Salta al contenuto
Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post
Informazioni su re:Post

Can no longer ssh into my EC2 instance

0

Hello, I created an EC2 instance the other day. I was able to SSH in with my .pem file with no issues. I then added my colleague to the instance by adding his public key to ~/.ssh/authorized_keys, this way:

- sudo -i 
cd /home/mycolleague/ 

# Create the .ssh directory if it doesn't exist 
mkdir -p .ssh chown mycolleague:mycolleague .ssh chmod 700 .ssh 

# Navigate to .ssh directory 
cd .ssh

 # Create the authorized_keys file 
touch authorized_keys 
chown mycolleague:mycolleague authorized_keys 
chmod 600 authorized_keys

add public key:
echo "ssh-rsa ..." >> authorized_keys

Today, I tried to log in again, and I got the following error: Permission denied (public key). My colleague, however, can still SSH in with no issues.

I have tried several things to resolve it:

  1. Tried to add an IAM role with AmazonSSMManagedInstanceCore policy.
  2. Tried to create a public key for my .pem file and then asked my colleague to add it to ~/.ssh/authorized_keys on the instance (format: added my key to a new line after his)
  3. Tried to doublecheck the permissions associated with my .pem key

What could have gone wrong?

Argomenti
Computazionali
Tag
Amazon EC2
Lingua
English
posta un anno fa124 visualizzazioni
1 Risposta
0

Based on the information provided, there are a few potential reasons why you're encountering the "Permission denied (public key)" error while your colleague can still access the instance:

  1. Incorrect location of authorized_keys file: It appears you've added your colleague's public key to a separate authorized_keys file in their home directory (/home/mycolleague/.ssh/authorized_keys). However, the SSH daemon typically looks for the authorized_keys file in the home directory of the user you're trying to log in as. If you're using a different user (e.g., ec2-user or ubuntu), your public key should be in that user's authorized_keys file.

  2. Permissions issues: The permissions on the .ssh directory and authorized_keys file are critical. While you've set the correct permissions for your colleague's file, make sure the same is true for the main user's .ssh directory and authorized_keys file.

  3. Incorrect public key: If you generated a new public key from your .pem file and asked your colleague to add it, there might have been an error in the process. The public key needs to be correctly derived from your private key and properly formatted in the authorized_keys file.

  4. SSH configuration changes: If any changes were made to the SSH configuration on the instance, it could affect your ability to connect.

To resolve this issue, you can try the following:

  1. Ask your colleague to check the authorized_keys file in the main user's home directory (e.g., /home/ec2-user/.ssh/authorized_keys or /home/ubuntu/.ssh/authorized_keys) and ensure your public key is correctly added there.

  2. Verify the permissions on the .ssh directory and authorized_keys file for the main user:

    • .ssh directory should be 700 (drwx------)
    • authorized_keys file should be 600 (-rw-------)

  3. Double-check that you're using the correct username when attempting to SSH (e.g., ec2-user@your-instance-ip or ubuntu@your-instance-ip).

  4. If all else fails, you may need to use one of the recovery methods for lost EC2 key pairs, such as:

    • Using EC2 Instance Connect (if enabled)
    • Stopping the instance, detaching the root volume, attaching it to a new instance, modifying the authorized_keys file, and then reattaching the volume to the original instance

Remember to always keep backups of your key pairs and regularly review and update your instance access methods to prevent future lockouts.

Sources
Community | Recovering Access: A Guide for Lost EC2 Key Pair in Linux
Tutorial: Complete the configuration required to connect to your instance using EC2 Instance Connect - Amazon Elastic Compute Cloud
How to Recover Access to Your EC2 Instance After Losing the Private Key | AWS re:Post

con risposta un anno fa
  • Hinab
    un anno fa

    My colleague does not have permissions to see /home/ubuntu/.ssh/authorized_keys

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Contenuto pertinente