0

I’m getting the following error when trying to use paramiko to ssh to an instance in EC2. The pem file is not corrupted. I did use the key to SSH directly from my laptop with no issues. I also tried including the parameter passphrase = None, but still got the same error. I’m pretty new to Python and I’ve never used paramiko before so I’m not sure what else I can do to troubleshoot. Can anyone offer any suggestions? Thanks much for any help. 

import boto3
import paramiko

cert = paramiko.RSAKey.from_private_key_file("C:\\data\\aws-key.pem")
c = paramiko.SSHClient()

c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
print "connecting..."
c.connect( hostname = "10.28.73.174", username = "ec2-user", pkey = cert,)
print "connected!!!"
stdin, stdout, stderr = ssh.exec_command('ls')
print stdout.readlines()
c.close()

connecting...
Traceback (most recent call last):
File "k_ssh_to_ec2_instance.py", line 35, in <module>
c.connect( hostname = "10.28.73.174", username = "ec2-user", pkey = cert,)
File "C:\Python27\lib\site-packages\paramiko\client.py", line 424, in 
connect passphrase,
File "C:\Python27\lib\site-packages\paramiko\client.py", line 714, in _auth 
raise saved_exception
paramiko.ssh_exception.AuthenticationException: Authentication failed.

from log
DEB [20180215-09:46:11.342] thr=1   paramiko.transport: starting thread 
(client mode): 0x37e9e50L
DEB [20180215-09:46:11.345] thr=1   paramiko.transport: Local 
version/idstring: SSH-2.0-paramiko_2.4.0
DEB [20180215-09:46:11.480] thr=1   paramiko.transport: Remote 
version/idstring: SSH-2.0-OpenSSH_6.6.1
INF [20180215-09:46:11.480] thr=1   paramiko.transport: Connected (version 
2.0, client OpenSSH_6.6.1)
DEB [20180215-09:46:11.622] thr=1   paramiko.transport: kex algos:
[u'curve25519-sha256@libssh.org', u'ecdh-...
DEB [20180215-09:46:11.628] thr=1   paramiko.transport: Kex agreed: ecdh-
sha2-nistp256
DEB [20180215-09:46:11.628] thr=1   paramiko.transport: HostKey agreed: ssh-
ed25519
DEB [20180215-09:46:11.628] thr=1   paramiko.transport: Cipher agreed: 
aes128-ctr
DEB [20180215-09:46:11.628] thr=1   paramiko.transport: MAC agreed: hmac-
sha2-256
DEB [20180215-09:46:11.630] thr=1   paramiko.transport: Compression agreed: 
none
DEB [20180215-09:46:11.780] thr=1   paramiko.transport: kex engine 
KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEB [20180215-09:46:11.782] thr=1   paramiko.transport: Switch to new keys 
...
DEB [20180215-09:46:11.809] thr=2   paramiko.transport: Adding ssh-ed25519 
host key for 10.28.73.174: 49a9f7afbe7ccfa4f437524af27515e2
DEB [20180215-09:46:11.809] thr=2   paramiko.transport: Trying SSH key 
59e06bbe38bb69d943d0d301fcbf3e39
DEB [20180215-09:46:11.997] thr=1   paramiko.transport: userauth is OK
INF [20180215-09:46:12.158] thr=1   paramiko.transport: Authentication 
(publickey) failed.
DEB [20180215-09:46:12.259] thr=1   paramiko.transport: EOF in transport 
thread
kavise
  • 175
  • 2
  • 2
  • 12
  • you sure you're using the correct algo to encrypt the key? also another viable solution is to use the `ssm` client from `boto3` – gold_cy Feb 14 '18 at 23:23
  • Show us [paramiko log file](https://stackoverflow.com/q/27587716/850848) + Are you running your Python code on the same machine, where you *"use the key to SSH directly from my laptop with no issues"*? + Show us `ssh -v` of that too. – Martin Prikryl Feb 15 '18 at 06:41
  • thanks for feedback: Yes same laptop but I connected using Putty (had to convert key for Putty, but using original for Python) I added log output. I am on a Windows 10 laptop. I am using the private key that we created and use to launch our ec2 linux instances. The keys that Amazon EC2 uses are 2048-bit SSH-2 RSA keys. – kavise Feb 15 '18 at 18:40
  • So use `plink` from PuTTY package instead of `ssh`: `plink -v sessionname` – Martin Prikryl Feb 16 '18 at 06:47

0 Answers0