在 Mac OSx 上通过 SSH 连接到 EC2 时出现权限错误
[英]Permissions error when connecting to EC2 via SSH on Mac OSx
问题描述
I am new to EC2.
我是 EC2 的新手。 I created my security credentials from this site:我从这个站点创建了我的安全凭证:
http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2 http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2
It worked great, I rebooted and now when I try to connect I get a login/password prompt.效果很好,我重新启动,现在当我尝试连接时,我收到登录/密码提示。 (Which I never set up.) After several attempts I get this error: (我从未设置过。)多次尝试后,我收到此错误:
Permission denied (publickey,gssapi-with-mic).权限被拒绝 (publickey,gssapi-with-mic)。
What am I doing wrong?我究竟做错了什么?
16 个解决方案
解决方案1
63 已采纳 2010-02-01 20:39:30
Two possibilities I can think of, although they are both mentioned in the link you referenced:我能想到的两种可能性,尽管在您引用的链接中都提到了它们:
You're not specifying the correct SSH keypair file or user name in the ssh command you're using to log into the server:
您没有在用于登录服务器的 ssh 命令中指定正确的 SSH 密钥对文件或用户名:ssh -i [full path to keypair file] root@[EC2 instance hostname or IP address]
ssh -i [密钥对文件的完整路径] root@[EC2 实例主机名或 IP 地址]You don't have the correct permissions on the keypair file;
您对密钥对文件没有正确的权限; you should use你应该使用chmod 600 [keypair file]
chmod 600 [密钥对文件]
to ensure that only you can read or write the file.以确保只有您可以读取或写入文件。
Try using the -v option with ssh to get more info on where exactly it's failing, and post back here if you''d like more help.尝试将 -v 选项与 ssh 一起使用,以获取有关它究竟在哪里失败的更多信息,如果您需要更多帮助,请在此处发帖。
[Update]: OK, so this is what you should have seen if everything was set up properly: [更新]:好的,如果一切设置正确,这就是您应该看到的:
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: ec2-keypair
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Are you running the ssh command from the directory containing the ec2-keypair file ?您是否从包含 ec2-keypair 文件的目录运行 ssh 命令? If so, try specifying -i ./ec2-keypair just to eliminate path problems.如果是这样,请尝试指定 -i ./ec2-keypair 以消除路径问题。 Also check "ls -l [full path to ec2-keypair]" file and make sure the permissions are 600 (displayed as rw-------).还要检查“ls -l [ec2-keypair 的完整路径]”文件并确保权限为 600(显示为 rw-------)。 If none of that works, I'd suspect the contents of the keypair file, so try recreating it using the steps in your link.如果这些都不起作用,我会怀疑密钥对文件的内容,因此请尝试使用链接中的步骤重新创建它。
解决方案2
17 2010-11-07 11:46:21
The key for me to be able to connect was to use the "ec2-user" user rather than root.我能够连接的关键是使用“ec2-user”用户而不是 root。 Ie: IE:
ssh -i [full path to keypair file] ec2-user@[EC2 instance hostname or IP address]
解决方案3
5 2014-09-21 00:01:08
+1 +1
I noticed that for some AMIs like Amazon Linux, ec2-user@xxx.XX.XX.XXX would work.我注意到对于 Amazon Linux 等一些 AMI,ec2-user@xxx.XX.XX.XXX 会起作用。 But for an ubuntu image, I had to use ubuntu@ instead.但是对于 ubuntu 图像,我不得不改用 ubuntu@。 It was never a problem with the .pem, just with the user name. .pem 从来没有问题,只是用户名有问题。
解决方案4
5 2017-06-09 03:45:12
I had met this problem too.And I found that happend beacuse I forgot to add the user-name before the host name: like this:我也遇到过这个问题。我发现这是因为我忘记在主机名之前添加用户名:像这样:
ssh -i test.pem ec2-32-122-42-91.us-west-2.compute.amazonaws.com
and I add the user name:我添加用户名:
ssh -i test.pem ec2-user@ec2-32-122-42-91.us-west-2.compute.amazonaws.com
it works!有用!
解决方案5
5 2011-07-01 12:37:39
In my case it's because the permission for my home directory is 775, and SSH is not happy about it.就我而言,这是因为我的主目录的权限是 775,而 SSH 对此并不满意。 It should work after executing:它应该在执行后工作:
server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys
I had very similar experience this afternoon.今天下午我有非常相似的经历。 I was setting up django on EC2, and suddenly I cannot SSH into the box anymore.我正在 EC2 上设置 django,突然间我无法再通过 SSH 连接到该框中。 Glad I still had an active connection, so I modified /etc/ssh/sshd_config to set:很高兴我仍然有一个活动连接,所以我修改了/etc/ssh/sshd_config来设置:
PasswordAuthentication yes
and set password for ec2-user , then I can login by entering the password.并为ec2-user设置密码,然后我可以通过输入密码登录。
However, after some googling I found this thread: http://ubuntuforums.org/showthread.php?t=577279 .但是,经过一番谷歌搜索后,我发现了这个线程: http : //ubuntuforums.org/showthread.php?t=577279 。 It turned out that during my setup of django I changed the permission for my home directory, and SSH is very strict about this.事实证明,在我设置 django 期间,我更改了主目录的权限,SSH 对此非常严格。 So the file permission must be set correctly.所以必须正确设置文件权限。
解决方案6
4 2012-11-07 22:55:59
Tagging on to mecca831's answer:标记到 mecca831 的答案:
ssh -v -i generated-key.pem ec2-user@11.11.11.11 ssh -v -i 生成-key.pem ec2-user@11.11.11.11
[ec2-user@ip-11.11.11.11 ~]$ sudo passwd ec2-user newpassword newpassword [ec2-user@ip-11.11.11.11 ~]$ sudo passwd ec2-user newpassword newpassword
[ec2-user@ip-11.11.11.11 ~]$ sudo vi /etc/ssh/sshd_config Modify the file as follows: [ec2-user@ip-11.11.11.11 ~]$ sudo vi /etc/ssh/sshd_config 修改文件如下:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# EC2 uses keys for remote access
#PasswordAuthentication no
Save节省
[ec2-user@ip-11.11.11.11 ~]$ sudo service sshd stop [ec2-user@ip-11.11.11.11 ~]$ sudo service sshd start [ec2-user@ip-11.11.11.11 ~]$ sudo 服务 sshd 停止 [ec2-user@ip-11.11.11.11 ~]$ sudo 服务 sshd 启动
you should be able to exit and ssh in as follows:您应该能够按如下方式退出和 ssh:
ssh ec2-user@11.11.11.11
and be prompted for password no longer needing the key.并提示输入密码,不再需要密钥。
解决方案7
3 2010-12-06 05:55:57
Are you sure you have used the right instance?您确定您使用了正确的实例吗? I ran into this problem and realized that something like 4 of the ubuntu instances i tried did not have SSH servers installed on them.我遇到了这个问题,并意识到我尝试过的 4 个 ubuntu 实例没有安装 SSH 服务器。
For a list of good servers see "Getting the images" about half way down.有关良好服务器的列表,请参阅大约一半的“获取图像”。 Sounds like you may be using something else... the default username is ubuntu on these images.听起来您可能正在使用其他东西...这些图像上的默认用户名是 ubuntu。
https://help.ubuntu.com/community/EC2StartersGuide https://help.ubuntu.com/community/EC2StartersGuide
解决方案8
2 2014-07-16 20:58:02
After about a half hour of searching and trying to debug this I was able to figure it out.经过大约半小时的搜索和尝试调试后,我终于弄清楚了。 My situation involved me using the same pem file for two different ec2 instance and it working for one and not the other.我的情况涉及我对两个不同的 ec2 实例使用相同的 pem 文件,并且它适用于一个而不是另一个。
My first instance it worked on was the standard aws linux ami amzn-ami-hvm-2014.03.2.x86_64-ebs.我的第一个实例是标准的 aws linux ami amzn-ami-hvm-2014.03.2.x86_64-ebs。 I simply used我只是用
ssh -i mypemfile.pem ec2-user@myec2ipaddress
and it worked.它奏效了。
I then launched a fedora instance Fedora-x86_64-19-20140407-sda and tried the same command but kept getting:然后我启动了一个 Fedora 实例 Fedora-x86_64-19-20140407-sda 并尝试了相同的命令,但一直得到:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
After changing my username from ec2-user to fedora it worked!将我的用户名从 ec2-user 更改为 fedora 后,它起作用了!
ssh -i mypemfile.pem fedora@myec2address
解决方案9
2 2011-11-14 03:17:57
I was able to login using ec2-user我能够使用 ec2-user 登录
ssh -i [full path to keypair file] ec2-user@[EC2 instance hostname or IP address] ssh -i [密钥对文件的完整路径] ec2-user@[EC2 实例主机名或 IP 地址]
解决方案10
1 2013-02-05 19:49:15
None of the above helped me, but futzing with the user seemed like it had promise.以上都没有帮助我,但是与用户进行交流似乎很有希望。 For my config using 'ubuntu' was right.....对于我使用 'ubuntu' 的配置是正确的.....
ssh -i [full path to keypair file] ubuntu@[EC2 instance hostname or IP address] ssh -i [密钥对文件的完整路径] ubuntu@[EC2 实例主机名或 IP 地址]
解决方案11
1 2014-09-02 17:37:08
I recommend against setting a password as some other answers suggest.我建议不要像其他一些答案所建议的那样设置密码。 Using the key file is both safer (no one can guess your passwords) and more convenient (once you set up a config file).使用密钥文件既安全(没人能猜到你的密码),也更方便(一旦你设置了配置文件)。 Here's a basic ~/.ssh/config :这是一个基本的~/.ssh/config :
Host my-ec2-server
HostName 11.11.11.11
User ec2-user
IdentityFile /path/to/generated-key.pem
Now you can just type ssh my-ec2-server and you're in!现在您只需输入ssh my-ec2-server就可以了! And as also mentioned in other answers, use -v to get extra info when your connection isn't working.并且如其他答案中所述,当您的连接无法正常工作时,请使用 -v 获取额外信息。
解决方案12
1 2018-11-20 21:31:52
If the issue is consistent and happened about 10-15 times in a row even after changing file permissions to 400 or 600, then it is most certainly something is wrong on the ec2 instance, so to make sure:如果问题仍然存在并且即使在将文件权限更改为 400 或 600 之后连续发生了大约 10-15 次,那么 ec2 实例上肯定有问题,因此要确保:
Check the logs when you try to ssh to the instance by adding -v at the end and see either it gives out anything specific.
当您尝试通过在末尾添加 -v ssh 到实例时检查日志,并查看它是否给出了任何特定的信息。Make sure you use the correct name for ssh, like Ubuntu.
确保为 ssh 使用正确的名称,例如 Ubuntu。 Perhaps that depends on Linux distribution and users you added and either you've given permission for "root user" ssh.也许这取决于 Linux 发行版和您添加的用户,以及您是否已授予“root 用户”ssh 权限。
Then if nothing helps, follow the documentation here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectingMindTerm to fix that.然后,如果没有任何帮助,请按照此处的文档https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectingMindTerm解决该问题。 It helped in my case, and it happened because of messed up directories/files permissions.它在我的情况下有所帮助,并且由于目录/文件权限混乱而发生。
解决方案13
0 2013-02-08 20:31:20
I had the same problem using the AWS Toolkit for Eclipse.我在使用 AWS Toolkit for Eclipse 时遇到了同样的问题。 I created the Getting Started instance OK and opened a shell.我创建了入门实例 OK 并打开了一个 shell。 However, the user was set to ec2-user.但是,用户被设置为 ec2-user。 I used the Open Shell As... command and set the user to root.我使用了 Open Shell As... 命令并将用户设置为 root。 Then it worked.然后它起作用了。
解决方案14
0 2019-05-20 00:08:42
Had a similar issue.有一个类似的问题。 Here are the steps used to setup SSH keys and forwarding on the Mac.以下是用于在 Mac 上设置 SSH 密钥和转发的步骤。 Made these notes for myself - may help someone... check against your config.为自己做了这些笔记 - 可能会帮助某人......检查你的配置。
The assumption here is there are no keys setup.这里的假设是没有设置密钥。 If you already have the keys setup skip this section.如果您已经设置了密钥,请跳过本节。
$ ssh‐keygen ‐t rsa ‐b 4096 $ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter] Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]
Modify ~/.ssh/config adding the entry for the key file:修改 ~/.ssh/config 添加密钥文件的条目:
~/.ssh/config should look similar to: ~/.ssh/config 应该类似于:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
Store the private key in the keychain:将私钥存储在钥匙串中:
$ ssh‐add ‐K ~/.ssh/id_rsa $ ssh-add -K ~/.ssh/id_rsa
Go test it now with: ssh -A username@yourhostname现在去测试一下: ssh -A username@yourhostname
Should forward your key to yourhostname.应该将您的密钥转发到您的主机名。 Assuming your keys are added on you should connect without issue.假设您的密钥已添加,您应该可以毫无问题地连接。
解决方案15
0 2011-05-05 07:21:26
If you have a PPK file working on a PC, then export it as OpenSSH file using puttygen.exe for PC and use that on Mac (any Unix machine).如果您有在 PC 上运行的 PPK 文件,则使用适用于 PC 的 puttygen.exe 将其导出为 OpenSSH 文件,并在 Mac(任何 Unix 机器)上使用该文件。
I was getting the same error --我遇到了同样的错误-
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: ec2-keypair
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic)
As I was using a PPK file on Windows, I followed the steps as described above and Bingo!当我在 Windows 上使用 PPK 文件时,我按照上述步骤和 Bingo!
$ ssh -i ec2-openssh-key root@ec2-instance-ip $ ssh -i ec2-openssh-key root@ec2-instance-ip
解决方案16
0 2020-06-15 20:04:25
I was getting this error when I was trying to ssh into an ec2 instance on the private subnet from the bastion, to fix this issue, you've to run (ssh-add -K) as follow.
Step 1: run "chmod 400 myEC2Key.pem"
Step 2: run "ssh-add -K ./myEC2Key.pem" on your local machine
Step 3: ssh -i myEC2Key.pem root@ec2-107-20-4-100.compute-1.amazonaws.com
Step 4: Now try to ssh to EC2 instance that is on a private subnet without specifying the key, for example, try ssh ec2-user@ipaddress.
Hope this will help.
Note: This solution is for Mac.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.