I've set up a new instance of Google Compute Engine on a new project. I start the instance and use command gcloud init to connect to my project. I then use command sudo gcloud compute ssh instance-1. It takes me through SSH key pair generation:
WARNING: The private SSH key file for Google Compute Engine does not exist.
WARNING: You do not have an SSH key for Google Compute Engine.
WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/username/.ssh/google_compute_engine.
Your public key has been saved in /Users/username/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:there_is_a_key_here_but_probably_should_not_show_it root#My-MacBook-Air-4.local
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| |
| |
| |
| |
|There is an image|
|here |
+----[SHA256]-----+
Updating project ssh metadata...\Updated [link to the project].
Updating project ssh metadata...done.
Warning: Permanently added 'compute.1788786712041991164' (ECDSA) to the list of known hosts.
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) Could not SSH to the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
Weird. I check the metadata in my Google Cloud Console, they key appeared there after running this command. So it was successfully generated and metadata was updated.
I wait a little bit, and try again the same command:
My-MacBook-Air-4:~ myname$ sudo gcloud compute ssh instance-1
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]. See https://cloud.google.com/compute/docs/troubleshooting#ssherrors for troubleshooting hints.
So I try some of the troubleshooting hints:
gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
Firewall seems fine. And that happens to EVERY Google Compute Engine instance I create on ANY project. I don't understand what is going on, the key pairs have been created, I tried all of the steps several times on several different projects and the error persists.
EDIT: The keys appeared in the SSH Tab of the project, the Metadata tab is still empty.
I then use command sudo gcloud compute ssh instance-1
Using sudo is wrong here. It appears that you've created a key in /Users/username/.ssh/google_compute_engine but since it has the comment root#My-MacBook-Air-4.local, it's probably created with the wrong ownership (i.e. owned by root).
You might be able to fix this up with:
sudo chown $USER:$GROUPS ~/.ssh/google_compute_engine{,.pub}
And then connect without sudo
gcloud compute ssh instance-1
Or if that fails just start over but don't use sudo for anything.
Solution: Create a new Firewall with Port 22 opened for TCP and UDP as illustrated below.
Related
From one of my hosts I can authenticate with ssh to GitHub, from another I cannot git#github.com: Permission denied (publickey).
I was having some issues from my Mac creating a new repo and pushing to it, I always got a permission denied error. However from my Linux host it worked fine.
I checked the repos for deploy keys (in case this was causing the issue), none of my repos had a deploy key set.
I checked the keys on GitHub and there was only one ssh key installed. I deleted this key and tested, as expected the repos from the Linux host could not connect, yet the Mac could still connect.
From the Mac:
ssh -T git#github.com Hi mcdent/blog1! You've successfully authenticated, but GitHub does not provide shell access. bash-3.2$
From Linux:
[mike#docker1 doing]$ ssh -T git#github.com git#github.com: Permission denied (publickey). [mike#docker1 doing]$
I'm puzzled as to how the Mac is still authenticating? I likely did have a repo called blog1 in the past but I certainly don't now.
Ideally I'd like to have a single key used on GitHub, which I can use with both my Linux and MacOS hosts.
Any pointers very welcome.
I'm puzzled as to how the Mac is still authenticating?
Then try a ssh -Tv git#github.com.
You will see which key file is accessed and used for this authentication.
It should be a private key whose public key is registered to your account.
Check your environment variables or git config --global / git config --system -l for anything including blog1.
I created a virtual machine on Azure. It was working fine a couple of days ago (I was able to connect to it using SSL using command prompt), after that I reserved the IP public address and shutdown the machine and . Now I am trying to connect to it via SSL using same way and it is throwing permission denied error. How to rectify this ?
ssh -i user_key.pem username#xx.xxx.xx.xx
Load key "user_key.pem": Permission denied
username#xx.xxx.xx.xx: Permission denied (publickey).
The problem was that I removed all permissions (except read by administrator) from my key.pem file. This I did because previously it was showing that the permissions are too open.
Opening the command prompt as administrator mode worked.
Getting below error while launching ssh sesssion, I have all my public keys in place in both the places
1./username/.ssh/authorizedkeys
2.trusted-user-ca.keys.pem
Still getting below error.
" Warning: Permanently added 'XX.XX.XX.XXX' (ECDSA) to the list of known hosts. Permission denied (publickey).
can anyone help on this?
First you have to change file permission like this
chmod 400 key.pem
then use
ssh -i "key.pem" root#domain.amazonaws.com
Issue was with the public certificate, The principal name was different from the user name, tried signing the user public key with username as principal and I successfully logged in.
I'm unable to ssh into my EC2 instance, seems to be an issue with the permission level of the ssh .pem file I'm passing to ssh, googling around this seems to be a problem many others have faced but their solutions didn't work for me.
Here is what I tried, someone please help...
Atempt 1:
asemani$ ssh -i ~/.ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0777 for '.ssh/secure.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key ".ssh/secure.pem": bad permissions
Permission denied (publickey).
Attempt 2:
asemani$ chmod 600 ~/.ssh/secure.pem
asemani$ ls -l ~/.ssh/
total 56
-rw-r--r-- 1 asemani CORP\Domain Users 782 Apr 29 11:14 config
-rw-------# 1 asemani CORP\Domain Users 1696 Apr 29 21:32 secure.pem
asemani$
asemani$ ssh -i .ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
Permission denied (publickey).
I don't get the warning anymore but Permission is still denied. I then also tried doing a chmod 400 on the .pem file but that also didn't work. I won't paste that here since that may be overkill.
What is happening here? How can I ssh into my ec2? This should be a simple thing??
Change permission to chmod 400 ~/.ssh/secure.pem
Are you able to login as the default user using your pem key? For Ubuntu instances, default user should be ubuntu; for most other instances it should be ec2-user. If you're able to login as the default user, chances are that root isn't allowed for ssh login. To change that, login as the default user and do the following:
# Edit sshd_config and modify 'PermitRootLogin XX' to 'PermitRootLogin yes'
sudo vi /etc/ssh/sshd_config
# Reload sshd configuration
sudo service sshd reload
NOTE: This only serves as a how-to. It's generally not recommended to allow root login over ssh for security reason.
You need to launch the instance through your AWS EC2 management console. Once it is launched, copy the public DNS IPv4 and paste it after the linux distribution name being used (e.g. ubuntu#IPv4). Also, make sure you are working in the directory that houses your private access key.
For clarification, once your EC2 instance is launched and you're in the directory that holds your private access key, type in the following in the command-line:
ssh -i private_access_key.pem linux#IPv4
to windows users can change the premise of files through wsl doing this:
Edit or create (using sudo) /etc/wsl.conf
[automount]
options = "metadata"
Restart wsl: (powershell)
PS Get-Service LxssManager | Restart-Service
and finally, do:
chmod 400 key.pem
I am new to ansible. Tried to configure it in amazon linux instance to learn basic things about ansible. After ansible installation i have created a ssh key pair using command ssh-keygen. Once it is generated I tried to run the command " ssh-copy-id localhost" but it ended with below error,
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Permission denied (publickey).
Could someone guide me to resolve this.
ssh-copy-id localhost
won't work if you don't have password authentication enabled in the ssh server on localhost.
If you need to set up pubkey authentication without allowing password authentication, just copy the public key locally (since it is localhost):
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
# make sure the SELinux labels are correct:
type restorecon && restorecon -F .ssh .ssh/authorized_keys