Im trying to connect to my EC2 instance with SSH and Iḿ getting crazy. I have read this post and tried all user combinations:
我试图用SSH连接到我的EC2实例,我疯了。我已阅读此帖并尝试了所有用户组合:
AWS ssh access 'Permission denied (publickey)' issue
AWS ssh访问'Permission denied(publickey)'问题
Its still not working for me. Any idea what am I missing?
它仍然不适合我。知道我错过了什么吗?
roberto@ubuntu:~/keys$ ssh -v -i ec2-key-pair.pem ec2-user@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com
OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-54-72-242-0.eu-west-1.compute.amazonaws.com [54.72.242.0] port 22.
debug1: Connection established.
debug1: identity file ec2-key-pair.pem type -1
debug1: identity file ec2-key-pair.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e4:06:ee:a5:a5:d2:97:5f:0f:b7:06:5e:f2:b3:da:26
debug1: Host 'ec2-54-72-242-0.eu-west-1.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/roberto/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ec2-key-pair.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
UPDATE:
According to @aldanux suggestions:
根据@aldanux的建议:
roberto@ubuntu:~/keys$ ssh-keygen -R 54.72.242.0
# Host 54.72.242.0 found: line 4 type ECDSA
/home/roberto/.ssh/known_hosts updated.
Original contents retained as /home/roberto/.ssh/known_hosts.old
roberto@ubuntu:~/keys$ ssh -i ec2-key-pair.pem ec2-user@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com
Warning: Permanently added the ECDSA host key for IP address '54.72.242.0' to the list of known hosts.
Permission denied (publickey).
8 个解决方案
#1
3
Try this steps:
尝试以下步骤:
ssh-keygen -R 54.72.242.0
sudo chmod 600 ec2-key-pair.pem
and then:
接着:
ssh -i ec2-key-pair.pem ec2-user@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com
#2
33
You are probably logging in as the wrong user. If it's a Ubuntu instance the command would be:
您可能以错误的用户身份登录。如果是Ubuntu实例,则命令为:
ssh -v -i ec2-key-pair.pem ubuntu@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com
#3
16
While not specific to AWS, this unhelpful error message
虽然不是特定于AWS,但这个无用的错误消息
debug1: key_parse_private2: missing begin marker
debug1:key_parse_private2:缺少开始标记
will occur under a handful of obscure scenarios, such as when the ownership (or the permissions) on the SSH user's home directory are incorrect on the remote machine.
将在少数几个模糊的场景下发生,例如当SSH用户的主目录上的所有权(或权限)在远程计算机上不正确时。
The best way to troubleshoot this and similar obscure messages is to examine the authorization log on the remote machine, provided you have access, as it will usually pinpoint the problem. On Debian and Ubuntu systems, this is most easily accomplished with tail (use sudo as appropriate):
解决此类和类似的模糊消息的最佳方法是检查远程计算机上的授权日志,前提是您有权访问,因为它通常会查明问题。在Debian和Ubuntu系统上,这很容易用tail实现(适当时使用sudo):
tail -f -n 80 /var/log/auth.log
tail -f -n 80 /var/log/auth.log
In my particular case, I found
在我的特殊情况下,我找到了
Authentication refused: bad ownership or modes for directory /var/www
身份验证被拒绝:目录/ var / www的所有权或模式不正确
Perfectly accurate and concise: the owner:group was set to daemon:daemon when it should have been www-data:www-data (this was on a Ubuntu machine that must have had some other web-server installed in the past).
完全准确和简洁:所有者:组被设置为守护进程:守护进程应该是www-data:www-data(这是在Ubuntu机器上,必须在过去安装了其他一些Web服务器)。
#4
5
I had a similar issue, "key_parse_private2: missing begin marker" while using username 'ec2-user' but it got fixed when I changed to ubuntu as the user.
我有一个类似的问题,“key_parse_private2:缺少开始标记”,同时使用用户名'ec2-user',但当我更改为ubuntu作为用户时,它得到修复。
#5
1
Another thing to check is PermitRootLogin and AllowUsers in /etc/ssh/sshd_config.
另一件需要检查的是/ etc / ssh / sshd_config中的PermitRootLogin和AllowUsers。
This debug1: key_parse_private2: missing begin marker appears even after successful key authorization if your user access restricted.
如果用户访问受限,即使成功进行密钥授权,也会出现此debug1:key_parse_private2:缺少开始标记。
#6
0
Yes, indeed quite misleading message. In my case I used wrong key for instance.
是的,确实是非常误导的消息。在我的情况下,我使用了错误的密钥。
We had need to removed key pair and created new one, except that our instance kept using old one(because you can't do it that easy).
我们需要删除密钥对并创建新密钥对,除了我们的实例保持使用旧密码对(因为你不能那么容易)。
The error message was the same so it's worth to check key name in your aws panel of instance match the key pair that you use in key paris.
错误消息是相同的,因此值得检查实例的aws面板中的密钥名称与您在密钥巴黎中使用的密钥对匹配。
#7
0
Logging in as "admin" worked for me. Based on your instance type the login user changes. ec2-user or ubuntu or in my case admin. ssh -v -i ./my_key_file.pem admin@ec2-11-222-333-44.compute-1.amazonaws.com
以“admin”身份登录为我工作。根据您的实例类型,登录用户会更改。 ec2-user或ubuntu或我的情况下管理员。 ssh -v -i ./my_key_file.pem admin@ec2-11-222-333-44.compute-1.amazonaws.com
Also ensure the permission for the pem file is 600 chmod 600 ./my_key_file.pem
还要确保pem文件的权限为600 chmod 600 ./my_key_file.pem
#8
0
One easy way to get this error is a corrupt .pem file.
获取此错误的一种简单方法是损坏的.pem文件。
For example, if the last line is missing, you get "missing begin marker".
例如,如果缺少最后一行,则会出现“缺少开始标记”。
Make sure the .pem ends with:
确保.pem以:
-----END RSA PRIVATE KEY-----
----- END RSA私钥-----
#1
3
Try this steps:
尝试以下步骤:
ssh-keygen -R 54.72.242.0
sudo chmod 600 ec2-key-pair.pem
and then:
接着:
ssh -i ec2-key-pair.pem ec2-user@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com
#2
33
You are probably logging in as the wrong user. If it's a Ubuntu instance the command would be:
您可能以错误的用户身份登录。如果是Ubuntu实例,则命令为:
ssh -v -i ec2-key-pair.pem ubuntu@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com
#3
16
While not specific to AWS, this unhelpful error message
虽然不是特定于AWS,但这个无用的错误消息
debug1: key_parse_private2: missing begin marker
debug1:key_parse_private2:缺少开始标记
will occur under a handful of obscure scenarios, such as when the ownership (or the permissions) on the SSH user's home directory are incorrect on the remote machine.
将在少数几个模糊的场景下发生,例如当SSH用户的主目录上的所有权(或权限)在远程计算机上不正确时。
The best way to troubleshoot this and similar obscure messages is to examine the authorization log on the remote machine, provided you have access, as it will usually pinpoint the problem. On Debian and Ubuntu systems, this is most easily accomplished with tail (use sudo as appropriate):
解决此类和类似的模糊消息的最佳方法是检查远程计算机上的授权日志,前提是您有权访问,因为它通常会查明问题。在Debian和Ubuntu系统上,这很容易用tail实现(适当时使用sudo):
tail -f -n 80 /var/log/auth.log
tail -f -n 80 /var/log/auth.log
In my particular case, I found
在我的特殊情况下,我找到了
Authentication refused: bad ownership or modes for directory /var/www
身份验证被拒绝:目录/ var / www的所有权或模式不正确
Perfectly accurate and concise: the owner:group was set to daemon:daemon when it should have been www-data:www-data (this was on a Ubuntu machine that must have had some other web-server installed in the past).
完全准确和简洁:所有者:组被设置为守护进程:守护进程应该是www-data:www-data(这是在Ubuntu机器上,必须在过去安装了其他一些Web服务器)。
#4
5
I had a similar issue, "key_parse_private2: missing begin marker" while using username 'ec2-user' but it got fixed when I changed to ubuntu as the user.
我有一个类似的问题,“key_parse_private2:缺少开始标记”,同时使用用户名'ec2-user',但当我更改为ubuntu作为用户时,它得到修复。
#5
1
Another thing to check is PermitRootLogin and AllowUsers in /etc/ssh/sshd_config.
另一件需要检查的是/ etc / ssh / sshd_config中的PermitRootLogin和AllowUsers。
This debug1: key_parse_private2: missing begin marker appears even after successful key authorization if your user access restricted.
如果用户访问受限,即使成功进行密钥授权,也会出现此debug1:key_parse_private2:缺少开始标记。
#6
0
Yes, indeed quite misleading message. In my case I used wrong key for instance.
是的,确实是非常误导的消息。在我的情况下,我使用了错误的密钥。
We had need to removed key pair and created new one, except that our instance kept using old one(because you can't do it that easy).
我们需要删除密钥对并创建新密钥对,除了我们的实例保持使用旧密码对(因为你不能那么容易)。
The error message was the same so it's worth to check key name in your aws panel of instance match the key pair that you use in key paris.
错误消息是相同的,因此值得检查实例的aws面板中的密钥名称与您在密钥巴黎中使用的密钥对匹配。
#7
0
Logging in as "admin" worked for me. Based on your instance type the login user changes. ec2-user or ubuntu or in my case admin. ssh -v -i ./my_key_file.pem admin@ec2-11-222-333-44.compute-1.amazonaws.com
以“admin”身份登录为我工作。根据您的实例类型,登录用户会更改。 ec2-user或ubuntu或我的情况下管理员。 ssh -v -i ./my_key_file.pem admin@ec2-11-222-333-44.compute-1.amazonaws.com
Also ensure the permission for the pem file is 600 chmod 600 ./my_key_file.pem
还要确保pem文件的权限为600 chmod 600 ./my_key_file.pem
#8
0
One easy way to get this error is a corrupt .pem file.
获取此错误的一种简单方法是损坏的.pem文件。
For example, if the last line is missing, you get "missing begin marker".
例如,如果缺少最后一行,则会出现“缺少开始标记”。
Make sure the .pem ends with:
确保.pem以:
-----END RSA PRIVATE KEY-----
----- END RSA私钥-----