问题:I cannot SSH into my amazon web service (AWS) instance.
有很多关于这个的线程,但是这些问题已经通过更改登录用户名解决了。我的问题似乎没有被不同的用户名修复。以前通过更改登录用户名回答的问题可以在
找到:- AWS ssh access 'Permission denied (publickey)'
- 当SSH访问Amazon EC2实例时,权限被拒绝(publickey)
下面是SSH尝试的详细输出:
/development/aws$ > ssh -vvv -i "/development/aws/cgwebsites-wp.pem" ec2-user@52.24.142.84
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 52.24.142.84 [52.24.142.84] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/development/aws/cgwebsites-wp.pem" as a RSA1 public key
debug1: identity file /development/aws/cgwebsites-wp.pem type -1
debug1: identity file /development/aws/cgwebsites-wp.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "52.24.142.84" from file "/Users/cgood92/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 114/256
debug2: bits set: 518/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b5:4d:14:77:0a:8b:54:2c:5e:38:8d:8d:7b:91:da:2f
debug3: load_hostkeys: loading entries for host "52.24.142.84" from file "/Users/cgood92/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
The authenticity of host '52.24.142.84 (52.24.142.84)' can't be established.
RSA key fingerprint is b5:4d:14:77:0a:8b:54:2c:5e:38:8d:8d:7b:91:da:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '52.24.142.84' (RSA) to the list of known hosts.
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /development/aws/cgwebsites-wp.pem (0x0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /development/aws/cgwebsites-wp.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 0b:e9:55:d9:db:d5:a6:d7:c5:6e:2d:0c:fc:0c:1f:2b
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
所以我的问题是这个Permission denied (publickey).问题。
下面是我所做的调试。
1)我已经验证我正在使用正确的elastic ip address。我还尝试使用较长的Public DNS地址,结果完全相同。所以我确信我有正确的HOST。
3)我已经验证了我正在使用正确的密钥对名称。它位于"EC2">"实例">"密钥对名称"下。它表示"cgsites -wp",并且我在本地的/development/aws/cgwebsites-wp.pem处有正确的密钥对名称,如上面的详细输出所示。我还验证了该文件的路径是正确的,因为当我输入/development/aws/cgwebsites-wp222.pem之类的虚假内容时,错误明确地告诉我他们找不到该文件。
4)我已经尝试了几个不同的用户名,正如其他链接上关于这个问题的每个帖子所建议的。更具体地说,我试过admin, ubuntu, root, ec2-user, fedora。我甚至尝试了在"EC2">"实例">"AMI ID"找到的ID。不工作,都产生类似的消息。
5)我在一台windows电脑(必须使用puttyGen创建私钥包)和一台mac电脑上尝试过这个。
6)我在我的另一个AWS实例上尝试了这个,那里一切都很好。所以我的亚马逊账号没问题。
7)我已经尝试了删除所有的SSH缓存文件(在Windows中清除了一些注册表部分,在mac上我已经运行了ssh-keygen -R 52.24.142.84。
8)我已经检查以确保实例启动并运行,并且它有绿灯,另外我可以通过elasticbeanstalk url访问该站点。
9)我已经尝试通过chmod 600 /development/aws/cgwebsites-wp.pem和chmod 400 /development/aws/cgwebsites-wp.pem命令改变.pem文件的权限。
12)我知道这不是一个损坏的.pem文件的问题,因为我使用完全相同的文件SSH到我的其他AWS实例。
这是一个非常令人沮丧的问题。似乎很多人都遇到过类似的问题,但几乎每个人都通过更改用户名解决了这个问题。我已经尝试过了,包括https://alestic.com/2014/01/ec2-ssh-username/上的建议和脚本。但是什么都没有。
任何帮助都将非常感激!
看起来对不对。尝试生成一个新的密钥对,下载并使用它。该流程可在以下网址找到:https://stackoverflow.com/a/4921866/4512451
这种情况在这里发生过一次。我复制了一个实例,但我从来没有能够SSH到它,我真的花了几个小时试图SSH。我不得不删除实例,然后我再次安装相同的密钥对,它工作了!