0

I am trying to access an ec2 instance using a different (mac) computer. In order to do so, I created a new keypair, used chmod 600 to set the permission, and then used ssh-add. When I try to ssh into my ec2 instance, I get "permission denied (publickey)". I'm sure my error is something idiotic and simple, but I can't seem to find it, can anyone help me out?

abcooper
  • 173
  • 3
  • 8

2 Answers2

2

You need to ensure the ~/.ssh/id_rsa.pub (if it's an RSA key) from your Mac is appended to the ~/.ssh/authorized_keys file on the target machine. Normally, if this is a default Amazon API, the user is "ec2-user" -- ~ec2-user/.ssh/authorized_keys

REMEMBER TO APPEND and not remove other entries in that file -- else, you risk locking yourself out of that machine ...

sdolgy
  • 6,963
  • 3
  • 41
  • 61
  • I think I should automatically be appended to the file, because I created the keypair using the aws management console? Or am I misunderstanding your advice? – abcooper Jun 22 '12 at 17:06
  • You need to persist the generated public key to the instance. It's easy to check. Look in "authorized_keys" to see if the generated "pub" on your mac has been copied into it. – sdolgy Jun 22 '12 at 17:29
  • Oh, I see. I'm wrong about that. Unfortunately the whole reason I'm trying to do this is that I don't currently have access to my old key, so I can't log-in to do that. But thanks for helping me figure out the problem – abcooper Jun 22 '12 at 17:34
1

is your private key on the new computer?

You need to put that on the computer you ssh in with. I usually keep mine on a flash drive.... I am not running linux atm so i forget the default directory it checks. Maybe this joggs your memory some. I think the directory would be like ~/.id_rsa/ or something?

Fallenreaper
  • 10,222
  • 12
  • 66
  • 129
  • the private key is on the new computer, I don't THINK location is the problem? Though I could be wrong - I don't really have an in-depth understanding of what's going on in this process – abcooper Jun 22 '12 at 16:55
  • you need to have the original private key, you cannot make new ones unless your ec2 instance gets a copy of the plublic key. Essentially it is a handshaking process to show that you are who you say you are. The key is secure (enough) and has a matching pair as you know. THe point is that the public key goes on the server you want, and then your private key will be compared through some encryoption algorithms. If you do not have the matching Private key to the public on the ec2 instance, you need to change the public key. – Fallenreaper Jun 22 '12 at 17:20
  • Thank you. I was thinking that when I created the new key, aws was automatically linking it to my instance, but that's totally not the case, and I don't know why I thought that – abcooper Jun 22 '12 at 17:35