使用非默认密钥通过 SSH 连接到 AWS Lightsail 时出现问题
trouble connecting to AWS Lightsail via SSH with keys other than default
我已经下载了默认私钥,并且可以使用该私钥通过 SSH 进行连接,没有任何问题。在我的 Lightsail 实例中,我转到 SSH 密钥选项卡,创建了一个新的密钥对并下载了新的私钥(使用适当的权限将其保存在我本地机器上的正确位置)。但是,我无法使用该新私钥进行连接。这是我从命令得到的输出:ssh -v -i ~/.ssh/test.pem me@x.x.x.x
OpenSSH_7.8p1, LibreSSL 2.6.2
debug1: Reading configuration data /Volumes/Norman Data/daveh0/.ssh/config
debug1: /Volumes/Norman Data/daveh0/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to x.x.x.x port 22.
debug1: Connection established.
debug1: identity file .ssh/test.pem type -1
debug1: identity file .ssh/test.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to x.x.x.x:22 as 'me'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Bajjqc9SJlMHTB/OrEWKl4ATi6/wI+fB1C351fi5Iwk
debug1: Host 'x.x.x.x' is known and matches the ECDSA host key.
debug1: Found key in /Volumes/Norman Data/daveh0/.ssh/known_hosts:10
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/test.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
me@x.x.x.x : Permission denied (publickey).
我一定是在 SSH 密钥屏幕上遗漏了一个步骤,但我似乎无法弄清楚它会是什么。有人可以帮忙吗?
密钥对是 Linux 的一项功能。它的工作方式是:
- 有人尝试使用 SSH 连接到 Linux 计算机,例如
ssh -i key.pem username@IP-ADDRESS
- Linux电脑在
/home/USERNAME/.ssh/authorized_keys 查找
- 如果找到 public 密钥与
key.pem 中提供的私钥匹配,则允许连接
因此,由于您创建了新的密钥对,因此您需要将新的密钥对添加到相应用户的 ~/.ssh/authorized_keys 文件中。
您的示例显示您以名为 me 的用户身份登录,因此应将 public 密钥对添加到 /home/me/.ssh/authorized_keys。
首次启动 Lightsail 或 EC2 实例时,您可以指定一个密钥对,实例上的软件会自动将关联的 public 密钥添加到 authorized_keys 文件中。但是,您需要为已经 运行 的实例手动执行此步骤。
对于 AWS Lightsail,我可以通过将 public 密钥 id_rsa.pub 附加到远程 authorized_keys 通过 SSH 登录,我使用 SFTP (Filezilla) 更新 authorized_keys 文件。对于 SFTP 连接,我从帐户页面下载了 ssh 密钥。
我已经下载了默认私钥,并且可以使用该私钥通过 SSH 进行连接,没有任何问题。在我的 Lightsail 实例中,我转到 SSH 密钥选项卡,创建了一个新的密钥对并下载了新的私钥(使用适当的权限将其保存在我本地机器上的正确位置)。但是,我无法使用该新私钥进行连接。这是我从命令得到的输出:ssh -v -i ~/.ssh/test.pem me@x.x.x.x
OpenSSH_7.8p1, LibreSSL 2.6.2
debug1: Reading configuration data /Volumes/Norman Data/daveh0/.ssh/config
debug1: /Volumes/Norman Data/daveh0/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to x.x.x.x port 22.
debug1: Connection established.
debug1: identity file .ssh/test.pem type -1
debug1: identity file .ssh/test.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to x.x.x.x:22 as 'me'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Bajjqc9SJlMHTB/OrEWKl4ATi6/wI+fB1C351fi5Iwk
debug1: Host 'x.x.x.x' is known and matches the ECDSA host key.
debug1: Found key in /Volumes/Norman Data/daveh0/.ssh/known_hosts:10
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: .ssh/test.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
me@x.x.x.x : Permission denied (publickey).
我一定是在 SSH 密钥屏幕上遗漏了一个步骤,但我似乎无法弄清楚它会是什么。有人可以帮忙吗?
密钥对是 Linux 的一项功能。它的工作方式是:
- 有人尝试使用 SSH 连接到 Linux 计算机,例如
ssh -i key.pem username@IP-ADDRESS - Linux电脑在
/home/USERNAME/.ssh/authorized_keys查找
- 如果找到 public 密钥与
key.pem中提供的私钥匹配,则允许连接
因此,由于您创建了新的密钥对,因此您需要将新的密钥对添加到相应用户的 ~/.ssh/authorized_keys 文件中。
您的示例显示您以名为 me 的用户身份登录,因此应将 public 密钥对添加到 /home/me/.ssh/authorized_keys。
首次启动 Lightsail 或 EC2 实例时,您可以指定一个密钥对,实例上的软件会自动将关联的 public 密钥添加到 authorized_keys 文件中。但是,您需要为已经 运行 的实例手动执行此步骤。
对于 AWS Lightsail,我可以通过将 public 密钥 id_rsa.pub 附加到远程 authorized_keys 通过 SSH 登录,我使用 SFTP (Filezilla) 更新 authorized_keys 文件。对于 SFTP 连接,我从帐户页面下载了 ssh 密钥。