By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to SSH into EC2 Linux Instance after generating PPK file from PEM

0

Good day,

We have an EC2 Linux instance that we are attempting to SSH into using Putty. I have converted the PEM key from the environment to a PPK but when attempting to log in via Putty I receive the following error:

Using username "ec2-user".
Pre-authentication banner message from server:
| Authorized uses only. All activity may be monitored and reported.
End of banner message from server
Server refused our key

I tried using both the usernames root and ec2-user. Is there any way to figure out if there may have been a different user that was used by the person who initially configured this environment as they left our organization.

Alternatively is there any way to get into this instance if the PEM file and PPK are not authenticating successfully? If anyone has any suggestions I would appreciate it.

  • SlavaS
    a year ago

    Create a new ec2 machine that you can ssh into, then disconnect a volume on the old machine and connect it to the new one.

Topics
Compute
Tags
Amazon EC2Amazon LinuxLinux
Language
English
rePost-User-3227106
asked a year ago576 views
3 Answers
1

Accessing EC2:

  1. If you have administrative access to the EC2 instance, you can reset the password for the appropriate user and attempt to log in using password authentication instead of SSH key authentication: https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-ec2reset.html
  2. As another user mentioned, if you have access to the underlying EBS volume, you can create a new EC2 instance and mount the volume as a secondary disk. This allows you to access the files and data on the disk without logging into the original instance: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html

Determining user:

  1. If you have access to other parts of the console, you can check if CloudTrails logging was enabled. If AWS CloudTrail is enabled in your AWS account, you can search for events related to the EC2 instance in question. CloudTrail logs record API activity and can provide insight into the actions taken by the previous user, including the creation and configuration of the EC2 instance: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html
  2. This step requires and assumes that you mounted the volume in a brand new instance. You can navigate to the mounted volume's /etc/passwd or /etc/shadow file to view the usernames created on the old instance. Which, once you unmount and move the volume back to the other instance, you can now try again with the knowledge of usernames.
AWS
phancx-AWS
answered a year ago
0

Create a new ec2 machine that you can ssh into, then disconnect a volume on the old machine and connect it to the new one.

SlavaS
answered a year ago
0

What flavour of Linux are you using> Many of them have ec2-user as the default used but some of them have a different one https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html#ami-default-user-names

If the key you are using is giving you absoltely no joy then there is a way of updating the key, method 1 here is probably best for you https://repost.aws/knowledge-center/user-data-replace-key-pair-ec2

Also note that when you create the new key in the EC2 Console you can directly download the PuTTY private key, without having to convert it from a PEM file.

profile picture
EXPERT
Steve_M
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content