I'm on a Mac now and previously I was able to set up and access an EC2 instance successfully from Windows XP. I want to create a new key for access from Mac, used the console management screen to generate a new key, saved the PEM file, changed permission on the file to owner RW only and then tried ssh but couldn't get it to work. Here's my command
ssh -v -i .ssh/ec2-mac.pem ec2-user#ec2-204-236-143-254.us-west-1.compute.amazonaws.com
Here's the verbose output
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to ec2-204-236-143-254.us-west-1.compute.amazonaws.com http://204.236.143.254 port 22.
debug1: Connection established.
debug1: identity file .ssh/ec2-mac.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-204-236-143-254.us-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/bob/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/bob/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: .ssh/ec2-mac.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Anyone know what I'm missing? Oh and I am able to ssh into a different instance with the original key created for that instance making this even more puzzling.
Permissions are set correctly using chmod 600. The one thing I'm not sure is in the control panel management screen when I list Instances, it only shows the original value in "Key Pair Name" column, should it show both?
Thanks for your help in advance.
You don't need to create new key for new operating system. You can make use of your old Windows XP key in MAC.
Another point is when you launch an instance with a private key, then you can only login through that key only. A new key won't help.
Regards,
Sanket Dangi
Related
I am facing a delay of about 5-6 seconds when I try to ssh from my system to a friend's system. Here is the verbose output of the command :
zeus#athena:~$ ssh -v ashwin#192.168.40.211
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.40.211 [192.168.40.211] port 22.
debug1: Connection established.
debug1: identity file /home/zeus/.ssh/identity type -1
debug1: identity file /home/zeus/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/zeus/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.40.211' is known and matches the RSA host key.
debug1: Found key in /home/zeus/.ssh/known_hosts:71
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
<---- delay 4-5 seconds------>
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/zeus/.ssh/identity
debug1: Offering public key: /home/zeus/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/zeus/.ssh/id_dsa
debug1: Next authentication method: password
Can someone help me figure out how i can get rid of this delay?
As suggested in the comments, this could be a DNS issue. There's an article covering some steps to try and solve this here:
http://www.thegeekstuff.com/2010/07/openssh-slow-at-ssh2_msg_service_accept-received/
The advice given boils down to editing /etc/sshd_config adding / changing UseDNS no and then restarting sshd. Obviously that can be tricky without access to the server!
It should also be pointed out, that setting UseDNS to no might not be the best solution in the long term. Probably better to fix the DNS issue, if there is one, on the machine in question.
My question seems to have an answer here:
https://superuser.com/a/654153/152271
It seems that remote host tries to do a nslookup to my hostname (the connecting one). After editing /etc/hosts in the remote host adding my IP/hostname, it fixed the delay.
I am completely new to coding and am doing a startup course on coursera: https://class.coursera.org/startup-001/lecture/87
I'm getting a Permission Denied (publickey) when trying to connect to an EC2 Ubuntu Instance I created on AWS
Set up AWS Istance
Set Security to default and added port 22 and launched
Course tells me to then type:
chmod 400 trevor-learning.pem
ssh -i trevor-learning.pem \ ec2-user#ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com
This then gives me this error: Permission denied (publickey).
I've looked at other questions asked and tried switching the ubuntu# to ec2-user and some other things but I still can't connect.
I also tried:
trevor-larsons-macbook-pro:downloads trev$ chmod 600 trevor-learning.pem
trevor-larsons-macbook-pro:downloads trev$ ssh -v -i trevor-learning ubuntu#ec2-XX-XXX-XX- XX.us-west-2.compute.amazonaws.com
which gave me:
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
Warning: Identity file trevor-learning not accessible: No such file or directory.
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com [XX.XXX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /Users/trev/.ssh/id_rsa type -1
debug1: identity file /Users/trev/.ssh/id_rsa-cert type -1
debug1: identity file /Users/trev/.ssh/id_dsa type -1
debug1: identity file /Users/trev/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
debug1: Host 'ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/trev/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/trev/.ssh/id_rsa
debug1: Trying private key: /Users/trev/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
At a loss here and have NO idea what I am doing please help!
Also, not sure if this has anythign to do with it, when I download the instance certificate (shows up bottom left of chrome browser, it opens up my keychain access and says" an error has occured. unable to import an item. the contents of this item cannot be retrieved."
Try the following steps in your terminal:
ssh-keygen -R 12.345.678.999 // This Reset your publickey
Then try to access with your Key Pair Name and Public DNS of EC2:
ssh -i KeyPairName.pem ubuntu#ec2-xx-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com
I had to restore my master branch from github a couple weeks ago and since then I've been receiving an error that states "Your key with fingerprint... is not authorized to access my app."
I've looked at the previous answers to this problem and have tried deleting the old keypair, creating a new one and uploading it.
I used the following posts and still get the same error:
Your key with fingerprint .... is not authorized to access... myapp. The remote end hung up unexpectedly. HEROKU, GIT CLONE
Why is my key w/ fingerprint not authorized when I try to push latest changes to Heroku?
Cannot push to Heroku because key fingerprint
When I run ssh -Tv git#heroku.com the terminal outputs the following:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/username/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to heroku.com [50.19.85.154] port 22.
debug1: Connection established.
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_rsa type 1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_rsa-cert type -1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_dsa type -1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Twisted
debug1: no match: Twisted
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA [rsa key redacted]
debug1: Host 'heroku.com' is known and matches the RSA host key.
debug1: Found key in /Users/anthonyfrancavilla/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/anthonyfrancavilla/.ssh/id_rsa_heroku
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to heroku.com ([50.19.85.154]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
shell request failed on channel 0
I discovered that the problem was in .git/config
The url under [remote "heroku"] was incorrect. I was able to reconnect once I corrected it.
My first key pair (eyelid_s.pem) is working fine. I'm using this key pair as access to an instance for personal use.
Now I'd like to create a new instance for a team to work on, so I created a new key pair (SE_Server.pem) as the default key pair for the new instance. But it just doesn't work. Even the old pem doesn't work for the new instance. I've tried new key pairs on my first instance, but they don't work either.
I've already done this:
chmod 400 SE_Server.pem
So this shouldn't be the file permission problem.
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-23-20-118-96.compute-1.amazonaws.com [2001:778::ffff:64:0:1714:7660] port 22.
debug1: Connection established.
debug1: identity file /Users/Lynn/.ssh/id_rsa type 1
debug1: identity file /Users/Lynn/.ssh/id_rsa-cert type -1
debug1: identity file /Users/Lynn/.ssh/id_dsa type -1
debug1: identity file /Users/Lynn/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze2
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 4d:28:fd:e1:aa:ba:89:9a:6e:e7:b3:d7:fa:15:bd:af
debug1: Host 'ec2-23-20-118-96.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/Lynn/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Lynn/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/Lynn/eyelid_s.pem
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: SE_Server_key.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/Lynn/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I'd really be grateful if anyone can help me! This is really really annoying because I have no access to my new instance.
you can have multiple keys (not in AWS console, but you can use them to ssh into your machine), just make sure you add them into the "authorized_keys" or "authorized_keys2" depending on your ssh version.
http://www.idrix.fr/Root/Samples/pubkey2ssh.c - a way to import the .pem but im sure there are other methods out there to.
I am trying to connect with my remote linux server using cygwin+ssh but the authentication fails with no apparent reason. I have successfully setup another connnection to github successfully and I have followed the same process, this is why I am stopped here
$ ssh -v finxxx#xxx.79.xxx.29
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Connecting to xxx.79.xxx.29 [xxx.79.xxx.29] port 22.
debug1: Connection established.
debug1: identity file /home/xxxtta/.ssh/id_rsa type -1
debug1: identity file /home/xxxtta/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_dsa type 2
debug1: identity file /home/xxxtta/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA c7:b2:f1:f9:76:cd:24:5a:80:91:4b:e5:ac:7e:e1:ee
debug1: Host 'xxx.79.xxx.29' is known and matches the RSA host key.
debug1: Found key in /home/xxxtta/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_rsa
debug1: Offering DSA public key: /home/xxxtta/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I have made the standard stuff but I cannot solve the problem. These are the commands I have used to generate the private/public keys. I have then copied the public key to the server
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/xxxtta/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxtta/.ssh/id_dsa.
Your public key has been saved in /home/xxxtta/.ssh/id_dsa.pub
thank you for your help
EDIT:
I have made the same procedure using MINGW and it works (I am able to connect). Something is definitely going wrong with cygwin in my system
Problem probably lies in user name. If you login remotely user name is case sensitive. You must write user name exactly how it was defined in Windows.
Copy id_dsa.pub to your remote server.
# scp .ssh/id_dsa.pub dude#remotemachine
On remote server:
# cat id_dsa.pub >> ~/.ssh/authorized_keys
You might try -vvv instead of -v to increase the verbosity.
Also, check that the file permissions are set properly. See Adding public key to ~/.ssh/authorized_keys does not log me in automatically