I created a new EC2 Amazon Linux instance. I want to allow a developer to SSH into the EC2 instance. To test this, I'm trying it from my windows computer. I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating.
I'm following the instructions here as reference and here
After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions.
[ec2-user ~]$ sudo adduser newuser
[ec2-user ~]$ sudo su - newuser
[newuser ~]$ mkdir .ssh
[newuser ~]$ touch .ssh/authorized_keys
[newuser ~]$ chmod 600 .ssh/authorized_keys
[newuser ~]$ vim .ssh/authorized_keys
Then I paste a public key into authorized_keys
using vim
. I will explain where I get the public key in the next step.
ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....
To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key"
I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". Then I pasted that into the .ssh/authorized_keys
file on my EC2 instance in the newuser
directory.
I log out of the SSH client on EC2. Then I try to login with Putty using the newly created private key on my windows machine. I use the newuser
login name. I get this error in Putty: server refused our key
. There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey)
What am I doing wrong in these steps?
I did two things different and it works now. It's probably the number of bits that made it work.
I generated a new key pair using PuttyGen but I specified SSH-2 RSA
with 1024
bits instead of the default that PuttyGen was putting in which was like 2048
.
When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim.
Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. It the import works, then it is good, otherwise, regen a compliance keypair. If you simply copy a keypair that is not compliance , you will run into trouble.
Here is the document for import key pair
- OpenSSH public key format (the format in ~/.ssh/authorized_keys)
- Base64 encoded DER format SSH public key file format as specified in
RFC4716 DSA keys are not supported . Make sure your key generator is set up to create RSA keys.
Supported lengths: 1024, 2048, and 4096 .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.