权限被拒绝(公钥)ssh ec2实例mac

权限被拒绝(公钥)ssh ec2实例mac

更新2:

$ ls -ld ~/.ssh
drwx------  8 user  staff  272  2 Oct 17:51 /Users/user/.ssh
$ ls -la ~/.ssh/config/file.pem 
-r--------@ 1 user staff 1692 2 Oct 17:11 /Users/user/.ssh/config/file.pem 
$ ls -la file.pem 
-rw-------@ 1 user staff 1692 2 Oct 17:11 localfile.pem

更新:

切换-i-v标记后我现在得到:

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to ec2-XX-XX-XXX-XXX.areacode.compute.amazonaws.com [IP] port 22.
debug1: Connection established.
debug1: identity file file.pem type -1
debug1: identity file file.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA fingerprint
debug1: Host 'ec2-XX-XX-XXX-XXX.ap-areacode.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: file.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

我尝试从我的 Mac 终端通过 SSH 连接到 Amazon Linux EC2 实例。我遵循了以下说明:http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

但我明白Permission denied (publickey)

我的安全设置允许我的公共 IP 进行 ssh。

它最初成功做到了:

Permanently added 'ec2-XX-XX-XXX-XXX.areacode.compute.amazonaws.com,YY.YY.YYY.YYY' (RSA) to the list of known hosts.

$ ssh -i ec2vb.pem [email protected]
Permission denied (publickey).

$ ssh -i -v /path/to/ec2/file.pem [email protected]
Warning: Identity file -v not accessible: No such file or directory.
ssh: Could not resolve hostname /Developer/folder/ec2/file.pem: nodename nor servname provided, or not known

我还尝试更新权限并将chmod key 600我的密钥复制到用户.ssh/config文件夹?

答案1

debug1: Trying private key: file.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

您的客户端将密钥发送到服务器,但服务器不接受它。就您的客户端而言,您的私钥和本地文件和目录权限都没有问题。您需要从服务器端排除故障。我不知道 EC2 服务器有什么特殊之处,但如果这是一台普通的 Unix 服务器,您需要检查以下内容:

  1. 从 sshd 查找服务器日志中的消息。
  2. 检查服务器上 e2c 用户的主目录和 .ssh 目录的权限。
  3. 检查权限〜ec2-用户/.ssh/authorized_keys服务器上的文件。
  4. 检查您尝试使用的私钥的公钥是否确实在授权密钥在服务器上。这可以通过转到 EC2 服务器-->实例-->(选择您的实例)-->描述-->密钥对名称(这应该与您使用的密钥的名称相同)来完成

答案2

OpenSSH 对于密钥的存储和使用方式十分讲究。请执行以下操作:

1)创建并确保您的 ~/.ssh 目录具有正确的权限:

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ls -ld ~/.ssh
drwx------ 2 username group 4096 Jun 10 19:47 /Users/username/.ssh

2)将私钥(在您的情况下为.pem 文件)复制到 ~/.ssh 目录并设置适当的权限:

$ cp ~/Downloads/filename.pem ~/.ssh/filename.pem
$ chmod 600 ~/.ssh/filename.pem

3)由于您使用的是 OS X,请确保 Finder 没有设置任何不必要的扩展属性并将其删除:

$ xattr -l ~/.ssh/filename.pem
$ xattr -d <attr_name> ~/.ssh/filename.pem

4)现在您可以尝试使用密钥:

$ ssh -i ~/.ssh/filename.pem [email protected]

5) 验证此工作后,您可以使用 ~/.ssh/config 文件更轻松地连接到远程主机,而不必手动指定要使用的身份文件。例如:

Host remote.hostname.com
  User username
  IdentityFile ~/.ssh/filename.pem

从现在起,您只需运行ssh remote.hostname.com即可连接到远程服务器。

相关内容