0

I created two ec2 instances, and was able to ssh into the first two fine. After creating the third, I get this error upon trying to ssh into any of them.

This is what I'm running: ssh -v -i /Users/name/meteor.pem ubuntu@52.27.126.###

To get: 

 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to 52.25.###.## [52.25.###.##] port 22.
debug1: Connection established.
debug1: identity file /Users/name/.ssh/meteor.pem type -1
debug1: identity file /Users/name/.ssh/meteor.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<##92) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 3f:5a:e4:15:3e:c6:ee:f4:6e:97:59:02:ee:df:e2:a5
debug1: Host '52.25.###.##' is known and matches the RSA host key.
debug1: Found key in /Users/name/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/name/.ssh/github_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/name/.ssh/meteor.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

I've tried this post's suggestion:

sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R User ~/.ssh/
sudo chgrp -R User ~/.ssh/

but the line chgrp -R User ~/.ssh/ gives me the error chgrp: mycomputerusername: illegal group name

I can't figure out what the group name should be. My aws account username?

I also have no idea what I did to cause this error. Every time I create a new pem I run chmod 600 meteor.pem , so maybe I entered this line wrong and it's causing permissions problems?

Any suggestions about what to try next would be greatly appreciated!

Community
  • 1
nonpareiloffavor
  • 3
  • 4

2 Answers2

1

Since you use 700 for the directory's permission and 600 for the files' permission inside the .ssh, it's not necessary to change the group.

From the log above, it shows using meteor.pem, did you use a different key when creating the 3rd EC2 instance?

Yc Zhang
  • 11
  • 2
  • Yup but I've been changing my commands in accordance with the new key names. So it's not that I'm using a key that doesn't match the instance. – nonpareiloffavor Aug 14 '15 at 15:20
  • It's not clear where you put the `file_name.pem`, if you are not using `meteor.pem` but using `file_name.pem`, you can add a `-i` parameter to specify the `file_name.pem` path. – Yc Zhang Aug 14 '15 at 16:02
  • I used -i in my ssh command if that's what you meant. I've edited my question to include the exact command I ran. And when I ran chmod 600 file_name.pem I was in my .ssh directory – nonpareiloffavor Aug 14 '15 at 16:07
  • I notice you are using `ssh -v -i /Users/name/meteor.pem ubunt@52.27.126.###` rather than the `/Users/name/.ssh/meteor.pem`. From the output, it doesn't look like the command line parameter `/Users/home/meteor.pem` is being used. – Yc Zhang Aug 14 '15 at 16:12
  • I apologize, I once tried moving my file out of my .ssh directory and then ssh-ing. The code I posted is from that time, but that's not causing my issue now. I've updated my post to show a more accurate error message. – nonpareiloffavor Aug 14 '15 at 16:15
  • did you have a previous VM with the same IP address? if yes, try ssh with "-o StrictHostKeyChecking=no" option. Also, you should chmod 600 your pem key. About "chgrp -R User ~/.ssh/", you should replace User with your local linux user. Last thing: are you sure to use an AWS-provided Ubuntu AMI, and not another OS or custom AMI? – Tom Aug 14 '15 at 16:48
  • I didn't have a previous virtual machine with the same IP address, and I've tried chmod 600 on my pem key. I tried replacing User with ubuntu, because of this http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html, but I'm not sure if that's my local linux user? I am using AWS-provided Ubuntu AMI – nonpareiloffavor Aug 14 '15 at 21:41
  • can you still try "ssh -o StrictHostKeyChecking=no -v -i /Users/name/meteor.pem ubuntu@52.27.126.###"? just to be sure this is not the issue – Tom Aug 15 '15 at 08:01
0

You can compare your private key fingerprint using the aws-cli with ec2-fingerprint-key .ssh/key.pem (path to your private key / key name) And compare to your instance public fingerprint

Fabian LAbat
  • 16