Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Connecting AWS EC2 instance asks for password although PEM file is provided [closed]

I've just created an EC2 instance on AWS. Before that, I created my key pair, downloaded the private key.

I'm now trying to log on to the newly created instance (using correct host name, of course, what I replaced here for security). I've added -v switch to get the debug output:

ssh [email protected] -i ~/EC2key.pem -v

Though I provide the key file, I am asked for password. Here's an excerpt from the debug output that might show what's going wrong:

debug1: Host 'myVirtualHost.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/myuser/.ssh/known_hosts:15
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/myuser/EC2key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
[email protected]'s password:[asks for password here]

Why after "read PEM private key done: type RSA" the conclusion is "Authentications that can continue: publickey,password"?

like image 926
Passiday Avatar asked Mar 21 '13 08:03

Passiday


2 Answers

I am both happy and humbled to report that the problem was that I was trying to ssh with non-existing user. The tutorial I was following suggested to use a login name what did not correspond the user name in the respective AMI. This was suggested by Amazon support, when they double-checked their tutorial.

I am not sure if there is a way how to discover the default login name from the EC2 Management Console. At least a quick search for the correct user name in the properties did not turn up any matches.

Now I can log on also without providing the key file through -i option, because I've added the key to my keyring with ssh-add command.

like image 182
Passiday Avatar answered Oct 19 '22 22:10

Passiday


Well, this could be client-side or server-side in terms of the reason it's failing.

Client-Side: Be sure your .ssh directory is permission 0700 and the EC2key.pem is 0600.

Server-Side: Be sure 'PubkeyAuthentication' is set to 'yes' in your sshd_config (if you are able to get in at all). You could also run the SSH service manually with debug mode (-d flag) to catch other potential reasons (again, if you have access).

like image 1
Mark Stanislav Avatar answered Oct 19 '22 21:10

Mark Stanislav