AWS ssh error 'Permission denied (publickey)'

2018-06-13 16:08:26

When I try to ssh to my AWS instance I'm getting 'Permission denied (publickey)'.

Searching this issue the resolution is usually to make sure the .pem key has the right permissions with 'chmod 600'. The other solution is logging in as root or ec2-user. I've tried both.

What's unique is that I can use the same key and log into an older AWS instance, then try to log my newly created one and get the permission denied error. In AWS both show to be using the same "Key pair name". So if they key pair is the same in AWS and the key works on one box, why the issue on the other box?

The box that fails (same key)

$ ssh -v -i .ssh/aws_match.pem root@52.23.xxx.xxx
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 52.23.xxx.xxx [52.23.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file .ssh/aws_match.pem type -1
debug1: identity file .ssh/aws_match.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 5c:5b:54:a6:50:ec:3b:ba:aa:4f:00:2a:90:b3:a9:9b
debug1: Host '52.23.195.151' is known and matches the RSA host key.
debug1: Found key in /Users/pumphreyjj/.ssh/known_hosts:12
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/aws_match.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

The box that works (same key)

$ ssh -v -i .ssh/aws_match.pem root@54.84.xx.xxx
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 54.84.xx.xxx [54.84.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file .ssh/aws_match.pem type -1
debug1: identity file .ssh/aws_match.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA f0:94:93:93:fa:1d:37:ec:6d:0a:22:78:2e:9c:d1:13
debug1: Host '54.84.81.152' is known and matches the RSA host key.
debug1: Found key in /Users/pumphreyjj/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/aws_match.pem
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 54.84.xx.xxx ([54.84.xx.xxx]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Nov  9 10:43:36 2015 from 128.231.xxx.xxx

The only difference I see is the OpenSSH version, but that's installed by AWS. I haven't changed the box any yet.

Turns out that the older box was built with a specific image and that local key was uploaded to AWS go with it. New boxes didn't work with that key for whatever reason. I worked around this by creating a new key for the new boxes and it is working fine now.

链接地址: http://www.djcxy.com/p/38980.html

上一篇: 通过ssh连接到ec2实例错误？

下一篇: AWS ssh错误'Permission denied（publickey）'