[英]Trying to connect to EC2 instance in private subnet from bastion server
我有 2 個 EC2 實例 - 一個位於連接到 nat 網關的私有子網中,另一個位於連接到 Internet 網關的公共子網中。 我在私有子網上有一個 jenkins 服務器,在公共子網中有一個堡壘服務器。
我使用 scp 將創建 jenkins 實例時使用的 pem 密鑰復制到我的堡壘服務器,現在我嘗試通過堡壘連接到 jenkins 實例。
我運行命令ssh -i pem.key ubuntu@privateipaddress但不斷收到權限被拒絕(公鑰)錯誤。
我已經檢查了兩個實例的安全組設置,然后他們檢查了。 jenkins 安全組的入站規則允許來自堡壘安全組的 SSH 和 HTTP 流量,而 jenkins 安全組的出站規則當前允許所有流量通過。
我對堡壘安全組有相反的看法。
編輯:詳細:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.1.49 [10.0.1.49] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file key.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.0.1.49:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EgAjWBAxVLz8L+MQNQXZeIwh51QZOPxPhvugsxv1XGs
debug1: Host '10.0.1.49' is known and matches the ECDSA host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: key.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
ubuntu@10.0.1.49: Permission denied (publickey).
我按照本指南設法解決了這個問題: https : //aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/
我以前遇到過,但從未考慮過嘗試,因為我課程的教練說我不需要。
AWS VPC - 無法從私有子網中的堡壘主機通過 SSH 連接到不同子網中同一 VPC 中的 EC2 實例
[英]AWS VPC - Cannot SSH from Bastion Host in private subnet to EC2 instance in the same VPC in a different subnet
如何通過堡壘主機從我的 Windows OS 客戶端機器連接到私有子網中的 EC2 實例。
[英]How to connect to EC2 instance which is in Private subnet from my Windows OS client machine through Bastion host.?
另一個 vpc 的私有子網中的 ssh ec2 實例而不使用堡壘
[英]ssh ec2 instance in Private subnet of another vpc without using bastion
如何從另一個私有子網的ec2實例訪問私有子網中的RDS實例?
[英]How to access RDS instance which in private subnet from ec2 instance from another private subnet?
通過堡壘服務器在私有IP上使用boto SSH到EC2實例
[英]SSH to EC2 instance using boto on private IP through bastion server
AWS:SSH 通過 NAT 網關從公共 su.net EC2 實例到私有 su.net EC2 實例沒有發生
[英]AWS : SSH to private subnet EC2 instance from public subnet EC2 instance via NAT GATEWAY is not happening
將 squid 設置為透明代理(在公共子網中)時,無法從私有子網中的 EC2 實例訪問公共 EC2 實例
[英]Unable to reach public EC2 instance from EC2 instances in a private subnet while setting up squid as a transparent proxy (in public subnet)
從可公開訪問的 rds 數據庫轉移到使用 bastion ec2 實例連接到它
[英]moving from publicly accessible rds database to using bastion ec2 instance to connect to it
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.