1

I downloaded the cert-xxx.pem and pk-xxx.pem files and also the keypair.pem and moved it all to the /.ssh folder on my Ubuntu client machine.

this is what I get when I try to SSH with -v at the end

debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey).

I am new to administering servers and I want to know if I should be trying to convert the pem files to id_rsa and id_dsa. I am not really sure if that is possible but I don't know how else to get the id_rsa, id_dsa from those pem files or if there is any work around. I managed to get access to EC2 the first time and this is my second try and I am unsuccessful so far.

Any help is appreciated. regards Walker

Adding the log after many unsuccessful attempts of logging in 

  myvers@ubuntu:~$ ssh -v -i  /home/myvers/.ssh/keyTwo.pem ubuntu@ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com xxx-xxx-xxx-xx port 22.
debug1: Connection established.
debug1: identity file /home/myvers/.ssh/keyTwo.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /home/myvers/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: myvers@ubuntu
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/myvers/.ssh/keyTwo.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Walker
  • 127
  • 3
  • 1
    possible duplicate of [Why do I get "Permission denied (publickey)" when trying to SSH from local Ubuntu to a Amazon EC2 server?](http://serverfault.com/questions/39733/why-do-i-get-permission-denied-publickey-when-trying-to-ssh-from-local-ubuntu) – Ben Pilbrow Jan 11 '11 at 22:59
  • I already copied the PK-xxx.pem in the .ssh/ folder. But that does not seem to be the problem unless the file needs to be else where. – Walker Jan 12 '11 at 03:54

5 Answers5

1

It's not finding the private key so use -i identity_file option.

ssh -i ~/.ssh/cert-xxx.pem user@host

Sean McEligot
  • 111
  • 2
  • Thanks Sean.. The problem is not with locating my keypair pem file. It the other part when it looks for id_rsa. – Walker Jan 12 '11 at 04:04
  • id_rsa is a private key in RSA format. You have a private key in PEM format. There isn't a default filename that ssh will check for PEM files like id_rsa and id_dsa so you need to use the -i. It's not going to look for *.pem in ~/.ssh – Sean McEligot Jan 12 '11 at 13:08
  • Thanks again. Tried with keypair and PK pem but result is still the same. Added debug output to the question if this gives any further insight. Tried generating keys over again but did not help. – Walker Jan 12 '11 at 20:17
  • debug1: Trying private key: /home/myvers/.ssh/keyTwo.pem debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey). Here we see that you sent the key to the server and didn't get a success method, but instead it was looking for other methods to try. So either the username is wrong or the host isn't configured correctly. – Sean McEligot Jan 14 '11 at 16:35
1

The cert-* file is an X.509 certificate for accessing the AWS API. It is not an SSH key. IIRC, keypair.pem should be your private SSH key. Try to use that as our identity file.

blueben
  • 3,517
  • 1
  • 16
  • 15
  • Thanks blueben. I was aware about the cert file and when I do SSH it recognizes because of keypair.pem which I generated on AWS. But after that is the problem when it needs id_rsa and id_dsa. – Walker Jan 12 '11 at 04:00
0

The only reason it's looking for id_rsa and id_dsa is because you've not told it where to find a private key that works -- it falls back on the defaults instead. So don't worry about having an id_rsa file, and instead worry about how to get it to use your PK-xxx.pem file.

The following syntax should work:

ssh -i /path/to/keypair.pem ubuntu@ec2-xxxxxxx.amazonaws.com
Mike Scott
  • 7,993
  • 31
  • 26
  • Thanks Mike.. tried it all over again but no success yet. Added debug to the mail post. Please let me know if there is any clue in this debug. regards Walker – Walker Jan 12 '11 at 20:12
0

see if this helps, you need to add the cert and key to your ~/.bashrc file

https://help.ubuntu.com/community/EC2StartersGuide

keanu
  • 1
0

Thank you all for your help and inputs. Everyone is right here and hopefully all these would help someone else in future. What I was doing wrong was I was also creating the Keypair.pem from the AWS console and downloading for SSH. It is not required. All you need is your certificates and just follow the steps in this link suggested by keanu. https://help.ubuntu.com/community/EC2StartersGuide

Amazon is truly secure and simple and I am very amazed at how they have built this process of creating your ami and logging through SSH with just pem files and variables set. I have been using linode and I am overwhelmed with the way this whole server creation and login process has been simplified and secured. Its damn neat and a good lesson for beginners to realize the importance of not rooting to their serves all the time which many pros suggest not to do and realizing how to securely access your server. Thanks eveyone again for their help and inputs.

Walker
  • 127
  • 3