Amazon EC2 权限被拒绝(公钥)
这似乎是一个常见问题,但我的具体情况似乎有点不同。
我使用命令行工具设置了一个新的 Amazon EC2 实例,并通过 SSH 连接并做了一些配置工作。
但最初,我无法通过 ssh 连接到该实例,我必须停止并重新启动该实例,然后才能连接。在重新启动之前,我刚刚收到回复。
Permission denied (publickey).
那是昨晚,今天早上我回到同一个实例,现在我得到的只是
Permission denied (publickey).
我尝试重新启动该实例,但没有任何乐趣。
有人能在这里指出正确的方向吗?昨晚有效的相同命令不再有效,我正在从 Macbook Pro 进行连接。
This seems to be a common problem but my specific case seems a little different.
I set up a new Amazon EC2 instance using the command line tools and connected via SSH and did some configuration work.
Initially, though, I couldn't ssh on to the instance, I had to stop and restart the instance, then i could connect. Before restarting I just got the response.
Permission denied (publickey).
That was last night, this morning I go back to the same instance and now all I get is
Permission denied (publickey).
I've tried rebooting the instance with no joy.
Can anyone point me in the right direction here? The same command that worked last night no longer works, I'm connecting from my Macbook Pro.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(16)
这发生在我身上,因为我没有使用正确的用户名。当使用我所关注的教程中使用的 AMI 时,我能够登录,但当我尝试使用不同的 AMI(来自 Bitnami 的 ubuntu + LAMP)时,我会收到
权限被拒绝(公钥)的消息。错误。我终于意识到,如果我将教程 ami 的用户名从 ubuntu 更改为 ec2-user ,我会得到同样的错误。因此,快速谷歌一下就会发现 Bitnami AMI 的用户名是
bitnami。问题解决了。This was happening for me because I wasn't using the right username. I was able to log in when using an AMI used in a tutorial I was following, but when I tried to use a different AMI (ubuntu + LAMP from Bitnami) I would get the
Permission denied (public key).error. I finally realized that if I changed the username for the tutorial ami fromubuntutoec2-userI would get the same error.So a quick google tells that the username for Bitnami AMIs is
bitnami. Problem solved.我遇到了类似的问题,结果是主文件夹的权限问题。值得庆幸的是,我仍然打开了另一个现有的 ssh 连接,因此我能够检查 ec2 实例上的日志:
$ sudo less /var/log/secure
其中包含:
这是通过发出命令修复的:
$ chmod og-rwx /home/ ec2-user
我希望这对其他人有帮助。
I ran into a similar problem and it turned out to be permissions on the home folder. Thankfully I still had another existing ssh connection open so I was able to check the log on the ec2 instance:
$ sudo less /var/log/secure
which contained:
This was fixed by issuing the command:
$ chmod og-rwx /home/ec2-user
I hope this helps out someone else.
请注意,重新启动实例后,dns 名称发生更改。我为此跌倒过好几次。密钥文件仍然有效,但“服务器名称”发生了变化。
Please note that after restarting the instance, the dns name changed. I fell for this several times. The keyfile was still valid, but the "servername" changed.
谢谢你!
我真的很感谢@Trevor 在这里的回答。我将添加这个我现在用来避免将来出现此问题的小技巧。
方便
因为您必须为每个可用区域创建不同的密钥对,所以管理它们以及使用它们的命令变得相当麻烦。通过在
~/.ssh/config中进行正确的设置,我的 ssh 命令非常简单:这是 US West 2 可用区中服务器的完整公共 DNS。选择正确的用户名和密钥是因为:
Thank you!
I really appreciate @Trevor's answer here. I'm going to add this little trick that I now use to avoid this problem in the future.
Convenience
Because you have to create a different keypair for each availability zone, it becomes quite a hassle to manage them all and the commands that use them. With the proper setup in
~/.ssh/configmy ssh command is as simple as:That's the full public DNS of a server in the US West 2 availability zone. The proper username and key are selected because of this:
如果 EC2 实例使用 Ubuntu ami 14.04。尝试在 EC2 实例 IP 之前添加“ubuntu@”。
If EC2 instance uses Ubuntu ami 14.04. Try adding 'ubuntu@' before the EC2 instance ip.
至少第一次从 cli 连接到 EC2 有点棘手。
如果你去`
` 然后您将看到描述如何连接到它的对话框。其一部分如下所示。
如果您使用数字 4 而没有在其前面添加
ec2-user@,您将得到“只需复制并粘贴下面提到的“示例:”中的内容。
Connecting to EC2 from cli is a little bit tricky at least for the first time.
If you go to `
` then you will see the dialog box describing how to connect to it. Part of it is shown below.
If you use number 4 without preceding it with
ec2-user@you will getJust copy and paste the one mentioned below in the `Example:.
这是我们处理 ssh 时常见的问题。
在基于 Mac 或 Linux 的系统上,可以按照以下路径操作:
chmod 400但 Windows 系统有一个问题,因为 chmod 不是 cmd 或 Powershell 中的命令。
要在Windows上使用ssh,我们必须遵循以下过程:
(注意:此过程仅适用于 PowerShell,不适用于 CMD。我建议在管理员模式下使用 PowerShell。)
步骤如下:
这里 Pem 文件的名称是 key.pem
icacls.exe key.pem /reset// 撤销所有权限icacls.exe key.pem /grant:r "$($env:username):(r)"// 授予所有先前的权限icacls.exe key.pem /inheritance:r// 删除所有继承希望这会拯救你的一天。
This is a common issue when we are dealing with ssh.
While one in on Mac or Linux based system, one can follow the following path:
chmod 400But there is a problem with windows systems, as the
chmodis not a command in cmd or Powershell.To use ssh on windows, we have to follow the following process:
(Note: This process only works on PowerShell and not in CMD. I would recommend using PowerShell in the Administrator model.)
Following are the steps:
Here name of Pem file is key.pem
icacls.exe key.pem /reset// to revoke all privilegiesicacls.exe key.pem /grant:r "$($env:username):(r)"// to grant all previous privilegiesicacls.exe key.pem /inheritance:r// to remove all inheritacecsHope this will save your day.
确保您的私钥路径正确。
如果您的 ssh 客户端找不到您尝试提供的私钥,奇怪的是它不会给您错误!它只是不会使用该密钥。它将使用您在 .ssh/id_dsa 和 .ssh/id_ecdsa 下拥有的任何密钥,这当然会削弱公钥身份验证。
Make sure path to your private key is correct.
If your ssh client can not find the private key you are trying to provide, oddly enough it won't give you an error! it just won't use that key. It will use what ever key you have under .ssh/id_dsa and .ssh/id_ecdsa which of course will faint public key authentication.
我通过将 ~/.ssh/id_rsa.pub 的内容复制到 EC2 实例上的 ~/.ssh/authorized_keys 解决了这个问题。
这是在文档中指定的:http://docs。 aws.amazon.com/opsworks/latest/userguide/security-ssh-access.html
然后我可以使用以下命令进行 ssh:
I solved this by copying the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys on the EC2 instance.
This is specified in the documentation: http://docs.aws.amazon.com/opsworks/latest/userguide/security-ssh-access.html
Then I could ssh using this command:
我还收到:权限被拒绝。
我使用:
,响应是:
输入命令:
但响应为空
所以,我认为笔文件的格式有问题。
接下来,我找到了从ec2 web下载的pen文件,并将其移了过来。在此之前,我创建了一个新文件,并将下载的 pem 文件中的文本解析到目录“.ssh”中,然后:
成功了。
I also received: Permission denied.
I used :
and the response was :
Enter the command :
But the response was empty
So, I think the pen file has something wrong about format.
Next, I found the pen file downloaded from ec2 web, and moved it over. Before this, I created a new file and parsed the text from the downloaded pem file to the directory ".ssh", then:
Which was successful.
我花了一整天的时间在网上寻找答案。我的问题完全一样。我摆弄了权限问题,来回更改,但没有解决我的问题。
使用新密钥进行测试并启动/终止几个实例后,最后我发现它与不同区域中的相同密钥名称有关。
这就是“权限被拒绝(公钥)”发生在我身上的方式:
1. 按照练习册,选择 us-east-1 作为默认区域
2.创建密钥名称“mykey”
3. 按照书中的示例探索 AWS 世界。
4. 有一天,尝试测试一下悉尼区域的速度,默认切换到悉尼区域。
5. 创建另一个密钥,不假思索地将其命名为“mykey”,但几天没有使用它通过 cli 连接。
6. 尝试使用 cli 连接到 AWS。
7. 收到“权限被拒绝(公钥)”。
8. 花了很多时间来调试 ssh 问题,直到我注意到密钥/区域问题。
希望这可以帮助像我这样的新手。
为了避免这个问题,我认为命名键的最佳做法是在其中附加一个区域。
I spent the whole day searching internet for the answer. My issue exact the same. I fiddled with permission issue, changed back and forth, yet none solved my problem.
After test with a new key and start/terminate a couple instances, finally I found it has to do with the same key name in different regions.
This is how "Permission denied (publickey)" happened to me:
1. Follow the practice book, select the us-east-1 as default zone
2. Create a key name "mykey"
3. Exploring AWS world by following examples in that book.
4. One day, try to test speeds of Sydney zone, switch to Sydney Zone as default on.
5. Create another key, named it as "mykey" without thinking, but not use it to connect through cli for a couple days.
6. Try to connect to AWS using cli.
7. Got "Permission denied (publickey)".
8. Spent many hours to debug ssh issue until I notice the key/zone issue.
Hope this could help newbie like me.
To avoid this issue, I think the best practice to name a key is to attach a region in it.
我将权限更改为 600,尽管 pem 文件的权限已经是 644。这很有效:p 希望有帮助
I changed the permissions to 600, although the permissions on the pem file were 644 already. And that worked :p hope it helps
遇到同样的问题,这就是你应该做的。
首先,如果您使用 Windows,请使用 Babun 命令行,这与 Linux 类似。
获得该命令行后,将其打开并输入
ssh-i [密钥对路径] [用户名]@[EC2 公共 IP]。要查找密钥对的路径,请转到存储密钥的文件,按住 Shift 键并右键单击,然后单击“复制路径”,然后将其粘贴到上面命令中路径所在的位置。您可能会在粘贴的路径外侧看到“”标记和\反斜杠。删除“”标记并将\反斜杠替换为常规斜杠/。这在我遇到过的情况下有效,祝你好运。
Had the same problem, here is what you should do.
First of all, if you have Windows, use the Babun command line, which is like the Linux one.
Once you have that command line, open it and type
ssh-i [key pair path] [username]@[EC2 public IP].To find the path for the key pair, go to the file where your key is stored, hold shift and right-click and click copy path, and paste it in where the path goes in the command above. You probably will get "" marks on the outsides of the path you pasted, and \ backslashes. Delete the "" marks and replace the \ backslashes with regular slashes /. This worked in a situation like this that I had, best of luck to you.
就我而言,原因是我使用 chmod 更改了根目录文件夹的权限。在 AWS 网站上,他们描述了使用另一个临时实例将权限改回的很长的方法。但是,我刚刚终止了旧实例并启动了另一个实例,这次没有对根目录的权限进行任何更改,一切正常。
In my case the reason for this was I had changed the permissions of the root directory folder with chmod. In AWS web site they describe a long way to change the permissions back with another temporary instance. However, I just terminated the old instance and launched another one and this time did not make any change to the permissions of the root directory and all is ok.
我也有同样的问题。对我来说解决这个问题的方法是在我的目录和 PEM 文件周围加上引号。过去我从来没有必要这样做。我不知道为什么这次我被迫这样做。我的 PEM 文件位于其他项目的同一目录中。
I had the same problem. What solved it for me was to place quotes around my directory and PEM file. I never had to do that in the past. I'm not sure why I was forced to do it this time. I have my PEM files in the same directory for other projects.
我要回答我自己的问题,以防其他人看到同样的事情...昨晚我做了:
然后一直在连接:
今天早上我尝试了同样的操作,但无法连接。但是这样做
让我进入了。
在密钥对上使用
ssh-add再次让我进入。我猜ssh-add只能在我发出的 shell 中工作当我关闭终端窗口并打开另一个终端窗口时,如果不明确,我就不再拥有该密钥对。I'm going to answer my own question in case anyone else sees the same thing... Last night i had done:
then been connecting with:
This morning I tried the same and couldn't connect. But doing
gets me in.
Using
ssh-addon the key pair again gets me in. I'm guessingssh-addonly works within the shell I'd issued it in. When I closed the terminal window and opened another I no longer had that keypair available without being explicit.