我已经阅读了几篇关于这个问题的StackOverflow文章,并在谷歌上搜索了其他来源。我已经查看了AWS文档,但无法解决该问题。我已经做了好几个小时了,真的被卡住了。
我发现一些文章提到了类似的问题,但问题似乎总是用户的拼写错误。就我而言,我相信我已经确保了我所做的事情没有错别字或错误。
我正在使用Mac OS X Yosemite连接到我的AWS EC2实例。我无法将本地机器中的1个文件scp
到我的实例中,但我相信在升级到Yosemite之前,我过去已经能够做到了(尽管我不能100%确定升级前后)。不管怎样,我现在收到一个拒绝权限的错误。
我能够很好地将ssh
融入到我的实例中。我喜欢这样:
ssh -i mykey.pem ec2-user@myEC2host.myzone.compute.amazonaws.com
ssh
一切正常。但当我这样尝试scp
时:
scp —i mykey.pem ~/Sites/test.html ec2-user@myEC2host.myzone.compute.amazonaws.com:/var/www/html/
我得到以下错误:
权限被拒绝(公钥)。丢失连接
我已经尝试了几个小时,并确认了以下内容:
我能胜任
ssh
。我的
.pem
文件具有400
权限,并且全世界都看不到。我在
/var/www
和/var/www/html
文件夹中拥有正确的权限和所有权(我再次浏览了亚马逊的设置教程,并确保我使用了他们描述的所有权限设置。我的用户是访问这些文件夹的组的一部分。
当我运行scp -v
命令时,我可以看到scp
似乎甚至没有尝试使用指定的标识文件。我得到以下输出:
(注意正在执行的程序已从scp
命令中删除-i
)
Executing: program /usr/bin/ssh host myEC2host.myzone.compute.amazonaws.com, user ec2-user, command scp -v -d -t /var/www/html/
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to myEC2host.myzone.compute.amazonaws.com [public AWS ip] port 22.
debug1: Connection established.
debug1: identity file /Users/myusername/.ssh/id_rsa type -1
debug1: identity file /Users/myusername/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myusername/.ssh/id_dsa type -1
debug1: identity file /Users/myusername/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA {some hex output}
debug1: Host 'myEC2host.myzone.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/myusername/.ssh/id_rsa
debug1: Trying private key: /Users/myusername/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
lost connection
然而,当我运行ssh -v
时,我得到了以下输出,它确实立即使用了正确的标识文件:
ssh -v -i mykey ec2-user@myEC2host.myzone.compute.amazonaws.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to myEC2host.myzone.compute.amazonaws.com [54.69.211.59] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA {some hex output}
debug1: Host 'myEC2host.myzone.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mike.pem
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to myEC2host.myzone.compute.amazonaws.com ([myEC2IP]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
我不知道还能尝试什么,也不知道该如何解决这个问题。我希望有人能有同样的环境,并能确认问题或提供解决方案。
提前感谢!
scp —i mykey.pem ~/Sites/test.html ec2-user@myEC2host.myzone.compute.amazonaws.com:/var/www/html/
Executing: program /usr/bin/ssh host myEC2host.myzone.compute.amazonaws.com, user ec2-user, command scp -v -d -t /var/www/html/
scp —i...
命令中的破折号是unicode EM破折号,而不是ASCII破折号。Scp并没有将其解释为命令行选项。
事实上,它将"--i"、"mykey.pem"one_answers"~/Sites/test.html"解释为要复制的三个文件。您可以看出这一点,因为scp在远程scp实例的命令行中添加了"-d"。"-d"标志告诉远程scp实例目标必须是一个目录。scp在复制多个文件时会将该标志添加到远程命令中,但不用于复制单个文件。
也许您从文字处理文档中复制了scp命令?Microsoft Word因在排版版本中更改短划线和引号而臭名昭著。这是一件需要小心的事情。
Kenster正确地指出,在我将代码中-i
中的短划线粘贴到Terminal之前,它实际上已转换为EMdash-s
重新键入整个命令更正了问题。
谢谢你发现我的疏忽。