SSH connection denied by EC2 instance
Question
I'm trying to SSH into my instance on EC2 but getting permission denied. Port 22 is open in the security group. I set 400 as a permission for the file which is setting that supposedly works in this case as I need only read. I can set 600 but in this case it's unnecessary.
Where should I take a look? How can I fix this?
ec2-user@35.178.89.23: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
verbose flag revealed:
debug1: Host '3.8.3.177' is known and matches the ECDSA host key.
debug1: Found key in /home/mark/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:rSHi+GMCUIvsF4HA0Kv5C0++sLGGiquVQ/z/OXQBPEU mark.alexa@mail.com
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/mark/.ssh/ecs.pem
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
ec2-user@3.8.3.177: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
1 answers
solution1
0 ACCPTED 2020-04-24 17:25:18
AWS has a good Troubleshooting guide.
Some common causes are:
- lack of inbound port 22 rule on Security Group
- using the wrong SSH key (one that doesn't match the EC2 keypair)
- using the wrong username (eg ec2-user when it should be ubuntu)
Please make sure that you are connecting with the correct private key ( ssh -i key.pem ec2-user@hostname ) and use the -v option to get verbose logging from ssh. This can help you determine if the request actually made it to the EC2 instance (so it's not a connectivity issue) or not (so it is a connectivity issue).
From the symptoms you've shared, I'd say that either /home/mark/.ssh/ecs.pem is not the private key associated with the keypair that you supplied when launching EC2, or you launched EC2 without a keypair.
You should be able to calculate a fingerprint of the PEM file using openssl rsa -in /home/mark/.ssh/ecs.pem -pubout -outform DER | openssl md5 -c openssl rsa -in /home/mark/.ssh/ecs.pem -pubout -outform DER | openssl md5 -c and compare that to the fingerprint shown in the EC2 keypair console. If they don't match, you are using the wrong private key.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.