更新2:
$ ls -ld ~/.ssh
drwx------ 8 user staff 272 2 Oct 17:51 /Users/user/.ssh
$ ls -la ~/.ssh/config/file.pem
-r--------@ 1 user staff 1692 2 Oct 17:11 /Users/user/.ssh/config/file.pem
$ ls -la file.pem
-rw-------@ 1 user staff 1692 2 Oct 17:11 localfile.pem
更新:
切换-i
和-v
标记后我现在得到:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to ec2-XX-XX-XXX-XXX.areacode.compute.amazonaws.com [IP] port 22.
debug1: Connection established.
debug1: identity file file.pem type -1
debug1: identity file file.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA fingerprint
debug1: Host 'ec2-XX-XX-XXX-XXX.ap-areacode.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: file.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
我尝试从我的 Mac 终端通过 SSH 连接到 Amazon Linux EC2 实例。我遵循了以下说明:http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
但我明白Permission denied (publickey)
我的安全设置允许我的公共 IP 进行 ssh。
它最初成功做到了:
Permanently added 'ec2-XX-XX-XXX-XXX.areacode.compute.amazonaws.com,YY.YY.YYY.YYY' (RSA) to the list of known hosts.
$ ssh -i ec2vb.pem [email protected]
Permission denied (publickey).
$ ssh -i -v /path/to/ec2/file.pem [email protected]
Warning: Identity file -v not accessible: No such file or directory.
ssh: Could not resolve hostname /Developer/folder/ec2/file.pem: nodename nor servname provided, or not known
我还尝试更新权限并将chmod key 600
我的密钥复制到用户.ssh/config
文件夹?
答案1
debug1: Trying private key: file.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
您的客户端将密钥发送到服务器,但服务器不接受它。就您的客户端而言,您的私钥和本地文件和目录权限都没有问题。您需要从服务器端排除故障。我不知道 EC2 服务器有什么特殊之处,但如果这是一台普通的 Unix 服务器,您需要检查以下内容:
- 从 sshd 查找服务器日志中的消息。
- 检查服务器上 e2c 用户的主目录和 .ssh 目录的权限。
- 检查权限〜ec2-用户/.ssh/authorized_keys服务器上的文件。
- 检查您尝试使用的私钥的公钥是否确实在授权密钥在服务器上。这可以通过转到 EC2 服务器-->实例-->(选择您的实例)-->描述-->密钥对名称(这应该与您使用的密钥的名称相同)来完成
答案2
OpenSSH 对于密钥的存储和使用方式十分讲究。请执行以下操作:
1)创建并确保您的 ~/.ssh 目录具有正确的权限:
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ls -ld ~/.ssh
drwx------ 2 username group 4096 Jun 10 19:47 /Users/username/.ssh
2)将私钥(在您的情况下为.pem 文件)复制到 ~/.ssh 目录并设置适当的权限:
$ cp ~/Downloads/filename.pem ~/.ssh/filename.pem
$ chmod 600 ~/.ssh/filename.pem
3)由于您使用的是 OS X,请确保 Finder 没有设置任何不必要的扩展属性并将其删除:
$ xattr -l ~/.ssh/filename.pem
$ xattr -d <attr_name> ~/.ssh/filename.pem
4)现在您可以尝试使用密钥:
$ ssh -i ~/.ssh/filename.pem [email protected]
5) 验证此工作后,您可以使用 ~/.ssh/config 文件更轻松地连接到远程主机,而不必手动指定要使用的身份文件。例如:
Host remote.hostname.com
User username
IdentityFile ~/.ssh/filename.pem
从现在起,您只需运行ssh remote.hostname.com
即可连接到远程服务器。