权限被拒绝使用scp将文件从Mac OS复制到Amazon EC2实例时出错

Question

我已经阅读了几篇有关此问题的StackOverflow文章，并搜索其他来源，但没有运气。我检查过AWS文档但无法解决问题。我已经在这个工作了好几个小时了，我真的被卡住了。

我发现文章提到了类似的问题，但这个问题看起来一直是用户的错字或错误。就我而言，我确信我已经确保在我正在做的事情中没有拼写错误或错误。

我正在使用Mac OS X Yosemite连接到我的AWS EC2实例。我不能scp从我的本地机器到我的实例的文件，但我能够在过去，我相信在升级到优胜美地之前（虽然我在升级之前或之后不是100％肯定）。无论如何，我现在收到一个拒绝许可的错误。

我能够ssh对我的实例很好。我这样做：

ssh -i mykey.pem ec2-user@myEC2host.myzone.compute.amazonaws.com

ssh一切正常。但是当我尝试这样scp时：

scp —i mykey.pem ~/Sites/test.html ec2-user@myEC2host.myzone.compute.amazonaws.com:/var/www/html/

我收到以下错误：

  

权限被拒绝（publickey）。失去联系

我已经尝试了几个小时，并确认了以下内容：

1. 我可以ssh就好了。
2. 我的.pem文件具有400权限 是不可见的世界。

3. 我在/var/www和/var/www/html文件夹中拥有正确的权限和所有权

   （我再次浏览了亚马逊设置教程并确保我按照他们的描述使用了所有权限设置。我的用户是该组的一部分，可以访问这些文件夹。

当我运行scp -v命令时，我可以看到scp似乎甚至没有尝试使用指定的身份文件。我得到以下输出：

（注意正在执行的程序已从-i命令中删除scp）

Executing: program /usr/bin/ssh host myEC2host.myzone.compute.amazonaws.com, user ec2-user, command scp -v -d -t /var/www/html/
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to myEC2host.myzone.compute.amazonaws.com [public AWS ip] port 22.
debug1: Connection established.
debug1: identity file /Users/myusername/.ssh/id_rsa type -1
debug1: identity file /Users/myusername/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myusername/.ssh/id_dsa type -1
debug1: identity file /Users/myusername/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA  {some hex output}
debug1: Host 'myEC2host.myzone.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/myusername/.ssh/id_rsa
debug1: Trying private key: /Users/myusername/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
lost connection

然而，当我运行ssh -v时，我得到以下输出，它会立即使用正确的识别文件：

ssh -v -i mykey ec2-user@myEC2host.myzone.compute.amazonaws.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to myEC2host.myzone.compute.amazonaws.com [54.69.211.59] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA {some hex output}
debug1: Host 'myEC2host.myzone.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mike.pem
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to myEC2host.myzone.compute.amazonaws.com ([myEC2IP]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8

我不确定还有什么可以尝试，或者我怎么能解决这个问题。我希望有人会有相同的环境，可以确认问题或提供解决方案。

提前致谢！

Answer 1

scp —i mykey.pem ~/Sites/test.html ec2-user@myEC2host.myzone.compute.amazonaws.com:/var/www/html/
Executing: program /usr/bin/ssh host myEC2host.myzone.compute.amazonaws.com, user ec2-user, command scp -v -d -t /var/www/html/

scp —i...命令中的破折号是一个unicode EM破折号，而不是ASCII破折号。 Scp并不将其解释为命令行选项。

实际上它解释了＆＃34; -i＆＃34;，＆＃34; mykey.pem＆＃34;和＆＃34;〜/ Sites / test.html＆＃34;作为三个要复制的文件。你可以告诉这个，因为scp添加了＆＃34; -d＆＃34;到远程scp实例的命令行。 ＆＃34; -d＆＃34; flag告诉远程scp实例目标必须是目录。当scp复制多个文件时，scp会将该标志添加到远程命令中，但不会复制单个文件。

也许您从文字处理文档中复制了scp命令？ Microsoft Word因将破折号和引号更改为排版版本而臭名昭着。这是值得注意的事情。

Answer 2

Kenster正确地指出我的代码中-i中的破折号实际上在我将其粘贴到终端之前转换为EMdash。 ：-s

重新打印整个命令纠正了问题。

感谢您接受我的疏忽。