看起来我并不是第一个与这个人挣扎的人。
到目前为止,我通过SSH访问我的EC2实例没有问题。直到现在。
无论我做什么,我都会收到拒绝许可的错误。我检查了我的ec2用户数十万次,我的安全组参数也是如此。我的IP已在入站规则中正确注册。
我尝试使用实例DNS和IP。我使用keygen -r强制keygen再生。 Stille也一样。我的密钥对文件具有权限0600。
这可能发生在实例重启后(不是停止/启动,来自EC2仪表板,而不是来自shell)。我的实例运行没有任何警报,我的网站正确显示。
这是我的ssh命令:
ssh -v -i "~/.ssh/namaste_3.pem" ubuntu@ec2-52-29-237-225.eu-central-1.compute.amazonaws.com
或
ssh -v -i "~/.ssh/keypair.pem" ubuntu@52.29.237.225
这是我的ssh -v输出:
OpenSSH_7.2p2 Ubuntu-4, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 52.29.237.225 [52.29.237.225] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/brice/.ssh/namaste_3.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/brice/.ssh/namaste_3.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 52.29.237.225:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:yiGarcstgUfXZmop1URjMPa/pp1J5mak4Rsl6TWuAh4
debug1: Host '52.29.237.225' is known and matches the ECDSA host key.
debug1: Found key in /home/brice/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: bleroux@fluksaqua.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/brice/.ssh/namaste_3.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
有任何线索吗?我真的不想从头开始新的实例......
答案 0 :(得分:1)
如果实例是EBS根实例,您可以始终通过UNMOUNT来诊断实例的根卷,然后将其挂载到正在运行的EC2实例,以检查EC2 /home/ubuntu/.ssh/是否出错authorized_keys中。
在进行任何更改之前为卷创建快照。修复后,只需将其安装回实例即可。
意外使用chmod 600尝试硬化EC2 /home/ubuntu/.ssh总会导致问题。 〜/ .ssh文件夹至少需要u + rwx。因为这是正确的方法。
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
所以,文件夹总是700。不是600.
不要问我为什么知道这个;-)
答案 1 :(得分:0)
首先尝试从known_hosts中删除条目
ssh-keygen -R hostname/IP
然后将密钥文件的权限更改为400