当SSH访问Amazon EC2实例时,权限被拒绝(publickey)。

时间:2023-01-26 13:00:34

I want to use my Amazon ec2 instance but faced the following error:

我想使用我的Amazon ec2实例,但面临以下错误:

Permission denied (publickey).

I have created my key pair and downloaded .pem file.

我已经创建了我的密钥对并下载了.pem文件。

Given:

考虑到:

chmod  600 pem file.

Then, this command

然后,这个命令

ssh -i /home/kashif/serverkey.pem  ubuntu@ec2-54-227-242-179.compute-1.amazonaws.com

But have this error:

但这个错误:

Permission denied (publickey)

Also, how can I connect with filezilla to upload/download files?

另外,如何连接filezilla上传/下载文件?

29 个解决方案

#1


589  

This error message means you failed to authenticate.

此错误消息意味着您未能进行身份验证。

These are common reasons that can cause that:

这些都是造成这种情况的常见原因:

  1. Trying to connect with the wrong key. Are you sure this instance is using this keypair?
  2. 试着用错误的钥匙连接。您确定这个实例正在使用这个密钥对吗?
  3. Trying to connect with the wrong username. ubuntu is the username for the ubuntu based AWS distribution, but on some others it's ec2-user (or admin on some Debians, according to Bogdan Kulbida's answer)(can also be root, fedora, see below)
  4. 尝试连接错误的用户名。ubuntu是基于ubuntu的AWS发行版的用户名,但是在其他一些版本中,它是ec2用户(根据Bogdan Kulbida的回答,也可以是一些debian的管理员)(也可以是root, fedora,见下文)
  5. Trying to connect the wrong host. Is that the right host you are trying to log in to?
  6. 尝试连接错误的主机。这是你要登录的正确主机吗?

Note that 1. will also happen if you have messed up the /home/<username>/.ssh/authorized_keys file on your EC2 instance.

请注意,1。如果你搞砸了/home/ <用户名> /。在EC2实例上的ssh/authorized_keys文件。

About 2., the information about which username you should use is often lacking from the AMI Image description. But you can find some in AWS EC2 documentation, bullet point 4. : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

约2。,您应该使用的用户名的信息常常缺少AMI的图像描述。但是您可以在AWS EC2文档中找到一些,要点4。:http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

Use the ssh command to connect to the instance. You'll specify the private key (.pem) file and user_name@public_dns_name. For Amazon Linux, the user name is ec2-user. For RHEL5, the user name is either root or ec2-user. For Ubuntu, the user name is ubuntu. For Fedora, the user name is either fedora or ec2-user. For SUSE Linux, the user name is root. Otherwise, if ec2-user and root don't work, check with your AMI provider.

使用ssh命令连接到实例。您将指定私有密匙(.pem)文件和user_name@public_dns_name。对于Amazon Linux,用户名是ec2-user。对于RHEL5,用户名不是root就是ec2-user。对于Ubuntu,用户名是Ubuntu。对于Fedora,用户名是Fedora或ec2-user。对于SUSE Linux,用户名是root。否则,如果ec2用户和根不工作,请与您的AMI提供者进行检查。

Finally, be aware that there are many other reasons why authentication would fail. SSH is usually pretty explicit about what went wrong if you care to add the -v option to your SSH command and read the output, as explained in many other answers to this question.

最后,要知道认证失败还有许多其他原因。如果您愿意将-v选项添加到您的SSH命令并读取输出,那么SSH通常非常明确地说明了哪里出错了,正如在许多其他答案中所解释的那样。

#2


48  

In this case the problem arises from lost Key Pair. About this:

在这种情况下,问题产生于丢失的密钥对。关于这个:

  • There's no way to change Key Pair on an instance. You have to create a new instance that uses a new Key Pair.
  • 在实例上无法更改密钥对。您必须创建一个使用新密钥对的新实例。
  • You can work around the problem if your instance is used by an application on Elastic Beanstalk.
  • 如果您的实例被应用在弹性Beanstalk上,您可以解决这个问题。

You can follow these steps:

您可以按照以下步骤:

  1. Access to AWS Management Console
  2. 访问AWS管理控制台。
  3. Open Elastic Beanstalk Tab
  4. 打开Elastic Beanstalk选项卡
  5. Select your application from All Applications Tab
  6. 从All Applications选项卡中选择您的应用程序。
  7. From left side menù select Configuration
  8. 从左侧菜单选择配置。
  9. Click on the Instances Gear
  10. 点击实例设备。
  11. In Server Form check the EC2 Key Pair input and select your new Key Pair. You may have to refresh the list in order to see a new Key Pair you're just created.
  12. 在服务器表单中检查EC2密钥对输入并选择新的密钥对。您可能需要刷新列表,以便看到刚刚创建的新密钥对。
  13. Save
  14. 保存
  15. Elastic Beanstalk will create for you new instances associated with the new key pair.
  16. 弹性Beanstalk将为您创建与新密钥对关联的新实例。

In general, remember you have to allow your EC2 instance to accept inbound SSH traffic.

通常,请记住,您必须允许EC2实例接受入站SSH通信。

To do this, you have to create a specific rule for the Security Group of your EC2 instance. You can follow these steps.

要做到这一点,您必须为EC2实例的安全组创建一个特定的规则。您可以按照以下步骤操作。

  1. Access to AWS Management Console
  2. 访问AWS管理控制台。
  3. Open EC2 Tab
  4. 打开EC2选项卡
  5. From Instances list select the instance you are interested in
  6. 从实例列表中选择您感兴趣的实例。
  7. In the Description Tab chek the name of the Security Group your instance is using.
  8. 在Description选项卡chek中,您的实例正在使用的安全组的名称。
  9. Again in Description Tab click on View rules and check if your Security Group has a rule for inbound ssh traffic on port 22
  10. 在Description选项卡中再次单击查看规则并检查您的安全组是否对端口22上的入站ssh通信有规则。
  11. If not, in Network & Security menù select Security Group
  12. 如果没有,在网络和安全菜单中选择安全组。
  13. Select the Security Group used by your instance and the click Inbound Tab
  14. 选择您的实例使用的安全组,并单击Inbound选项卡。
  15. On the left of Inbound Tab you can compose a rule for SSH inbound traffic:
    • Create a new rule: SSH
    • 创建一个新规则:SSH。
    • Source: IP address or subnetwork from which you want access to instance
    • 源:您希望访问实例的IP地址或子网络。
    • Note: If you want grant unlimited access to your instance you can specify 0.0.0.0/0, although Amazon not recommend this practice
    • 注意:如果您希望授予对您的实例的无限访问权限,您可以指定0.0.0/0,尽管Amazon不推荐这种做法。
  16. 在入站左边的选项卡可以组成规则为SSH入站流量:创建一个新的规则:SSH来源:您想要访问的IP地址和子网实例注意:如果你想要无限授予访问您可以指定0.0.0.0/0实例,尽管亚马逊不推荐这种做法
  17. Click Add Rule and then Apply Your Changes
  18. 单击Add Rule,然后应用您的更改。
  19. Check if you're now able to connect to your instance via SSH.
  20. 检查您现在是否能够通过SSH连接到您的实例。

Hope this can help someone as helped me.

希望这能帮助到帮助我的人。

#3


43  

This is how I solved the problem

这就是我解决问题的方法。

ssh -i <key> ec2-user@<ec2 ip>

#4


26  

I solved the problem just putting sudo before

我刚刚解决了这个问题。

sudo ssh -i mykey.pem myec2.amazonaws.com

But the proper solution is to change the ownership first, and then connect as a normal user as Janus Troelsen said below. In my case it would be:

但是正确的解决方案是先改变所有权,然后像Janus Troelsen所说的那样连接正常用户。在我的例子中,它是:

chown wellington:wellington key.pem

#5


23  

Try using

试着用

sudo ssh -i mykey.pem ubuntu@<ec2_ip_public_dns>

OR

sudo ssh -i mykey.pem ec2-user@<ec2_ip_public_dns>

#6


22  

Another possible cause of this error:

另一个可能的原因是:

When user's home directory is group writeable, the user cannot login.

当用户的主目录是组可写时,用户不能登录。

(Reproduced on Ubuntu instance.)

在Ubuntu实例。(转载)

#7


7  

for the ubuntu 12.04 lts micro instance i had to set the user name as option

对于ubuntu 12.04 lts微实例,我必须设置用户名作为选项。

ssh -i pemfile.pem -l ubuntu dns

#8


7  

You need to do the following steps:

你需要做以下步骤:

  1. Open your ssh client or terminal if you are using Linux.
  2. 如果您正在使用Linux,请打开您的ssh客户机或终端。
  3. Locate your private key file and change your directory.
    cd <path to your .pem file>
  4. 找到您的私钥文件并更改您的目录。cd
  5. Execute below commands:
    chmod 400 <filename>.pem
    ssh -i <filename>.pem ubuntu@<ipaddress.com>
  6. 执行以下命令:chmod 400 。pem ssh - i <文件名> 。pem ubuntu@ < ipaddress.com >

If ubuntu user is not working then try with ec2-user.

如果ubuntu用户没有工作,那么尝试使用ec2-user。

#9


5  

I struggled with the same permission denied error apparently due to

我在同样的权限下挣扎,显然是由于错误。

key_parse_private2: missing begin marker 

In my situation the cause was the ssh config file of the current user (~/.ssh/config).

在我的情况下,原因是当前用户的ssh配置文件(~/.ssh/config)。

Using the following:

使用以下:

ssh -i ~/myKey.pem ec2-user@<IP address> -v 'exit'

The initial output showed:

初始输出显示:

debug1: Reading configuration data /home/ec2-user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/ec2-user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config

... many debug lines cut here ...

…这里有许多调试线路……

debug1: Next authentication method: publickey
debug1: Trying private key: /home/ec2-user/somekey.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.

The third line above is where the problem actual was identified; however, I looked for at the debug message four lines from the bottom (above) and was misled. There isn't a problem with the key but I tested it and compared other configurations.

上面的第三行是识别出问题的地方;但是,我在调试消息中查找了来自底部(上面)的四行代码,并被误导了。这个键没有问题,但我测试了它,并比较了其他配置。

My user ssh config file reset the host via an unintended global setting as shown below. The first Host line should not have been a comment.

我的用户ssh配置文件通过一个无意的全局设置重置主机,如下所示。第一个Host行不应该是注释。

$ cat config
StrictHostKeyChecking=no
#Host myAlias
        user ec2-user
        Hostname bitbucket.org
#        IdentityFile ~/.ssh/somekey
#        IdentitiesOnly yes

Host my2ndAlias
        user myOtherUser
        Hostname bitbucket.org
        IdentityFile ~/.ssh/my2ndKey
        IdentitiesOnly yes

I hope someone else finds this helpful.

我希望其他人会发现这是有帮助的。

#10


4  

I forgot to add the username (ubuntu) when connecting my Ubuntu instance. So I tried this:

在连接我的ubuntu实例时,我忘记添加用户名(ubuntu)了。所以我试着:

ssh -i /path/my-key-pair.pem my-ec2-instance.amazonaws.com

and the correct way was

正确的方法是。

ssh -i /path/my-key-pair.pem ubuntu@my-ec2-instance.amazonaws.com

#11


3  

This has happened to me multiple times. I have used Amazon Linux AMI 2013.09.2 and Ubuntu Server 12.04.3 LTS which are both on the free tier.

这在我身上发生过多次。我已经使用了Amazon Linux AMI 2013.09.2和Ubuntu Server 12.04.3 LTS,它们都在空闲层。

Every time I have launched an instance I have permission denied show up. I haven't verified this but my theory is that the server is not completely set up before I try to ssh into it. After a few tries with permission denied, I wait a few minutes and then I am able to connect. If you are having this problem I suggest waiting five minutes and trying again.

每次我启动一个实例,我就会被拒绝。我还没有验证这一点,但我的理论是,在我尝试ssh之前,服务器还没有完全建立起来。经过几次尝试之后,我拒绝了,我等了几分钟,然后我就可以联系了。如果你有这个问题,我建议你再等五分钟再试一次。

#12


2  

Here is a possible frustrating scenarios that produces this error:

下面是产生这个错误的可能令人沮丧的场景:

If you are lunching a new instance from an AMI you created of another instance (say instance xyz), then the new instance will only accept the same key that instance A used. This is totally understandable but it gets confusing because during the step by step process of creating the new instance, you are asked to select or create a key (at the very last step) which will not work.

如果您正在从另一个实例(比如xyz实例)中创建一个新实例,那么新实例将只接受实例a所使用的相同密钥。这是完全可以理解的,但是会让人感到困惑,因为在创建新实例的步骤过程中,要求您选择或创建一个关键字(在最后一步),这将不起作用。

Regardless of the key you create or select, only the key you were using for instance XYZ will will be accepted by the new instance.

不管您创建或选择的键是什么,只有您使用的关键字XYZ将会被新实例接受。

#13


2  

I struggled with this for a while too until I found the following:

我也挣扎了一段时间,直到我找到了以下几点:

eb ssh

When you use that from the project directory, bingo-bango no muss no fuss, you're in

当你从项目目录中使用它时,bingo-bango不需要大惊小怪,你在里面。

#14


2  

In my own case, i did the following:

在我自己的案例中,我做了如下工作:

chmod 400 <key.pem>

ssh -i <key.pem> ec2-user@ec2_public_dns (for debian)

I was initially using root@ part and i got this prompt:

我最初使用的是root@部分,我得到了这个提示:

Please login as the user "ec2-user" rather than the user "root".

#15


2  

I'm in Windows with WinSCP. It works great on both File Explorer and PuTTY SSH Shell to access my Amazon EC2-VPC Linux. There is nothing to do with chmod pem file as it uses myfile.ppk converted by PuTTYgen from the pem file.

我在WinSCP的窗口。它在文件资源管理器和PuTTY SSH Shell中都可以访问我的Amazon EC2-VPC Linux。在使用myfile时,与chmod pem文件没有任何关系。ppk由PuTTYgen从pem文件转换。

#16


2  

same thing happened to me, but all that was happening is that the private key got lost from the keychain on my local machine.

同样的事情也发生在我身上,但发生的一切都是,私钥从我本地机器上的钥匙链上丢失了。

ssh-add -K

ssh-add - k

re-added the key, then the ssh command to connect returned to work.

重新添加了密钥,然后ssh命令连接返回工作。

#17


1  

This issue can be solved by login into Ubuntu box using below command:

这个问题可以通过以下命令登录到Ubuntu框中解决:

ssh -i ec2key.pem ubuntu@ec2-public-IP

#18


1  

I've twice had keys and ssh command line correct (I know because I'm duplicating a working Ubuntu 14.04 instance), but just not been able to ssh into a new instance, even after waiting 5 minutes as suggested by Wade Anderson above.

我已经两次拥有了密钥和ssh命令行(我知道,因为我正在复制一个工作的Ubuntu 14.04实例),但是仅仅是无法通过ssh进入一个新实例,即使是在韦德·安德森的建议下等待了5分钟之后。

I had to destroy and re-create the machine. This has happened on two separate occasions. Since I can't get in initially, I can't see what's wrong.

我必须销毁并重新创建机器。这发生在两个不同的场合。因为我一开始不能进去,我看不出有什么不对。

So, if you have this problem, try that.

如果你有这个问题,试试这个。

#19


1  

you must check these few things:

你必须检查以下几点:

  1. Make sure your IP address is correct
  2. 确保你的IP地址是正确的。
  3. Make sure you are using the correct Key
  4. 确保你使用的是正确的钥匙。
  5. Make sure you are using the correct username, you can try: 3.1. admin 3.2. ec2-user 3.3. ubuntu
  6. 确保你使用的是正确的用户名,你可以试试:3.1。3.2管理。ec2-user 3.3。ubuntu

I had the same problem, and it solved after I changed username to ubuntu. In AWS documentation was mentioned to user ec2-user but somehow does not work for me.

我遇到了同样的问题,在我把用户名改为ubuntu后,它就解决了。在AWS文档中提到了用户ec2-user,但不知何故对我不起作用。

#20


1  

My private key was set to permission 400 and was resulting in Permission denied setting it to '644' helped me .

我的私钥被设置为权限400,并得到许可,拒绝将其设置为“644”帮助我。

key_load_private_type: Permission denied is the specific error I was getting

key_load_private_type:权限被拒绝是我得到的特定错误。

Solution: Sudo chmod 644 <key.pem>

解决方案:Sudo chmod 644

Note: set to 644 is must, it was not working with 400

注意:设置为644是必须的,它不能与400一起工作。

#21


1  

When you try doing

当你试着做

ssh -i <.pem path> root@ec2-public-dns

ssh -我<。pem路径> root@ec2-public-dns

You get a message advising you to use the ec2-user.

您会得到一条建议,建议您使用ec2-user。

Please login as the user "ec2-user" rather than the user "root".

请以用户“ec2-user”而不是用户“root”登录。

So use

所以使用

ssh -i <.pem path> ec2-user@ec2-public-dns

ssh -我<。pem路径> ec2-user@ec2-public-dns

#22


1  

I had same problem and its very strange. If you believe you are doing all good than follow this: Some times there is confusion about user for the EC2 instance!! Some times you get ec2-user, ubuntu, centos etc. So check your username for the machie!!

我有同样的问题,而且很奇怪。如果您认为您做的都是好的,那么您就会发现,对于EC2实例的用户来说,有些时候是混乱的!!有些时候你会得到ec2-user, ubuntu, centos等,所以检查你的用户名。

Login with root user ssh -i yourkey.pem (400 permission) root@<ip> It will throw error and will give you the available username. then login with that user.

以root用户ssh登录——我是您的密钥。pem(400权限)root@ 会抛出错误,并提供可用的用户名。然后与该用户登录。

#23


1  

It's a basic thing, but always confirm which user you are trying to do the login. Im my case was just a distraction. I was trying using a root user:

它是一个基本的东西,但总是要确认你想要登录的用户。我的情况只是分散注意力。我尝试使用根用户:

ssh -i ~/keys/<key_name> root@111.111.111.111

But was another user:

但另一个用户:

ssh -i ~/keys/<key_name> dedeco@111.111.111.111

#24


1  

i had same error but different situation. to me it happened out of the blue after a lot of time i could ssh successfully to my remote computer out there. after a lot of searching the solution to my problem were file permissions. it is strange of course because i didn't change any permissions in my computer or the remote one belonging to the ssh's files/directories. so from the good archlinux wiki here it is:

我有同样的错误,但情况不同。对我来说,它发生在很久以后,我可以成功地ssh到我的远程计算机。经过大量的搜索,我的问题的解决方案是文件权限。当然,这很奇怪,因为我没有改变我的计算机或ssh文件/目录中的任何权限。所以,从优秀的archlinux wiki,它是:

For the local machine do this:

对于本地机器来说:

$ chmod 700 ~/
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_ecdsa

For the remote machine do that:

对于远程机器来说:

$ chmod 700 ~/
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

after that my ssh started to working again without the permission denied (publickey) thing.

之后,我的ssh又开始工作了,没有被拒绝(publickey)。

#25


0  

Another Possible Issue: Wrong login ID

另一个可能的问题是:错误的登录ID。

Check 'Usage Instructions'

检查“使用说明”

All good suggestions above, but what I ran into was that I selected a pre-made instance. After the instance has started , look at the usage instructions. I incorrectly used login id of the private key when in the instructions I was supposed to use 'bitnami' (e.g. bitnami@domain -i key.pem)

以上都是好的建议,但我遇到的是我选择了一个预制实例。在实例启动之后,查看使用说明。当我在使用“bitnami”(例如bit@ domain -i - key.pem)的指令时,我错误地使用了私钥的登录id。

#26


0  

I had similar error

我有类似的错误

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: xxxx.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

My problem was that the instance did not start properly due to error on the run-on-start-up script from Step 3: Configure instance detail under Advanced details:

我的问题是,由于步骤3中的运行启动脚本错误,实例没有正确启动:在高级细节下配置实例细节:

What I thought I entered:

我想的是:

#include
 https://xxxx/bootstrap.sh


# include https://xxxx/bootstrap.sh



What actually entered breaks the instance setup

实际输入的内容破坏了实例设置!

#include

# include

https://xxxx/bootstrap.sh

https://xxxx/bootstrap.sh

So the public key on instance side was not created

因此,实例端的公钥并没有创建。

#27


0  

It's case sensitive.

这是区分大小写的。

Wrong : SSH EC2-user@XXX.XX.XX.XX -i MyEC2KeyPair.pem

错误的:SSH EC2-user@XXX.XX.XX。XX我MyEC2KeyPair.pem

Correct : SSH ec2-user@XXX.XX.XX.XX -i MyEC2KeyPair.pem

正确的:SSH ec2-user@XXX.XX.XX。XX我MyEC2KeyPair.pem

#28


-1  

I was able to SSH from one machine, but not from another. Turns out I was using the wrong private key.

我可以从一台机器上SSH,但不是从另一台。原来我用错了私钥。

The way I figured this out was by getting the public key from my private key, like this:

我的方法是通过私钥获取公钥,像这样:

ssh-keygen -y -f ./myprivatekey.pem

ssh - keygen - y - f。/ myprivatekey.pem

What came out didn't match what was in ~/.ssh/authorized_keys on the EC2 instance.

出了什么事不符合……ssh/authorized_keys在EC2实例上。

#29


-1  

All of the top ranked answers above are accurate and should work for most cases. In the event that they don't as was in my case, I simply got rid of my ~/.ssh/known_hosts file on the machine I was trying to ssh from and that solved the problem for me. I was able to connect afterwards.

以上所有排名的答案都是准确的,并且应该适用于大多数情况。如果他们不像我这样,我就把我的~/。ssh/known_hosts文件在我尝试ssh的机器上,这解决了我的问题。之后我就能联系上了。

#1


589  

This error message means you failed to authenticate.

此错误消息意味着您未能进行身份验证。

These are common reasons that can cause that:

这些都是造成这种情况的常见原因:

  1. Trying to connect with the wrong key. Are you sure this instance is using this keypair?
  2. 试着用错误的钥匙连接。您确定这个实例正在使用这个密钥对吗?
  3. Trying to connect with the wrong username. ubuntu is the username for the ubuntu based AWS distribution, but on some others it's ec2-user (or admin on some Debians, according to Bogdan Kulbida's answer)(can also be root, fedora, see below)
  4. 尝试连接错误的用户名。ubuntu是基于ubuntu的AWS发行版的用户名,但是在其他一些版本中,它是ec2用户(根据Bogdan Kulbida的回答,也可以是一些debian的管理员)(也可以是root, fedora,见下文)
  5. Trying to connect the wrong host. Is that the right host you are trying to log in to?
  6. 尝试连接错误的主机。这是你要登录的正确主机吗?

Note that 1. will also happen if you have messed up the /home/<username>/.ssh/authorized_keys file on your EC2 instance.

请注意,1。如果你搞砸了/home/ <用户名> /。在EC2实例上的ssh/authorized_keys文件。

About 2., the information about which username you should use is often lacking from the AMI Image description. But you can find some in AWS EC2 documentation, bullet point 4. : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

约2。,您应该使用的用户名的信息常常缺少AMI的图像描述。但是您可以在AWS EC2文档中找到一些,要点4。:http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

Use the ssh command to connect to the instance. You'll specify the private key (.pem) file and user_name@public_dns_name. For Amazon Linux, the user name is ec2-user. For RHEL5, the user name is either root or ec2-user. For Ubuntu, the user name is ubuntu. For Fedora, the user name is either fedora or ec2-user. For SUSE Linux, the user name is root. Otherwise, if ec2-user and root don't work, check with your AMI provider.

使用ssh命令连接到实例。您将指定私有密匙(.pem)文件和user_name@public_dns_name。对于Amazon Linux,用户名是ec2-user。对于RHEL5,用户名不是root就是ec2-user。对于Ubuntu,用户名是Ubuntu。对于Fedora,用户名是Fedora或ec2-user。对于SUSE Linux,用户名是root。否则,如果ec2用户和根不工作,请与您的AMI提供者进行检查。

Finally, be aware that there are many other reasons why authentication would fail. SSH is usually pretty explicit about what went wrong if you care to add the -v option to your SSH command and read the output, as explained in many other answers to this question.

最后,要知道认证失败还有许多其他原因。如果您愿意将-v选项添加到您的SSH命令并读取输出,那么SSH通常非常明确地说明了哪里出错了,正如在许多其他答案中所解释的那样。

#2


48  

In this case the problem arises from lost Key Pair. About this:

在这种情况下,问题产生于丢失的密钥对。关于这个:

  • There's no way to change Key Pair on an instance. You have to create a new instance that uses a new Key Pair.
  • 在实例上无法更改密钥对。您必须创建一个使用新密钥对的新实例。
  • You can work around the problem if your instance is used by an application on Elastic Beanstalk.
  • 如果您的实例被应用在弹性Beanstalk上,您可以解决这个问题。

You can follow these steps:

您可以按照以下步骤:

  1. Access to AWS Management Console
  2. 访问AWS管理控制台。
  3. Open Elastic Beanstalk Tab
  4. 打开Elastic Beanstalk选项卡
  5. Select your application from All Applications Tab
  6. 从All Applications选项卡中选择您的应用程序。
  7. From left side menù select Configuration
  8. 从左侧菜单选择配置。
  9. Click on the Instances Gear
  10. 点击实例设备。
  11. In Server Form check the EC2 Key Pair input and select your new Key Pair. You may have to refresh the list in order to see a new Key Pair you're just created.
  12. 在服务器表单中检查EC2密钥对输入并选择新的密钥对。您可能需要刷新列表,以便看到刚刚创建的新密钥对。
  13. Save
  14. 保存
  15. Elastic Beanstalk will create for you new instances associated with the new key pair.
  16. 弹性Beanstalk将为您创建与新密钥对关联的新实例。

In general, remember you have to allow your EC2 instance to accept inbound SSH traffic.

通常,请记住,您必须允许EC2实例接受入站SSH通信。

To do this, you have to create a specific rule for the Security Group of your EC2 instance. You can follow these steps.

要做到这一点,您必须为EC2实例的安全组创建一个特定的规则。您可以按照以下步骤操作。

  1. Access to AWS Management Console
  2. 访问AWS管理控制台。
  3. Open EC2 Tab
  4. 打开EC2选项卡
  5. From Instances list select the instance you are interested in
  6. 从实例列表中选择您感兴趣的实例。
  7. In the Description Tab chek the name of the Security Group your instance is using.
  8. 在Description选项卡chek中,您的实例正在使用的安全组的名称。
  9. Again in Description Tab click on View rules and check if your Security Group has a rule for inbound ssh traffic on port 22
  10. 在Description选项卡中再次单击查看规则并检查您的安全组是否对端口22上的入站ssh通信有规则。
  11. If not, in Network & Security menù select Security Group
  12. 如果没有,在网络和安全菜单中选择安全组。
  13. Select the Security Group used by your instance and the click Inbound Tab
  14. 选择您的实例使用的安全组,并单击Inbound选项卡。
  15. On the left of Inbound Tab you can compose a rule for SSH inbound traffic:
    • Create a new rule: SSH
    • 创建一个新规则:SSH。
    • Source: IP address or subnetwork from which you want access to instance
    • 源:您希望访问实例的IP地址或子网络。
    • Note: If you want grant unlimited access to your instance you can specify 0.0.0.0/0, although Amazon not recommend this practice
    • 注意:如果您希望授予对您的实例的无限访问权限,您可以指定0.0.0/0,尽管Amazon不推荐这种做法。
  16. 在入站左边的选项卡可以组成规则为SSH入站流量:创建一个新的规则:SSH来源:您想要访问的IP地址和子网实例注意:如果你想要无限授予访问您可以指定0.0.0.0/0实例,尽管亚马逊不推荐这种做法
  17. Click Add Rule and then Apply Your Changes
  18. 单击Add Rule,然后应用您的更改。
  19. Check if you're now able to connect to your instance via SSH.
  20. 检查您现在是否能够通过SSH连接到您的实例。

Hope this can help someone as helped me.

希望这能帮助到帮助我的人。

#3


43  

This is how I solved the problem

这就是我解决问题的方法。

ssh -i <key> ec2-user@<ec2 ip>

#4


26  

I solved the problem just putting sudo before

我刚刚解决了这个问题。

sudo ssh -i mykey.pem myec2.amazonaws.com

But the proper solution is to change the ownership first, and then connect as a normal user as Janus Troelsen said below. In my case it would be:

但是正确的解决方案是先改变所有权,然后像Janus Troelsen所说的那样连接正常用户。在我的例子中,它是:

chown wellington:wellington key.pem

#5


23  

Try using

试着用

sudo ssh -i mykey.pem ubuntu@<ec2_ip_public_dns>

OR

sudo ssh -i mykey.pem ec2-user@<ec2_ip_public_dns>

#6


22  

Another possible cause of this error:

另一个可能的原因是:

When user's home directory is group writeable, the user cannot login.

当用户的主目录是组可写时,用户不能登录。

(Reproduced on Ubuntu instance.)

在Ubuntu实例。(转载)

#7


7  

for the ubuntu 12.04 lts micro instance i had to set the user name as option

对于ubuntu 12.04 lts微实例,我必须设置用户名作为选项。

ssh -i pemfile.pem -l ubuntu dns

#8


7  

You need to do the following steps:

你需要做以下步骤:

  1. Open your ssh client or terminal if you are using Linux.
  2. 如果您正在使用Linux,请打开您的ssh客户机或终端。
  3. Locate your private key file and change your directory.
    cd <path to your .pem file>
  4. 找到您的私钥文件并更改您的目录。cd
  5. Execute below commands:
    chmod 400 <filename>.pem
    ssh -i <filename>.pem ubuntu@<ipaddress.com>
  6. 执行以下命令:chmod 400 。pem ssh - i <文件名> 。pem ubuntu@ < ipaddress.com >

If ubuntu user is not working then try with ec2-user.

如果ubuntu用户没有工作,那么尝试使用ec2-user。

#9


5  

I struggled with the same permission denied error apparently due to

我在同样的权限下挣扎,显然是由于错误。

key_parse_private2: missing begin marker 

In my situation the cause was the ssh config file of the current user (~/.ssh/config).

在我的情况下,原因是当前用户的ssh配置文件(~/.ssh/config)。

Using the following:

使用以下:

ssh -i ~/myKey.pem ec2-user@<IP address> -v 'exit'

The initial output showed:

初始输出显示:

debug1: Reading configuration data /home/ec2-user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/ec2-user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config

... many debug lines cut here ...

…这里有许多调试线路……

debug1: Next authentication method: publickey
debug1: Trying private key: /home/ec2-user/somekey.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.

The third line above is where the problem actual was identified; however, I looked for at the debug message four lines from the bottom (above) and was misled. There isn't a problem with the key but I tested it and compared other configurations.

上面的第三行是识别出问题的地方;但是,我在调试消息中查找了来自底部(上面)的四行代码,并被误导了。这个键没有问题,但我测试了它,并比较了其他配置。

My user ssh config file reset the host via an unintended global setting as shown below. The first Host line should not have been a comment.

我的用户ssh配置文件通过一个无意的全局设置重置主机,如下所示。第一个Host行不应该是注释。

$ cat config
StrictHostKeyChecking=no
#Host myAlias
        user ec2-user
        Hostname bitbucket.org
#        IdentityFile ~/.ssh/somekey
#        IdentitiesOnly yes

Host my2ndAlias
        user myOtherUser
        Hostname bitbucket.org
        IdentityFile ~/.ssh/my2ndKey
        IdentitiesOnly yes

I hope someone else finds this helpful.

我希望其他人会发现这是有帮助的。

#10


4  

I forgot to add the username (ubuntu) when connecting my Ubuntu instance. So I tried this:

在连接我的ubuntu实例时,我忘记添加用户名(ubuntu)了。所以我试着:

ssh -i /path/my-key-pair.pem my-ec2-instance.amazonaws.com

and the correct way was

正确的方法是。

ssh -i /path/my-key-pair.pem ubuntu@my-ec2-instance.amazonaws.com

#11


3  

This has happened to me multiple times. I have used Amazon Linux AMI 2013.09.2 and Ubuntu Server 12.04.3 LTS which are both on the free tier.

这在我身上发生过多次。我已经使用了Amazon Linux AMI 2013.09.2和Ubuntu Server 12.04.3 LTS,它们都在空闲层。

Every time I have launched an instance I have permission denied show up. I haven't verified this but my theory is that the server is not completely set up before I try to ssh into it. After a few tries with permission denied, I wait a few minutes and then I am able to connect. If you are having this problem I suggest waiting five minutes and trying again.

每次我启动一个实例,我就会被拒绝。我还没有验证这一点,但我的理论是,在我尝试ssh之前,服务器还没有完全建立起来。经过几次尝试之后,我拒绝了,我等了几分钟,然后我就可以联系了。如果你有这个问题,我建议你再等五分钟再试一次。

#12


2  

Here is a possible frustrating scenarios that produces this error:

下面是产生这个错误的可能令人沮丧的场景:

If you are lunching a new instance from an AMI you created of another instance (say instance xyz), then the new instance will only accept the same key that instance A used. This is totally understandable but it gets confusing because during the step by step process of creating the new instance, you are asked to select or create a key (at the very last step) which will not work.

如果您正在从另一个实例(比如xyz实例)中创建一个新实例,那么新实例将只接受实例a所使用的相同密钥。这是完全可以理解的,但是会让人感到困惑,因为在创建新实例的步骤过程中,要求您选择或创建一个关键字(在最后一步),这将不起作用。

Regardless of the key you create or select, only the key you were using for instance XYZ will will be accepted by the new instance.

不管您创建或选择的键是什么,只有您使用的关键字XYZ将会被新实例接受。

#13


2  

I struggled with this for a while too until I found the following:

我也挣扎了一段时间,直到我找到了以下几点:

eb ssh

When you use that from the project directory, bingo-bango no muss no fuss, you're in

当你从项目目录中使用它时,bingo-bango不需要大惊小怪,你在里面。

#14


2  

In my own case, i did the following:

在我自己的案例中,我做了如下工作:

chmod 400 <key.pem>

ssh -i <key.pem> ec2-user@ec2_public_dns (for debian)

I was initially using root@ part and i got this prompt:

我最初使用的是root@部分,我得到了这个提示:

Please login as the user "ec2-user" rather than the user "root".

#15


2  

I'm in Windows with WinSCP. It works great on both File Explorer and PuTTY SSH Shell to access my Amazon EC2-VPC Linux. There is nothing to do with chmod pem file as it uses myfile.ppk converted by PuTTYgen from the pem file.

我在WinSCP的窗口。它在文件资源管理器和PuTTY SSH Shell中都可以访问我的Amazon EC2-VPC Linux。在使用myfile时,与chmod pem文件没有任何关系。ppk由PuTTYgen从pem文件转换。

#16


2  

same thing happened to me, but all that was happening is that the private key got lost from the keychain on my local machine.

同样的事情也发生在我身上,但发生的一切都是,私钥从我本地机器上的钥匙链上丢失了。

ssh-add -K

ssh-add - k

re-added the key, then the ssh command to connect returned to work.

重新添加了密钥,然后ssh命令连接返回工作。

#17


1  

This issue can be solved by login into Ubuntu box using below command:

这个问题可以通过以下命令登录到Ubuntu框中解决:

ssh -i ec2key.pem ubuntu@ec2-public-IP

#18


1  

I've twice had keys and ssh command line correct (I know because I'm duplicating a working Ubuntu 14.04 instance), but just not been able to ssh into a new instance, even after waiting 5 minutes as suggested by Wade Anderson above.

我已经两次拥有了密钥和ssh命令行(我知道,因为我正在复制一个工作的Ubuntu 14.04实例),但是仅仅是无法通过ssh进入一个新实例,即使是在韦德·安德森的建议下等待了5分钟之后。

I had to destroy and re-create the machine. This has happened on two separate occasions. Since I can't get in initially, I can't see what's wrong.

我必须销毁并重新创建机器。这发生在两个不同的场合。因为我一开始不能进去,我看不出有什么不对。

So, if you have this problem, try that.

如果你有这个问题,试试这个。

#19


1  

you must check these few things:

你必须检查以下几点:

  1. Make sure your IP address is correct
  2. 确保你的IP地址是正确的。
  3. Make sure you are using the correct Key
  4. 确保你使用的是正确的钥匙。
  5. Make sure you are using the correct username, you can try: 3.1. admin 3.2. ec2-user 3.3. ubuntu
  6. 确保你使用的是正确的用户名,你可以试试:3.1。3.2管理。ec2-user 3.3。ubuntu

I had the same problem, and it solved after I changed username to ubuntu. In AWS documentation was mentioned to user ec2-user but somehow does not work for me.

我遇到了同样的问题,在我把用户名改为ubuntu后,它就解决了。在AWS文档中提到了用户ec2-user,但不知何故对我不起作用。

#20


1  

My private key was set to permission 400 and was resulting in Permission denied setting it to '644' helped me .

我的私钥被设置为权限400,并得到许可,拒绝将其设置为“644”帮助我。

key_load_private_type: Permission denied is the specific error I was getting

key_load_private_type:权限被拒绝是我得到的特定错误。

Solution: Sudo chmod 644 <key.pem>

解决方案:Sudo chmod 644

Note: set to 644 is must, it was not working with 400

注意:设置为644是必须的,它不能与400一起工作。

#21


1  

When you try doing

当你试着做

ssh -i <.pem path> root@ec2-public-dns

ssh -我<。pem路径> root@ec2-public-dns

You get a message advising you to use the ec2-user.

您会得到一条建议,建议您使用ec2-user。

Please login as the user "ec2-user" rather than the user "root".

请以用户“ec2-user”而不是用户“root”登录。

So use

所以使用

ssh -i <.pem path> ec2-user@ec2-public-dns

ssh -我<。pem路径> ec2-user@ec2-public-dns

#22


1  

I had same problem and its very strange. If you believe you are doing all good than follow this: Some times there is confusion about user for the EC2 instance!! Some times you get ec2-user, ubuntu, centos etc. So check your username for the machie!!

我有同样的问题,而且很奇怪。如果您认为您做的都是好的,那么您就会发现,对于EC2实例的用户来说,有些时候是混乱的!!有些时候你会得到ec2-user, ubuntu, centos等,所以检查你的用户名。

Login with root user ssh -i yourkey.pem (400 permission) root@<ip> It will throw error and will give you the available username. then login with that user.

以root用户ssh登录——我是您的密钥。pem(400权限)root@ 会抛出错误,并提供可用的用户名。然后与该用户登录。

#23


1  

It's a basic thing, but always confirm which user you are trying to do the login. Im my case was just a distraction. I was trying using a root user:

它是一个基本的东西,但总是要确认你想要登录的用户。我的情况只是分散注意力。我尝试使用根用户:

ssh -i ~/keys/<key_name> root@111.111.111.111

But was another user:

但另一个用户:

ssh -i ~/keys/<key_name> dedeco@111.111.111.111

#24


1  

i had same error but different situation. to me it happened out of the blue after a lot of time i could ssh successfully to my remote computer out there. after a lot of searching the solution to my problem were file permissions. it is strange of course because i didn't change any permissions in my computer or the remote one belonging to the ssh's files/directories. so from the good archlinux wiki here it is:

我有同样的错误,但情况不同。对我来说,它发生在很久以后,我可以成功地ssh到我的远程计算机。经过大量的搜索,我的问题的解决方案是文件权限。当然,这很奇怪,因为我没有改变我的计算机或ssh文件/目录中的任何权限。所以,从优秀的archlinux wiki,它是:

For the local machine do this:

对于本地机器来说:

$ chmod 700 ~/
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_ecdsa

For the remote machine do that:

对于远程机器来说:

$ chmod 700 ~/
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

after that my ssh started to working again without the permission denied (publickey) thing.

之后,我的ssh又开始工作了,没有被拒绝(publickey)。

#25


0  

Another Possible Issue: Wrong login ID

另一个可能的问题是:错误的登录ID。

Check 'Usage Instructions'

检查“使用说明”

All good suggestions above, but what I ran into was that I selected a pre-made instance. After the instance has started , look at the usage instructions. I incorrectly used login id of the private key when in the instructions I was supposed to use 'bitnami' (e.g. bitnami@domain -i key.pem)

以上都是好的建议,但我遇到的是我选择了一个预制实例。在实例启动之后,查看使用说明。当我在使用“bitnami”(例如bit@ domain -i - key.pem)的指令时,我错误地使用了私钥的登录id。

#26


0  

I had similar error

我有类似的错误

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: xxxx.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

My problem was that the instance did not start properly due to error on the run-on-start-up script from Step 3: Configure instance detail under Advanced details:

我的问题是,由于步骤3中的运行启动脚本错误,实例没有正确启动:在高级细节下配置实例细节:

What I thought I entered:

我想的是:

#include
 https://xxxx/bootstrap.sh


# include https://xxxx/bootstrap.sh



What actually entered breaks the instance setup

实际输入的内容破坏了实例设置!

#include

# include

https://xxxx/bootstrap.sh

https://xxxx/bootstrap.sh

So the public key on instance side was not created

因此,实例端的公钥并没有创建。

#27


0  

It's case sensitive.

这是区分大小写的。

Wrong : SSH EC2-user@XXX.XX.XX.XX -i MyEC2KeyPair.pem

错误的:SSH EC2-user@XXX.XX.XX。XX我MyEC2KeyPair.pem

Correct : SSH ec2-user@XXX.XX.XX.XX -i MyEC2KeyPair.pem

正确的:SSH ec2-user@XXX.XX.XX。XX我MyEC2KeyPair.pem

#28


-1  

I was able to SSH from one machine, but not from another. Turns out I was using the wrong private key.

我可以从一台机器上SSH,但不是从另一台。原来我用错了私钥。

The way I figured this out was by getting the public key from my private key, like this:

我的方法是通过私钥获取公钥,像这样:

ssh-keygen -y -f ./myprivatekey.pem

ssh - keygen - y - f。/ myprivatekey.pem

What came out didn't match what was in ~/.ssh/authorized_keys on the EC2 instance.

出了什么事不符合……ssh/authorized_keys在EC2实例上。

#29


-1  

All of the top ranked answers above are accurate and should work for most cases. In the event that they don't as was in my case, I simply got rid of my ~/.ssh/known_hosts file on the machine I was trying to ssh from and that solved the problem for me. I was able to connect afterwards.

以上所有排名的答案都是准确的,并且应该适用于大多数情况。如果他们不像我这样,我就把我的~/。ssh/known_hosts文件在我尝试ssh的机器上,这解决了我的问题。之后我就能联系上了。