I am unable to connect to EC2 (CentOs) from my MacBook. When I connect it from ubuntu machine, it will be connected. Currently, I got the following the following error:
ec2 ssh sign_and_send_pubkey: no mutual signature supported Account locked due to 290 failed logins
How can I solve the problem?
I have tried the following command:
ssh -i key.pem ec2-user#ip
I was locked out and couldn't access the machine to enter in the suggested answer's change to ssh config.
I added the following argument to the ssh call -o PubkeyAcceptedKeyTypes=+ssh-rsa and it worked.
Example:
ssh -i "keypair.cer" -o PubkeyAcceptedKeyTypes=+ssh-rsa ec2-user#ip
Note: the ssh call will accept both .cer and .pem filetypes.
edit or create the file ~/.ssh/config and add the following content:
Host *
PubkeyAcceptedKeyTypes=+ssh-dss
After that, try again.
Related
I want to copy a folder from remote ubuntu to ec2-instance tried the below at remote ubuntu machine
scp -i </path/of/ec2_pemkey> -r <folder that I wanna copy> user#<ip of ec2>:/path/where/I wanna/copy
I copied my pem to remote and changed permissions chmod 400
error: connection timed out
The Connection Time out means that your local can't be able to reach the remote.
to debug :
Check if your remote machine authorize traffic from port 22 ( Security Group)
Check if You have the good public IP of your machine
If its was an error with your pem key or user (ubuntu) you will receive an access denied error.
From you comment, that means its was the IP of the machine missing or not good.
I missed adding ip address of my remote ubuntu machine to security groups of my ec2 instance. Once done, I was able to scp from remote ubuntu to ec2 instance.
Make sure security group type is SSH which enables port 22
I am trying to install Hadoop on Amazon EC2 Instance CentOS 6.5.I am connected to the instance but want to make the session passwordless SSH. To do this I used the following commands:
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub node01
I get an error saying : Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I tried logging in as "root" as well as "ec2-user" but it shows the same error.
Could anyone help on this.
I have created a simple scriptlet to ease this process on EC2 - Ubuntu instances.
You can check it out here.
Just give the machine names and key path, you are done!
https://github.com/hshinde/pwless
I want to clone a bunch of private git repositories while provisioning a vagrant box. According to this article this should be possible using config.ssh.forward_agent = true. However, when trying to connect to github via something like ssh -T git#github.com -o StrictHostKeyChecking=no it fails with the following error:
Warning: Permanently added 'github.com,192.30.252.130' (RSA) to the list of known hosts.
Permission denied (publickey).
I cut my configuration down to the simplest possible configuration. You can find it here: https://gist.github.com/TomTasche/31f7c45fcffc2997d43a
When I do "vagrant ssh" and try the same again, a similar error occurs:
Cloning into 'private-repositories'...
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
Edit: the configuration linked above does work on a host running Ubuntu, but does neither work on a Mac host, nor on a Windows host. My goal is to have a configuration that works on all these three hosts.
Please check whether your host system has ssh-agent forwarding enabled. You can do so for example by adding this block to your ~/.ssh/config file:
Host *
ForwardAgent yes
If this is enabled vagrant ssh (and also vagrant provision) should be able to forward your key to the guest machine.
You also might want to check using ssh-add -l whether your ssh-agent does know about your SSH-key. If it is in the list and you have agent-forwarding activated you should have a success. Otherwise you can add the key to your ssh-agent by running ssh-add <path to your key file>.
It sounds like you may be hitting this particular bug:
https://github.com/mitchellh/vagrant/issues/1735
(Despite it being "closed" it's actually not fixed)
On Windows, SSH Forwarding in Vagrant does not work properly by default (because of a bug in net-ssh).
However, there is a workaround or simple hack. You can auto-copy your local SSH key to the Vagrant VM via a simple provisioning script in your VagrantFile. Here's an example:
https://github.com/mitchellh/vagrant/issues/1735#issuecomment-25640783
Tom,
What you're doing is fairly generic in nature and I don't think is Vagrant specific.
Try some of the following to track down the issue:
edit your /etc/ssh/sshd_config
Set LogLevel debug
Restart the sshd service sudo service sshd restart or /etc/init.d/sshd restart
tail -f /var/log/authlog -- note, the file may be something else like /var/log/authd.log or /var/log/secure or something.
Watch what happens when you connect. It should give you some indication of why it's failing.
Again sorry, I'm not that familiar with Vagrant but I'm wondering if the provisioning script is running as another user, in which case the agent forwarding may not work as expected?
I am running following command in a laravel project folder and getting following error.
rakib$ envoy run list --env=production
[ubuntu#54.187.123.4]: Permission denied (publickey).
But I can successfully ssh using following command:
ssh -i ~/.ssh/sw-new.pem ubuntu#54.187.123.4
My ~/.ssh/config file content looks like:
Host 54.187.123.4
IdentityFile ~/.ssh/sw-new.pem
Can anyone suggest me what is the possible reason of getting "Permission denied" error?
It's possible that envoy is using the wrong user when attempting to ssh into the production server. Specify a user in your ~/.ssh/config file:
Host 54.187.123.4
IdentityFile ~/.ssh/sw-new.pem
User ubuntu
That should work.
It is possible as answer above for AWS user when you attempting to ssh in production mode, after define "config" file as "~/.ssh/config":
Host ec2-52-29-45-15.eu-central-2.compute.amazonaws.com
IdentityFile /home/tux/Desktop/ssh/masterpro.pem
User ubuntu
I'm trying to get Hadoop's Pseudo-Distributed Operation example (http://hadoop.apache.org/common/docs/stable/single_node_setup.html) to work on OS X Lion, but am having trouble getting the ssh to work without a passphrase.
The instructions say the following:
Setup passphraseless ssh
Now check that you can ssh to the localhost without a passphrase: $
ssh localhost
I'm getting connection refused:
archos:hadoop-0.20.203.0 travis$ ssh localhost
ssh: connect to host localhost port 22: Connection refused
If you cannot ssh to localhost without a passphrase, execute the
following commands:
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
After this step I am still getting connection refused. Any ideas???
Sounds like you don't have SSH enabled. Should be in the network settings control panel somewhere.
You go to "System Preferences > Sharing > Remote Access" and there's a list of authorized users. Change it to "All Users".
That's solves this problem.
Check the permissions on your .ssh directory. Some ssh implementations require that the directory be chmod 700. Otherwise, they just ignore it.
Also, check the output of
ssh -v localhost
to see how the ssh client is trying to connect. The output is very detailed, and will help you decide if it's an authentication problem.
I had the same issue.
Please check if the ssh server is running or not.
If yes, open the /etc/init.d/ssh_config and /etc/init.d/sshd_config files. The issue is that the server is running on a different port and the client is pointing to different port.
Before this please ensure that openssh-server and client are installed.
I had the same problem and i solved it the following manner :
SSH is activated.
ssh -v localhost (as stated by Herko)
In the ouput, i identified that the authentication method by DSA is not supported.
debug1: Skipping ssh-dss key /Users/john/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
I simply re-generate an ECDSA keys and remove the DSA key pairs.
After the keys generation, the procedure given on Hadoop documentation holds.
Therefore, it is important to check, if the authentication method is supported by the Openssh configuration.