2

This question has been asked, and answered, many times (and I've read many of them today), but I still do not see what I'm doing wrong about trying to ssh into an EC2 instance. Here's what I did:

This is an EC2 medium instance, running ubuntu Linux. I created a new key pair and downloaded the rick_casey.pem file, moved it to ~/.ssh, and did 

chmod 400 rick_casey.pem

Then added it to my ssh identity: 

ssh-add rick_casey.pem

But when I try to connect, here is what happens: 

ssh -v -i "rick_casey.pem" [email protected]
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/rickcasey/.ssh/config
debug1: /Users/rickcasey/.ssh/config line 8: Applying options for *.amazonaws.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 53: Applying options for *
debug1: Connecting to ec2-54-237-54-42.compute-1.amazonaws.com [54.237.54.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file rick_casey.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file rick_casey.pem-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/rickcasey/.ssh/rick_casey.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/rickcasey/.ssh/rick_casey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-54-237-54-42.compute-1.amazonaws.com:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Zu9shRhr3d+STyKTHKkhE2ZC1esSrALqNPGj3UtN8IA
Warning: Permanently added 'ec2-54-237-54-42.compute-1.amazonaws.com,54.237.54.42' (ECDSA) to the list of known hosts.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: rick_casey.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: rick_casey.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/rickcasey/.ssh/rick_casey.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

What looks suspicious to me is the line: 

debug1: key_load_public: No such file or directory

Does anyone know what this means? Does this there a problem with the public key? When you generate an AWS key pair, doesn't the public key get automatically added to this AWS server where it should be?

Other users are able to ssh in to this server with no problem, so there is no reason why I can't do the same thing...but does anyone have a suggestion on what I should try?

Thanks, Rick

Improve this question
5
  • can you delete known hosts and try again? Commented Apr 26, 2016 at 0:49
  • Have another user log in and check if your new key is present in authorized_keys on the server. If not, add it there. Commented Apr 26, 2016 at 0:50
  • 2
    Is "ubuntu" the proper user name? Commented Apr 26, 2016 at 0:52
  • What is your username? Use that instead of ubuntu Commented Apr 26, 2016 at 1:32
  • At least half of my instances are Ubuntu and I've always had to use ec2-user as the login. Commented Apr 26, 2016 at 1:56

1 Answer 1

Reset to default
2

When you generate an AWS key pair, doesn't the public key get automatically added to this AWS server where it should be?

Certainly not, unless you're launching a new instance with that key. You mentioned other users being able to log in, which implies this is not an instance you are launching with this key.

To use a new key on an existing instance, you have to append your private key's corresponding public key to /home/ubuntu/.ssh/authorized_keys (or "ec2-user," or whatever the username is supposed to be -- Amazon Linux uses "ec2-user" and Ubuntu uses "ubuntu")... but of course, in that case, there's no reason to use the EC2 console to generate the key... you could have accomplished the same result by generating a private key locally.

But, since you have the key already, you can use ssh-keygen -y -f /path/to/your-private-key.pem extract the public key from the private key, and provide that to your admin, who will need to add it to the server's user's authorized_keys file.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.