Amazon Ec2 Permission Denied Publickey Ssh Key Generate

  
  1. Amazon Ec2 Permission Denied Public Key Ssh Key Generate Free
  2. Permission Denied Publickey Linux

Jul 08, 2016  git permission denied publickey amazon aws login ssh permission denied publickey. Category Howto & Style. How do I recover access to my EC2 instances if I lost my SSH key. To use SCP to transfer a file. Transfer a file to your instance using the instance's public DNS name. For example, if the name of the private key file is my-key-pair, the file to transfer is SampleFile.txt, the user name is ec2-user, and the public DNS name of the instance is ec2-198-51-100-1.compute-1.amazonaws.com, use the following command to copy the file to the ec2-user home directory. Example 1: To retrieve an SSH public key attached to an IAM user in SSH encoded form. The following get-ssh-public-key command retrieves the specified SSH public key from the IAM user sofia. The output is in SSH encoding. Use Git credentials (static user name and password) or SSH keys (public and private key pairs) in AWS Identity and Access Management (IAM) for authentication with CodeCommit repositories.

I want to add new user accounts that can connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using SSH. How do I do that?

Short Description

You don't need authorizedkeys on your client. You must tell the ssh-client to actually use the key you generated. There are several ways to do that. Just for testing type ssh -vvv -i.ssh/idrsa youruser@yourLinode.You will have to provide your passphrase every time you want to. If you connect to your instance using SSH and get any of the following errors, Host key not found in directory, Permission denied (publickey), or Authentication failed, permission denied, verify that you are connecting with the appropriate user name for your AMI and that you have specified the proper private key (.pem) file for your instance.

Every Amazon EC2 Linux instance launches with a default system user account with administrative access to the instance. If multiple users require access to the instance, it's a security best practice to use separate accounts for each user.

You can expedite these steps by using cloud-init and user data. For more information, see How can I give a user permissions to connect to my EC2 Linux instance using SSH?

Resolution

Create a key pair for the new user account

  • Create a key pair, or use an existing one, for the new user.
  • If you create your own key pair using the command line, follow the recommendations at create-key-pair or New-EC2KeyPair Cmdlet for key type and bit length.
  • If you create your own key pair using a third-party tool, be sure that your key matches the guidelines at Importing Your Own Public Key to Amazon EC2.

Add a new user to the EC2 Linux instance

1. Connect to your Linux instance using SSH.

2. Use the adduser command to add a new user account to an EC2 instance (replace new_user with the new account name). The following example creates an associated group, home directory, and an entry in the /etc/passwd file of the instance:

Note: If you add the new_user to an Ubuntu instance, include the --disabled-password option to avoid adding a password to the new account:

3. Change the security context to the new_user account so that folders and files you create have the correct permissions:

Note: When you run the sudo su - new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of your shell session.

4. Create a .ssh directory in the new_user home directory:

5. Use the chmod command to change the .ssh directory's permissions to 700. Changing the permissions restricts access so that only the new_user can read, write, or open the .ssh directory.

6. Use the touch command to create the authorized_keys file in the .ssh directory:

7. Use the chmod command to change the .ssh/authorized_keys file permissions to 600. Changing the file permissions restricts read or write access to the new_user.

Retrieve the public key for your key pair

Retrieve the public key for your key pair using the method that applies to your configuration:

Verify your key pair's fingerprint

After you import your own public key or retrieve the public key for your key pair, follow the steps at Verifying Your Key Pair's Fingerprint.

Update and verify the new user account credentials

After you retrieve the public key, use the command shell session that is running under the context of the new user account to confirm that you have permission to add the public key to the .ssh/authorized_keys file for this account:

1. Run the Linux cat command in append mode:

2. Paste the public key into the .ssh/authorized_keys file and then press Enter.

Note: For most Linux command line interfaces, the Ctrl+Shift+V key combination pastes the contents of the clipboard into the command line window. For the PuTTY command line interface, right-click to paste the contents of the clipboard into the PuTTY command line window.

3. Press and hold Ctrl+d to exit cat and return to the command line session prompt.

(Optional) Allow the new user to use sudo

Note: If you don't want to allow the new user to use sudo, proceed to Verify that the new user can use SSH to connect to the EC2 instance.

1. Use the passwd command to create a password for the new user:

Note:/generate-ssh-key-windows-10-gitlab.html. You're prompted to reenter the password. Enter the password a second time to confirm it.

2. Add the new user to the correct group.

For Amazon Linux, Amazon Linux 2, RHEL, and CentOS:

Use the usermod command to add the user to the wheel group.

For Ubuntu:

Use the usermod command to add the user to the sudo group.

Verify that the new user can use SSH to connect to the EC2 instance

1. Verify that you can connect to your EC2 instance when using ssh as the new_user by running the following command from a command line prompt on your local computer:

To connect to your EC2 Linux instance using SSH from Windows, follow the steps at Connecting to Your Linux Instance from Windows Using PuTTY.

2. After you connect to your instance as the new_user by using SSH, run the id command from the EC2 instance command line to view the user and group information created for the new_user account:

The id command returns information similar to the following:

3. Distribute the private key file to your new user.

Related Information

Anything we could improve?

Need more help?

Related Videos

Joel shows you how to manage user accounts on your Amazon EC2 Linux instance (5:47)

I'm trying to connect to my Linode with SSH but I get this error:

Permission denied (publickey)

How can I get around this?

1 Reply

If you're getting the Permission denied (publickey) error when connecting to your Linode with SSH, one of three things may be happening.

  1. You don't have the matching key on your local machine.
  2. You have too many keys on your local machine.
  3. Your key isn't listed in the authorized_keys file on the Linode (or the file doesn't exist).

First, check to see if you can find out why you can't connect. This command will tell you everything that SSH is trying to do and trying to check when accessing your Linode:

Then, you can try logging into your Linode with the following SSH command:

This command tells SSH to prefer passwords over public keys. It only works if you have both PubKeyAuthentication and PasswordAuthentication enabled -- and it won't work with PuTTy, unfortunately.

If you don't have the matching key on your local machine, then you'll need to:

-- Enable password authentication on your server.
-- (optional) Disable public key authentication on your server.
-- Restart the SSH server.

First, you will need to log in to your Linode via the Lish console.

Once logged in, you'll need to edit your /etc/ssh/sshd_config file. To use Nano to edit it, run this command (use 'sudo' if not logged in as root):

Make the following changes (disabling PubKeyAuthentication is optional). Don't forget to remove # symbols before each value that you are changing.

So, for example:

PubKeyAuthentication Yes
#PasswordAuthentication no

Would change to:

PubKeyAuthentication No
PasswordAuthentication Yes

When you're done, hit CTRL+O to save and CTRL+X to exit Nano. You'll just need to restart the SSH server with one of the following commands.

Now you should be able to try and connect with SSH. If you're still having trouble, take a look at the changes you made and make sure everything looks right -- the # is removed before each key and there are no extra spaces or anything.

If you have too many keys on your local Machine, then you can try specifying which key you want to use:

If your key isn't in the authorized_keys file (or the file doesn't exist) on your Linode

To fix this, you'll need to manually insert your public key into the authorized_keys file on your Linode (or create the file and then insert it).

If you haven't generated a public key, you can try disabling the public key authentication and then enabling password authentication using the instructions above. Otherwise, you can generate a key using these instructions.

First, log in to your Linode via the Lish console.

Next, you need to view the contents of your public key file (usually, id_rsa.pub). On MacOS, it should be found in /Users/[username]/.ssh/ . On Linux systems, it should be found in /home/[username]/.ssh/. To view, just type:

On Windows systems, it usually you would most likely have chosen the location for this file. To view it, you can typically open the file with Notepad.

A valid key will look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3tvOQFGAnY3p1t6gv6rXEat8maN
YghZYuAuci3Pd0gEr3MHMFwZ3NqYA87VM+HLbu9EbBjvPjuFmNkdT7yN8TJkv1Z61g
+NJ3+aJBGHNe8MDKs69z3yNgakiI2ynT8+GDOz545fQfZdyl5oQ9IvcODz0k7yoKP9
yQdSj8l9dCN9Zf8GBLQTbryHgaSEoinpX5SFmNkdT7yN8TJkv1Z61gpB+NJ3+aJBGH
Jvl72P8ePqG2nIvSqHsm/4OfdJshaXHA+j6DpvSQ user@users-laptop.local

Keep this file open for now.

Next, verify whether the key is in the authorized_keys file on your Linode.

Open a Lish console and log in (with the same user you use when logging in via SSH).

View your authorized_keys file with the following command:

You can visually compare them or use a tool like diffchecker -- just remember that there could be multiple keys listed in the authorized_keys file. Each line contains a single public key (word wrapping may make it look like the key takes up several lines).

Amazon Ec2 Permission Denied Publickey Ssh Key Generate

If they don't match, or your key isn't listed in the file, you will need to add it.

Go back to the window with your public key, and select the entire key (from 'ssh-rsa' to 'users-laptop.local') and then copy it to your clipboard. They key should be on a single line (word wrap may look like it is on multiple lines).

If the authorized_keys file doesn't exist or you received an error when trying to view it, we need to confirm that you have the .ssh folder and the authorized_keys file on your Linode.

If you receive an error from either of these commands, you will need to create the folder or file.

To create the .ssh folder:

Amazon Ec2 Permission Denied Public Key Ssh Key Generate Free

To create the authorized_keys file:

Next, open the authorized_keys file in VIM.

Permission Denied Publickey Linux

Type shift+g to go to the end of the file, and then type shift+a to edit the file. Press return/enter to create a new line. Next, paste your public key into the authorized_keys file. Remember, each key takes up one line (word wrapping may make it look like this takes up multiple lines).

Finally, hit the escape key, and then type :wq! to save the file and close VIM.

Last but not least, restart the SSH server with one of the following commands.

More information
Use Public Key Authentication with SSH - Linode
Configure SSH key based secure authentication - SSH.com

Community Code of Conduct