使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Recurrent SSH to EC2 Permission Denials

0

Like many users I reported "permission deny" issues when attempting to SSH to my EC2 Instance. Following an advice in an issue I raised I started a new instance with a new key and the issue was resolved for a while. I was able connect to a new instances with a new set of key pairs, install software, but when trying to connect later, via my laptop or CloudShell I got:

ssh -i ~/.aws/kp.pem ubuntu@ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com ubuntu@ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com: Permission denied (publickey). [cloudshell-user@ip-10-6-111-134 ~]$ ssh -i kp.pem ubuntu@ec2-54-146-178-153.compute-1.amazonaws.com ssh: connect to host ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com port 22: Connection timed out

The Inbound rules allow for access from anywhere for testing purposes. When launching yet another machine with another key pair, I am able to connect. Can anyone explain why am I loosing the SSH connection after the issue was resolved? Incidentally, even when I was able to access the machine, I was frequently disconnected with a "broken pipe" message.

主題
運算
標籤
Amazon EC2
語言
English
rePost-User-2017171
已提問 1 年前檢視次數 214 次
1 個回答
0

Hello When attempting to connect using the commands provided in your question, please be aware that instances without an Elastic IP might have a different public IP after every restart. To ensure you connect to the correct instance, verify the IP address or consider associating an Elastic IP using this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html. Also, if you get a Permission denied (publickey) error and you were able to connect previously, the permissions on the home directory of your instance may have been changed. Permissions for /home/instance-user-name/.ssh/authorized_keys must be limited to the owner only. To verify the permissions on your instance

  1. Stop your instance and detach the root volume. For more information, see Stop and start your instance and Detach an Amazon EBS volume from a Linux instance.
  2. Launch a temporary instance in the same Availability Zone as your current instance (use a similar or the same AMI as you used for your current instance), and attach the root volume to the temporary instance. For more information, see Attach an Amazon EBS volume to an instance.
  3. Connect to the temporary instance, create a mount point, and mount the volume that you attached. For more information, see Make an Amazon EBS volume available for use on Linux.
  4. From the temporary instance, check the permissions of the /home/instance-user-name/ directory of the attached volume. If necessary, adjust the permissions as follows: [ec2-user ~]$ chmod 600 mount_point/home/instance-user-name/.ssh/authorized_keys [ec2-user ~]$ chmod 700 mount_point/home/instance-user-name/.ssh [ec2-user ~]$ chmod 700 mount_point/home/instance-user-name
  5. Unmount the volume, detach it from the temporary instance, and re-attach it to the original instance. Ensure that you specify the correct device name for the root volume; for example, /dev/xvda.
  6. Start your instance. If you no longer require the temporary instance, you can terminate it. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
AWS
rePost-User-3710590
已回答 9 個月前
AWS
支援工程師
AWS_SamM
已審閱 9 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容