SSH EC2 asking for password

Question

I've just setup my EC2 server following this video here exactly - http://www.youtube.com/watch?v=bBajLxeKqoY

I even chose the same server type, everything went well until it asked for the root password to my EC2 server...

Any suggestions?

Dhiraj · Answer 1 · 2015-07-20T01:44:12.520

27

Update

Updating this answer because of the activity:

Depending on if the system is ubuntu or Rhel the user varies.

For ubuntu it is

ssh -i my-pem-file.pem ubuntu@my-ec2-instance-address

For RHEL it is

ssh -i my-pem-file.pem root@my-ec2-instance-address

Connecting to an ec2 instance does not require a password, it would require only a pem file and this is how you connect to it

ssh -i my-pem-file.pem ec2-user@my-instance-address

and remember to chmod 400 your pem file before ssh'ing

edited Jul 20 '15 at 01:44

answered Apr 21 '12 at 12:49

Dhiraj

33,140
10
61
78

1

`chmod 600` worked for me & not the `400`. Using Windows 7, owes to the odd behavior I guess :P – shad0w_wa1k3r Jul 26 '14 at 17:50
2

I would use PuTTY on windows instead. – Dhiraj Jul 26 '14 at 19:41
Putty throws "no private key" errors :-( I tried every permutation of key with the number of bits. Now that you've pointed out, maybe the problem was with user permissions only. I'll verify & let you know! – shad0w_wa1k3r Jul 26 '14 at 19:50
Yes indeed, the error was due to the file permissions! Thanks! – shad0w_wa1k3r Jul 26 '14 at 19:51
Alpine Linux AMI's are undocumented & have a username of `alpine` - to become `root` after logging in as a `USER` you need to `sudo -s` – Stuart Cardall Jul 19 '18 at 15:04

score 19 · Answer 2 · answered Dec 09 '12 at 06:06

19

If you need to do things as root once you are in as ec2-user, use sudo su - that gets you to root and doesn't need a password. Somethings you do need that for, like looking at the tomcat log files

answered Dec 09 '12 at 06:06

Peter

29,498
21
89
122

score 13 · Answer 3 · answered Dec 10 '13 at 10:41

13

I had the same problem and after a lot of struggle, I read this page again:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

Notice in the 4th topic it talks about the user name. It is usually ec2-user but if you are using RHEL5 distro it can be root and if you are using the Ubuntu the user name will be ubuntu - which was my case.

So alternatively try those:

ssh -i my-pem-file.pem ubuntu@my-ec2-instance-address for Ubuntu

or

ssh -i my-pem-file.pem root@my-ec2-instance-address for RHEL5

Hope it helps!

answered Dec 10 '13 at 10:41

fagiani

2,293
2
24
31

2

The current CentOS AMI also requires an ssh user name of `root`. This runs counter to a lot of EC2 information that implies the user name is usually or always `ec2-user`. – Chris Johnson Mar 17 '14 at 23:14
1

Thanks for the advice it helped a lot. The user name for CoreOS is `core` – John Gilmer Dec 04 '16 at 00:03

score 5 · Answer 4 · answered Apr 21 '12 at 12:43

5

You will be asked for password when you enable PasswordAuthentication yes in your sshd_config. Try changing that to no. that should fix it.

Just for anyone else that might have the same problem

answered Apr 21 '12 at 12:43

Skillachie

3,176
1
25
26

2

And what if I do want to use a password? Where to find it? How to set it? – Dpedrinha Jan 30 '16 at 03:05

score 5 · Answer 5 · answered Nov 16 '16 at 09:37

5

Just do

     sudo su -

Worked for me

answered Nov 16 '16 at 09:37

Stephen Ngethe

1,034
13
24

score 4 · Answer 6 · answered Apr 20 '13 at 15:15

4

If you've moved/copied the pem file from another machine, the owner of the file may be different to the user that is running the ssh client. To change the owner of the file:

sudo chown <currentusername> <filename.pem>

answered Apr 20 '13 at 15:15

Steve S

41
1

score 4 · Answer 7 · edited Jan 17 '17 at 05:49

4

Please use --query 'KeyMaterial' while generating key.

Info:

keyMaterial - an unencrypted PEM encoded RSA private key.

edited Jan 17 '17 at 05:49

Alexei - check Codidact

22,016
16
145
164

answered Jan 17 '17 at 05:25

Sharath Arakere

129
2
9

This is exactly what I was after, as I was having this issue because of a self-inflicted AWS CLI flaw on my part, live and learn, thanks for posting this answer even though others were offering user/permissions solutions! Further documentation found here: http://docs.aws.amazon.com/cli/latest/userguide/cli-ec2-keypairs.html#creating-a-key-pair – TryTryAgain Sep 21 '17 at 06:37

score 3 · Answer 8 · answered Nov 17 '15 at 21:19

3

In my case, we had been copying a text file to keep a ubiquitous key. Someone accidentally added characters to this file, and we started getting prompted for a password from the now-corrupt .pem file, when we had never set a password.

answered Nov 17 '15 at 21:19

ambe5960

1,870
2
19
47

score 2 · Answer 9 · edited Mar 07 '17 at 02:40

2

chmod 400 pem_file

ssh -i /path_to_the_pem_file ec2-user@ServerIP

or

ssh -i /path_to_the_pem_file ubuntu@ServerIP

root access is prohibited by default by AWS AMIs.

hope it helps.

edited Mar 07 '17 at 02:40

Philip Kirkbride

21,381
38
125
225

answered Feb 25 '15 at 04:33

CloudGuy

120
4

score 2 · Answer 10 · answered Aug 12 '15 at 22:18

2

In my case, the problem was the file's break type. Try this:

1.- Open the .pem file with TextWrangler

2.- At Bottom of app, verify if the Break Type is "Windows(CRLF)".

Regards

answered Aug 12 '15 at 22:18

pmartinezd

31
1

score 2 · Answer 11 · answered Feb 13 '17 at 16:50

This is the way to connect:

ssh -i /path/my-key-pair.pem ec2-user@public-ip

Now, instead of ec2-user, it could be root, or centos, or ubuntu, or something else. You can check under the "Usage Instructions". If it's not there, and you've tried all the above users, find out from the documentation that came with the AMI.

There is one bug on AWS that cost me a lot of time. If you're launching an instance from a saved AMI under "Images > AMIs", note that it uses the original keys of the running instance it was created from. When launching the AMI, it will prompt you to choose a new key, and even show such key under the description, but the truth is those keys will never work!

So if you're using a custom/saved AMI you'll have to either get the original keys and use them, or just create a brand new one from AWS or the market place. If you haven't created the AMI or can't remember where it came from, look under the details tab. You can then launch a new instance or create a new AMI from the same source. This will then use the keys that you specify.

score 1 · Answer 12 · answered Dec 28 '20 at 06:11

1

Check your .pem file is not corrupt. Using this line

openssl rsa -check -in test.pem -noout

It should return RSA Key OK. If it doesn't then there is most likely a problem with some sort of formatting or something in your pem file.

answered Dec 28 '20 at 06:11

Ega

437
4
12

score 0 · Answer 13 · edited May 23 '17 at 12:26

0

It could be a Linux problem. But there is also a chance that you use the wrong address/key (you started a new instance but still using the old address; or 2 pem have similar name, used the wrong one), "ssh with non-existing user".

edited May 23 '17 at 12:26

Community

1
1

answered Aug 09 '13 at 00:09

Mzq

1,796
4
30
65

score 0 · Answer 14 · answered Feb 12 '14 at 12:44

0

I am using TurboLinux instance, on Mac OS system, please try this command: ssh -i xxxxx.pem root@xxx.xxx.xxx.xxx (public address of allocated VM) I can get through without asking password anymore.

answered Feb 12 '14 at 12:44

Luke Teng

1
1

score 0 · Answer 15 · answered Feb 24 '15 at 17:46

0

In case someone else bumps into this, the solution for my problem was that I had to run it with sudo:

sudo ssh -i my-pem-file.pem root@my-ec2-instance-address

answered Feb 24 '15 at 17:46

Nick Zinger

1,174
1
12
28

score 0 · Answer 16 · answered Jun 08 '15 at 15:52

0

For me, the issue was that I had created an AMI from an existing instance, so when I launched the AMI, even though I selected a new key, the instance's original key was what worked.

answered Jun 08 '15 at 15:52

storm_m2138

2,281
2
20
18

score 0 · Answer 17 · answered Sep 27 '21 at 01:21

Login to Amazone console in browser: https://us-east-2.console.aws.amazon.com/ec2/xxxxxxxx

Click on instances from left panel -> then select your instance -> click on connect button at top right

You will see a window open and there will be a button ssh Client

Here you can see exact command to connect with your instance.

score 0 · Answer 18 · answered Mar 17 '12 at 06:18

0

You should use the *.pem instead of a root password. Once you have logged in use passwd to set a password.

answered Mar 17 '12 at 06:18

Mikhail

7,749
11
62
136

1

I am using the pem file, and it's still asking for a password? unless trying to ssh with the pem on a different computer matters? – Matt Mar 17 '12 at 06:19
1

If you use the *pem it will not ask for a password by default. Try specifying the user as "ec2-user" or "root" in the ssh command. What client and client operating system are you using? Did you restrict the ec2 access to only certain IPs? – Mikhail Mar 17 '12 at 06:20
I did not, or I don't think I did, I just followed that video exactly. I tried root at ec2-user...I'm using ubuntu and just terminal – Matt Mar 17 '12 at 06:22
ssh -i my.pem ec2-user@myip.com – Mikhail Mar 17 '12 at 06:24
Probably using the wrong pem. Make a new image and try to use the Amazon interface. – Mikhail Mar 17 '12 at 06:27
3

I had the same problem when logging in as `root`, but the image was configured such that the login should be `ubuntu`. – Eric J. Mar 17 '12 at 06:28
Is it asking for a root password or did you set a password phrase on your pem? – mac Mar 18 '12 at 07:21
I'm having the same problem. This is the log in prompt of the Red Hat server – Attila Szeremi Jan 30 '14 at 12:58

SSH EC2 asking for password

18 Answers18

Update

Linked