I am trying to open a linode Debian 10 with display. I am connecting to it using a Git Bash on Windows 7.I have tried almost every way I can find, but cannot get rid of this error
debug1: Authentication succeeded (password).
Authenticated to 66.228.51.35 ([66.228.51.35]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug1: No xauth program.
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Linux localhost 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jun 21 08:56:56 2021 from 49.36.179.155
root#localhost:~#
I have Xming on 0.0. This is my ssh_config.
# ssh_config(5) man page.
# Host *
ForwardAgent yes
ForwardX11 yes
PasswordAuthentication yes
XAuthLocation /opt/X11/bin/xauth
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
Port 22
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64#openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# Added by git-extra
Ciphers +aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
It is the same on the server as well. Don't know what else to do make it work. I am not a bit clear on where to add export DISPLAY in the bash on Windows..or server?
user#user-PC MINGW64 ~/Desktop
$ which xauth
which: no xauth in (/c/Users/user/bin:/mingw64/bin:/usr/local/bin:/usr/bin:/bin:/mingw64/bin:/usr/bin:/c/Users/user/bin:/c/Program Files (x86)/Microsoft SDKs/Azure/CLI2/wbin:/c/Program Files (x86)/Common Files/Oracle/Java/javapath:/c/Windows/system32:/c/Windows:/c/Windows/System32/Wbem:/c/Windows/System32/WindowsPowerShell/v1.0:/c/geckodriver.exe:/c/Program Files/Java/jre1.8.0_271/bin/java:/cmd:/c/Program Files/wkhtmltopdf:/c/Program Files/Liquid Technologies/Liquid Studio 2021/XmlDataBinder19/Redist19/cpp/win32/bin:/c/Program Files/Liquid Technologies/Liquid Studio 2021/XmlDataBinder19/Redist19/cpp/win64/bin:/c/Users/user/AppData/Local/Programs/Python/Python37/Scripts:/c/Users/user/AppData/Local/Programs/Python/Python37:/c/Program Files/JetBrains/PyCharm Community Edition 2020.3/bin:/c/Users/user/AppData/Local/Programs/Microsoft VS Code/bin:/c/Program Files/poppler-0.68.0/bin:/c/Program Files/wkhtmltopdf:/c/Program Files/gs/gs9.54.0/bin:/c/Program Files/poppler-0.68.0/bin:/usr/bin/vendor_perl:/usr/bin/core_perl)
What ssh -Y (not -X) is for, is to allow the host into which you are connecting, to open X11 windows on your own display. For this to work, your computer must be running an X server. On macOS (Darwin) for instance you would launch XQuartz. The ssh command can then provide, via environment variables and other clever tricks, a communications channel by which X client programs on the target machine can open windows on your server on your laptop.
To use this with Windows on a PC, you would need to install an X server on your PC. This is possible; see this Google search for instance. You mentioned Xming; this superuser.com Q&A has some setup information for using Xming.
Related
Below command is working, I am able to download file from jumphost to my current directory in Windows machine using .pub file
scp -r -i user_202201281017.pub user#jumphost_ip_address:/home/user/check-job-status.sh .
As of now I am copying file to jumphost server using sftp, then doing scp to my Windows machine. I would like to bypass jumphost and want to use 2nd hop to transfer file to Windows machine like below command
scp -r -i user_202201281017.pub user#jumphost_ip_address,user#file_present_at_original_server:/home/user/check-job-status.sh .
Error:
ssh: connect to host file_present_at_original_server port 22:
Connection timed out
If you have OpenSSH 8.0 and newer, you can use -J (jump) switch:
scp -r -i user_202201281017.pub -J user#jumphost_ip_address user#file_present_at_original_server:/home/user/check-job-status.sh .
With older version, but at least 7.3, use ProxyJump directive:
scp ... -o ProxyJump=user#jumphost_ip_address
For more options, see Does OpenSSH support multihop login?
With Windows build of OpenSSH (Win32-OpenSSH), you need the latest version in any case, as earlier versions had broken jump host support. They fail with:
CreateProcessW failed error:2 posix_spawn: No such file or directory
I'm trying to use ssh forwarding feature on mac to display remote GUI application locally.
on Mac, I installed the official xserver XQaurtz, set it up as below.
$ cat ~/.ssh/config
Host *
XAuthLocation /opt/X11/bin/xauth
ForwardAgent yes
ForwardX11 yes
Then I used "ssh -v -X user#remote_machine" to login a ubuntu machine, then used xclock to test.
$ ssh -v -X user#remote_machine
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data ~/.ssh/config
debug1: /Users/bwu/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: auto-mux: Trying existing master
On remote machine, xclock failed to launch due to $DISPLAY is empty.
$ xclock
Error: Can't open display:
I did two more tests.
From the same mac, ssh login to another centos 7 machine, it's working. $ cat /etc/ssh/sshd_config X11Forwarding yes
X11DisplayOffset 0
From a ubuntu host, ssh login to above ubuntu machine, it's working. $ cat /etc/ssh/sshd_config X11Forwarding yes X11DisplayOffset 0
So we got below results.
mac to centos, working
ubuntu to ubuntu, working
mac to ubuntu, not working
Test 1 indicates the issue might locate on remote ubuntu machine.
Test 2 indicates the issue might locate on local mac machine.
What's wrong with this? Did I miss anything?
Further update on this issue. I noticed x11 forwarding did not work "randomly" on centos or ubuntu (from my macbook), but after a couple hours it may work again.
I checked the sshd configuration on both centos and ubuntu, nothing special and they are same in x11 forwarding part. I don't know why.
X11Forwarding yes
X11DisplayOffset 0
#X11UseLocalhost yes
Here is a solution that might work. I had the same problem and this is how I solved it. Give the following solution a try.
First find the DISPLAY variable.
So in your mac if you type as a normal user
echo $DISPLAY
Then what you would get is something like the following.
/private/tmp/com.apple.launchd.0aQYNoXMFK/org.xquartz:0
Then try something like
xeyes
to see whether forwarding works. There are other apps you could try, but I like this one.
And now you know that your display is working
Now if you want to try the same as root (Please don't jump on me guys, I know some of you all are strongly against root access) echo $DISPLAY, but if does not work
then in your root prompt do the following
export DISPLAY=/private/tmp/com.apple.launchd.0aQYNoXMFK/org.xquartz:0
The same you found in your normal user account. Then copy your
.Xauthority at /Users/normal user/.Xauthority to /var/root/.
The .Xauthority file is already there, but this would over right it.
cp /Users/normal user/.Xauthority /var/root/
Of course the export might work, but there is no harm in doing the above.
Now try the following.
echo $DISPLAY
And you should see the following
/private/tmp/com.apple.launchd.0aQYNoXMFK/org.xquartz:0
If you ssh into Ubuntu from normal user prompt then you do not need to do the root part, but since, I use root to ssh into my Ubuntu systems I often have to do this.
Then when you 'ssh into Ubuntu type
echo $DISPLAY
And you would see something like the following
localhost:10.0
The above would work if you have done all those other bits like forwarding and etc.
Again, if you want to use root in your Ubuntu and if the echo $DISPLAY does not produce any response,
then try the following (Assuming you are at root prompt).
cp /home/user name/.Xauthority /root/.Xauthority
Now try
echo $DISPLAY
again and you would see something like the following
localhost:10.0
For fun try
xeyes
Of course you could try xclock or any other as well
And it works in my case. Hope this is helpful and would solve a problem like the one above or like mine that someone has come across and who spent a few hours on this problem while scratching head and trying to pull hair out like me :-)).
This is my first time accessing GitHub and I'm not experienced using a console. I am on a MacBook using Bash. When I try to access GitHub, I get this:
git clone git#github.com:dhulihan/league-of-legends-data-scraper.git
Cloning into 'league-of-legends-data-scraper'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I've tried following the instructions on Github page about permission being denied.
When I use ssh -vT git#github.com, I get the following:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: identity file /Users/XXXX/.ssh/id_rsa type -1
debug1: identity file /Users/XXXX/.ssh/id_rsa-cert type -1
debug1: identity file /Users/XXXX/.ssh/id_dsa type -1
debug1: identity file /Users/XXXX/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version libssh-0.6.0
debug1: no match: libssh-0.6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/XXXX/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/XXXX/.ssh/id_rsa
debug1: Trying private key: /Users/XXXX/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Next, eval "$(ssh-agent -s)" returns "Agent pid 2314",
however ssh-add -l returns "The agent has no identities."
And that is where I am stuck.
Full details in this answer.
In summary, when ssh-add -l returns “The agent has no identities”, it means that keys used by ssh (stored in files such as ~/.ssh/id_rsa, ~/.ssh/id_dsa, etc.) are either missing, they are not known to ssh-agent, which is the authentication agent, or that their permissions are set incorrectly (for example, world writable).
If your keys are missing or if you have not generated any, use ssh-keygen -t rsa, then ssh-add to add them.
If keys exist but are not known to ssh-agent (like if they are in a non-standard folder), use ssh-add /path/to/my-non-standard-ssh-folder/id_rsa to add them.
See this answer if you are having trouble with ssh-add or ssh-agent.
try this:
ssh-add ~/.ssh/id_rsa
worked for me
THE 2019 ANSWER for macOS Sierra & High Sierra & Catalina:
PS: most of the other answers will have you to create a new ssh key ... but you don't need to do that :)
As described in detail on https://openradar.appspot.com/27348363, macOS/OS X till Yosemite used to remember SSH keys added by command ssh-add -K <key>
So here are the 4 steps i had to take in order for it to work:
1: ssh-add ~/.ssh/PATH_TO_YOUR_SSH_PRIVATE_KEY (e.g. ~/.ssh/id_rsa)
2: Add the following in ~/.ssh/config
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile PATH_TO_YOUR_SSH_PRIVATE_KEY (e.g. ~/.ssh/id_rsa)
3: make sure to remove any gitconfig entry that use osxkeychain helper:
https://github.com/gregory/dotfiles/commit/e38000527fb1a82b577f2dcf685aeefd3b78a609#diff-6cb0f77b38346e0fed47293bdc6430c6L48
4: restart your terminal for it to take effect.
I have been stucked a while on the same problem, which I eventually resolved.
My problem: I could not execute any push. I could check & see my remote (using git remote -v), but when I executed git push origin master, it returned : Permission denied (publickey). fatal: Could not read from remote repository. and so.
How I solved it :
I generated a key using ssh-keygen -t rsa. Entering a name for the key file (when asked) was useless.
I could then add the key (to git): ssh-add /Users/federico/.ssh/id_rsa , which successfully returned Identity added: /Users/myname/.ssh/id_rsa (/Users/myname/.ssh/id_rsa)
I added the SSH key to github using this help page.
Having tried all the commands in Github's 'Permission denied publickey' help page, only the ssh-add -l command worked / seemed useful (after having ran the previous steps), it successfully returned my key. The last step shows you where to check your public key on your GitHub page. And this command will help you check all your keys : ls -al ~/.ssh.
Then the push command eventually worked !
I hope this will help !
Best luck to all.
Run the following commands:
ssh-keygen -t rsa
ssh-add /Users/*yourUserNameHere*/.ssh/id_rsa**
pbcopy < ~/.ssh/id_rsa.pub**
Go to your Github account : https://github.com/settings/profile
1) Click : SSH and GPG keys
2) New SSH Key and Past it there
3) Add SSH Key
Done!
tl;dr
ssh-add # no parameter
# Identity added: /home/<user>/.ssh/id_rsa (user#host)
Further readings
two files necessary in the ssh - user - folder:
ls ~/.ssh
id_rsa id_rsa.pub
If the files are not there, enter command ssh-keygen
Now start the ssh-agent:
eval `ssh-agent -s`
Verify
ssh-add -l
# voila:
2048 SHA256:<key one> user#host (RSA)
Bonus
check the local SHA256 from above with the Github SHA256 from your user settings -> SSH Keys. If they are equal you should be able to push/pull to/from Github using your keys.
first of all you need to go in your ssh directory
for this type following command in your terminal in mac or whatever you use in window
cd ~/.ssh
now it is in the ssh
here you can find all you ssh key/files related to your all projects. now, type the following command to show you if any ssh key available
ls
this will show you all available ssh, in my case there were two
now, you will need to start an agent to add a ssh in it. For this type following command
eval "$(ssh-agent -s)"
now last but not least you will add a ssh in this agent type following command
ssh-add ~/.ssh/your-ssh
replace
replace your-ssh with your ssh file name which you got a list form second step ls command
This could cause for any new terminal, the agent id is different.
You need to add the Private key for the agent
$ ssh-add <path to your private key>
This worked for me:
chmod 700 .ssh
chmod 600 .ssh/id_rsa
chmod 644 .ssh/id_rsa.pub
Then, type this:
ssh-add ~/.ssh/id_rsa
For my mac Big Sur, with gist from answers above, following steps work for me.
$ ssh-keygen -q -t rsa -N 'password' -f ~/.ssh/id_rsa
$ ssh-add ~/.ssh/id_rsa
And added ssh public key to git hub by following instruction;
https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account
If all gone well,
you should be able to get the following result;
$ ssh -T git#github.com
Hi user_name! You've successfully authenticated,...
One additional element that I realized is that typically .ssh folder is created in your root folder in Mac OS X /Users/. If you try to use ssh -vT git#github.com from another folder it will give you an error even if you had added the correct key.
You need to add the key again (ssh-add 'correct path to id_rsa') from the current folder to authenticate successfully (assuming that you have already uploaded the key to your profile in Git)
I had this issue after restoring a hard drive from a backup.
My problem:
I could check & see my remote (using git remote -v), but when I executed git push origin master, it returned : Permission denied (publickey). fatal: Could not read from remote repository.
I already had an SSH folder and SSH keys, and adding them via Terminal (ssh-add /path/to/my-ssh-folder/id_rsa) successfully added my identity, but I still couldn't push and still got the same error. Generating a new key was a bad idea for me, because it was tied to other very secure permissions on AWS.
It turned out the link between the key and my Github profile had broken.
Solution:
Re-adding the key to Github in Profile > Settings > SSH and GPG keys resolved the issue.
Also:
My account had 2-factor authentication set up. When this is the case, if Terminal requests credentials, use your username - but NOT your Github password. For 2-factor authentication, you need to use your authentication code (for me, this was generated by Authy on my phone, and I had to copy it into Terminal for the pw).
If you are using Linux or Windows open terminal or cmd in directory you want your keys in. Create a pair of private-public key
$ ssh-keygen -t ed25519 -C "your_email#example.com"
If you are using a legacy system that doesn't support the Ed25519 algorithm, use:
$ ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
Generating public/private ALGORITHM key pair.
Enter a file in which to save the key (/c/Users/YOU/.ssh/id_ALGORITHM):[Press enter any name you like your private public keys file to be]
Enter passphrase (empty for no passphrase): [Type a passphrase or enter for without it]
Enter same passphrase again: [Type a passphrase or enter for without it]
Now, in Linux
$ sudo cp <filename without .pub ending> ~/.ssh
In Windows simply copy the <filename without .pub ending> file in this C:\Users\your_username\.ssh directory
And then
$ ssh-add ~/.ssh/<filename without .pub ending>
It may work now!
After struggling for long I was finally able to resolve this issue on Windows, For me the User env variable GIT_SSH was set to point to
"C:\Program Files(x86)\WinScp\PuTTY\plink.exe"
which was installed along with WinScp. I changed the pointing to use default ssh.exe which comes with git-scm "C:\Program Files\Git\usr\bin\ssh.exe"
Steps for BitBucket:
if you dont want to generate new key, SKIP ssh-keygen
ssh-keygen -t rsa
Copy the public key to clipboard:
clip < ~/.ssh/id_rsa.pub
Login to Bit Bucket:
Go to View Profile -> Settings -> SSH Keys (In Security tab)
Click Add Key,
Paste the key in the box, add a descriptive title
Go back to Git Bash :
ssh-add -l
You should get :
2048 SHA256:5zabdekjjjaalajafjLIa3Gl/k832A /c/Users/username/.ssh/id_rsa (RSA)
Now: git pull should work
This worked for me also:
chmod 700 .ssh
chmod 600 .ssh/id_rsa
chmod 644 .ssh/id_rsa.pub
Then, type this: ssh-add ~/.ssh/id_rsa
Sometimes it could be useful to check ~/.ssh/config
it should look like this
Host github.com
IdentityFile ~/.ssh/id_rsa
id_rsa can be different if you linked a different key.
I am able to use ssh (i.e., for 'git' with heroku or github etc.) through GitBash, but I cannot do the same from Windows cmd prompt on the same machine. What can be the problem? If I recall correctly, it used to work from cmd prompt.
The error I'm getting is:
Permission denied (publickey). fatal: The remote end hung up unexpectedly
I got both logs: here is last four lines from cmd which are different from 'git bash':
debug1: Trying private key: /.ssh/identity
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
in case of Git bash: the respective lines are:
debug1: Trying private key: /c/Users/user1/.ssh/identity
debug1: Offering public key: /c/Users/user1/.ssh/id_rsa
debug1: Remote: Forced command: gerve user1
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
Resolved
As hinted by #snemarch, setting following env var solved my problem:
set HOME=C:\Users\user1
Since you are using GitHub, from cmd try
ssh -v -T git#github.com
See the keys that it is presenting. Maybe try from Git Bash also and compare the output.
This could be because %HOME% is not correctly set. Set it to the directory that contains your .ssh directory ( and hence the keys)
Look at the file paths - "/.ssh/identity", in the case of cmd.exe, is probably not where you've got your SSH keys :). Probably a case of homedir expansion being done when you're on the git-bash, but not on native cmd.exe .
Instead of using cygwin ssh and the regular ssh key files, consider using PuTTY's plink for SSH program and pageant for ssh-agent.
I'd double check your system path includes a reference to your git/bin location
I am new to EC2. I created my security credentials from this site:
http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2
It worked great, I rebooted and now when I try to connect I get a login/password prompt. (Which I never set up.) After several attempts I get this error:
Permission denied (publickey,gssapi-with-mic).
What am I doing wrong?
Two possibilities I can think of, although they are both mentioned in the link you referenced:
You're not specifying the correct SSH keypair file or user name in the ssh command you're using to log into the server:
ssh -i [full path to keypair file] root#[EC2 instance hostname or IP address]
You don't have the correct permissions on the keypair file; you should use
chmod 600 [keypair file]
to ensure that only you can read or write the file.
Try using the -v option with ssh to get more info on where exactly it's failing, and post back here if you''d like more help.
[Update]: OK, so this is what you should have seen if everything was set up properly:
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: ec2-keypair
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Are you running the ssh command from the directory containing the ec2-keypair file ? If so, try specifying -i ./ec2-keypair just to eliminate path problems. Also check "ls -l [full path to ec2-keypair]" file and make sure the permissions are 600 (displayed as rw-------). If none of that works, I'd suspect the contents of the keypair file, so try recreating it using the steps in your link.
The key for me to be able to connect was to use the "ec2-user" user rather than root. I.e.:
ssh -i [full path to keypair file] ec2-user#[EC2 instance hostname or IP address]
+1
I noticed that for some AMIs like Amazon Linux, ec2-user#xxx.XX.XX.XXX would work. But for an ubuntu image, I had to use ubuntu# instead. It was never a problem with the .pem, just with the user name.
In my case it's because the permission for my home directory is 775, and SSH is not happy about it. It should work after executing:
server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys
I had very similar experience this afternoon. I was setting up django on EC2, and suddenly I cannot SSH into the box anymore. Glad I still had an active connection, so I modified /etc/ssh/sshd_config to set:
PasswordAuthentication yes
and set password for ec2-user, then I can login by entering the password.
However, after some googling I found this thread: http://ubuntuforums.org/showthread.php?t=577279. It turned out that during my setup of django I changed the permission for my home directory, and SSH is very strict about this. So the file permission must be set correctly.
I had met this problem too.And I found that happend beacuse I forgot to add the user-name before the host name:
like this:
ssh -i test.pem ec2-32-122-42-91.us-west-2.compute.amazonaws.com
and I add the user name:
ssh -i test.pem ec2-user#ec2-32-122-42-91.us-west-2.compute.amazonaws.com
it works!
Tagging on to mecca831's answer:
ssh -v -i generated-key.pem ec2-user#11.11.11.11
[ec2-user#ip-11.11.11.11 ~]$ sudo passwd ec2-user
newpassword
newpassword
[ec2-user#ip-11.11.11.11 ~]$ sudo vi /etc/ssh/sshd_config
Modify the file as follows:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# EC2 uses keys for remote access
#PasswordAuthentication no
Save
[ec2-user#ip-11.11.11.11 ~]$ sudo service sshd stop
[ec2-user#ip-11.11.11.11 ~]$ sudo service sshd start
you should be able to exit and ssh in as follows:
ssh ec2-user#11.11.11.11
and be prompted for password no longer needing the key.
Are you sure you have used the right instance? I ran into this problem and realized that something like 4 of the ubuntu instances i tried did not have SSH servers installed on them.
For a list of good servers see "Getting the images" about half way down. Sounds like you may be using something else... the default username is ubuntu on these images.
https://help.ubuntu.com/community/EC2StartersGuide
I was able to login using ec2-user
ssh -i [full path to keypair file] ec2-user#[EC2 instance hostname or IP address]
After about a half hour of searching and trying to debug this I was able to figure it out. My situation involved me using the same pem file for two different ec2 instance and it working for one and not the other.
My first instance it worked on was the standard aws linux ami amzn-ami-hvm-2014.03.2.x86_64-ebs. I simply used
ssh -i mypemfile.pem ec2-user#myec2ipaddress
and it worked.
I then launched a fedora instance Fedora-x86_64-19-20140407-sda and tried the same command but kept getting:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
After changing my username from ec2-user to fedora it worked!
ssh -i mypemfile.pem fedora#myec2address
None of the above helped me, but futzing with the user seemed like it had promise. For my config using 'ubuntu' was right.....
ssh -i [full path to keypair file] ubuntu#[EC2 instance hostname or IP address]
I recommend against setting a password as some other answers suggest. Using the key file is both safer (no one can guess your passwords) and more convenient (once you set up a config file). Here's a basic ~/.ssh/config:
Host my-ec2-server
HostName 11.11.11.11
User ec2-user
IdentityFile /path/to/generated-key.pem
Now you can just type ssh my-ec2-server and you're in! And as also mentioned in other answers, use -v to get extra info when your connection isn't working.
If the issue is consistent and happened about 10-15 times in a row even after changing file permissions to 400 or 600, then it is most certainly something is wrong on the ec2 instance, so to make sure:
Check the logs when you try to ssh to the instance by adding -v at the end and see either it gives out anything specific.
Make sure you use the correct name for ssh, like Ubuntu. Perhaps that depends on Linux distribution and users you added and either you've given permission for "root user" ssh.
Then if nothing helps, follow the documentation here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectingMindTerm
to fix that. It helped in my case, and it happened because of messed up directories/files permissions.
If you have a PPK file working on a PC, then export it as OpenSSH file using puttygen.exe for PC and use that on Mac (any Unix machine).
I was getting the same error --
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: ec2-keypair
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic)
As I was using a PPK file on Windows, I followed the steps as described above and Bingo!
$ ssh -i ec2-openssh-key root#ec2-instance-ip
I had the same problem using the AWS Toolkit for Eclipse. I created the Getting Started instance OK and opened a shell. However, the user was set to ec2-user. I used the Open Shell As... command and set the user to root. Then it worked.
Had a similar issue. Here are the steps used to setup SSH keys and forwarding on the Mac. Made these notes for myself - may help someone... check against your config.
The assumption here is there are no keys setup. If you already have the keys setup skip this section.
$ ssh‐keygen ‐t rsa ‐b 4096
Generating public/private rsa key pair.
Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]
Modify ~/.ssh/config adding the entry for the key file:
~/.ssh/config should look similar to:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
Store the private key in the keychain:
$ ssh‐add ‐K ~/.ssh/id_rsa
Go test it now with: ssh -A username#yourhostname
Should forward your key to yourhostname. Assuming your keys are added on you should connect without issue.
I was getting this error when I was trying to ssh into an ec2 instance on the private subnet from the bastion, to fix this issue, you've to run (ssh-add -K) as follow.
Step 1: run "chmod 400 myEC2Key.pem"
Step 2: run "ssh-add -K ./myEC2Key.pem" on your local machine
Step 3: ssh -i myEC2Key.pem root#ec2-107-20-4-100.compute-1.amazonaws.com
Step 4: Now try to ssh to EC2 instance that is on a private subnet without specifying the key, for example, try ssh ec2-user#ipaddress.
Hope this will help.
Note: This solution is for Mac.