SSH连接到EC2实例

Question

我正在尝试SSH到EC实例。

这些是我遵循的步骤，下面是我得到的错误。

1. 在Amazon Console中，我创建了一个密钥对并下载了它

2. 将该pem文件的权限更改为400（如此处所示 ）

3. 进入控制台中正在运行的实例并获得我的公共DNS

4. 在描述为“ ElasticBeanstalk环境的SecurityGroup”的组中添加了入站规则（SSH），0.0.0.0 / 0。 在控制台的“安全组”选项卡中

5. 在控制台ssh -i <>my_key_filename>.pem ec2-user@<Public DNS>执行此ssh -i <>my_key_filename>.pem ec2-user@<Public DNS>

这是该输出：

OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-54-254-148-94.ap-southeast-1.compute.amazonaws.com [54.254.148.94] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA a1:2b:92:f6:cf:e3:ed:8a:60:0e:34:c0:27:24:6f:f7
The authenticity of host 'ec2-54-254-148-94.ap-southeast-1.compute.amazonaws.com (54.254.148.94)' can't be established.
RSA key fingerprint is a1:2b:92:f6:cf:e3:ed:8a:60:0e:34:c0:27:24:6f:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-54-254-148-94.ap-southeast-1.compute.amazonaws.com,54.254.148.94' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: aws_key.pem
debug1: Authentications that can continue: publickey
debug1: Offering DSA public key: id_dsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: mailid@gmail.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: mykey.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

另外，我尝试连接的实例是Amazon Linux实例。

Answer 1

根据您的问题下方的评论：看起来您的步骤顺序不正确。

• 首先，您需要创建密钥对
• 那么您需要告诉ElasticBeanstak在启动实例时使用该密钥对

公钥在第一次启动时被注入实例。 实例启动后 ，AWS无法更改密钥对-AWS没有连接到您实例的技术方法。 （您可以通过上传~/.ssh目录中的文件来手动完成此操作）

要了解有关如何将密钥对与ElasticBeanstalk一起使用的更多信息，请查看此屏幕截图

或者只是使用包含.ebextensions的application.config文件创建一个.ebextensions目录

- namespace: aws:autoscaling:launchconfiguration   
  option_name: EC2Keyname   
  value: "keyname"   

有关自定义ElasticBeanstalk环境的更多详细信息： http ://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#customize-containers-format-options

此处列出了可能的值http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-launchconfig.html

有关密钥对的更多详细信息，可以在这里找到： http : //docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

-塞伯