【发布时间】:2016-01-29 22:28:00
【问题描述】:
我首先尝试通过 ssh 连接到我的 EC2 实例,结果如下:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/SidRama/Downloads/ec2.pem.txt' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "~/Downloads/ec2.pem.txt": bad permissions
Permission denied (publicly).
所以我跑了:
sudo chmod 400 ~/Downloads/ec2.pem.txt
然后我执行了这个
ssh -i ~/Downloads/ec2.pem.txt ec2-user@ec2-52-35-59-123.us-west-2.compute.amazonaws.com -v
但我得到 Permission denied (public) 如下:
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 53: Applying options for *
debug1: Connecting to ec2-52-35-59-123.us-west-2.compute.amazonaws.com [52.35.59.111] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file ~/Downloads/ec2.pem.txt type -1
debug1: key_load_public: No such file or directory
debug1: identity file ~/Downloads/ec2.pem.txt-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-52-35-59-123.us-west-2.compute.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com none
debug1: kex: client->server chacha20-poly1305@openssh.com none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ZJbD9iVRP/8EbzmhyBvrC+Vg2W15k+A5cB6dea3+BAA
The authenticity of host 'ec2-52-35-59-123.us-west-2.compute.amazonaws.com (52.35.59.111)' can't be established.
ECDSA key fingerprint is SHA256:ZJbD9iVRP/8EbzmhyBvrC+Vg2W15k+A5cB6dea3+BAA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-52-35-59-123.us-west-2.compute.amazonaws.com,52.35.59.111' (ECDSA) to the list of known hosts.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/Downloads/ec2.pem.txt
debug1: Authentications that can continue: publickey
debug1: Trying private key: ~/Downloads/ec2.pem.txt
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
我已经尝试了一段时间了。任何帮助将不胜感激。提前致谢。
【问题讨论】:
-
您的密钥因某种原因被拒绝。这应该在服务器日志中提到。检查您最近在服务器上更改了什么,检查日志并确保您从 ec 下载了正确的密钥。
-
会不会是因为EC2实例是由Elastic Beanstalk创建的?
-
与“ec2.pem.txt”私钥匹配的公钥应列在authorized_keys文件中(通常在用户.ssh文件夹的主目录中),并且该文件夹应具有适当的权限( 755 通常可以)并且 authorized_keys 文件应该具有适当的权限(可能是 640?)。要查看的日志因 Linux 的发行版而异。 /var/log/secure.log 是可能的。
-
是什么让您认为您使用的是正确的密钥对?在控制台中检查 EC2 实例以查看启动实例时使用的密钥对的名称。
-
您提出问题的方式具有误导性。您的问题中有两个不同的独立问题,第一个是您自己解决的。如果您稍微搜索了一下,这里会详细说明第二个原因的许多可能原因:*.com/questions/18551556/…
标签: linux ssh amazon-ec2