EC2 instance has started refusing SSH access

0

I created several EC2 instances running Amazon Linux 2 a few weeks ago, all with SSH access. A few days ago, one instance stopped allowing SSH access with the message ec2-user@10.0.145.93: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). - an error message I'd expect to see if my SSH keys were invalid.

The instance is still running, and the cron jobs I configured on it are still running as normal. I don't have serial console to the instance but I was able to create an AMI and then a VMDK from the instance in its current state and mount the filesystem to attempt to figure out what's wrong. As far as I can tell all the SSH configuration is still as I configured it: all the correct keys are still present in ~/.ssh/authorized_keys and the contents of /etc/ssh/ are identical to a clean AL2 install.

The security groups haven't changed (they still allow SSH access) and the SSHD config is the same, so what is going on?

MorayM
asked a year ago293 views
1 Answer
1
Accepted Answer

Check the permissions on your home directory, the .ssh directory, and the authorized_keys file.

profile pictureAWS
EXPERT
kentrad
answered a year ago
  • I can't check the permissions as they are on the instance, the act of mounting the filesystem changes all the permissions and ownerships. I'm not sure what would have caused the permissions/ownerships to have changed anyway on the instance?

  • You will need to review to the OS level logs for that information.

  • You're right, sshd is reporting 'bad ownership or modes for directory /home/ec2-user', and the permissions for /home/ec2-user have changed from 700 to 775. Any ideas what might have caused the mode/ownership to change?

  • Found it. One of our build scripts creates a file using umask 022. I didn't realise it defaulted to use ~ if the actual build location was missing - hence the permissions of ~ and all its parent directories changed! Lesson learnt...

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions