我最初在美国东部创建了一个 EC2 实例,并想将其移动到美国西部。我停止了该实例,创建了 AMI 的映像,然后将其复制到美国西部可用区。在美国西部从此 AMI 启动实例后,我现在无法通过 SSH 进入实例(它一直要求输入密码)。
基础映像是 FreeBSD 10-CURRENT,默认情况下使用 ec2-user 进行 SSH 访问。经过一些实验,我发现从 US-East(原始可用区域)中的此映像启动新实例时,我能够使用 SSH,因此我不确定 US-West 实例的问题是什么。我创建了一个新的密钥对,我使用的是密钥对 ( ssh ec2-user@IP -i ~/.ssh/key.pem
),并且安全组允许在端口 22 上使用 SSH。
以下是 的输出ssh -v
:
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/lander/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug1: Connecting to ec2-54-213-127-207.us-west-2.compute.amazonaws.com [54.213.127.207] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/lander/.ssh/key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/lander/.ssh/key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: match: OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-54-213-127-207.us-west-2.compute.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:TKZStqOUSM3Eh0LLCEXU3k1LXq2qd1FwxNLQ8r7jkfo
debug1: Host 'EC2 PUBLIC DNS' is known and matches the ECDSA host key.
debug1: Found key in /Users/lander/.ssh/known_hosts:41
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/lander/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: /Users/lander/.ssh/other_key.pem
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/lander/.ssh/key.pem
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
答案1
在与朋友讨论后,他建议它可能仍在使用旧的 SSH 密钥,所以我尝试了一下,果然这就是问题所在。我想这是因为系统已镜像,但添加新密钥对的步骤尚未完成,因此旧的 SSH 密钥仍保留在镜像authorized_keys
文件中。