Troubleshooting ssh login failure for AWS EC2 using powershell

Question

Short problem description: I had created two new AWS EC2 server instances on Redhat Linux and Ubuntu operating system. I was trying to login to it through SSH via Putty but was getting errors(detailed errors further in question). This is just a short description.

Detailed problem description: I generated a new .pem file after creating a free tier Amazon EC2(Elastic Compute Cloud) server of Ubuntu 20 O.S version. Then I have used PuttyGen software in my Windows-10 O.S p.c. While trying to login through putty it was giving me an error as shown in the following error description, due to this I was not able to login to aws machines, I have further investigated the issue and all details of troubleshooting steps are mentioned in detailed manner in this self answered question(other suggestions/solutions are welcome).

Error's description:

"Server refused our key" On terminal AND "NO supported authentication method available(server sent:public ke;gssapi-with-mic)"

Answer 1

Initial troubleshooting:

1. My very initial thought was that it could be control M characters in .pem file OR in private key. But when checked key looked fine.
2. Then I thought it could be inbound rule issue, that we are NOT allowed to do ssh to aws server but NO I was wrong when I checked configuration of server I found it was fine and 22 port was there for ssh.
3. Then I thought if .pem file has proper permissions or not I checked and yes it was having read permissions on all users(whoever has had access to it).

---

Obviously nothing of above worked; enough talks so coming now to actual solution now :)

ACTUAL FIX with complete steps:

• Since I am using Windows 10 O.S in my P.C so I have thought to go for any other medium to do ssh, hence I tried SSH with powershell as follows.

PS E:\test> ssh -i "aws_key_generator.pem" ubuntu@singh_server_test.compute.amazonaws.com

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
WARNING: UNPROTECTED PRIVATE KEY FILE! @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'aws_key_generator.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "aws_key_generator.pem": bad permission

• Above has given me lot of confidence and shown path to me what to do next. I immediately checked permissions of file again (which was READ and verified as mentioned in my initial troubleshooting column above). Then I saw that other groups are present in permissions and then I removed inheritance by going to "Right click on .pem file"-->"Properties"-->"Security"-->"Advance" and disabled “Inheritance” from there.
• Then I only kept "admin" group with READ ONLY permissions to it and saved the properties of file.
• Again I tried to SSH from PUTTY(using private key file generated from PuttyGen mentioned in problem statement) but it failed.
• But when I tried from powershell command(which used .pem file) it had been successful login now.
• Then I su as root and went to /home/ubuntu/.ssh directory and checked authorized_keys file and couldn’t see PUBLIC key inside it.
• So I added Public key generated by PuttyGen to "authorized_keys" and saved it.
• Again I tried to login to server by Putty with passing private key to it and I was successfully able to login now BINGO :)

I have fixed issue with this work around fix and thought to share with all here; other solutions are welcomed too, cheers and Happy learning.

Answer 2

It appears that you are logging into an Ubuntu server.

For that, the username should be ubuntu, not ec2-user.