AWS ssh access Permission denied publickey issue

Question

How to connect to a AWS instance through ssh   I have    Signed up at AWS  Created a public key and a certificate at AWS website and saved them to disk  Went to my console and created environment variables      export JAVA HOME  usr lib jvm java-6-openjdk    export EC2 CERT  home default aws cert-EBAINCRNWHDSCWWIHSOKON2YWGJZ5LSQ pem   export EC2 PRIVATE KEY  home default aws pk-EBAINCRNWHDSCWWIHSOKON2YWGJZ5LSQ pem  Told AWS API to use this keypair and saved the keypair to file      ec2-add-keypair ec2-keypair  gt  ec2-keypair pem  Started an AWS Ubuntu 9 instance using this keypair      ec2-run-instances ami-ed46a784 -k ec2-keypair  Attempted to establish a ssh connection to the instance      ssh -v -i ec2-keypair pem ubuntu ec2-174-129-185-190 compute-1 amazonaws com OpenSSH 5 1p1 Debian-5ubuntu1  OpenSSL 0 9 8g 19 Oct 2007 debug1  Reading configuration data  etc ssh ssh config debug1  Applying options for   debug1  Connecting to ec2-174-129-185-190 compute-1 amazonaws com  174 129 185 190  port 22  debug1  Connection established  debug1  identity file ec2-keypair pem type -1 debug1  Remote protocol version 2 0  remote software version OpenSSH 5 1p1 Debian-5ubuntu1 debug1  match  OpenSSH 5 1p1 Debian-5ubuntu1 pat OpenSSH  debug1  Enabling compatibility mode for protocol 2 0 debug1  Local version string SSH-2 0-OpenSSH 5 1p1 Debian-5ubuntu1 debug1  SSH2 MSG KEXINIT sent debug1  SSH2 MSG KEXINIT received debug1  kex  server- gt client aes128-cbc hmac-md5 none debug1  kex  client- gt server aes128-cbc hmac-md5 none debug1  SSH2 MSG KEX DH GEX REQUEST 1024 lt 1024 lt 8192  sent debug1  expecting SSH2 MSG KEX DH GEX GROUP debug1  SSH2 MSG KEX DH GEX INIT sent debug1  expecting SSH2 MSG KEX DH GEX REPLY debug1  Host  ec2-174-129-185-190 compute-1 amazonaws com  is known and matches the RSA host key  debug1  Found key in  home default  ssh known hosts 11 debug1  ssh rsa verify  signature correct debug1  SSH2 MSG NEWKEYS sent debug1  expecting SSH2 MSG NEWKEYS debug1  SSH2 MSG NEWKEYS received debug1  SSH2 MSG SERVICE REQUEST sent debug1  SSH2 MSG SERVICE ACCEPT received debug1  Authentications that can continue  publickey debug1  Next authentication method  publickey debug1  Trying private key  ec2-keypair pem debug1  read PEM private key done  type RSA debug1  Authentications that can continue  publickey debug1  No more authentication methods to try  Permission denied  publickey     What could be the problem and how to make it work

User · Answer

If you re using a Bitnami image  log in as  bitnami    Seems obvious  but something I overlooked

User · Answer

If you are using EBS  you can also try to mount the EBS Volume on a running instance  Then mount it on that running instance and see what s going on in  home  You can see things like is the user ubuntu or ec2-user   or does it have the right public keys under    ssh authorized keys

User · Answer

Canonical s releases use the user  ubuntu  by default for anyone landing here with a ubuntu image that is coming up with the same problem

User · Answer

Permission for ec2-keypair pem should be 400  chmod 400 ec2-keypair pem

User · Answer

You need have your private key in your local machine  You need to know the IP address or DNS name of your remote machine or server  you can get this from AWS console  If you are a linux user   Make sure the permissions on the private key are 600  chmod 600  lt path to private key file gt   Connect to your machine using ssh  ssh -i  lt path to private key file gt   lt user gt   lt IP address or DNS name of remote server gt     If you are a windows user   Use PuTTy to create the ssh session  http   the earth li  sgtatham putty latest x86 putty-0 66-installer exe  If your private key file is in  pem format convert it into  ppk using puttygen Launch PuTTy  set you ppk file  IP address or DNS name of the remote server and start the ssh session

User · Answer

It will also complain if the pem file permissions are too open  chmod the file to 600 to fix that

User · Answer

There are 2 steps to be connected     Chmod 400 on your private key  like this the others cannot access to your key   chmod 400 toto pem   To connect to your instance in SSH  you need to know the public IP address of your instance     ssh -i toto pem ec2-user XX XX XX XXX   Hope it helps

User · Answer

For Debian EC2 instances  the user is admin

User · Answer

I was also running into this - turns out I was using a community-created AMI - and the default username was niehter root  nor was it ect-user or ubuntu  In fact  I had no idea what it was - till I tried  root  and the server kindly asked me to login as xxx where xxx is whatever it tells you   -cheers

User · Answer

Ubuntu 10 04 with openSSH   this is the exact usage   ssh -v -i  yourkeypairfile  ec2-user  yourdnsaddress    for example   ssh -v -i GSG Keypair pem ec2-user ec2-184-72-204-112 compute-1 amazonaws com   above example was taken directly from the AWS tutorial for connecting to a Linux UNIX machine at  http   docs amazonwebservices com AWSEC2 latest GettingStartedGuide

User · Answer

Just adding to this list   I was having trouble this morning with a new user just added to an AWS EC2 instance   To cut to the chase  the problem was selinux  which was in enforcing mode   together with the fact that my user home dir was on a new EBS attached volume   Somehow I guess selinux doesn t like that other volume   Took me a while to figure out  as I looked through all the other usual ssh issues   etc ssh sshd config was fine  of course no password allowed  permissions were right  etc    The fix   For now  until I understand how to allow a user to ssh to a different volume  or somehow make that volume a bona fide home dir point    sudo perl -pi -e  s  SELINUX enforcing SELINUX permissive    etc selinux config sudo setenforce 0   That s it  Now my new user can log in  using his own id rsa key

User · Answer

For my ubuntu images  it is actually ubuntu user and NOT the ec2-user

User · Answer

Its ec2-user for Amazon Linux AMI s and ubuntu for Ubuntu images   Also  RHEL 6 4 and later    ec2-user RHEL 6 3 and earlier    root Fedora  ec2-user Centos  root

User · Answer

Had the same issue  Permission denied  publickey  when trying to login in with  ec2-user  or with  root    Googled the AMI number of the machine image and it had the SSH login information right their on the Debian wiki page   Hope this helps

User · Answer

this worked for me   ssh-keygen -R  lt server IP gt    to delete the old keys stored on the workstation also works with  instead of   then doing the same ssh again it worked   ssh -v -i  lt your pem file gt  ubuntu  lt server IP gt    on ubuntu instances the username is  ubuntu on Amazon Linux AMI the username is  ec2-user  I didn t have to re-create the instance from an image

User · Answer

Now it s   ssh -v -i ec2-keypair pem ec2-user  yourdnsaddress

User · Answer

For Ubuntu instances   chmod 600 ec2-keypair pem ssh -v -i ec2-keypair pem ubuntu ec2-174-129-185-190 compute-1 amazonaws com   For other instances  you might have to use ec2-user instead of ubuntu   Most EC2 Linux images I ve used only have the root user created by default   See also  http   www youtube com watch v WBro0TEAd7g

User · Answer

If you are running AWS image from Bitnami  The username would be bitnami  Cheers   see my debug and look at the last one       ssh -v -i awsliferaysrta pem txt root 54 254 250     OpenSSH 6 2p2  OSSLShim 0 9 8r 8 Dec 2011 debug1  Reading configuration data  etc ssh config debug1   etc ssh config line 20  Applying options for   debug1  Connecting to 54 254 250      54 254 250      port 22  debug1  Connection established  debug1  identity file awsliferaysrta pem txt type -1 debug1  identity file awsliferaysrta pem txt-cert type -1 debug1  Enabling compatibility mode for protocol 2 0 debug1  Local version string SSH-2 0-OpenSSH 6 2 debug1  Remote protocol version 2 0  remote software version OpenSSH 5 9p1 Debian-5ubuntu1 1 debug1  match  OpenSSH 5 9p1 Debian-5ubuntu1 1 pat OpenSSH 5  debug1  SSH2 MSG KEXINIT sent debug1  SSH2 MSG KEXINIT received debug1  kex  server- gt client aes128-ctr hmac-md5 none debug1  kex  client- gt server aes128-ctr hmac-md5 none debug1  SSH2 MSG KEX DH GEX REQUEST 1024 lt 1024 lt 8192  sent debug1  expecting SSH2 MSG KEX DH GEX GROUP debug1  SSH2 MSG KEX DH GEX INIT sent debug1  expecting SSH2 MSG KEX DH GEX REPLY debug1  Server host key  RSA 05 5c 78 45 c9 39 3a 84 fe f8 19 5d 31 48 aa 5f debug1  Host  54 254 250      is known and matches the RSA host key  debug1  Found key in  Users macbookpro  ssh known hosts 2 debug1  ssh rsa verify  signature correct debug1  SSH2 MSG NEWKEYS sent debug1  expecting SSH2 MSG NEWKEYS debug1  SSH2 MSG NEWKEYS received debug1  Roaming not allowed by server debug1  SSH2 MSG SERVICE REQUEST sent debug1  SSH2 MSG SERVICE ACCEPT received debug1  Authentications that can continue  publickey debug1  Next authentication method  publickey debug1  Trying private key  awsliferaysrta pem txt debug1  read PEM private key done  type RSA debug1  Authentication succeeded  publickey   Authenticated to 54 254 250       54 254 250      22   debug1  channel 0  new  client-session  debug1  Requesting no-more-sessions openssh com debug1  Entering interactive session  debug1  Remote  Port forwarding disabled  debug1  Remote  Agent forwarding disabled  debug1  Remote  X11 forwarding disabled  debug1  Remote  Forced command  debug1  Sending environment  debug1  Sending env LANG   en US UTF-8 Please login as the user  bitnami  rather than the user  root

User · Answer

In my case  Mac OS X   the problem was the file s break type  Try this   1 - Open the  pem file with TextWrangler  2 - At Bottom of app  verify if the Break Type is  Windows CRLF

User · Answer

use        chmod 400 ec2-keypair pem   don t use the 600 permission otherwise you might overwrite your key accidently

[amazon-web-services] AWS ssh access 'Permission denied (publickey)' issue

Examples related to amazon-web-services

Examples related to ssh-keys