AWS ec2 SSH permission denied (publickey)

Question

So far I have:

1. Created a keypair and assigned it to my elastic beanstalk instance.

2. I have downloaded the keypair and given it 400 permissions.

3. I have acquired the current public DNS host name for the instance.

4. I have determined that the username i am suppose to use for the AMI is "ec2-user"

   And I have constructed my command with this info in the following way

   ssh -vvv -i ~/.ssh/dreamcal-dev.pem ec2-user@ec2-54-79-66-190.ap-southeast-2.compute.amazonaws.com

   And this is the ouput

   OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
   debug1: Reading configuration data /etc/ssh_config
   debug1: /etc/ssh_config line 20: Applying options for *
   debug2: ssh_connect: needpriv 0
   debug1: Connecting to ec2-54-79-66-190.ap-southeast-2.compute.amazonaws.com [54.79.66.190] port 22.
   debug1: Connection established.
   debug1: permanently_set_uid: 0/0
   debug3: Incorrect RSA1 identifier
   debug3: Could not load "/Users/nik/.ssh/dreamcal-dev.pem" as a RSA1 public key
   debug1: identity file /Users/nik/.ssh/dreamcal-dev.pem type -1
   debug1: identity file /Users/nik/.ssh/dreamcal-dev.pem-cert type -1
   debug1: Enabling compatibility mode for protocol 2.0
   debug1: Local version string SSH-2.0-OpenSSH_6.2
   debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
   debug1: match: OpenSSH_5.3 pat OpenSSH_5*
   debug2: fd 3 setting O_NONBLOCK
   debug3: load_hostkeys: loading entries for host "ec2-54-79-66-190.ap-southeast-2.compute.amazonaws.com" from file "/var/root/.ssh/known_hosts"
   debug3: load_hostkeys: found key type RSA in file /var/root/.ssh/known_hosts:2
   debug3: load_hostkeys: loaded 1 keys
   debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
   debug1: SSH2_MSG_KEXINIT sent
   debug1: SSH2_MSG_KEXINIT received
   debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
   debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
   debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
   debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
   debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
   debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: first_kex_follows 0 
   debug2: kex_parse_kexinit: reserved 0 
   debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
   debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
   debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
   debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
   debug2: kex_parse_kexinit: none,zlib@openssh.com
   debug2: kex_parse_kexinit: none,zlib@openssh.com
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: 
   debug2: kex_parse_kexinit: first_kex_follows 0 
   debug2: kex_parse_kexinit: reserved 0 
   debug2: mac_setup: found hmac-md5
   debug1: kex: server->client aes128-ctr hmac-md5 none
   debug2: mac_setup: found hmac-md5
   debug1: kex: client->server aes128-ctr hmac-md5 none
   debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
   debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
   debug2: dh_gen_key: priv key bits set: 135/256
   debug2: bits set: 488/1024
   debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
   debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
   debug1: Server host key: RSA 0c:d6:07:20:ed:b1:2b:0d:97:57:49:be:c6:53:ae:04
   debug3: load_hostkeys: loading entries for host "ec2-54-79-66-190.ap-southeast-2.compute.amazonaws.com" from file "/var/root/.ssh/known_hosts"
   debug3: load_hostkeys: found key type RSA in file /var/root/.ssh/known_hosts:2
   debug3: load_hostkeys: loaded 1 keys
   debug3: load_hostkeys: loading entries for host "########" from file "/var/root/.ssh/known_hosts"
   debug3: load_hostkeys: found key type RSA in file /var/root/.ssh/known_hosts:2
   debug3: load_hostkeys: loaded 1 keys
   debug1: Host 'ec2-54-79-66-190.ap-southeast-2.compute.amazonaws.com' is known and matches the RSA host key.
   debug1: Found key in /var/root/.ssh/known_hosts:2
   debug2: bits set: 525/1024
   debug1: ssh_rsa_verify: signature correct
   debug2: kex_derive_keys
   debug2: set_newkeys: mode 1
   debug1: SSH2_MSG_NEWKEYS sent
   debug1: expecting SSH2_MSG_NEWKEYS
   debug2: set_newkeys: mode 0
   debug1: SSH2_MSG_NEWKEYS received
   debug1: Roaming not allowed by server
   debug1: SSH2_MSG_SERVICE_REQUEST sent
   debug2: service_accept: ssh-userauth
   debug1: SSH2_MSG_SERVICE_ACCEPT received
   debug2: key: /Users/nik/.ssh/dreamcal-dev.pem (0x0), explicit
   debug1: Authentications that can continue: publickey
   debug3: start over, passed a different list publickey
   debug3: preferred publickey,keyboard-interactive,password
   debug3: authmethod_lookup publickey
   debug3: remaining preferred: keyboard-interactive,password
   debug3: authmethod_is_enabled publickey
   debug1: Next authentication method: publickey
   debug1: Trying private key: /Users/nik/.ssh/dreamcal-dev.pem
   debug1: read PEM private key done: type RSA
   debug3: sign_and_send_pubkey: RSA 59:7d:ce:20:3a:a7:45:23:3e:c9:ca:aa:64:0b:e0:ab
   debug2: we sent a publickey packet, wait for reply
   debug1: Authentications that can continue: publickey
   debug2: we did not send a packet, disable method
   debug1: No more authentication methods to try.
   Permission denied (publickey).
   

(I blocked out my IP address from the above)

I have tried changing permissions and owners on things. Can anyone see what's missing or point me in the right direction?

I did see somewhere about "unmounting" something to change permissions on the server but that is a little beyond my understanding. Surely that isn't the only fix? How do other people successfully SSH in without having to jump through all these hoops?

Answer 1

Have you opened 22 port to your local machine in Security group...