Using my current MacBook, at previous companies I've been able to ssh to EC2 instances. At the new company, which has EC2 instances running Centos 6, which is running an old version of OpenSSL, (an old version of libssl) I cannot seem to ssh. I always get:
Permission denied (publickey).
So, for instance, on one server, the devops engineer installed my ssh public key, and they white listed my home IP address.
They sent me this block of text, which I put in my ~/.ssh/config file.
Host never_dev
HostName neverstaydev.com
User neverst
IdentityFile ~/.ssh/id_ed25519
Host beta
HostName 12.18.125.53
User neverst
IdentityFile ~/.ssh/id_ed25519
The only thing I changed was the name of the key, which is correct. But if I try this:
ssh -v never_dev
I get:
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/admin/.ssh/config
debug1: /Users/admin/.ssh/config line 1: Applying options for never_dev
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to neverstaydev.com port 22.
debug1: Connection established.
debug1: identity file /Users/admin/.ssh/id_ed25519 type 3
debug1: identity file /Users/admin/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to neverstaydev.com:22 as 'neverst'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:UJ9EFg/QTnxCP+/9/P8b+jSpKozY1IbaN3M5jOoz8e0
debug1: Host 'neverstaydev.com' is known and matches the RSA host key.
debug1: Found key in /Users/admin/.ssh/known_hosts:24
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
neverst#neverstaydev.com: Permission denied (publickey).
All of the developers are sharing one account on this EC2 instance, and everyone else can log in, except me. But my IP address has been whitelisted, since, as you can see above, my machine engages in dialogue with the EC2 instance.
I've tried different permissions on the private key, both 0400 and 0600. That has no effect.
Likewise, they have AMIs based on these machines, so I spun up a new EC2 instance based on the AMI, creating a new key pair. I then tried to ssh to the new EC2 instance, using the new key pair. But still the same problem:
Permission denied (publickey)
What might cause this?
The devops engineer suggested that I do:
ssh-keygen -t rsa -b 4096 -C "neverstay-key"
Now, and then I gave them my public key, which they installed on their side, and now when I try to ssh to the server, I get:
ssh-keygen -t rsa -b 4096 -C "lawarance-futurestay-key"
Related
I have been trying for 3 days now to set up git/ssh to work with bitbucket.org on windows 10.
Made a little progress. Now the log is...
Ian#Helike MINGW64 /m/websites/coachmaster (master)
$ ssh -v git#bitbucket.org
OpenSSH_8.0p1, OpenSSL 1.1.1c 28 May 2019
debug1: Reading configuration data /c/Users/Ian Hobson/.ssh/config
debug1: /c/Users/Ian Hobson/.ssh/config line 1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to bitbucket.org [18.205.93.1] port 22.
debug1: Connection established.
debug1: identity file D:\\Ian\\keyfiles\\ianhobson-bitbucket type -1
debug1: identity file D:\\Ian\\keyfiles\\ianhobson-bitbucket-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version conker_e350bda95a app-131
debug1: no match: conker_e350bda95a app-131
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /c/Users/Ian Hobson/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: D:\\Ian\\keyfiles\\ianhobson-bitbucket explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: D:\\Ian\\keyfiles\\ianhobson-bitbucket
sign_and_send_pubkey: no mutual signature supported
debug1: No more authentication methods to try.
git#bitbucket.org: Permission denied (publickey).
Ian#Helike MINGW64 /m/websites/coachmaster (master)
I can see it is using the correct keyfile. That keyfile, and ~/.ssh/config have been copied from the old machine where it works.
Ian
Try and regenerate your keys with:
ssh-keygen -t rsa -C "my#email.com" -m PEM -P "" -f D:\Ian\keyfiles\ianhobson-bitbucket
Then add the public key to your BitBucket profile.
Make sure your ~/.ssh/config file references that private key
Host bitb
Hostname bitbucket.org
User git
IdentityFile D:\Ian\keyfiles\ianhobson-bitbucket
Then your URL should be:
ssh -v bitb
(not git#bitbicket.org, which would bypass the SSH config file entirely)
I think my error was to install git/tortoise git attempting to use Putty and plink - maybe I tried a mix.
I confirm (as I did in the discussion): no Putty should be needed. OpenSSH is enough.
Problem solved.
I think my error was to install git/tortoise git attempting to use Putty and plink - maybe I tried a mix.
I should have used the other option - Open-SSH? - for both programs.
I went about recovery the long way, by resetting windows and re-installing all programs, so I can not be 100% sure that removing and reinstalling git and tortoise git in this way would have solved the problem.
And a special thanks to VonC for all his efforts to help.
I have a problem with setting-up SSHD service in Windows 7 running Cygwin.
I've followed this tutorial and it worked first time, but after reboot public keys stored in ~/.ssh/authorized_keys won't allow me to access this machine from external CLI. In addition password authorization also doesn't work, i've even try to reset password in cygwin using passwd testinguser.
These are steps i've made so far:
Reinstall Cygwin SSHD service (I've also removed other Windows user accounts than testinguser)
Re-run ssh-host-config again, as mentioned in tutorial
reset testinguser password from Cygwin console
set privileges to .authorized_keys & parent folder:
chmod 700 ~/.ssh &
chmod 600 ~/.ssh/authorized_keys
disabled Windows Defender Firewall and other AV software (httpd works well)
below is the result of ssh <host> -v command:
debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.1.3
debug1: no match: WeOnlyDo 2.1.3
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 5d:9b:19:36:1c:67:1d:c9:ef:91:7c:1e:e8:3b:ba:12
debug1: Host '10.1.0.46' is known and matches the RSA host key.
debug1: Found key in /home/banasiak/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/banasiak/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue: password,publickey
debug1: Offering RSA public key: banasiak#pc-71-wroc
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: /home/banasiak/.ssh/id_dsa
debug1: Trying private key: /home/banasiak/.ssh/id_ecdsa
debug1: Next authentication method: password
Is there something else that I should check? SSHD service is running correctly, I can start&stop it without any errors.
I am completely new to coding and am doing a startup course on coursera: https://class.coursera.org/startup-001/lecture/87
I'm getting a Permission Denied (publickey) when trying to connect to an EC2 Ubuntu Instance I created on AWS
Set up AWS Istance
Set Security to default and added port 22 and launched
Course tells me to then type:
chmod 400 trevor-learning.pem
ssh -i trevor-learning.pem \ ec2-user#ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com
This then gives me this error: Permission denied (publickey).
I've looked at other questions asked and tried switching the ubuntu# to ec2-user and some other things but I still can't connect.
I also tried:
trevor-larsons-macbook-pro:downloads trev$ chmod 600 trevor-learning.pem
trevor-larsons-macbook-pro:downloads trev$ ssh -v -i trevor-learning ubuntu#ec2-XX-XXX-XX- XX.us-west-2.compute.amazonaws.com
which gave me:
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
Warning: Identity file trevor-learning not accessible: No such file or directory.
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com [XX.XXX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /Users/trev/.ssh/id_rsa type -1
debug1: identity file /Users/trev/.ssh/id_rsa-cert type -1
debug1: identity file /Users/trev/.ssh/id_dsa type -1
debug1: identity file /Users/trev/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
debug1: Host 'ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/trev/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/trev/.ssh/id_rsa
debug1: Trying private key: /Users/trev/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
At a loss here and have NO idea what I am doing please help!
Also, not sure if this has anythign to do with it, when I download the instance certificate (shows up bottom left of chrome browser, it opens up my keychain access and says" an error has occured. unable to import an item. the contents of this item cannot be retrieved."
Try the following steps in your terminal:
ssh-keygen -R 12.345.678.999 // This Reset your publickey
Then try to access with your Key Pair Name and Public DNS of EC2:
ssh -i KeyPairName.pem ubuntu#ec2-xx-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com
I am trying to connect with my remote linux server using cygwin+ssh but the authentication fails with no apparent reason. I have successfully setup another connnection to github successfully and I have followed the same process, this is why I am stopped here
$ ssh -v finxxx#xxx.79.xxx.29
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Connecting to xxx.79.xxx.29 [xxx.79.xxx.29] port 22.
debug1: Connection established.
debug1: identity file /home/xxxtta/.ssh/id_rsa type -1
debug1: identity file /home/xxxtta/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_dsa type 2
debug1: identity file /home/xxxtta/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA c7:b2:f1:f9:76:cd:24:5a:80:91:4b:e5:ac:7e:e1:ee
debug1: Host 'xxx.79.xxx.29' is known and matches the RSA host key.
debug1: Found key in /home/xxxtta/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_rsa
debug1: Offering DSA public key: /home/xxxtta/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I have made the standard stuff but I cannot solve the problem. These are the commands I have used to generate the private/public keys. I have then copied the public key to the server
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/xxxtta/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxtta/.ssh/id_dsa.
Your public key has been saved in /home/xxxtta/.ssh/id_dsa.pub
thank you for your help
EDIT:
I have made the same procedure using MINGW and it works (I am able to connect). Something is definitely going wrong with cygwin in my system
Problem probably lies in user name. If you login remotely user name is case sensitive. You must write user name exactly how it was defined in Windows.
Copy id_dsa.pub to your remote server.
# scp .ssh/id_dsa.pub dude#remotemachine
On remote server:
# cat id_dsa.pub >> ~/.ssh/authorized_keys
You might try -vvv instead of -v to increase the verbosity.
Also, check that the file permissions are set properly. See Adding public key to ~/.ssh/authorized_keys does not log me in automatically
I'm on a Mac now and previously I was able to set up and access an EC2 instance successfully from Windows XP. I want to create a new key for access from Mac, used the console management screen to generate a new key, saved the PEM file, changed permission on the file to owner RW only and then tried ssh but couldn't get it to work. Here's my command
ssh -v -i .ssh/ec2-mac.pem ec2-user#ec2-204-236-143-254.us-west-1.compute.amazonaws.com
Here's the verbose output
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to ec2-204-236-143-254.us-west-1.compute.amazonaws.com http://204.236.143.254 port 22.
debug1: Connection established.
debug1: identity file .ssh/ec2-mac.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-204-236-143-254.us-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/bob/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/bob/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: .ssh/ec2-mac.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Anyone know what I'm missing? Oh and I am able to ssh into a different instance with the original key created for that instance making this even more puzzling.
Permissions are set correctly using chmod 600. The one thing I'm not sure is in the control panel management screen when I list Instances, it only shows the original value in "Key Pair Name" column, should it show both?
Thanks for your help in advance.
You don't need to create new key for new operating system. You can make use of your old Windows XP key in MAC.
Another point is when you launch an instance with a private key, then you can only login through that key only. A new key won't help.
Regards,
Sanket Dangi