SSH 连接被 EC2 实例拒绝
[英]SSH connection denied by EC2 instance
问题描述
I'm trying to SSH into my instance on EC2 but getting permission denied.
我正在尝试将 SSH 放入我在 EC2 上的实例中,但获得的权限被拒绝。 Port 22 is open in the security group.端口 22 在安全组中打开。 I set 400 as a permission for the file which is setting that supposedly works in this case as I need only read.我将 400 设置为文件的权限,该文件在这种情况下应该有效,因为我只需要读取。 I can set 600 but in this case it's unnecessary.我可以设置 600 但在这种情况下它是不必要的。
Where should I take a look?我应该去哪里看看? How can I fix this?我怎样才能解决这个问题?
ec2-user@35.178.89.23: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
verbose flag revealed:详细标志显示:
debug1: Host '3.8.3.177' is known and matches the ECDSA host key.
debug1: Found key in /home/mark/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:rSHi+GMCUIvsF4HA0Kv5C0++sLGGiquVQ/z/OXQBPEU mark.alexa@mail.com
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/mark/.ssh/ecs.pem
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
ec2-user@3.8.3.177: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
1 个解决方案
解决方案1
0 已采纳 2020-04-24 17:25:18
AWS has a good Troubleshooting guide. AWS 有一个很好的故障排除指南。
Some common causes are:一些常见的原因是:
- lack of inbound port 22 rule on Security Group安全组缺少入站端口 22 规则
- using the wrong SSH key (one that doesn't match the EC2 keypair)使用错误的 SSH 密钥(与 EC2 密钥对不匹配的密钥)
- using the wrong username (eg ec2-user when it should be ubuntu)使用错误的用户名(例如应该是 ubuntu 的 ec2-user)
Please make sure that you are connecting with the correct private key ( ssh -i key.pem ec2-user@hostname ) and use the -v option to get verbose logging from ssh.请确保您使用正确的私钥 ( ssh -i key.pem ec2-user@hostname ) 进行连接,并使用-v选项从 ssh 获取详细日志记录。 This can help you determine if the request actually made it to the EC2 instance (so it's not a connectivity issue) or not (so it is a connectivity issue).这可以帮助您确定请求是否实际发送到 EC2 实例(因此它不是连接问题)或没有(因此它是连接问题)。
From the symptoms you've shared, I'd say that either /home/mark/.ssh/ecs.pem is not the private key associated with the keypair that you supplied when launching EC2, or you launched EC2 without a keypair.根据您分享的症状,我想说/home/mark/.ssh/ecs.pem不是与您在启动 EC2 时提供的密钥对关联的私钥,或者您在没有密钥对的情况下启动了 EC2。
You should be able to calculate a fingerprint of the PEM file using openssl rsa -in /home/mark/.ssh/ecs.pem -pubout -outform DER | openssl md5 -c您应该能够使用openssl rsa -in /home/mark/.ssh/ecs.pem -pubout -outform DER | openssl md5 -c计算 PEM 文件的指纹。 openssl rsa -in /home/mark/.ssh/ecs.pem -pubout -outform DER | openssl md5 -c and compare that to the fingerprint shown in the EC2 keypair console. openssl rsa -in /home/mark/.ssh/ecs.pem -pubout -outform DER | openssl md5 -c并将其与 EC2 密钥对控制台中显示的指纹进行比较。 If they don't match, you are using the wrong private key.如果它们不匹配,则说明您使用了错误的私钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.