By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to connect to my EC2 Redhat Linux Instance - Server Key Refused

0

Hello All,

From the very beginning, I wanted to make my server password-centric, Meaning instead of carrying my private key everywhere, I wanted to give it a password, So it would be easy for me to log in from anywhere. Unfortunately, we don't have the option for setting up a password in AWS.

I did try the following thing: - I created a user & created a fresh SSH Key & I uploaded the Public Key into the console, thinking it would allow me to log in as soon as I added the username in PuTTY. But it's saying "Server Key Refused".

Please help me to make this a Password-Centric.

Thank You :)

Topics
ComputeAWS Well-Architected Framework
Tags
Amazon EC2Security
Language
English
advaith
asked 3 months ago346 views
2 Answers
1

To use SSH with password authentication, enable PasswordAuthentication yes in the sshd configuration.

Note that password-based authentication is not recommended.

If you do not want to carry around your SSH private key, how about using AWS Systems Manager Session Manager? You can log in to an EC2 instance using an IAM User.

https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/session-manager.html

profile picture
EXPERT
shibata
answered 3 months ago
1

There's a couple of parts to this, firstly you need to be able to connect into the RHEL EC2 instance using your key in order to change the config to allow password access. Your error sounds very much like this problem here, for which the accepted answer is to update the SSH client https://repost.aws/questions/QUyu0PYkF3SgqGYT1fn5UqQQ/the-official-almalinux-os-9-x86-64-ami-server-refused-our-key

Once you can get onto the host using a key, you can configure it to use passwords. For RHEL there is two steps. First one is as @shibata says, changing PasswordAuthentication from no to yes in /etc/ssh/sshd_config. The second part involves making the same change to /etc/ssh/sshd_config.d/50-cloud-init.conf (or just comment out the PasswordAuthentication entry from that file.

See the accepted answer for this https://repost.aws/questions/QUE9_NBn5MQ5KgpjVyyy3ISA/unable-to-login-with-username-and-password-in-redhat-machine-created-in-aws

It's worth cautioning here that passwords are disabled by default for a good reason. The AWS public IP address ranges are not a secret, and are widely known. Within minutes of an instance appearing on a public, bots will start to attack it on port 22, trying to brute force their way in using a dictionary of passwords on well-known accounts such as root, ec2-user, ubuntu, centos, oracle, postgres, and so on. By enabling password authentication the EC2 instance becomes vulnerable to this. The risk can be mitigated (but not eliminated) by mandating complex, strong passwords, and also by using security groups to lock down SSH access from only trusted IPs.

profile picture
EXPERT
Steve_M
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content