保存
cloud-init阶段完成后,验证公钥是否被替换。重要:由于脚本包含密钥对,请从User Data字段中删除脚本。
选择动作、实例设置、编辑用户数据
删除编辑用户数据对话框中的所有文本,然后选择保存。 启动实例。使用新的密钥对登录—ssh - iusername@public_ip
昨天,我创建了新的aws实例,并且工作正常。然而,今天早上,当我试图连接aws ec2时,我得到了一个错误消息。(权限被拒绝(publickey,gssapi-key,gssapi-with-mic)
供您参考,我用的是MAC os。
我用amazon-linux2创建ec2- instance。然后我尝试了如下方法。
ssh -i xxx.pem ec2-user@xx.xxx.xxx.xxx
我也试图输入跟随代码。
chmod 400 xxx.pem
请参阅下面的调试日志。
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to 54.180.146.106 [54.180.146.106] port 22.
debug1: Connection established.
debug1: identity file /Users/user1/.ssh/id_rsa type -1
debug1: identity file /Users/user1/.ssh/id_rsa-cert type -1
debug1: identity file /Users/user1/.ssh/id_dsa type -1
debug1: identity file /Users/user1/.ssh/id_dsa-cert type -1
debug1: identity file /Users/user1/.ssh/id_ecdsa type -1
debug1: identity file /Users/user1/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/user1/.ssh/id_ed25519 type -1
debug1: identity file /Users/user1/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/user1/.ssh/id_xmss type -1
debug1: identity file /Users/user1/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 54.180.146.106:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+b+E64s1bsV8cVtNGxqWFVQKDuo/+SuT88N4hQOcmMs
debug1: Host '54.180.146.106' is known and matches the ECDSA host key.
debug1: Found key in /Users/user1/.ssh/known_hosts:45
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/user1/.ssh/id_rsa
debug1: Will attempt key: /Users/user1/.ssh/id_dsa
debug1: Will attempt key: /Users/user1/.ssh/id_ecdsa
debug1: Will attempt key: /Users/user1/.ssh/id_ed25519
debug1: Will attempt key: /Users/user1/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/user1/.ssh/id_rsa
debug1: Trying private key: /Users/user1/.ssh/id_dsa
debug1: Trying private key: /Users/user1/.ssh/id_ecdsa
debug1: Trying private key: /Users/user1/.ssh/id_ed25519
debug1: Trying private key: /Users/user1/.ssh/id_xmss
debug1: No more authentication methods to try.
ec2-user@54.180.146.106: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
请看看我的…错误,我真的很感激如果你们帮助我。:)
谢谢。
你确定这是正确的键吗?您可以尝试从AWS Web控制台使用相同的密钥并查看该密钥是否有效吗?
参考文档
我在尝试使用Mac终端登录AWS实例时遇到了同样的问题。
有两种选择,我已经尝试过了,经过大量的研究,它们应该会起作用:
-
修改权限:使用chmod 600 .pem代替chmod 400
然后再尝试使用SSH -i ec2-user@public-ip -
第二个选项是从a生成公钥的散列,您可以创建一个新的。Ssh-keygen -y -f/path_to_key_pair/new-key-pair.pem
- 在关闭实例后,使用cloud-config将公钥作为用户数据添加到实例中;将用户名更改为您的用户名,并将公钥更改为ssh-keygen命令生成的公钥>请确保输入整个公钥,以ssh-rsa开头。
下面是Cloud-config命令
内容类型:多部分/混合;边界="//"; MIME-Version: 1.0--// 内容类型:文本/cloud-config;charset ="us-ascii" MIME-Version: 1.0Content-Transfer-Encoding: 7位 附加:附件;文件名="cloud-config.txt"# cloud-config cloud_final_modules: -[用户组,一次] 用户: - name:用户名 ssh-authorized-keys: - PublicKeypair