亚马逊网络服务(AWS)实例。
There are a many threads on this, but these issues were resolved by changing the login username. 有很多线程,但是通过更改登录用户名解决了这些问题。 My problem does not appear to be fixed by a different username. 我的问题似乎不是由其他用户名解决的。 Previous questions that were answered by changing login username can be found at: 以前通过更改登录用户名回答的问题可以在以下位置找到:
- AWS ssh access 'Permission denied (publickey)' issue AWS ssh访问“权限被拒绝(公钥)”问题
- Permission denied (publickey) when SSH Access to Amazon EC2 instance 通过SSH访问Amazon EC2实例时,权限被拒绝(公钥)
Here is the verbose output from the SSH attempt: 这是SSH尝试的详细输出:
/development/aws$ > ssh -vvv -i "/development/aws/cgwebsites-wp.pem" ec2-user@52.24.142.84
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 52.24.142.84 [52.24.142.84] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/development/aws/cgwebsites-wp.pem" as a RSA1 public key
debug1: identity file /development/aws/cgwebsites-wp.pem type -1
debug1: identity file /development/aws/cgwebsites-wp.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "52.24.142.84" from file "/Users/cgood92/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 114/256
debug2: bits set: 518/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b5:4d:14:77:0a:8b:54:2c:5e:38:8d:8d:7b:91:da:2f
debug3: load_hostkeys: loading entries for host "52.24.142.84" from file "/Users/cgood92/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
The authenticity of host '52.24.142.84 (52.24.142.84)' can't be established.
RSA key fingerprint is b5:4d:14:77:0a:8b:54:2c:5e:38:8d:8d:7b:91:da:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '52.24.142.84' (RSA) to the list of known hosts.
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /development/aws/cgwebsites-wp.pem (0x0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /development/aws/cgwebsites-wp.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 0b:e9:55:d9:db:d5:a6:d7:c5:6e:2d:0c:fc:0c:1f:2b
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
So my issue is this Permission denied (publickey). 所以我的问题是此Permission denied (publickey). problem. 问题。
Here is what I have done to debug it. 这是我所做的调试工作。
1) I have verified that I am using the correct elastic ip address . 1)我已验证我使用了正确的elastic ip address 。 I have also tried using the longer Public DNS address, with the exact same results. 我也尝试使用更长的Public DNS地址,结果完全相同。 So I am sure that I have the correct HOST . 因此,我确定我拥有正确的主机 。
2) I have made sure the security group rules allow SSH . 2)我确保安全组规则允许SSH 。 First of all, it was already set to allow TCP incoming traffic on port 22. Just to be safe, I added a rule to allow all TCP incoming traffic for all ports, for all ip addresses. 首先,已经将其设置为允许端口22上的TCP传入流量。为安全起见,我添加了一条规则,允许所有端口,所有ip地址的所有TCP传入流量。 Outgoing traffic has a rule to allow everything to everywhere. 传出流量有一个规则,即允许所有内容到达任何地方。
3) I have verified that I am using the correct Key pair name . 3)我已验证我使用了正确的密钥对名称 。 It is located under the "EC2" > "instance" > "Key pair name". 它位于“ EC2”>“实例”>“密钥对名称”下。 It says "cgwebsites-wp", and I have the correct key pair name located locally at /development/aws/cgwebsites-wp.pem , as shown above in my verbose output. 它说“ cgwebsites-wp”,我在/development/aws/cgwebsites-wp.pem本地有正确的密钥对名称,如上面详细输出中所示。 I've also verified that my path to that file is correct, because when I put something bogus like /development/aws/cgwebsites-wp222.pem , the errors tell me specifically that they could not find the file. 我还验证了指向该文件的路径是正确的,因为当我放置类似/development/aws/cgwebsites-wp222.pem之类的虚假/development/aws/cgwebsites-wp222.pem ,错误特别告诉我他们找不到该文件。
4) I have tried several different usernames , as suggested by every and all posts to this question on other links. 4)我尝试了几种不同的用户名 ,如其他链接上此问题的所有帖子所建议的那样。 To be more specific, I have tried admin , ubuntu , root , ec2-user , fedora . 更具体地说,我尝试了admin , ubuntu , root , ec2-user , fedora 。 I even tried the ID found at "EC2" > "instance" > "AMI ID". 我什至尝试了在“ EC2”>“实例”>“ AMI ID”中找到的ID。 None work, all produce similar messages. 没有效果,都产生类似的消息。
5) I have tried this on a windows computer (had to create private key packet using puttyGen), as well as a mac computer. 5)我已经在Windows计算机(必须使用puttyGen创建私钥包)以及Mac计算机上进行了尝试。 Same error on both. 两者相同。
6) I have tried this on another AWS instance of mine, and everything works fine there. 6)我已经在我的另一个AWS实例上尝试过此方法,并且在那里一切正常。 So my Amazon account is fine. 所以我的Amazon帐户很好。
7) I have tried deleting all SSH cache files (in Windows cleared some registry sections, and on mac I've ran ssh-keygen -R 52.24.142.84 . 7)我尝试删除所有SSH缓存文件 (在Windows中清除了一些注册表部分,在Mac上我运行了ssh-keygen -R 52.24.142.84 。
8) I've checked to make sure the instance is up and running , and it has a green light, plus I can access the site via the elasticbeanstalk url. 8)我已经检查确保实例启动并正在运行 ,并且它具有绿灯,而且我可以通过elasticbeanstalk URL访问该站点。
9) I have tried changing the permissions of the .pem file by both of the commands chmod 600 /development/aws/cgwebsites-wp.pem and chmod 400 /development/aws/cgwebsites-wp.pem . 9)我尝试通过chmod 600 /development/aws/cgwebsites-wp.pem和chmod 400 /development/aws/cgwebsites-wp.pem这两个命令来更改.pem文件的权限 。
10) This isn't a firewall issue or something like that, because I can SSH into my other AWS instance. 10)这不是防火墙问题或类似问题,因为我可以通过SSH进入其他AWS实例。
11) Naturally I have terminated and re-instated several linux instances, all with this same error. 11)自然,我已经终止并恢复了几个Linux实例,所有实例都带有相同的错误。
12) I know this is not an issue with a corrupt .pem file, because I am using that exact same file to SSH into my other AWS instance. 12)我知道这不是损坏的.pem文件的问题,因为我正在使用该完全相同的文件SSH到我的其他AWS实例中。
This has been a very frustrating issue. 这是一个非常令人沮丧的问题。 It seems like many people have had similar problems to mine, but almost everybody solved it by changing the username. 似乎很多人都遇到过类似的问题,但几乎每个人都通过更改用户名解决了它。 I've tried that, including the suggestions and script at https://alestic.com/2014/01/ec2-ssh-username/ . 我已经尝试过了,包括https://alestic.com/2014/01/ec2-ssh-username/中的建议和脚本。 But nothing. 但是什么都没有。
Any help would be so appreciated! 任何帮助将不胜感激!
2 个解决方案
解决方案1
0 2015-07-30 22:16:47
Looks like the keypair was bad. 看起来像密钥对是坏的。 Try generating a new keypair, downloading it, and using that. 尝试生成一个新的密钥对,下载并使用它。 The process can be found at: https://stackoverflow.com/a/4921866/4512451 可以在以下位置找到该过程: https : //stackoverflow.com/a/4921866/4512451
解决方案2
0 2015-08-03 16:37:07
This has happened once over here. 这一次发生在这里。 I duplicated an instance and I was never able to SSH into it, I literally spent hours trying to SSH. 我复制了一个实例,但无法对其进行SSH,我花了数小时尝试SSH。 I had to remove the instance and then I installed the same key pair again, it worked! 我必须删除实例,然后再次安装相同的密钥对,它起作用了!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.