尝试从堡垒服务器连接到私有子网中的EC2实例

时间:2020-10-22 18:39:19

标签: amazon-web-services amazon-ec2 ssh

我有2个EC2实例-一个在连接到nat网关的私有子网中,另一个在连接到Internet网关的公共子网中。我在私有子网中有一个詹金斯服务器,在公共子网中有一个堡垒服务器。

我用scp将创建jenkins实例时使用的pem密钥复制到堡垒服务器上,现在正尝试通过堡垒连接到jenkins实例。

我运行命令ssh -i pem.key ubuntu@privateipaddress,但不断出现权限被拒绝(公钥)错误。

我已经检查了两个实例的安全组设置,然后将它们检出。 jenkins安全组的入站规则允许来自堡垒安全组的SSH和HTTP通信,而jenkins安全组的出站规则当前允许所有通信通过。

我对堡垒安全组有相反的看法。

编辑:详细:

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.1.49 [10.0.1.49] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file key.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.0.1.49:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EgAjWBAxVLz8L+MQNQXZeIwh51QZOPxPhvugsxv1XGs
debug1: Host '10.0.1.49' is known and matches the ECDSA host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: key.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
ubuntu@10.0.1.49: Permission denied (publickey).

1 个答案:

答案 0 :(得分:0)

我设法按照以下指南解决了这个问题:https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/

我以前曾经看过它,但从未考虑尝试过,因为我的课程讲师说我不需要。

相关问题
最新问题