问题:我无法SSH进入我的亚马逊网络服务(AWS)实例。
这有很多线程,但这些问题是通过更改登录用户名来解决的。我的问题似乎没有用不同的用户名修复。通过更改登录用户名回答的先前问题可在以下位置找到:
以下是SSH尝试的详细输出:
/development/aws$ > ssh -vvv -i "/development/aws/cgwebsites-wp.pem" ec2-user@52.24.142.84
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 52.24.142.84 [52.24.142.84] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/development/aws/cgwebsites-wp.pem" as a RSA1 public key
debug1: identity file /development/aws/cgwebsites-wp.pem type -1
debug1: identity file /development/aws/cgwebsites-wp.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "52.24.142.84" from file "/Users/cgood92/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 114/256
debug2: bits set: 518/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b5:4d:14:77:0a:8b:54:2c:5e:38:8d:8d:7b:91:da:2f
debug3: load_hostkeys: loading entries for host "52.24.142.84" from file "/Users/cgood92/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
The authenticity of host '52.24.142.84 (52.24.142.84)' can't be established.
RSA key fingerprint is b5:4d:14:77:0a:8b:54:2c:5e:38:8d:8d:7b:91:da:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '52.24.142.84' (RSA) to the list of known hosts.
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /development/aws/cgwebsites-wp.pem (0x0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /development/aws/cgwebsites-wp.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 0b:e9:55:d9:db:d5:a6:d7:c5:6e:2d:0c:fc:0c:1f:2b
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
所以我的问题是这个Permission denied (publickey).问题。
以下是我为调试它所做的工作。
1)我已经确认我使用了正确的elastic ip address。我也尝试使用较长的Public DNS地址,结果完全相同。所以我确信我有正确的主机。
2)我确保安全组规则允许SSH 。首先,它已经设置为允许端口22上的TCP传入流量。为了安全起见,我添加了一条规则,允许所有端口的所有TCP传入流量,用于所有IP地址。传出流量的规则是允许一切到处都是。
3)我已经确认我使用的是正确的密钥对名称。它位于“EC2”&gt;下面。 “实例”&gt; “密钥对名称”。它说“cgwebsites-wp”,我在/development/aws/cgwebsites-wp.pem本地有正确的密钥对名称,如上面的详细输出所示。我还验证了我的文件路径是正确的,因为当我把/development/aws/cgwebsites-wp222.pem之类的东西搞得一团糟时,错误告诉我他们找不到文件。
4)我已经尝试了几个不同的用户名,正如其他链接上此问题的每个帖子所建议的那样。更具体地说,我尝试过admin,ubuntu,root,ec2-user,fedora。我甚至尝试过在“EC2”&gt;处找到的ID。 “实例”&gt; “AMI ID”。没有工作,都会产生类似的信息。
5)我在Windows计算机上尝试过此操作(必须使用puttyGen创建私钥包)以及mac计算机。两者都有相同的错误。
6)我在我的另一个AWS实例上试过这个,一切都运行正常。所以我的亚马逊账户没问题。
7)我尝试过删除所有SSH缓存文件(在Windows中清除了一些注册表部分,在Mac上我运行了ssh-keygen -R 52.24.142.84。
8)我已经检查确保实例已启动并正在运行,并且它有绿灯,此外我可以通过elasticbeanstalk网址访问该网站。
9)我尝试通过命令.pem和chmod 600 /development/aws/cgwebsites-wp.pem更改chmod 400 /development/aws/cgwebsites-wp.pem文件的权限。
10)这不是防火墙问题或类似问题,因为我可以通过SSH连接到我的其他AWS实例。
11)当然,我已经终止并重新安装了几个linux实例,所有这些都有同样的错误。
12)我知道这不是一个损坏的.pem文件的问题,因为我使用完全相同的文件来SSH到我的其他AWS实例。
这是一个非常令人沮丧的问题。似乎很多人遇到了类似的问题,但几乎每个人都通过更改用户名解决了这个问题。我试过了,包括https://alestic.com/2014/01/ec2-ssh-username/的建议和脚本。但没什么。
任何帮助都会非常感激!
答案 0 :(得分:0)
看起来密钥对很糟糕。尝试生成新的密钥对,下载并使用它。该流程可在以下网址找到:https://stackoverflow.com/a/4921866/4512451
答案 1 :(得分:0)
这已经发生在这里了。我复制了一个实例,我从来没有能够通过SSH进入它,我花了好几个小时尝试SSH。我不得不删除实例然后再次安装相同的密钥对,它有效!