Unable to ssh into EC2 instance

Question

I first tried to ssh into my EC2 instance and I got this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
Permissions 0644 for '/Users/SidRama/Downloads/ec2.pem.txt' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "~/Downloads/ec2.pem.txt": bad permissions
Permission denied (publicly).

So I ran:

sudo chmod 400 ~/Downloads/ec2.pem.txt

Then I executed this

ssh -i  ~/Downloads/ec2.pem.txt ec2-user@ec2-52-35-59-123.us-west-2.compute.amazonaws.com -v

But I get Permission denied (publicly) as below:


OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 53: Applying options for *
debug1: Connecting to ec2-52-35-59-123.us-west-2.compute.amazonaws.com [52.35.59.111] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file ~/Downloads/ec2.pem.txt type -1
debug1: key_load_public: No such file or directory
debug1: identity file ~/Downloads/ec2.pem.txt-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-52-35-59-123.us-west-2.compute.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com  none
debug1: kex: client->server chacha20-poly1305@openssh.com  none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ZJbD9iVRP/8EbzmhyBvrC+Vg2W15k+A5cB6dea3+BAA
The authenticity of host 'ec2-52-35-59-123.us-west-2.compute.amazonaws.com (52.35.59.111)' can't be established.
ECDSA key fingerprint is SHA256:ZJbD9iVRP/8EbzmhyBvrC+Vg2W15k+A5cB6dea3+BAA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-52-35-59-123.us-west-2.compute.amazonaws.com,52.35.59.111' (ECDSA) to the list of known hosts.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/Downloads/ec2.pem.txt
debug1: Authentications that can continue: publickey
debug1: Trying private key: ~/Downloads/ec2.pem.txt
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

I have been trying for some time now. Any help would be deeply appreciated. Thanks in advance.

your key is rejected for some reason. That should be mentioned in the server log. Check what have you changed on the server recently, check the logs and make sure you downloaded the correct key from ec. — Jakuje, Jan 26 '16 at 09:43
Could it be because the EC2 instance was created by Elastic Beanstalk? — raptor123, Jan 26 '16 at 09:46
the public key that matches the "ec2.pem.txt" private key should be listed in an authorized_keys file ( usually in the home directory of the user .ssh folder) and this folder should have appropriate permissions ( 755 often ok ) and the authorized_keys file should have appropriate permissions ( 640 maybe?). Which log to look in varies according to distribution of Linux. /var/log/secure.log is a possible. — Vorsprung, Jan 26 '16 at 10:47
What makes you think that you are using the correct Keypair? Check the EC2 instance in the Console to view the name of the Key Pair that was used when the instance was launched. — John Rotenstein, Jan 27 '16 at 05:00
The way you ask your question is misleading. There's two different independent questions in your question, the first one you addressed yourself. Many likely reasons for the second one are detailed here, if you had searched a little bit: http://stackoverflow.com/questions/18551556/permission-denied-publickey-when-ssh-access-to-amazon-ec2-instance/18552866#18552866 — Thibault D., Jan 27 '16 at 07:58
Most common mistake from the linked thread: Are you sure the user is "ec2-user"? — Thibault D., Jan 27 '16 at 07:58

score 1 · Answer 1 · answered Jan 29 '16 at 14:28

A few things I would do:

In Amazon, create an elastic IP and assign it to your instance
Use an absolute path and try a different syntax, I usually just do :

sudo ssh -i /somepath/key.pem ec2-user@51.62.132.180

Reset the known hosts from where you are trying to connect:

sudo ssh-keygen -R 51.62.132.180    
sudo ssh-keyscan -H 51.62.132.180 >> ~/.ssh/known_hosts

Double check the IP of the instance and the path to the key
Remove the .txt extension from the key file

Unable to ssh into EC2 instance

1 Answers1