运行我制作的脚本后无法访问 ec2 实例

Question

I was just creating a new instance to deploy a NextJS project on ec2 but every time I run the following script I lose access to the ec2 instance. Anyone can help me debug what is wrong with the script? I receive the following error:

ubuntu@x.x.x.x: Permission denied (publickey).

Here is the script:

#!/bin/bash

# Shell Arguments
# 1. Domain name without "www" in front of it.
# 2. Path to the zip file in s3.
# 3. Name of the folder in which the website files is to be stored.
# 4. Email address that is used by certbot to create SSL certificate.
# 5. S3 Bucket name from which the zip file should be pulled from.


DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5

cd /home/ubuntu/

echo "Updating Packages"
sudo apt -y update && sudo apt -y upgrade

echo "Installing Zip Unzip to extract the website content later"
sudo apt install zip unzip

echo "Installing AWS CLI"
sudo apt-get install awscli -y

echo "Installing Node"
curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
sudo apt-get install -y nodejs

echo "Installing Nginx"
sudo apt-get install -y nginx

echo "Installing certbot"
sudo snap install --classic certbot

echo "Installing pm2 and yarn"
sudo npm i -g yarn
sudo npm i -g pm2

echo "Creating nginx config file"
sudo curl --silent https://gist.githubusercontent.com/utkarshk384/4fb1fc782351fbf2038560e9380fdd7c/raw/4bd1ede2f2d83134edc0c885c9d56cac75b8a391/nextjs-http > nextjs-http
sed -i "10s/SERVER_NAME/$DOMAIN_NAME $DOMAIN_NAME_WWW/" ./nextjs-http

echo "Moving ngnix config file"
sudo mv nextjs-http /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-available/default

echo "Changing few settings in nginx.conf"
LINE_NUMBER=`sed -n "/sites-enabled/=" /etc/nginx/nginx.conf`
sudo sed -i "s$LINE_NUMBERs|#||" /etc/nginx/nginx.conf
sudo sed -i "s$LINE_NUMBERs|sites-enabled\/\*|sites-enabled\/nextjs-http|" /etc/nginx/nginx.conf

sudo systemctl restart nginx

echo "Setting up server for ssl certificate"
sudo ufw allow ssh
sudo ufw --force enable
sudo ufw allow 'Nginx Full'
sudo ufw status

echo "Acquiring SSL Certificate"
sudo certbot --nginx -d $DOMAIN_NAME -d $DOMAIN_NAME_WWW --agree-tos -m $EMAIL --noninteractive

echo "Preflight installation completed. Starting to build website"

echo "Creating our website folder"

if [ -d "$DIR" ]; then
    echo "${DIR} is already present"
else
    echo "Creating new directory at ${DIR}"
    mkdir $DIR
fi

echo "Downloading Website files from S3"
aws s3 cp s3://$AWS_S3_BUCKET/$ZIP_FILE_NAME $DIR/$ZIP_FILE_NAME
unzip -o /$DIR/$ZIP_FILE_NAME -d /$DIR
rm $DIR/$ZIP_FILE_NAME

# Set it to 777 so that the folder isn't write protected.
sudo chmod -R 666 $DIR

echo "Installing packages"
cd $DIR
sudo yarn

echo "Copying .env to website folder"
sudo cp ../.env.production ./

echo "Creating build"
yarn build


echo "Starting the website"
{
    pm2 stop site
    pm2 start site
} || {
    pm2 start yarn --name site -- start 4000
    pm2 save
}

echo "Started the site and is running"
pm2 status





# echo "Freeing Port 80 if occupied by apache"
# sudo systemctl disable apache2 && sudo systemctl stop apache2

I also tried the following methods to resolve but didn't succeed:

1. Initially I thought AWS-CLI was causing the issue so, I created a new instance and then installed AWS-CLI and pulled the zip file from S3 bucket. After that, I restarted the instance and found out that wasn't causing the issue.
2. I then ran the script fully to just lose access to the instance. Now, I tried disabling UFW by setting user-data thinking that might be the issue here. However, to my surprise that still wasn't the problem.

The user-data that I passed to the instance is as follows:

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0

--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:
- [scripts-user, always]

--//
Content-Type:
    text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"

#!/bin/bash
iptables -F
sudo ufw disable
service sshd restart
--//

Edit: I do have SSH Host KEY Fingerprints and SSH HOST KEY that I got from the system log. If possible I'd like to recover it in the same instance.

Edit 2: I ran all the script commands one by one on another script and I found no issues. Now, I am seriously confused.

Answer 1

Suggesting to debug with set -x and set +x to find the offensive command. And redirect/store the output into a log file.

Suggesting to replace the following lines (just to be on the safe side there is no offensive whitespaces):

DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5

With

DOMAIN_NAME="$1"
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME="$2"
DIR_NAME="$3"
DIR="/home/ubuntu/$DIR_NAME"
EMAIL="$4"
AWS_S3_BUCKET="$5"

Suggesting to check ufw commands. If there is any communication reset that disconnects you. Make sure your current connection is ssh on port 22. If not make sure the current port is open as well in ufw