Trying to SSH into an Amazon Ec2 instance - permission error

Question

This is probably a stupidly simple question to some     I ve created a new linux instance on Amazon EC2  and as part of that downloaded the  pem file to allow me to SSH in    When I tried to ssh with   ssh -i myfile pem  lt public dns gt    I got                                                                         WARNING  UNPROTECTED PRIVATE KEY FILE                                                                         Permissions 0644 for  amazonec2 pem  are too open  It is recommended that your private key files are NOT accessible by others  This private key will be ignored  bad permissions  ignore key  amazonec2 pem Permission denied  publickey     Following this post I tried to chmod  600 the pem file  but now when I ssh I just get   Permission denied  publickey     What school-boy error am I making here   The  pem file is in my home folder  in osx   It s permissions look like this   -rw-------    1 mattroberts  staff    1696 19 Nov 11 20 amazonec2 pem

User · Answer

In addition to the other answers  here is what I did in order for this to work    Copy the key to  ssh folder if you still hadn t    cp key pem    ssh key pem   Give the proper permissions to the key   chmod 400    ssh key pem   Start ssh-agent  Thanks to https   stackoverflow com a 17848593     eval  ssh-agent -s  ssh-add   Then  add the key   ssh-add    ssh key pem  Now you should be able to ssh EC2

User · Answer

What did it for me is editing the default security group to allow for inbound TCP traffic at port 22

User · Answer

There can be three reasons behind this error    Your are using a wrong key  Your key doesn t have the correct permissions  You need to chmod it to 400  You are using the wrong user  Ubuntu images have a user ubuntu  Amazon s AMI is ec2-user and debian images have either root or admin

User · Answer

Just change the permission of pem file to 0600 allowing only for the allowed user and it will work like charm   sudo chmod 0600 myfile pem   And then try to ssh it will work perfectly   ssh -i myfile pem  lt  lt ssh user gt  gt   lt  lt server gt  gt

User · Answer

Well  looking at your post description I feel there were 2 mistakes done by you -   Set correct permissions for the private key   Below command should help you to set correct file permision    chmod 0600 mykey pem Wrong ec2 user you are trying to login    Looking at your debug log I think you have spawned an Amazon linux instance  The default user for that instance type is ec2-user   If the instance would have been ubuntu then your default user would have been ubuntu     ssh -i privatekey pem default ssh user server ip    Note     For an Amazon Linux AMI  the default user name is ec2-user      For a Centos AMI  the default user name is centos      For a Debian AMI  the default user name is admin or root      For a Fedora AMI  the default user name is ec2-user or fedora      For a RHEL AMI  the default user name is ec2-user or root      For a SUSE AMI  the default user name is ec2-user or root      For an Ubuntu AMI  the default user name is ubuntu      Otherwise  if ec2-user and root don t work  check with the AMI provider     source  https   docs aws amazon com AWSEC2 latest UserGuide AccessingInstancesLinux html

User · Answer

Checklist    Are you using the right private key  pem file  Are its permissions set correctly   My Amazon-brand AMIs work with 644  but Red hat must be at least 600 or 400  Don t know about Ubuntu   Are you using the right username in your ssh line  Amazon-branded    ec2-user   Red Hat    root   Ubuntu    ubuntu   User can be specified as  ssh -i pem usename hostname  OR  ssh -l username -i pem hostname

User · Answer

In windows you can go to the properties of the pem file  and go to the security tab  then to advance button  remove inheritance and all the permissions  then grant yourself the full control  after all SSL will not give you the same error again

User · Answer

The problem is having wrong mod on the file   Easily solved by executing -  chmod 400 mykey pem  Taken from Amazon s instructions -     Your key file must not be publicly viewable for SSH to work  Use this   command if needed   chmod 400 mykey pem   400 protects it by making it read only and only for the owner

User · Answer

Alternative log-in using PuTTY  Its good but needs a few steps   Get your  pem that was generated when you first made the EC2 instance  Convert the  pem file  ppk using PuttyGen since PuTTY does not read  pem  Open PuTTY and enter your Host Name which is your instance username   Public DNS  Ex  ubuntu ec2-xxx-xxx-xxx-xxx region compute amazonaws com   Not your AWS account username  Then navigate to Connection  gt  SSH  gt  Auth  Then add your  ppk file  Click on Browse where it says  quot Private key file for authentication quot   Click Open and you should be able to immediately establish connection   Im using PuTTY 0 66 in Windows

User · Answer

I know this is very late to the game     but this always works for me   step 1  ssh-add    ssh KEY PAIR NAME pem   step 2  simply ssh in     ssh user name  lt instance public dns ip gt    e g   ssh ec2-user ec2-198-51-100-1 compute-1 amazonaws com   hope this helps someone

User · Answer

Do a chmod 400 yourkeyfile pem  If your instance is Amazon linux then use ssh -i yourkeyfile pem ec2-user ip for ubuntu ssh -i yourkeyfile pem ubuntu ip for centos ssh -i yourkeyfile pem centos ip

User · Answer

ssh -i   pem user host-machine-IP  I think it s because either you have entered wrong credentials or  you are using a public key rather than private key or  your port permissions are open for ALL to ssh  This is bad for Amazon

User · Answer

You are likely using the wrong username to login    most Ubuntu images have a user ubuntu Amazon s AMI is ec2-user most Debian images have either root or admin   To login  you need to adjust your ssh command   ssh -l USERNAME HERE -i  ssh yourkey pem public-ec2-host   HTH

User · Answer

Key file should not be publicly viewable so use permission 400  chmod 400 keyfile pem   If above command shows permission error use  sudo chmod 400 keyfile pem   Now ssh into the ec2 machine  if you still face the issue  use ec2-user   ssh -i keyfile pem ec2-user ec2-12-34-56-78 compute-1 amazonaws com

User · Answer

I have seen two reasons behind this issue  1  access key does not have the right permission  pem keys with default permission are not allowed to make a secure connection  You just have to change the permission   chmod 400 xyz pem   2  Also check whether you have logged-in with proper user credentials  Otherwise  use sudo while connecting  sudo ssh -i  keyfile  ec2-user  ip address of remote host

User · Answer

Following are the simple steps for Linux user to connect with the server using  pem file   Step1  To to the location of pem file and copy it to home  ssh location   cp example pem    ssh example pem   Step2  Change the permission  chmod 400    ssh example pem   Step3  Run the following command  ssh -i    ssh example pem ec2-user host com   As this command is too long so you sould create the alias of this using following commands    vim    bashrc   Write the same command in the following manner at the last   alias sshConnect  ssh -i    ssh example pem ec2-user host com    Now restart your system and use sshConnect to connect with your server

User · Answer

Change permission for the key file with     chmod 400 key-file-name pem   See AWS documentation for connecting to the instance   http   docs aws amazon com AWSEC2 latest UserGuide EC2 GetStarted html EC2 ConnectToInstance Linux

User · Answer

It is just a permission issue with your aws pem key   Just change the permission of pem key to 400 using below command   chmod 400 pemkeyname pem   If you don t have permission to change the permission of a file you can use sudo like below command   sudo chmod 400 pemkeyname pem   I hope this should work fine

User · Answer

In Mac terminal  doing  chmod 400 xyz pem  did not help me  it kept saying permission denied  For ubuntu users I would suggest   ssh-add xyz pem ssh -i xyz pem ubuntu ec2-54-69-172-118 us-west-2 compute amazonaws com   notice the user is ubuntu

User · Answer

The issue for me was that my  pem file was in one of my NTFS partitions  I moved it to my linux partition  ext4     Gave required permissions by running   chmod 400 my file pem  And it worked

User · Answer

SSH keys and file permission best practices     ssh directory - 0700  only by owner  private key  pem file - 0400  read only by owner  public key  pub file - 0600  read  amp  write only by owner   chmod XXXX file directory

User · Answer

You can find the answer from the ASW guide  400 protects it by making it read only and only for the owner  chmod 400 mykey pem

User · Answer

What fixed this for me was to move the  pem file within the apps directory  Soo say fooapp is the name of my app  I placed it directly in there

User · Answer

Please ignore this answer if it is irrelevant for you  but from my experience I ve seen people having an issue with Permission denied  publickey  because they simply pasted their public key  on a target machine  without the first letter     This happens when using vim to edit  paste  the key  Since vim by default opens in command mode  not in an insert mode   pasting the key without switching to an insert mode  i e  i  will result in skipping the first s letter  e g  instead of   ssh-rsa  lt key gt    you end up pasting  sh-rsa  lt key gt    So before trying other solutions  see if you ve pasted your key correctly  i e   cat    ssh id rsa pub   Only if you re certain  perform the next steps  trying to ssh in a verbose mode  i e  flag -v  might point you to the actual issue   ssh -v -i  lt private key gt   lt name gt   lt ip gt  -p  lt port gt    As a side note  as it has been already mentioned here by others  in majority of cases starting an empty ssh agent  program that keeps your keys in memory  and adding your key should resolve the issue   ssh-agent bash ssh-add  lt private key gt

User · Answer

BY default permission are not allowing the pem key  You just have to change the permission   chmod 400 xyz pem   and if ubuntu instance then connect using   ssh -i xyz pem ubuntu ec2-youraws amazonaws com

User · Answer

Take a look at this article  You do not use the public DNS but rather the form   ssh -i your pem root ec2-XXX-XXX-XXX-XXX z-2 compute-1 amazonaws com   where the name is visible on your AMI panel

User · Answer

By default whenever you download the keyfile it come with 644 permissions  So you need to change the permission each time you download new keys   chmod 400 my file pem

User · Answer

Ok man  the only thing that worked for me was    Change permissions of the key     chmod 400 mykey pem  Make sure to log in using ec2-user  and the correct ec2-99    address   The ec2-99 address is at the bottom of the aws console when you re logged in and seeing your instance listed     ssh -i mykey pem ec2-user ec2-99-99-99-99 compute-1 amazonaws com

User · Answer

400 protects it by making it read only and only for the owner  You can find the answer from the ASW guide   chmod 400 yourPrivateKey pem

User · Answer

In windows   Right click on the pem file  Then select properties  Select security tab -- gt  Click on Edit -- gt   Remove all other user except current user Go back to security tab again -- gt  Click on Advanced -- gt  Disable inheritance

User · Answer

I know this question has been answered already but for those that have tried them all and you are still getting the annoying  Permission denied  publickey    Try running your command with SUDO  Of course this is a temporary solution and you should set permissions correctly but at least that will let you identify that your current user is not running with the privileges you need  as you assumed    sudo ssh -i amazonec2 pem ec2-xxx-xxx-xxx-xxx us-west-2 compute amazonaws com  Once you do this you ll get a message like this   Please login as the user  ec2-user  rather than the user  root   Which is also sparsely documented  In that case just do this    sudo ssh -i amazonec2 pem ec2-xxx-xxx-xxx-xxx us-west-2 compute amazonaws com -l ec2-user  And you ll get the glorious                                    Amazon Linux AMI

User · Answer

You should also check if your  pem file is not corrupted  I spent about an hour scratching my head and decided to check using this line openssl rsa -check -in test pem -noout  If it returns  quot RSA key ok quot  then you are good  If not  make sure you have the right file and or copied it correctly for whatever reason

[amazon-web-services] Trying to SSH into an Amazon Ec2 instance - permission error

Examples related to amazon-web-services

Examples related to authentication

Examples related to ssh

Examples related to amazon-ec2

Examples related to permissions