AWS ssh访问'Permission denied(publickey)'问题

Question

如何通过ssh连接到AWS实例？

我有:

1. 在AWS注册;
2. 在AWS网站上创建公钥和证书并将其保存到磁盘;

3. 去了我的控制台并创建了环境变量:

   $ export JAVA_HOME=/usr/lib/jvm/java-6-openjdk/
   $ export EC2_CERT=/home/default/aws/cert-EBAINCRNWHDSCWWIHSOKON2YWGJZ5LSQ.pem
   $ export EC2_PRIVATE_KEY=/home/default/aws/pk-EBAINCRNWHDSCWWIHSOKON2YWGJZ5LSQ.pem
   

4. 告诉AWS API使用此密钥对并将密钥对保存到文件:

   $ ec2-add-keypair ec2-keypair > ec2-keypair.pem
   

5. 使用此密钥对启动AWS Ubuntu 9实例:

   $ ec2-run-instances ami-ed46a784 -k ec2-keypair
   

6. 尝试与实例建立ssh连接:

   $ ssh -v -i ec2-keypair.pem ubuntu@ec2-174-129-185-190.compute-1.amazonaws.com
   OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
   debug1: Reading configuration data /etc/ssh/ssh_config
   debug1: Applying options for *
   debug1: Connecting to ec2-174-129-185-190.compute-1.amazonaws.com [174.129.185.190] port 22.
   debug1: Connection established.
   debug1: identity file ec2-keypair.pem type -1
   debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5ubuntu1
   debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
   debug1: Enabling compatibility mode for protocol 2.0
   debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
   debug1: SSH2_MSG_KEXINIT sent
   debug1: SSH2_MSG_KEXINIT received
   debug1: kex: server->client aes128-cbc hmac-md5 none
   debug1: kex: client->server aes128-cbc hmac-md5 none
   debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
   debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
   debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
   debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
   debug1: Host 'ec2-174-129-185-190.compute-1.amazonaws.com' is known and matches the RSA host key.
   debug1: Found key in /home/default/.ssh/known_hosts:11
   debug1: ssh_rsa_verify: signature correct
   debug1: SSH2_MSG_NEWKEYS sent
   debug1: expecting SSH2_MSG_NEWKEYS
   debug1: SSH2_MSG_NEWKEYS received
   debug1: SSH2_MSG_SERVICE_REQUEST sent
   debug1: SSH2_MSG_SERVICE_ACCEPT received
   debug1: Authentications that can continue: publickey
   debug1: Next authentication method: publickey
   debug1: Trying private key: ec2-keypair.pem
   debug1: read PEM private key done: type RSA
   debug1: Authentications that can continue: publickey
   debug1: No more authentication methods to try.
   Permission denied (publickey).
   

   可能是什么问题以及如何使其发挥作用？

Answer 1

对于Ubuntu实例:

chmod 600 ec2-keypair.pem
ssh -v -i ec2-keypair.pem ubuntu@ec2-174-129-185-190.compute-1.amazonaws.com

对于其他情况,您可能必须使用ec2-user而不是ubuntu.

我使用的大多数EC2 Linux映像都默认创建了root用户.

另请参阅:http://www.youtube.com/watch？v = WBro0TEAd7g

Answer 2

现在是:

ssh -v -i ec2-keypair.pem ec2-user@[yourdnsaddress]

Answer 3

Canonical的版本默认使用用户'ubuntu'来登陆这里的任何人使用ubuntu图像来解决同样的问题.

Answer 4

如果您使用的是Bitnami图像,请以"bitnami"身份登录.

看似显而易见,但我忽视了一些事情.

Answer 5

对于我的ubuntu图像,它实际上是ubuntu用户而不是ec2用户;)

Answer 6

Ubuntu 10.04与openSSH

这是确切的用法:

ssh -v -i [yourkeypairfile] ec2-user@[yourdnsaddress]

例如:

ssh -v -i GSG_Keypair.pem ec2-user@ec2-184-72-204-112.compute-1.amazonaws.com

以上示例直接来自AWS教程,用于连接到Linux/UNIX计算机:http: //docs.amazonwebservices.com/AWSEC2/latest/GettingStartedGuide/

Answer 7

如果pem文件权限太开放,它也会抱怨.chmod文件到600来解决这个问题.

Answer 8

我也遇到了这个问题-原来我正在使用社区创建的AMI-默认用户名是niehter root，也不是ect-user或ubuntu。实际上，我不知道它是什么-直到尝试了“ root ”，服务器好心地要求我以xxx身份登录，其中xxx告诉您什么。

-干杯！

Answer 9

如果您正在运行 Bitnami 的 AWS 映像。用户名是bitnami。干杯!

查看我的调试并查看最后一个：

*

ssh -v -i awsliferaysrta.pem.txt root@54.254.250.***
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 54.254.250.*** [54.254.250.***] port 22.
debug1: Connection established.
debug1: identity file awsliferaysrta.pem.txt type -1
debug1: identity file awsliferaysrta.pem.txt-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 05:5c:78:45:c9:39:3a:84:fe:f8:19:5d:31:48:aa:5f
debug1: Host '54.254.250.***' is known and matches the RSA host key.
debug1: Found key in /Users/macbookpro/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: awsliferaysrta.pem.txt
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 54.254.250.*** ([54.254.250.***]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Remote: Port forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Forced command.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Please login as the user "bitnami" rather than the user "root".

*

Answer 10

您需要在本地机器上有您的私钥

您需要知道远程计算机或服务器的 IP 地址或 DNS 名称，您可以从 AWS 控制台获取此信息

如果你是linux用户

• 确保私钥的权限为 600 ( chmod 600 <path to private key file>)
• 使用ssh ( ssh -i <path to private key file> <user>@<IP address or DNS name of remote server>)连接到您的计算机

如果您是 Windows 用户

• 使用 PuTTy 创建 ssh 会话 ( http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.66-installer.exe )
• 如果您的私钥文件是 .pem 格式，请使用puttygen将其转换为 .ppk
• 启动 PuTTy，设置远程服务器的 ppk 文件、IP 地址或 DNS 名称并启动 ssh 会话