0

I have created an EC2 Linux Instance in AWS. I used Ubuntu Server 20.04 LTS (HVM) AMI. After create the instance I was downloaded the key pair file (.pem). I gave it a name "EC2-Key-Pair". Then I launched the instance. Then in my Kali Linux system I open a Linux terminal where I saved the .pem file. After that I used this command:

chmod 400 EC2-Key-Pair

After run this command, I used this command:

ssh -i "EC2-Key-Pair.pem" ubuntu@ec2-13-232-252-152.ap-south-1.compute.amazonaws.com

Where ubuntu is the username and

ubuntu@ec2-13-232-252-152.ap-south-1.compute.amazonaws.com

is the Public IPv4 DNS of my instance. But when I executed this command I get this error:

Host key verification failed.

How to fix this error. I have executed this command using sudo and not using sudo. But both way was failed. Even I searched the error on internet, I found a solution that by using this command I can fix this error:

ssh-keygen -R Hostname

Where I used my instance's public IPv4 DNS as Hostname:

ssh-keygen -R ec2-13-232-252-152.ap-south-1.compute.amazonaws.com

But it shows an error that:

Cannot stat /home/sanniddha/.ssh/known_hosts: No such file or directory

Error after execute the SSH command as root user

Error after execute the SSH command

Error after execute ssh-keygen -R Hostname

Sann
  • 115
  • 1
  • 7

2 Answers2

1

This error means that there is something changed in your instance since the last login, and most properly you created the EC2 instance, with No fixed IP assigned to this instance. so When you start this instance, it will get (dynamic) IP and a DNS name which will be based on that IP. If you shutdown the instance and start it again few hours later, it might get a new IP and a new DNS name.

Asri Badlah
  • 1,949
  • 1
  • 9
  • 20
  • During the creation of instance, in Configure Security Group page, I was set Type to Custom TCP, and set Port Range to 8888. In source, choose My IP from the dropdown – Sann Mar 14 '21 at 11:39
  • You need to open 22 port to able to ssh as well – Asri Badlah Mar 14 '21 at 11:55
  • there was 22 port as well. There was 2 rule in my instance. first rule was already created by default where Type was SSH, Protocol was TCP, Port was 22, Source was Custom. And second, that was I created. – Sann Mar 14 '21 at 12:57
0

The trouble you are getting because of the ssh key fingerprint changed. In general, it is not a bad thing and you accept the warning but double-check everything.

What is an SSH key fingerprint and how is it generated?

What can cause a changed ssh fingerprint

In your case, it might be because you launched an instance earlier and which has a similar DNS name that got added to ~/.ssh/known_hosts file.

xx.xx.xx.xx ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP2oAPXOCdClEnRzlXuxKtygT3AROcruefiPi6JPdzo+=

You can clean ~/.ssh/known_hosts by issueing following command

ssh-keygen -R ec2-13-232-252-152.ap-south-1.compute.amazonaws.com

As the IP got recycled on AWS side for the instance when you launched a new instance. The new instance has a different ssh fingerprint from the one you have in your ~/.ssh/known_hosts file, hence the warning.

As pointed out already, you need to open port 22 for your IP to access the instance.

If possible use IP address instead of DNS name for ssh. Plus for ssh you don't need sudo

samtoddler
  • 8,463
  • 2
  • 26
  • 21
  • I was used "ssh-keygen -R ec2-13-232-252-152.ap-south-1.compute.amazonaws.com" command to clean ~/.ssh/known_hosts. But it shows an error that "Cannot stat /home/sanniddha/.ssh/known_hosts: No such file or directory". I run the SSH command by not using sudo also. But same problem. And there was 22 port as well. There was 2 rule in my instance. first rule was already created by default where Type was SSH, Protocol was TCP, Port was 22, Source was Custom. And second, that was I created – Sann Mar 14 '21 at 13:03
  • @SanniddhaChakrabarti can you check if `~/.ssh/known_hosts` exists manually ? are you using `windows`? . Are you able to accept the warning ? – samtoddler Mar 14 '21 at 13:24
  • I am using Kali Linux – Sann Mar 14 '21 at 13:27
  • @SanniddhaChakrabarti meant your base OS from where you are trying to ssh – samtoddler Mar 14 '21 at 13:28
  • My System has Kali Linux OS. I am trying connect to AWS instance from Linux. – Sann Mar 14 '21 at 13:31
  • I followed steps mentioned in this documents. https://docs.aws.amazon.com/quickstarts/latest/vmlaunch/step-2-connect-to-instance.html – Sann Mar 14 '21 at 13:32
  • @SanniddhaChakrabarti if the file doesn't exists [it will prompt you](https://unix.stackexchange.com/a/349830/282980) for creating one. Can you accept the warning for the `Host Key Verification` and share the full logs via `ssh -vvv` – samtoddler Mar 14 '21 at 13:36
  • Yes I can accept the warning for Host Key Verification. But how can I share full logs? What is the command to see full logs? – Sann Mar 14 '21 at 13:47
  • @SanniddhaChakrabarti and it still failing after accepting the warning? command is `ssh -vvv username@host-ip` – samtoddler Mar 14 '21 at 13:50
  • Yes still error after accepting the warning. – Sann Mar 14 '21 at 13:53
  • Here is the full logs after run the command ssh -vvv username@host-ip. https://docs.google.com/document/d/1FJmfWGtPxofOyTTNL5jppIGJpl4huyAsxBBWQfM8uOw/edit?usp=sharing – Sann Mar 14 '21 at 14:01
  • @SanniddhaChakrabarti requested an edit on the doc, can you accept? – samtoddler Mar 14 '21 at 14:07
  • @SanniddhaChakrabarti I am not able to edit – samtoddler Mar 14 '21 at 14:16
  • @samotoddler It now works. Actually I have press Enter when it asked me the permission to accept warning. I thought that like other commands it will took Enter as "yes" – Sann Mar 14 '21 at 14:27
  • @SanniddhaChakrabarti as prompt is already sharing `yes/no` option. If this works, can you mark this qeustion as solved. Helps the community – samtoddler Mar 14 '21 at 14:29