By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

cli run send-ssh-publish-key response empty error message

0

I using Linux2 Kannel 5 run aws ec2-instance-connect send-ssh-publish-key whthout any error message
reference the teaching https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html

command is run aws ec2-instance-connect send-ssh-public-key [...options] response content ... AccessDenied sendSSHPublishKey operation: [this not any content]

I using IAM simulation Policy is allowed so I think it's about Linux file permissions

region is ap-east-1 my instance device is Linux 2 kernel 5

Topics
Management & GovernanceCompute
Tags
AWS Command Line InterfaceAmazon EC2
Language
English
AWS-User-6529096
asked 2 years ago241 views
1 Answer
0

Hi there!

I understand you are trying to SSH into your instance and you are getting an “AccessDenied sendSSHPublishKey “ error.Please correct me if I misunderstood.

The error occurs if :

* You're trying to connect using the wrong user name for your AMI.
* The file permissions within the operating system are incorrect on the instance.
* The incorrect SSH public key (.pub) file is in the authorized_keys file.

To troubleshoot the error please do the following:

[1]Verify that you’re using the correct username for your AMI [2]Check whether port 22 is open in the security groups [3]Make sure there are no ACL’S blocking traffic. [4]Verify that the file permissions within the operating system are correct and that the correct SSH public key is in the authorized_keys file.

Else if the issue still persists ,Please do the following

(1.) Create a rescue instance (one which you can SSH in to).Make sure that the rescue instance is in the same availability zone as your original instance.

(2)Stop your instance

(3.) Detach the root volume of your instance

(4.) Attach the volume to a rescue instance

(5.) Mount the root volume to a temporary mount point on the rescue instance.

Steps on how to mount:

- $ sudo mount /dev/xvdf /mnt/recovery
Useful commands:
#lsblk –f
#sudo mkdir /mnt/recovery
#sudo mount –a <device_name> /mnt/recovery

Files permissions on instance can create permission denied issues. Correct permissions would be below.

/mnt/recovery/home/user/.ssh/authorized_keys file permissions needs to be 600
#chmod 600 /mnt/recovery/home/user/.ssh/authorized_keys
/mnt/recovery/home/user/.ssh file permissions needs to be 700
#chmod 700 /mnt/recovery/home/user/.ssh
/mnt/recovery/home/user directory permissions to be 755 or 700 (either should work)
#chmod 700 /mnt/recovery/home/user
Ownership permissions on /user/home should be user:user. If you see different permissions, make sure you change using
# chown -R user:user /mnt/recovery/home/user
Compare the keys /home/user/.ssh/authorized_keys from the working instance and non-working instance. You can copy over keys if required from root volume to rescue instance to secondary volume.
# diff /home/user/.ssh/authorized_keys  /mnt/recovery/home/user/.ssh/authorized_keys
# cp /home/user/.ssh/authorized_keys  /mnt/recovery/home/user/.ssh/authorized_keys (Copy over keys)
Note: you can replace user with ec2-user, root, ubuntu,centos etc as required.

I hope this was helpful!

Karabo
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content