SSH 到 ec2 时权限被拒绝(公钥)

SSH 到 ec2 时权限被拒绝(公钥)

我创建了一个 EC2 实例并停止它,再次启动它。

出现以下错误

Aloks-MacBook-Pro:AWS alokmandloi$  ssh -i working_key.pem [email protected] 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
3d:f2:79:cc:38:66:83:71:1b:86:6c:7e:36:ad:27:bc.
Please contact your system administrator.
Add correct host key in /Users/alokmandloi/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/alokmandloi/.ssh/known_hosts:11
RSA host key for ec2-184-73-22-113.compute-1.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.

我查找解决方案并发现http://www.thegeekstuff.com/2010/04/how-to-fix-offending-key-in-sshknown_hosts-file/

这建议我删除known_hosts中的第11个条目。 这样做之后,我收到以下错误

Aloks-MacBook-Pro:AWS alokmandloi$  ssh -v -i working_key.pem [email protected] 
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-184-73-22-113.compute-1.amazonaws.com [184.73.22.113] port 22.
debug1: Connection established.
debug1: identity file working_key.pem type -1
debug1: identity file working_key.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 3d:f2:79:cc:38:66:83:71:1b:86:6c:7e:36:ad:27:bc
debug1: Host 'ec2-184-73-22-113.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/alokmandloi/.ssh/known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: working_key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

答案1

您输入的密钥错误,或者实例的地址错误(实例拒绝了您的密钥)。

答案2

如果您停止并启动实例,您的公共 IP 和主机名会发生变化。即使您使用的是 ElasticIP,‘停止’它也会取消 EIP 的关联。

请检查您的 AWS 控制台并查看新的公共 IP/主机名,您可能正在尝试连接到旧的 DNS 名称,该名称现在可能已分配给其他人的实例。

答案3

这是更好的,因为更多的失败证明删除有问题的主机密钥

ssh-keygen -R hostname

你的情况

ssh-keygen -R ec2-184-73-22-113.compute-1.amazonaws.com

如果你确定你的密钥是正确的,你也可以在.ssh/authorized_keys具有正确权限的服务器上进行验证(700for .ssh/600for .ssh/authorized_keys

答案4

当您停止正在运行的实例时,会发生以下情况:

实例执行正常关闭并停止运行;其状态变为正在停止,然后停止。

任何 Amazon EBS 卷都会保持附加到实例,并且其数据也会保留下来。

主机 RAM 或主机实例存储卷中存储的所有数据都将消失。

EC2-Classic:当您停止实例时,我们会释放该实例的公有和私有 IP 地址,并在您重新启动实例时分配新的 IP 地址。

EC2-VPC:实例在停止和重新启动时会保留其私有 IP 地址。当您重新启动时,我们会释放公有 IP 地址并分配一个新 IP 地址。

您的实例一定有新的公网 IP。请检查并尝试使用新 IP 登录您的服务器。

相关内容