[英]EC2 keypair works in one instance but fails on other - Permission denied (publickey)
我已经阅读了许多有关此主题的帖子,但没有一个可以帮助我解决问题。
我有一台使用以下SSH命令连接的Amazon EC2机器:
ssh -i /Library/AWS/glrpopulis.pem ec2-user@54.225.154.23
到目前为止,我从未遇到过此命令的问题。 它刚刚停止工作,将显示以下消息: 权限被拒绝(公钥)。 从哪儿冒出来!
我真的不明白为什么几乎每天都使用的同一命令突然无法正常工作。 也许我已经做了一些我不应该做的事情,但是我很难弄清楚是什么。
第一次发生时,我正在为Web应用程序(Atlassian Bamboo)创建服务,但是我不确定这是否与错误有关。
我已经重启了几次机器,一次又一次地尝试,但没有成功。
下面显示带有-v选项的完整输出:
mac-pipo:~ felipereis$ ssh -v -i /Library/AWS/glrpopulis.pem ec2-user@54.225.154.23
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 54.225.154.23 [54.225.154.23] port 22.
debug1: Connection established.
debug1: identity file /Users/felipereis/.ssh/id_rsa type 1
debug1: identity file /Users/felipereis/.ssh/id_rsa-cert type -1
debug1: identity file /Users/felipereis/.ssh/id_dsa type -1
debug1: identity file /Users/felipereis/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 19:ef:f1:2b:56:dd:86:ec:42:65:ff:1d:6b:64:0f:f3
debug1: Host '54.225.154.23' is known and matches the RSA host key.
debug1: Found key in /Users/felipereis/.ssh/known_hosts:12
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/felipereis/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Library/AWS/glrpopulis.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/felipereis/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
更新:*我刚刚测试过,并且能够使用相同的密钥(glrpopulis.pem)连接到不同的ec2实例,所以也许是第一台机器上发生了什么
听起来〜/ .ssh / authorized_keys下的键被弄乱了或文件被删除了。
请尝试以下操作:
Volume A
Volume A
作为/dev/sdf
附加到该新实例 mkdir -p /mnt/xvdf
mount /dev/xvdf /mnt/xvdf
cp ~/.ssh to /mnt/xvdf/home/ec2-user/.
chmod 700 /mnt/xvdf/home/ec2-user
chmod 600 /mnt/xvdf/home/ec2-user/authorized_keys
Volume A
Volume A
您应该可以立即登录。
根据您的AMI,可能会将公钥添加到ec2-user以外的其他用户的authorized_keys文件中。
要找出答案,您可以在EC2控制台中查看该实例的启动日志,它应该输出cloud-init用作“默认用户”的用户名。 我的行像这样:
ci-info: +++++++++++++++++++++Authorized keys from /home/ec2-user/.ssh/authorized_keys for user ec2-user++++++++++++++++++++++
您还可以尝试以root用户身份登录,因为有时会出现类似“请以用户“ ec2-user”而不是用户“ root”登录的错误。
这发生在我身上,这是因为我已经更新了我的cloud-init版本,这是将公钥添加到authorized_keys的方法。 默认配置文件( /etc/cloud/cloud.cfg
)被替换,导致默认用户从“ ec2-user”更改为“ cloud-user”。
我通过将新的/etc/cloud/cloud.cfg
的system_info部分更改为此问题来解决此问题:
...
system_info:
...
default_user:
name: ec2-user
sudo: ALL=(ALL) NOPASSWD:ALL
...
然后,您可以从该实例创建一个新的AMI,它应该再次正确设置ec2-user。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.