无法ssh到Amazon EC2帐户。 (公钥错误)

时间:2012-05-05 00:20:37

标签: ubuntu amazon-ec2 amazon-web-services

我刚刚启动了一个EC2实例,我很难启动ssh连接。请注意,我有一个以前的EC2实例,使用相同的密钥对ssh工作正常。我很困惑,因为我使用相同的密钥对启动了这个新的EC2实例。

以下是我的尝试。关于这里可能会发生什么的专家建议?以及如何解决它?

me@ubuntu:~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
RSA key fingerprint is aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts.
Permission denied (publickey).

me@ubuntu:~/keys$ chmod 400 mykey.pem
me@ubuntu:~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4
Permission denied (publickey).

me@ubuntu:~/keys$ ssh -v -i mykey.pem ubuntu@1.2.3.4
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc
debug1: Host '1.2.3.4' is known and matches the RSA host key.
debug1: Found key in /home/me/.ssh/known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mykey.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

3 个答案:

答案 0 :(得分:2)

您正在使用的密钥对必须是错误/丢失的,并且您无法恢复私钥对,因为我曾经丢失.pem文件并且必须重新创建和实例。 它就像一个密码,亚马逊出于安全原因不保存私钥。

修复它。

转到aws管理控制台 1.停止实例并创建相同的AMI图像。 2.使用创建的AMI映像和附加的新密钥对启动新实例。 3.然后分配先前分配给旧实例的弹性IP。 4.如果一切正常,请删除旧实例。

因此可以在线保存XXXX.pem文件。

答案 1 :(得分:0)

尝试:

chmod 600 [FULL_PATH_TO_KEYFILE_DIRECTORY]/mykey.pem

代替。

如果您的AMI为Amazon AMI,请使用ec2-user作为您的用户名。

如果仍然无效,请尝试将以下内容添加到~/.ssh/config

IdentitiesOnly yes
KeepAlive yes
ServerAliveInterval 60
Host ALAIS_FOR_YOUR_HOST
    User ubuntu
    HostName HOST_IP
    IdentityFile FULL_PATH_TO_KEY_FILE

答案 2 :(得分:0)

关键调试日志是:

debug1: Roaming not allowed by server

您是否从3g / 4g热点连接? Amazon EC2公然无视您的pem文件。

相关问题
最新问题