【发布时间】:2026-01-28 19:40:02
【问题描述】:
我在这里与 SSH 密钥搏斗。我正在尝试通过 SSH 连接到我在 EC2 上的实例,所以我创建了
新的密钥对也已下载。将pem 文件移动到~/.ssh/key.pem 并运行:
sudo chmod 400 key.pem AWS 要求。
并对其进行测试:
ssh -i "~/.ssh/key.pem" ubuntu@ec2-3-x-y-228.eu-west-2.compute.amazonaws.com x & y 替换为实数值
输出:Permission denied (public key)
我做错了什么?这是非常简单的操作。谢谢。
-vvv 输出:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "ec2-3-x-y-228.eu-west-2.compute.amazonaws.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to ec2-3-x-y-228.eu-west-2.compute.amazonaws.com [3.9.13.228] port 22.
debug1: Connection established.
debug1: identity file /home/mark/.ssh/key.pem type -1
debug1: identity file /home/mark/.ssh/key.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to ec2-3-x-y-228.eu-west-2.compute.amazonaws.com:22 as 'ubuntu'
debug3: hostkeys_foreach: reading file "/home/mark/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/mark/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys from ec2-3-9-13-228.eu-west-2.compute.amazonaws.com
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:r/f7fqemYF3CfPl9S+8wDMN1UtsqrtYRaX1tkWaEwlk
debug3: hostkeys_foreach: reading file "/home/mark/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/mark/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from ec2-3-9-13-228.eu-west-2.compute.amazonaws.com
debug3: hostkeys_foreach: reading file "/home/mark/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/mark/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 3.9.13.228
debug1: Host 'ec2-3-x-y-228.eu-west-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/mark/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: desktop ED25519 SHA256:inJuopb8NVP9ctfF1iGEWI3jz/dIvg9KtFJ5PIZA1CA agent
debug1: Will attempt key: desktop ED25519 SHA256:RpPez0H8w3OHcsJhQl9u/X/RQtokQqGBM9Uwyq/0uqA agent
debug1: Will attempt key: /home/mark/.ssh/key.pem explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: desktop ED25519 SHA256:inJuopb8NVP9ctfF1iGEWI3jz/dIvg9KtFJ5PIZA1CA agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering public key: desktop ED25519 SHA256:RpPez0H8w3OHcsJhQl9u/X/RQtokQqGBM9Uwyq/0uqA agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/mark/.ssh/key.pem
debug3: sign_and_send_pubkey: RSA SHA256:+cjeAT0FFDXzcLAEh+QsN3UXgKdN/RVey39Lzuj1Q60
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:+cjeAT0FFDXzcLAEh+QsN3UXgKdN/RVey39Lzuj1Q60
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
ubuntu@ec2-3-x-y-228.eu-west-2.compute.amazonaws.com: Permission denied (publickey).
【问题讨论】:
-
您使用 private 密钥进行身份验证。公钥用于您要连接的系统。只需使用
-i ~/.ssh/key.pem。 -
@larsks 同样的错误输出。
-
@Kenster 已编辑。详细的调试输出没有显示任何有用的信息。有吗?
-
详细输出中并没有太多信息:它只是说 ssh 提供了一个公钥,但该密钥被拒绝了。这可能意味着 (a) 您使用了错误的私钥,或 (b) 错误的用户名,或 (c) 远程服务器上的某些内容配置不正确。通常,诊断此类问题的下一步是在调试模式下在服务器上运行
sshd,但这显然需要先成功访问服务器。
标签: amazon-web-services amazon-ec2 ssh