- Newest
- Most votes
- Most comments
Maybe the problem is that I had created a new key, and the system automatically assigned it to my instance. Then I deleted the old key. So I have to copy the new public key into the ssh dir, but I don't know how to do it. I only have the key.pem file locally. Thank you
Hello.
The answers below may be helpful.
Maybe you need to set full control over your SSH keys.
There are several other answers listed, so I recommend checking them all out.
https://superuser.com/a/1296046
Change the owner to you, disable inheritance and delete all permissions. Then grant yourself "Full control" and save the permissions. Now SSH won't complain about file permission too open anymore.
Hi Yumin,
For the authorized keys, the permissions need to be a little more permissive.
Set the permissions to 644 and it should solve the issue.
Let me know if it worked.
Sincerely, Mukul Dharwadkar
SSH Authentication Error: Permission Denied
It seems like you've addressed the permissions for the .pem key successfully, but you're encountering another error related to SSH authentication. The error message Permission denied (publickey,gssapi-keyex,gssapi-with-mic) typically indicates that the SSH client is unable to authenticate using the public key.
Things to Check:
-
SSH Key Pair: Ensure that you're using the correct SSH key pair to connect to the EC2 instance. The public key (
<key_name>.pub) should be added to theauthorized_keysfile on the server. -
Permissions on SSH Directory and Files: Verify the permissions for the
.sshdirectory andauthorized_keysfile. Ensure that the ownership and permissions are correctly set for the entire.sshdirectory and its contents. -
SSH Agent: If you're using an SSH agent to manage your keys, make sure that the correct key is added to the agent (
ssh-add <path_to_private_key>). -
SSH Configuration: Check for any custom SSH configurations (
~/.ssh/config) that might interfere with the authentication process. -
Logs: Review the server-side logs (
/var/log/auth.logor/var/log/secure) for clues about why the authentication is failing. -
Instance Configuration: Ensure that the instance itself allows SSH connections and that any firewall rules (such as security groups or network ACLs) aren't blocking the connection.
SSH Permissions Setup
To avoid SSH permission denied issues, ensure correct file permissions for SSH-related files:
~/.sshdirectory: Set permissions to700(drwx------) to allow only the owner (ec2-userin your case) full access:
chmod 700 ~/.ssh
~/.ssh/authorized_keysfile: Set permissions to600(-rw-------) to restrict access to only the owner (ec2-user):
chmod 600 ~/.ssh/authorized_keys
These permissions prevent unauthorized access to your SSH keys while allowing authentication. Replace ~ with the actual home directory path of the ec2-user.
After setting permissions, attempt to connect to the EC2 instance again. If issues persist, check SSH server logs for detailed error messages.
Relevant content
- asked 2 months ago
- Accepted Answerasked 8 months ago
- asked 2 years ago
AWS OFFICIALUpdated 4 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Hello, thanks, in this way I solved the problem of permissions on the local .pem key. Now I have the other error:
ec2-user@****: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
I have changed the permissions of the linux dir (superuser): chmod 755 <mount_point>/home chmod 700 <mount_point>/home/ec2-user chmod 700 <mount_point>/home/ec2-user/.ssh chmod 600 <mount_point>/home/ec2-user/.ssh/authorized_keys
but the error in connection still remains.
Session Manager may be available. Try connecting with Session Manager and setting an SSH key for the required Linux user. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started.html