13

I've just created an EC2 instance on AWS. Before that, I created my key pair, downloaded the private key.

I'm now trying to log on to the newly created instance (using correct host name, of course, what I replaced here for security). I've added -v switch to get the debug output:

ssh ec2-user@myVirtualHost.compute-1.amazonaws.com -i ~/EC2key.pem -v

Though I provide the key file, I am asked for password. Here's an excerpt from the debug output that might show what's going wrong:

debug1: Host 'myVirtualHost.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/myuser/.ssh/known_hosts:15
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/myuser/EC2key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
ec2-user@myVirtualHost.compute-1.amazonaws.com's password:[asks for password here]

Why after "read PEM private key done: type RSA" the conclusion is "Authentications that can continue: publickey,password"?

Passiday
  • 7,573
  • 8
  • 42
  • 61
  • possible duplicate for: http://stackoverflow.com/questions/9747763/ssh-ec2-asking-for-password – Rishabh Mar 21 '13 at 09:02
  • 3
    Yes, and unanswered at that. My ssh_config has no PasswordAuthentication set to yes. The only settings enabled there are: SendEnv LANG LC_*; HashKnownHosts yes; GSSAPIAuthentication yes; GSSAPIDelegateCredentials no – Passiday Mar 21 '13 at 10:04

3 Answers3

9

I am both happy and humbled to report that the problem was that I was trying to ssh with non-existing user. The tutorial I was following suggested to use a login name what did not correspond the user name in the respective AMI. This was suggested by Amazon support, when they double-checked their tutorial.

I am not sure if there is a way how to discover the default login name from the EC2 Management Console. At least a quick search for the correct user name in the properties did not turn up any matches.

Now I can log on also without providing the key file through -i option, because I've added the key to my keyring with ssh-add command.

Passiday
  • 7,573
  • 8
  • 42
  • 61
  • https://alestic.com/2014/01/ec2-ssh-username/ This is a list of default usernames that ec2 instances use. – Abhidemon Aug 17 '17 at 12:53
1

Well, this could be client-side or server-side in terms of the reason it's failing.

Client-Side: Be sure your .ssh directory is permission 0700 and the EC2key.pem is 0600.

Server-Side: Be sure 'PubkeyAuthentication' is set to 'yes' in your sshd_config (if you are able to get in at all). You could also run the SSH service manually with debug mode (-d flag) to catch other potential reasons (again, if you have access).

Mark Stanislav
  • 979
  • 4
  • 11
  • My ~/.ssh dir permissions are drwx------, and pem file permissions are -rw-------, so I guess that matches your mentioned 0700 and 0600. But I don't have any way how to get in the server side. The one with using key file was supposed to be the initial way. – Passiday Mar 21 '13 at 19:01
  • Who created the AMI that you are using for your instance? It's entirely possible their configuration didn't work properly. If you're using an 'official' AMI or say one directly from Amazon, it should work fine. – Mark Stanislav Mar 21 '13 at 19:03
  • I was following [directions from here](http://aws.amazon.com/articles/7249489223918169), I am taking part in Udacity's CUDA course. So, AMI was generated from supposedly official template. – Passiday Mar 21 '13 at 19:07
  • I see. Well, I guess last idea is just to speak with them to verify no one else is having this problem. If your key is, in fact, the key you created and assigned to the instance, permissions are correct on your local files, there's not a ton left to test that I can think of until you have someone with access to that AMI directly. Sorry! – Mark Stanislav Mar 21 '13 at 19:13
  • Thanks for trying :) When (if) I get it fixed, I will report back to this thread. – Passiday Mar 21 '13 at 20:19
0

Did you try adding the password in Keyring ?

go throw this article

http://aws.amazon.com/articles/1233

# vi /etc/ssh/sshd_config

Find the line PasswordAuthentication yes

and change it to PasswordAuthentication no

Save the file and restart sshd: # /etc/init.d/sshd restart

Rishabh
  • 1,185
  • 1
  • 12
  • 28
  • Yes, and it still asks for password. The debug output is slightly different, though: `debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/myuser/EC2key.pem debug1: Authentications that can continue: publickey,password` – Passiday Mar 21 '13 at 13:43
  • Sorry for the mess, I didn't know there's no way to add linebreaks in the comment text. – Passiday Mar 21 '13 at 13:49
  • keyring should work, here is an article that should help you http://aws.amazon.com/articles/1233 – Rishabh Mar 22 '13 at 17:10
  • doing this locked me out of my instance until I explicitly ran `ssh -i "path/to/pem_file" my.instance` – dutzi Oct 13 '20 at 19:58