AWS EC2 权限被拒绝(public 键)
AWS EC2 Permission Denied (public key)
This answer 是专门为这类问题设计的,但我还不清楚它的数百名支持者。
我把我的密钥放在了下载中。找到了,但是当我使用用户 ubunto 时,它似乎不被视为 public 键。输出在此 post 的底部。我使用 sudo chmod 600 ~/downloads/mykey.pem 更改了权限,但结果相同。我使用 sudo chmod 700 ~/downloads/mykey.pem 更改了权限,结果也一样。从 this answer,我尝试了 sudo chown -R me ~/downloads/mykey.pem,然后 sudo chgrp -R 501 ~/downloads/mykey.pem 其中 uid=501(me).
我试过 ec-2 和 root 用户都没有成功。
with root as ec-2
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
with root as user
跳过输出行
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentication succeeded (publickey).
认证成功,但连接关闭
跳过输出行
debug1: channel 0: free: port listener, nchannels 2
debug1: channel 1: free: port listener, nchannels 1
Connection to ec2-[myPublicIP].compute-1.amazonaws.com closed.
Transferred: sent 3264, received 2456 bytes, in 10.3 seconds
Bytes per second: sent 316.6, received 238.2
debug1: Exit status 0
Here is the output using user ubunto that the title of this question refers to:
ssh -v -i ~/downloads/mykey.pem -L 60051:localhost:60051 ubunto@ec2-[mypublicIP].compute-1.amazonaws.com
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ec2[mypublicIP].compute-1.amazonaws.com [[mypublicIP]] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-[mypublicIP].compute-1.amazonaws.com:22 as 'ubunto'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:85gcFh6LySYszjod4WIx5wu7BUvKwL4M6EAcZkv0zGw
debug1: Host 'ec2[mypublicIP].compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:11
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
您使用的是什么 AMI?
股票Ubuntu AMI中的默认用户是ubuntu,而不是ubunto.
除非您创建了一个特殊的 AMI 来设置 ubunto 用户,否则该用户不会存在于 AMI 上,因此无法进行身份验证。
This answer 是专门为这类问题设计的,但我还不清楚它的数百名支持者。
我把我的密钥放在了下载中。找到了,但是当我使用用户 ubunto 时,它似乎不被视为 public 键。输出在此 post 的底部。我使用 sudo chmod 600 ~/downloads/mykey.pem 更改了权限,但结果相同。我使用 sudo chmod 700 ~/downloads/mykey.pem 更改了权限,结果也一样。从 this answer,我尝试了 sudo chown -R me ~/downloads/mykey.pem,然后 sudo chgrp -R 501 ~/downloads/mykey.pem 其中 uid=501(me).
我试过 ec-2 和 root 用户都没有成功。
with root as ec-2
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
with root as user
跳过输出行
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentication succeeded (publickey).
认证成功,但连接关闭
跳过输出行
debug1: channel 0: free: port listener, nchannels 2
debug1: channel 1: free: port listener, nchannels 1
Connection to ec2-[myPublicIP].compute-1.amazonaws.com closed.
Transferred: sent 3264, received 2456 bytes, in 10.3 seconds
Bytes per second: sent 316.6, received 238.2
debug1: Exit status 0
Here is the output using user ubunto that the title of this question refers to:
ssh -v -i ~/downloads/mykey.pem -L 60051:localhost:60051 ubunto@ec2-[mypublicIP].compute-1.amazonaws.com
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ec2[mypublicIP].compute-1.amazonaws.com [[mypublicIP]] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/downloads/mykey.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to ec2-[mypublicIP].compute-1.amazonaws.com:22 as 'ubunto'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:85gcFh6LySYszjod4WIx5wu7BUvKwL4M6EAcZkv0zGw
debug1: Host 'ec2[mypublicIP].compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:11
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/me/downloads/mykey.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
您使用的是什么 AMI?
股票Ubuntu AMI中的默认用户是ubuntu,而不是ubunto.
除非您创建了一个特殊的 AMI 来设置 ubunto 用户,否则该用户不会存在于 AMI 上,因此无法进行身份验证。