Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

SSH Access Issue – Permission Denied (publickey) for Ubuntu EC2 Instance

0

I am trying to connect to my Ubuntu EC2 instance via SSH, but I keep getting the following error:

chmod 400 "/d/My Website/wordpress setup/gadgetsin.pem" ssh -i "/d/My Website/wordpress setup/gadgetsin.pem" ubuntu@13.213.33.234

Error message:

ubuntu@13.213.33.234: Permission denied (publickey).

OS on instance: Ubuntu 22.04 LTS (ami-)

Username: ubuntu (confirmed correct for this AMI)

The .pem file is in the correct location and has read-only permissions (400).

The command path is properly quoted to handle spaces.

Security group inbound rules allow SSH (port 22) from my IP.

What I’ve checked so far:

Verified that the username is correct for this AMI.

Confirmed the .pem file exists and permission is set to 400.

My local SSH client is Git Bash on Windows 10.

Security group inbound rules allow SSH from my current IP.

Question: Since the permissions on the .pem file are already correct, what else could cause a Permission denied (publickey) error in this situation? Could this happen if the .pem file does not match the key pair originally assigned to the instance, and if so, what’s the safest way to replace or add the correct public key without losing data on the instance?

Topics
Compute
Tags
LinuxAmazon EC2WindowsEC2 Image Builder
Language
English
asked 9 months ago284 views
2 Answers
1

For your Ubuntu instance, you can connect from EC2 console using EC2 Instance Connect (EIC) or SSM Session Manager

You may have a key pair mis-match. Once you are connected, switch user to ubuntu, and check (and update if necessary) the contents of /home/ubuntu/.ssh/authorized_keys file.

Ubuntu on AWS has both EIC and SSM agent software installed. For EIC, you need to allow inbound SSH. For SSM, add AmazonSSMManagedInstanceCore policy to your EC2 IAM role

AWS
EXPERT
answered 9 months ago
0

The "Permission denied (publickey)" error typically indicates an authentication problem rather than a file permission issue. Here are the most likely causes and solutions:

  1. Key Pair Mismatch: The most common cause is that the private key (.pem file) you're using doesn't match the public key installed on the EC2 instance. This can happen if:
  • You selected a different key pair when launching the instance
  • The instance was launched with a different key pair than you think
  • The authorized_keys file on the instance was modified

  1. Path Issues on Windows: Git Bash on Windows sometimes has issues with Windows-style paths. Try using forward slashes instead of backslashes in your path, or move the .pem file to a simpler path without spaces.

  2. File Format Issues: If the .pem file was modified or corrupted (perhaps by text editors adding BOM characters or changing line endings), it may not work correctly.

To recover access without losing data:

  1. Use EC2 Instance Connect: If your instance is configured for it, you can try connecting via the AWS Console using EC2 Instance Connect, which doesn't require your local key.

  2. Use AWS Systems Manager Session Manager: If your instance has the SSM agent installed and appropriate IAM permissions, you can connect without SSH using Session Manager.

  3. Create an AMI and recover: If the above methods don't work, you can:

  • Create an AMI from your current instance
  • Launch a new instance from that AMI with a new key pair
  • Access your data on the new instance
  1. Volume recovery: As a last resort, you can:
  • Stop the instance
  • Detach its root volume
  • Attach the volume to another instance as a secondary volume
  • Access your data through the second instance
  • Add your public key to the authorized_keys file
  • Reattach the volume to the original instance

For future instances, consider setting up multiple authentication methods to prevent lockouts.
Sources
EC2: Cannot connect anymore via Instance Connect or SSH command line | AWS re:Post
Unable to Connect to AWS EC2 Instance via SSH Using RSA Key | AWS re:Post
ssh to my machine | AWS re:Post
Unable to SSH into AWS EC2 Instance – Connection Timed Out & Forgot Credentials | AWS re:Post
Instance not connect | AWS re:Post

answered 9 months ago
AWS
EXPERT
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content