AWS SSH connection error: Permission denied (publickey)

问题:

AWS ssh access 'Permission denied (publickey)' issue

Its still not working for me. Any idea what am I missing?

  roberto@ubuntu:~/keys$ ssh -v -i ec2-key-pair.pem ec2-user@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to ec2-54-72-242-0.eu-west-1.compute.amazonaws.com [54.72.242.0] port 22. debug1: Connection established. debug1: identity file ec2-key-pair.pem type -1 debug1: identity file ec2-key-pair.pem-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2 debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e4:06:ee:a5:a5:d2:97:5f:0f:b7:06:5e:f2:b3:da:26 debug1: Host 'ec2-54-72-242-0.eu-west-1.compute.amazonaws.com' is known and matches the ECDSA host key. debug1: Found key in /home/roberto/.ssh/known_hosts:3 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: ec2-key-pair.pem debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).  UPDATE:  

According to @aldanux suggestions:

    roberto@ubuntu:~/keys$ ssh-keygen -R 54.72.242.0 # Host 54.72.242.0 found: line 4 type ECDSA /home/roberto/.ssh/known_hosts updated. Original contents retained as /home/roberto/.ssh/known_hosts.old roberto@ubuntu:~/keys$ ssh -i ec2-key-pair.pem ec2-user@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com Warning: Permanently added the ECDSA host key for IP address '54.72.242.0' to the list of known hosts. Permission denied (publickey). 

回答1:

Try this steps:

ssh-keygen -R 54.72.242.0  sudo chmod 600 ec2-key-pair.pem 

and then:

ssh -i ec2-key-pair.pem ec2-user@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com 

回答2:

You are probably logging in as the wrong user. If it's a Ubuntu instance the command would be:

ssh -v -i ec2-key-pair.pem ubuntu@ec2-54-72-242-0.eu-west-1.compute.amazonaws.com 

回答3:

While not specific to AWS, this unhelpful error message

debug1: key_parse_private2: missing begin marker

will occur under a handful of obscure scenarios, such as when the ownership (or the permissions) on the SSH user's home directory are incorrect on the remote machine.

The best way to troubleshoot this and similar obscure messages is to examine the authorization log on the remote machine, provided you have access, as it will usually pinpoint the problem. On Debian and Ubuntu systems, this is most easily accomplished with tail (use sudo as appropriate):

tail -f -n 80 /var/log/auth.log

In my particular case, I found

Authentication refused: bad ownership or modes for directory /var/www

Perfectly accurate and concise: the owner:group was set to daemon:daemon when it should have been www-data:www-data (this was on a Ubuntu machine that must have had some other web-server installed in the past).

回答4:

I had a similar issue, "key_parse_private2: missing begin marker" while using username 'ec2-user' but it got fixed when I changed to ubuntu as the user.

回答5:

Another thing to check is PermitRootLogin and AllowUsers in /etc/ssh/sshd_config.

This debug1: key_parse_private2: missing begin marker appears even after successful key authorization if your user access restricted.

回答6:

Yes, indeed quite misleading message. In my case I used wrong key for instance.

We had need to removed key pair and created new one, except that our instance kept using old one(because you can't do it that easy).

The error message was the same so it's worth to check key name in your aws panel of instance match the key pair that you use in key paris.

回答7:

Logging in as "admin" worked for me. Based on your instance type the login user changes. ec2-user or ubuntu or in my case admin. ssh -v -i ./my_key_file.pem admin@ec2-11-222-333-44.compute-1.amazonaws.com

Also ensure the permission for the pem file is 600 chmod 600 ./my_key_file.pem

回答8:

One easy way to get this error is a corrupt .pem file.

For example, if the last line is missing, you get "missing begin marker".

Make sure the .pem ends with:

-----END RSA PRIVATE KEY-----

文章来源: AWS SSH connection error: Permission denied (publickey)