在 aws ec2 实例上创建用户并添加公钥

Question

I've created a user and copied the public key to .ssh/authorized_key for that new user and also I've set the pubkeyauthentication to yes on /etc/ssh/sshd_config after saving the file restarted the sshd service.

When I try to ssh from the new user I am getting error:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Am I missing any step here to ssh from the new user account?

When I check the status for sshd.servive I see error:

AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys xxxx SHA256:84NyibLXFppE4BGIM+1e5iO...status 22

Answer 1

Had the same issue error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys ec2-user .

Make sure the file permission is user only (600) in the $HOME/.ssh directory on the SSH client side host.

• "error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys...snip... failed, status 22" error #20

FYI

To debug:

sudo tail -f /var/log/secure to monitor the reason why SSH refuses the connection.

Make sure $HOME/.ssh/authorized_key content on EC2 instance is correctly match with your ssh private key in the SSH client host.

Make sure correct private key is being used, use -i option to explicitly specify which key you use.

Answer 2

You might want to check the algorithm you are using to generate the key.

I saw exactly the same error message when using the ECDSA algorithm but fixed the problem by using RSA instead (ssh-keygen -t rsa).

If you want to dig deeper you can try

ssh -Q key 

to get a list of supported key types.