- 최신
- 최다 투표
- 가장 많은 댓글
Hi, the scanner doesn't need any ~/.ssh/authorized_keys to be present. In fact, the scanner will call out this as an issue if that file contains any keys.
Just before you create your image (AMI) for AWS Marketplace from your running or stopped EC2 instance, you remove those authorized keys so that the image (AMI) is clean.
Thanks Joseph, But It still needs the ssh key pair that was provided on login to be able to scan the AMI or else it returns an error. so another way of phrasing the question is where do you locate the ssh key pair for scanning purposes which it clearly needs without placing it in the ~/.ssh/authorized_keys file?
Hi, the way the scanner works to use keypair is the same way you would introduce your keypair in any generic AMI. When you try to launch a new EC2 instance from a public AMI of Amazon Linux 2 or Ubuntu, those AMIs have no keys in it. It is during the initial launch where you specify a keypair. Then EC2 will take care of adding the public key on-the-fly into the new EC2 instance. The scanner (and ultimately your customers) do the same thing. The expectation is that your AWS Marketplace customers are not using your keypair when they launch your AMI, they specify their own. Thus the AMI doesn't need your keypair when you publish it.
verbatim of the error I am getting: Issue found: Unable to connect using SSH on port 22 with the username [ec2-user] and the keypair provided at launch. Recommendation: Provide the correct username for the AMI. AMIs must support login with the keypair associated with the instance at launch.
Meanwhile the username was provided for the AMI (ec2-user)
Have you confirmed that the SSH port is on the default port 22 and that the OS user is
ec2-user? Is this how you log into the instance? If not, those two values can be changed in the scanner.
관련 콘텐츠
- 질문됨 3달 전
AWS 공식업데이트됨 3달 전- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
I have been to solve it by using the OS name that is associated with the AMI originally for the value BEFORE scanning, for example my AMI's OS name is ubuntu, but I was using ec2-user as OS user before scanning and was presented with that error. Thanks Joseph you are right.
Thanks for the update! Glad it helped.