I'm having some problems using SSH to get into my running AWS EC2 instance. According to the instructions, I need to create a Key Pair, which downloads a.pem private key file, which I have namedQARTH.pem. From the directory where this file has been saved, I'm supposed to execute command:
ssh -i "QARTH.pem"[email protected]However, I get the error:
Permission denied (publickey).I'm using the auto-generatedlaunch-wizard security group, which allows port 22 incoming access to all IPs.
I've also used the example procedure to convert the.pem file to a PuTTy private key.ppk file, and used the PuTTy client. I get the same error.
This seems like a pretty straightforward procedure, so I don't know what I could be doing wrong. If you have any ideas, I'd love to hear them. However, I'm not strong in network security, so please make responses lay-person friendly.
3 Answers3
You are either using the wrong key pair (QARTH.pem), the wrong username, connecting to the wrong system or QARTH.pem is not set to be read-only.
STEP 1: Add debugging options to ssh to help determine what is wrong:
ssh -v -i QARTH.pem[email protected]STEP 2: Make sure that the key pair file is read-only.
LINUX:To make the key pair file read-only execute this command:chmod 400 QARTH.pem while in the same directory as the file.
WINDOWS:Commands to run on a Windows system (as administrator) to make a key pair read-only and satisfyssh:
Note replace %USERNAME% with your user name.
REM Disable inheritance on QARTH.pemicacls QARTH.pem /inheritance:dREM Delete "NT AUTHORITY\Authenticated Users" from having any rightsicacls QARTH.pem /remove "NT AUTHORITY\Authenticated Users"REM Delete "BUILTIN\Users" from having any rightsicacls QARTH.pem /remove "BUILTIN\Users"REM Grant Read-Only rights to meicacls QARTH.pem /GRANT:R "%USERNAME%:(R)"STEP 3: Make sure that you are using the correct username for the EC2 AMI:
Usernames for popular EC2 AMIs:
- For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
- For a Centos AMI, the user name is centos.
- For a Debian AMI, the user name is admin or root.
- For a Fedora AMI, the user name is ec2-user or fedora.
- For a RHEL AMI, the user name is ec2-user or root.
- For a SUSE AMI, the user name is ec2-user or root.
- For an Ubuntu AMI, the user name is ubuntu.
- Otherwise, if ec2-user and root don't work, check with the AMI provider.
11 Comments
pem file that downloads automatically when you generate a key pair on the AWS dashboard. Also, is there some Windows alternative to chmod that I should be using?chmod 400 doesn't seem to have any effect.
chmod does not do enough to make a Windows file read-only when run from Windows. I will edit my answer with the commands to make a key pair read-only on Windows, but I need to know the version of Windows first.Try changing the permission of key file
sudo chmod 400 rsa_key_file_name.pemput you key file name and enter and you are done
Comments
TL;DR Try using the manually generated SSH key pair via AWS Console
Well, colleagues, I haveNO IDEA WHY exactly (no idea YET), but when I generate the keys with a CLI command, the SSH connectivity doesNOT WORK:
aws --region us-east-1 ec2 create-key-pair --key-name "KeyPair"BUT, when I am creating the SSH key pai manually using theAWS Console it works perfectly fine:
1. Go to AWS Console2. EC2 :: Network & Security (in left menu) :: Key Pairs :: Create Key Pair3. <As soon as I am specifying the name of a key pair Amazon downloads the keys into a default download directory>4. chmod 400 KeyPair.pem5. ssh -i ./SSHKeys.pem[email protected]6. ENJOY!P.S. I am pretty sure I have messed up something during the response copy-paste from a CLI ¯\_(ツ)_/¯
Comments
Explore related questions
See similar questions with these tags.