Getting below error while launching ssh sesssion, I have all my public keys in place in both the places
1./username/.ssh/authorizedkeys
2.trusted-user-ca.keys.pem
Still getting below error.
" Warning: Permanently added 'XX.XX.XX.XXX' (ECDSA) to the list of known hosts. Permission denied (publickey).
can anyone help on this?
First you have to change file permission like this
chmod 400 key.pem
then use
ssh -i "key.pem" root#domain.amazonaws.com
Issue was with the public certificate, The principal name was different from the user name, tried signing the user public key with username as principal and I successfully logged in.
Related
I am trying to setup an ssh connection to a docker using ssh keys, i have used ssh_keygen and copied the .pub file to ~/.ssh/authorized_keys in the container, however i get the following error on connection
me#172.17.0.2: Permission denied (publickey).
I have done this following the ssh manual page so I struggle to understand why my keys wont pass.
Container side my home is set as /root, which is why I put it in the /root/.ssh/authorize_keys folder.
I also modified the sshd_config file following options:
PermitRootLogin yes
PasswordAuthentication no
PermitEmptyPasswords no
I had tried setting PermitEmptyPasswords and PasswordAuthentication to yes but would still be refused login if i just gave an empty string as password.
What am i missing here?
I created a virtual machine on Azure. It was working fine a couple of days ago (I was able to connect to it using SSL using command prompt), after that I reserved the IP public address and shutdown the machine and . Now I am trying to connect to it via SSL using same way and it is throwing permission denied error. How to rectify this ?
ssh -i user_key.pem username#xx.xxx.xx.xx
Load key "user_key.pem": Permission denied
username#xx.xxx.xx.xx: Permission denied (publickey).
The problem was that I removed all permissions (except read by administrator) from my key.pem file. This I did because previously it was showing that the permissions are too open.
Opening the command prompt as administrator mode worked.
I'm unable to ssh into my EC2 instance, seems to be an issue with the permission level of the ssh .pem file I'm passing to ssh, googling around this seems to be a problem many others have faced but their solutions didn't work for me.
Here is what I tried, someone please help...
Atempt 1:
asemani$ ssh -i ~/.ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0777 for '.ssh/secure.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key ".ssh/secure.pem": bad permissions
Permission denied (publickey).
Attempt 2:
asemani$ chmod 600 ~/.ssh/secure.pem
asemani$ ls -l ~/.ssh/
total 56
-rw-r--r-- 1 asemani CORP\Domain Users 782 Apr 29 11:14 config
-rw-------# 1 asemani CORP\Domain Users 1696 Apr 29 21:32 secure.pem
asemani$
asemani$ ssh -i .ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
Permission denied (publickey).
I don't get the warning anymore but Permission is still denied. I then also tried doing a chmod 400 on the .pem file but that also didn't work. I won't paste that here since that may be overkill.
What is happening here? How can I ssh into my ec2? This should be a simple thing??
Change permission to chmod 400 ~/.ssh/secure.pem
Are you able to login as the default user using your pem key? For Ubuntu instances, default user should be ubuntu; for most other instances it should be ec2-user. If you're able to login as the default user, chances are that root isn't allowed for ssh login. To change that, login as the default user and do the following:
# Edit sshd_config and modify 'PermitRootLogin XX' to 'PermitRootLogin yes'
sudo vi /etc/ssh/sshd_config
# Reload sshd configuration
sudo service sshd reload
NOTE: This only serves as a how-to. It's generally not recommended to allow root login over ssh for security reason.
You need to launch the instance through your AWS EC2 management console. Once it is launched, copy the public DNS IPv4 and paste it after the linux distribution name being used (e.g. ubuntu#IPv4). Also, make sure you are working in the directory that houses your private access key.
For clarification, once your EC2 instance is launched and you're in the directory that holds your private access key, type in the following in the command-line:
ssh -i private_access_key.pem linux#IPv4
to windows users can change the premise of files through wsl doing this:
Edit or create (using sudo) /etc/wsl.conf
[automount]
options = "metadata"
Restart wsl: (powershell)
PS Get-Service LxssManager | Restart-Service
and finally, do:
chmod 400 key.pem
I've set up a new instance of Google Compute Engine on a new project. I start the instance and use command gcloud init to connect to my project. I then use command sudo gcloud compute ssh instance-1. It takes me through SSH key pair generation:
WARNING: The private SSH key file for Google Compute Engine does not exist.
WARNING: You do not have an SSH key for Google Compute Engine.
WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/username/.ssh/google_compute_engine.
Your public key has been saved in /Users/username/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:there_is_a_key_here_but_probably_should_not_show_it root#My-MacBook-Air-4.local
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| |
| |
| |
| |
|There is an image|
|here |
+----[SHA256]-----+
Updating project ssh metadata...\Updated [link to the project].
Updating project ssh metadata...done.
Warning: Permanently added 'compute.1788786712041991164' (ECDSA) to the list of known hosts.
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) Could not SSH to the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
Weird. I check the metadata in my Google Cloud Console, they key appeared there after running this command. So it was successfully generated and metadata was updated.
I wait a little bit, and try again the same command:
My-MacBook-Air-4:~ myname$ sudo gcloud compute ssh instance-1
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. See https://cloud.google.com/compute/docs/troubleshooting#ssherrors for troubleshooting hints.
So I try some of the troubleshooting hints:
gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
Firewall seems fine. And that happens to EVERY Google Compute Engine instance I create on ANY project. I don't understand what is going on, the key pairs have been created, I tried all of the steps several times on several different projects and the error persists.
EDIT: The keys appeared in the SSH Tab of the project, the Metadata tab is still empty.
I then use command sudo gcloud compute ssh instance-1
Using sudo is wrong here. It appears that you've created a key in /Users/username/.ssh/google_compute_engine but since it has the comment root#My-MacBook-Air-4.local, it's probably created with the wrong ownership (i.e. owned by root).
You might be able to fix this up with:
sudo chown $USER:$GROUPS ~/.ssh/google_compute_engine{,.pub}
And then connect without sudo
gcloud compute ssh instance-1
Or if that fails just start over but don't use sudo for anything.
Solution: Create a new Firewall with Port 22 opened for TCP and UDP as illustrated below.
Can anyone help me fix this issue, I am trying to access Amazon Instance via ssh from another amazon instance, but I am getting the following error-
[ec2-user#ip-172-31-28-27 jmeter-ec2-master]$ ssh -i "JmeterCloud-Updated.pem" ec2-user#ec2-52-38-189-49.us-west-2.compute.amazonaws.com
Permission denied (publickey).
Any help will be much appreciated
Did You Use the chmod command to make sure your private key file isn't publicly viewable. For example, if the name of your private key file is my-key-pair.pem, use the following command:
chmod 400 /path/my-key-pair.pem
Use the following:
chmod 600 JmeterCloud-Updated.pem
to give adequate access to the key and then try to login into that instance.