Amazon LightSail 上的权限被拒绝
Permission denied on Amazon LightSail
登录适用于 LightsailDefaultPrivateKey-eu-west-1.pem 但不适用于我自己的密钥对。
我尝试用 'ssh-keygen -t rsa -b 4096 -C "my@email.com" -f ~/.ssh/lsail-mikemittererat-eu-west-1.pem'
生成密钥
我还尝试在 AWS/S2 上生成一个密钥,下载它,从私钥中生成一个 public 密钥并将其上传到 LightSail - 结果相同。没用。
错误信息:
ssh -i ~/.ssh/ssh_my-website ubuntu@
权限被拒绝(public密钥)。
这是我使用 -v 选项得到的结果:
ssh -v -i ~/.ssh/lsail-mikemittererat-eu-west-1.pem ubuntu@<public ip>
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to <public ip> [<public ip>] port 22.
debug1: Connection established.
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <public ip>:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6u6vqWOSbOSNiPYAOqa5q/epSntR7GG5dvFzKuUAJOQ
debug1: Host '<public ip>' is known and matches the ECDSA host key.
debug1: Found key in /Users/mikemitterer/.ssh/known_hosts:38
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
.pem 的权限设置为 600,.ssh ist 设置为 700
我遇到同样的问题好几个小时了,终于解决了。这是我所做的:
将 pem 文件下载到文件夹中。
然后运行这个:
$chmod 600 KEYFILE.pem
还有这个:
$ssh -i "KEYFILE.pem" bitnami@your_static_ip
我记得,我试过和你一样的东西,但没用。
我能够按如下方式让它工作:
按照您上面的描述生成了 SSH 密钥对 (ssh-keygen -t rsa -b 4096 -C "my@email.com" -f ~/certs/test.pem)
更改了私钥文件的权限 (chmod 600 test.pem)
ssh 使用 lightsail 集成控制台进入实例,并将 public 密钥添加到 ~/.ssh/authorized_keys 文件
我能够使用 ssh -i ~/certs/lightsail.pem ubuntu@
让我知道这是否有效,或者我是否遗漏了什么。
我使用 AWS 密钥和第 3 方生成的密钥执行了 Add new user accounts with SSH access 中列出的所有步骤,但仍然出现 <USER>@<HOSTNAME>: Permission denied (publickey) 错误。事实证明,我需要修复我的自定义主目录位置的目录权限,这与我生成密钥或将其上传到实例的方式无关。
Troubleshoot "Permission denied (publickey)" knowledge-base 文章中详述的所需目录权限声明应使用以下权限:
- 用户主目录的父目录(如
/home):755
- 用户的主目录(例如
/home/ec2-user):700
- 用户的
.ssh/目录(例如/home/ec2-user/.ssh):0700
- 用户的
authorized_keys文件(例如/home/ec2-user/.ssh/authorized_keys):600
一旦我的目录权限正确,我配置的密钥就开始工作了。
登录适用于 LightsailDefaultPrivateKey-eu-west-1.pem 但不适用于我自己的密钥对。
我尝试用 'ssh-keygen -t rsa -b 4096 -C "my@email.com" -f ~/.ssh/lsail-mikemittererat-eu-west-1.pem'
生成密钥我还尝试在 AWS/S2 上生成一个密钥,下载它,从私钥中生成一个 public 密钥并将其上传到 LightSail - 结果相同。没用。
错误信息: ssh -i ~/.ssh/ssh_my-website ubuntu@ 权限被拒绝(public密钥)。
这是我使用 -v 选项得到的结果:
ssh -v -i ~/.ssh/lsail-mikemittererat-eu-west-1.pem ubuntu@<public ip>
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to <public ip> [<public ip>] port 22.
debug1: Connection established.
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <public ip>:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6u6vqWOSbOSNiPYAOqa5q/epSntR7GG5dvFzKuUAJOQ
debug1: Host '<public ip>' is known and matches the ECDSA host key.
debug1: Found key in /Users/mikemitterer/.ssh/known_hosts:38
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
.pem 的权限设置为 600,.ssh ist 设置为 700
我遇到同样的问题好几个小时了,终于解决了。这是我所做的:
将 pem 文件下载到文件夹中。
然后运行这个:
$chmod 600 KEYFILE.pem
还有这个:
$ssh -i "KEYFILE.pem" bitnami@your_static_ip
我记得,我试过和你一样的东西,但没用。
我能够按如下方式让它工作:
按照您上面的描述生成了 SSH 密钥对 (ssh-keygen -t rsa -b 4096 -C "my@email.com" -f ~/certs/test.pem)
更改了私钥文件的权限 (chmod 600 test.pem)
ssh 使用 lightsail 集成控制台进入实例,并将 public 密钥添加到 ~/.ssh/authorized_keys 文件
我能够使用 ssh -i ~/certs/lightsail.pem ubuntu@
访问实例
让我知道这是否有效,或者我是否遗漏了什么。
我使用 AWS 密钥和第 3 方生成的密钥执行了 Add new user accounts with SSH access 中列出的所有步骤,但仍然出现 <USER>@<HOSTNAME>: Permission denied (publickey) 错误。事实证明,我需要修复我的自定义主目录位置的目录权限,这与我生成密钥或将其上传到实例的方式无关。
Troubleshoot "Permission denied (publickey)" knowledge-base 文章中详述的所需目录权限声明应使用以下权限:
- 用户主目录的父目录(如
/home):755 - 用户的主目录(例如
/home/ec2-user):700 - 用户的
.ssh/目录(例如/home/ec2-user/.ssh):0700 - 用户的
authorized_keys文件(例如/home/ec2-user/.ssh/authorized_keys):600
一旦我的目录权限正确,我配置的密钥就开始工作了。