在 Mac OSx 上通过 SSH 连接到 EC2 时出现权限错误
我是 EC2 新手。我从以下站点创建了我的安全凭证:
http://paulstamatiou.com/ how-to-getting-started-with-amazon-ec2
它工作得很好,我重新启动,现在当我尝试连接时,我收到登录/密码提示。 (我从未设置过。)经过几次尝试后,我收到此错误:
权限被拒绝(publickey,gssapi-with-mic)。
我做错了什么?
I am new to EC2. I created my security credentials from this site:
http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2
It worked great, I rebooted and now when I try to connect I get a login/password prompt. (Which I never set up.) After several attempts I get this error:
Permission denied (publickey,gssapi-with-mic).
What am I doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(16)
我能想到两种可能性,尽管您引用的链接中都提到了它们:
您没有在用于登录服务器的 ssh 命令中指定正确的 SSH 密钥对文件或用户名:
ssh -i [密钥对文件的完整路径] root@[EC2 实例主机名或 IP 地址]
您对密钥对文件没有正确的权限;你应该使用
chmod 600 [密钥对文件]
以确保只有您可以读取或写入该文件。
尝试使用 ssh 的 -v 选项来获取有关其具体失败位置的更多信息,如果您需要更多帮助,请发回此处。
[更新]:好的,如果一切设置正确,这就是您应该看到的内容:
您是否从包含 ec2-keypair 文件的目录运行 ssh 命令?如果是这样,请尝试指定 -i ./ec2-keypair 只是为了消除路径问题。另请检查“ls -l [ec2-keypair 的完整路径]”文件并确保权限为 600(显示为 rw--------)。如果这些都不起作用,我会怀疑密钥对文件的内容,因此请尝试使用链接中的步骤重新创建它。
Two possibilities I can think of, although they are both mentioned in the link you referenced:
You're not specifying the correct SSH keypair file or user name in the ssh command you're using to log into the server:
ssh -i [full path to keypair file] root@[EC2 instance hostname or IP address]
You don't have the correct permissions on the keypair file; you should use
chmod 600 [keypair file]
to ensure that only you can read or write the file.
Try using the -v option with ssh to get more info on where exactly it's failing, and post back here if you''d like more help.
[Update]: OK, so this is what you should have seen if everything was set up properly:
Are you running the ssh command from the directory containing the ec2-keypair file ? If so, try specifying -i ./ec2-keypair just to eliminate path problems. Also check "ls -l [full path to ec2-keypair]" file and make sure the permissions are 600 (displayed as rw-------). If none of that works, I'd suspect the contents of the keypair file, so try recreating it using the steps in your link.
我能够连接的关键是使用“ec2-user”用户而不是 root。 IE:
The key for me to be able to connect was to use the "ec2-user" user rather than root. I.e.:
我也遇到了这个问题。我发现发生这种情况是因为我忘记在主机名之前添加用户名:
像这样:
我添加了用户名:
它有效!
I had met this problem too.And I found that happend beacuse I forgot to add the user-name before the host name:
like this:
and I add the user name:
it works!
+1
我注意到,对于 Amazon Linux 等某些 AMI,[电子邮件受保护]会起作用的。但对于 ubuntu 映像,我必须使用 ubuntu@ 来代替。 .pem 从来都不是问题,只是用户名有问题。
+1
I noticed that for some AMIs like Amazon Linux, [email protected] would work. But for an ubuntu image, I had to use ubuntu@ instead. It was never a problem with the .pem, just with the user name.
就我而言,这是因为我的主目录的权限是 775,而 SSH 对此不满意。执行后应该可以工作:
今天下午我有非常相似的经历。我正在 EC2 上设置 django,突然我无法再通过 SSH 连接到该盒子。很高兴我仍然有活动连接,所以我修改了
/etc/ssh/sshd_config来设置:并为
ec2-user设置密码,然后我可以通过输入密码登录。然而,经过一番谷歌搜索后,我发现了这个线程: http://ubuntuforums.org/showthread.php?t =577279。事实证明,在我设置 django 的过程中,我更改了主目录的权限,而 SSH 对此非常严格。所以文件权限必须设置正确。
In my case it's because the permission for my home directory is 775, and SSH is not happy about it. It should work after executing:
I had very similar experience this afternoon. I was setting up django on EC2, and suddenly I cannot SSH into the box anymore. Glad I still had an active connection, so I modified
/etc/ssh/sshd_configto set:and set password for
ec2-user, then I can login by entering the password.However, after some googling I found this thread: http://ubuntuforums.org/showthread.php?t=577279. It turned out that during my setup of django I changed the permission for my home directory, and SSH is very strict about this. So the file permission must be set correctly.
标记到 mecca831 的答案:
ssh -v -i generated-key.pem [email protected]
[[电子邮件受保护] ~]$ sudo passwd ec2-用户
新密码
newpassword
[[电子邮件受保护] ~]$ sudo vi /etc/ssh/ sshd_配置
修改文件如下:
保存
[[email protected] ~]$ sudo服务 sshd 停止
[[email protected] ~]$ sudo service sshd start
你应该可以退出并按如下方式 ssh 输入:
并提示输入密码,不再需要密钥。
Tagging on to mecca831's answer:
ssh -v -i generated-key.pem [email protected]
[[email protected] ~]$ sudo passwd ec2-user
newpassword
newpassword
[[email protected] ~]$ sudo vi /etc/ssh/sshd_config
Modify the file as follows:
Save
[[email protected] ~]$ sudo service sshd stop
[[email protected] ~]$ sudo service sshd start
you should be able to exit and ssh in as follows:
and be prompted for password no longer needing the key.
您确定您使用了正确的实例吗?我遇到了这个问题,并意识到我尝试的 4 个 ubuntu 实例上没有安装 SSH 服务器。
有关良好服务器的列表,请参阅大约一半的“获取图像”。听起来您可能正在使用其他东西...这些图像上的默认用户名是 ubuntu。
https://help.ubuntu.com/community/EC2StartersGuide
Are you sure you have used the right instance? I ran into this problem and realized that something like 4 of the ubuntu instances i tried did not have SSH servers installed on them.
For a list of good servers see "Getting the images" about half way down. Sounds like you may be using something else... the default username is ubuntu on these images.
https://help.ubuntu.com/community/EC2StartersGuide
我能够使用 ec2-user
ssh -i [密钥对文件的完整路径] ec2-user@[EC2 实例主机名或 IP 地址]登录
I was able to login using ec2-user
ssh -i [full path to keypair file] ec2-user@[EC2 instance hostname or IP address]
以上这些都对我没有帮助,但与用户进行测试似乎很有希望。对于我的配置,使用“ubuntu”是正确的......
ssh -i [密钥对文件的完整路径] ubuntu@[EC2 实例主机名或 IP 地址]
None of the above helped me, but futzing with the user seemed like it had promise. For my config using 'ubuntu' was right.....
ssh -i [full path to keypair file] ubuntu@[EC2 instance hostname or IP address]
经过大约半小时的搜索和尝试调试,我终于弄清楚了。我的情况涉及我对两个不同的 ec2 实例使用相同的 pem 文件,并且它适用于一个实例,而不适用于另一个实例。
我使用的第一个实例是标准的 aws linux ami amzn-ami-hvm-2014.03.2.x86_64-ebs。我只是简单地使用
并且有效。
然后,我启动了一个 Fedora 实例 Fedora-x86_64-19-20140407-sda 并尝试了相同的命令,但不断收到:
将我的用户名从 ec2-user 更改为 fedora 后,它起作用了!
After about a half hour of searching and trying to debug this I was able to figure it out. My situation involved me using the same pem file for two different ec2 instance and it working for one and not the other.
My first instance it worked on was the standard aws linux ami amzn-ami-hvm-2014.03.2.x86_64-ebs. I simply used
and it worked.
I then launched a fedora instance Fedora-x86_64-19-20140407-sda and tried the same command but kept getting:
After changing my username from ec2-user to fedora it worked!
我建议不要像其他一些答案所建议的那样设置密码。使用密钥文件既更安全(没有人可以猜出您的密码),也更方便(一旦您设置了配置文件)。这是基本的
~/.ssh/config:现在您只需输入
ssh my-ec2-server即可!正如其他答案中也提到的,当连接不起作用时,使用 -v 来获取额外信息。I recommend against setting a password as some other answers suggest. Using the key file is both safer (no one can guess your passwords) and more convenient (once you set up a config file). Here's a basic
~/.ssh/config:Now you can just type
ssh my-ec2-serverand you're in! And as also mentioned in other answers, use -v to get extra info when your connection isn't working.如果问题是一致的,并且即使在将文件权限更改为 400 或 600 后也连续发生大约 10-15 次,那么很可能是 ec2 实例出现问题,因此要确保:
检查日志您尝试通过在末尾添加 -v 来 ssh 到该实例,然后查看它是否给出了任何特定内容。
确保您使用正确的 ssh 名称,例如 Ubuntu。也许这取决于 Linux 发行版和您添加的用户,以及您是否已授予“root 用户”ssh 权限。
然后,如果没有帮助,请按照此处的文档进行操作 https://docs .aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectingMindTerm
解决这个问题。它对我的情况有所帮助,并且由于目录/文件权限混乱而发生这种情况。
If the issue is consistent and happened about 10-15 times in a row even after changing file permissions to 400 or 600, then it is most certainly something is wrong on the ec2 instance, so to make sure:
Check the logs when you try to ssh to the instance by adding -v at the end and see either it gives out anything specific.
Make sure you use the correct name for ssh, like Ubuntu. Perhaps that depends on Linux distribution and users you added and either you've given permission for "root user" ssh.
Then if nothing helps, follow the documentation here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectingMindTerm
to fix that. It helped in my case, and it happened because of messed up directories/files permissions.
如果您有一个在 PC 上运行的 PPK 文件,请使用适用于 PC 的 puttygen.exe 将其导出为 OpenSSH 文件,并在 Mac(任何 Unix 机器)上使用它。
我遇到了同样的错误——
当我在 Windows 上使用 PPK 文件时,我按照上述步骤操作,宾果!
$ ssh -i ec2-openssh-key root@ec2-instance-ip
If you have a PPK file working on a PC, then export it as OpenSSH file using puttygen.exe for PC and use that on Mac (any Unix machine).
I was getting the same error --
As I was using a PPK file on Windows, I followed the steps as described above and Bingo!
$ ssh -i ec2-openssh-key root@ec2-instance-ip
我在使用 AWS Toolkit for Eclipse 时遇到了同样的问题。我创建了“入门”实例,并打开了一个 shell。但是,用户被设置为 ec2-user。我使用 Open Shell As... 命令并将用户设置为 root。然后就成功了。
I had the same problem using the AWS Toolkit for Eclipse. I created the Getting Started instance OK and opened a shell. However, the user was set to ec2-user. I used the Open Shell As... command and set the user to root. Then it worked.
有类似的问题。以下是在 Mac 上设置 SSH 密钥和转发的步骤。为自己做了这些笔记 - 可能会帮助某人...检查您的配置。
这里的假设是没有密钥设置。如果您已经设置了按键,请跳过此部分。
$ ssh-keygen-t rsa-b 4096
修改 ~/.ssh/config 添加密钥文件的条目:
~/.ssh/config 应类似于:
将私钥存储在钥匙串中:
$ ssh‐add ‐K ~/.ssh/id_rsa
现在使用以下命令进行测试: ssh -A username@yourhostname
应将您的密钥转发到你的主机名。假设您的密钥已添加,您应该可以毫无问题地连接。
Had a similar issue. Here are the steps used to setup SSH keys and forwarding on the Mac. Made these notes for myself - may help someone... check against your config.
The assumption here is there are no keys setup. If you already have the keys setup skip this section.
$ ssh‐keygen ‐t rsa ‐b 4096
Modify ~/.ssh/config adding the entry for the key file:
~/.ssh/config should look similar to:
Store the private key in the keychain:
$ ssh‐add ‐K ~/.ssh/id_rsa
Go test it now with: ssh -A username@yourhostname
Should forward your key to yourhostname. Assuming your keys are added on you should connect without issue.