Unable to secure tunnel SSH via private key to IoT Greengrass Core Device.
Hi,
I'm having trouble SSHing into my core devices by connecting via a private key.
I have successfully installed IoT Greengrass on a raspberry pi and can successfully SSH into it in the following three ways:
- Creating a secure tunnel and logging in via username and password.
- SSHing into the device on my local network with username and password.
- SSHing into the device on my local network using my private ssh key; where the public key has been copied to the device .ssh/authorized_keys
However, when using the AWS console, I am unable to login via the same private key and given the error:
"Failed to authenticate. Try again."
Here are the permissions for both .ssh and .ssh/authorized_keys
root@raspberrypi:/home/pi# stat .ssh File: .ssh Size: 4096 Blocks: 8 IO Block: 4096 directory Device: b302h/45826d Inode: 489068 Links: 2 Access: (0700/drwx------) Uid: ( 1000/ pi) Gid: ( 1000/ pi) Access: 2023-02-01 00:01:43.386002027 +0000 Modify: 2023-03-16 17:17:34.815483753 +0000 Change: 2023-03-16 17:17:34.815483753 +0000 Birth: -
root@raspberrypi:/home/pi/.ssh# stat authorized_keys File: authorized_keys Size: 1648 Blocks: 8 IO Block: 4096 regular file Device: b302h/45826d Inode: 489071 Links: 1 Access: (0600/-rw-------) Uid: ( 1000/ pi) Gid: ( 1000/ pi) Access: 2023-03-16 17:17:34.815483753 +0000 Modify: 2023-03-16 17:17:34.815483753 +0000 Change: 2023-03-16 17:17:34.815483753 +0000 Birth: -
On my device (connected via a local network and the same private key), I do not see any recent logs in: /greengrass/v2/logs/greengrass.log
Am I placing my public key in the correct location for a secure tunnel via a private key, or am I missing some additional configuration?
The device in question has the following components:
Any help would be appreciated.
Thanks!
- Newest
- Most votes
- Most comments
Hi, IoT Greengrass promotes a different approach: secure tunnelling over MQTT. See https://docs.aws.amazon.com/greengrass/v2/developerguide/secure-tunneling-component.html Is it unapplicable to your use case? Didier
Hi Luke, Have you launched a Localproxy in your local source machine? Scure tunneling needs a Local Proxy software to be able to get up the tunnel and allows you reach greengrass from your local computer terminal. In the following link you could find a workshop whereyou could download a local proxy made in C with the steps to get it configured. https://catalog.us-east-1.prod.workshops.aws/workshops/6d30487a-48e1-4631-b6bc-5602582800b5/en-US/chapter7-securetunelling/20-dc-setup
Hi, if you are using the Secure Tunneling Greengrass component, the logs will be found in /greengrass/v2/logs/aws.greengrass.SecureTunneling.log, not /greengrass/v2/logs/greengrass.log
Please check if you can find info helpful for debugging there.
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 5 months ago
So I can successfully create a secure tunnel over MQTT and SSH login via username and password to the device using the AWS IoT Console; however, the option to login via private key does not work. Even with my same private key which works logging in over local network (public key is in .ssh/authorized_keys).
I hope this helps clarify.