AWS OpsWorks SSH Permission denied (publickey)
To deploy an instance of a Rails application to AWS OpsWorks, I must define an SSH key for the instance. I followed the steps given in the help page: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-ssh.html#workinginstances-ssh-third
- I created a key pair and downloaded the file
.pem
: AWSRails.pem - I changed the
chmod
file to 600 - On the stack page, I added the default SSH key to the previously generated one (step 1)
- In the instance page I get the public DNS name: ec2-54-72-154-78.eu-west-1.compute.amazonaws.com
- On the same page I get Operating System: Amazon Linux
-
In the terminal, I tried to establish an ssh connection to the instance:
ssh -v -i ~ / Downloads / AWSRails.pem ec2-user@ec2-54-72-154-78.eu-west-1.compute.amazonaws.com
I had the following output:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to ec2-54-72-154-78.eu-west-1.compute.amazonaws.com [54.72.154.78] port 22.
debug1: Connection established.
debug1: identity file AWSRails.pem type -1
debug1: identity file AWSRails.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA f0:52:63:a5:cf:d9:62:bc:f7:b9:f9:04:a7:05:93:5e
debug1: Host 'ec2-54-72-154-78.eu-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/Hassen/.ssh/known_hosts:12
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Hassen/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: AWSRails.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Reading the debug message, communication has been established and everything is working fine until the authentication method is published. I tried many of the same problems as on StackOverflow but none worked.
Do you have any ideas? Thank.
source to share
Two possible solutions:
-
Do you have SSH enabled for your user? Check your permissions (from the IIRC dashboard). If it's just you on the stack, then you probably already have permissions, but I know I should have enabled it by adding members to my development team. See AWS OpsWorks on SSH page for details
-
All my scripts "ssh to OpsWorks instances" always do
ssh add-key ec2-keypair.pem
before trying to SSH. I believe this is the key given to you during the initial stack creation ??? or something? Anyway, if you have this key, give it a tryssh add-key
. It can also depend on how you set up your OpsWorks (private keys or one default key) ...
source to share
Its worth checking if the username is what you expect from it. I had the exact same error and it was because I was using Ubuntu instances and not Amazon Linux, but that might not be the only reason for a different username.
Opsworks consoles. The SSH login page offers userexamplecom
an SSH username for the AWS / IAM user with user@example.com
as login. But for Ubuntu its ubuntu
, Amazon Linux or Red Hat for it ec2-user
, and Debian for admin
. More details here (I haven't used all of this personally).
The good advice from the linked article is to try:
$ ssh root@hostname
How some systems will react to something like:
Please login as the user "ubuntu" rather than the user "root".
source to share