在 EC2 上使用相同的密钥对启动新实例,无法 ssh

【问题标题】:Launched new instance on EC2 with same keypair, can't ssh在 EC2 上使用相同的密钥对启动新实例,无法 ssh
【发布时间】:2015-09-10 21:13:33
【问题描述】:

这是在 AWS 上。我尝试使用与另一个 Ubuntu 实例 (#1) 关联的相同密钥对启动一个新的 Ubuntu 实例 (#2)。

AWS 实例在启动时与密钥对相关联,一旦启动就无法更改。

我可以连接到实例 #1,但无法使用相同的 ssh 命令连接到实例 #2。我检查了我的权限,一切似乎都正常。

密钥在 ~/AMI.pem 中。

我的主目录有 chmod 600,而 ~/AMI.pem 有 chmod 400,所以它只能由我读取/写入。

实例几乎相同,具有相同的安全组和密钥对、相同版本的 Ubuntu 等。实例 #1 安装了一些额外的软件包。我确认两者都与名为“AMI”的相同密钥对相关联。

连接到#2:

USAU9900:ScrapeEdgar reedn$ ssh -i ~/AMI.pem -v ubuntu@54.67.18.96
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/reedn/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 54.67.18.96 [54.67.18.96] port 22.
debug1: Connection established.
debug1: identity file /Users/reedn/AMI.pem type -1
debug1: identity file /Users/reedn/AMI.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 36:69:f6:95:b4:3c:f0:77:02:ab:02:01:af:c7:cc:6a
debug1: Host '54.67.18.96' is known and matches the RSA host key.
debug1: Found key in /Users/reedn/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/reedn/AMI.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
*Permission denied (publickey).*

连接到实例 #1:

USAU9900:ScrapeEdgar reedn$ ssh -i ~/AMI.pem -v ubuntu@54.183.77.100
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/reedn/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 54.183.77.100 [54.183.77.100] port 22.
debug1: Connection established.
debug1: identity file /Users/reedn/AMI.pem type -1
debug1: identity file /Users/reedn/AMI.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA a6:53:a0:99:b8:61:ef:fe:05:d3:fe:47:90:ea:de:b6
The authenticity of host '54.183.77.100 (54.183.77.100)' can't be established.
RSA key fingerprint is a6:53:a0:99:b8:61:ef:fe:05:d3:fe:47:90:ea:de:b6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '54.183.77.100' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/reedn/AMI.pem
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 54.183.77.100 ([54.183.77.100]:22)

【问题讨论】:

  • debug1: Trying private key: /Users/reedn/AMI.pem...debug1: Authentications that can continue: publickey 客户端尝试了密钥,服务器不接受。您需要在服务器上解决此问题。
  • 由于无法 ssh 到服务器,如何排查问题?
  • 我更新了问题以更清楚地说明这是关于 EC2 实例的。
  • 服务器上至少有六种情况可能导致这种情况。这是一个非常常见的问题,它并不是 stackoverflow 的真正主题。最好的办法是在此站点或 superuser.com 中搜索“[ssh] Permission denied (publickey)”。

标签: ssh amazon-ec2


【解决方案1】:

首先,您需要确保密钥对已应用于实例 #2。在此实例的 aws 控制台中如下所示:

Key pair name: AMI (should be same as instance #1)

然后尝试以下步骤:

  1. 如果此 ec2 实例不在 VPC 中,是否可以停止并启动实例以刷新新的公共 IP 地址并重试?

  2. 清理本地计算机中 .ssh/known_hosts 中的内容,然后重试。

其中一个应该适合您。

【讨论】:

    猜你喜欢
    • 2013-07-18
    • 2023-03-10
    • 2019-02-26
    • 1970-01-01
    • 1970-01-01
    • 2021-03-09
    • 2017-08-19
    • 1970-01-01
    • 2011-09-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode