EC2 after restart can not access via ssh
I was connecting my ec2 instance via ssh well,after adding new EBS volume restarted the machine by 'sudo shutdown -r now' And after that I tried to access by using follwing command:
ssh -v -i primary_key.pem [email protected]
which is retuning like below:
debug1: Reading configuration data /Users/caveman/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to ec2-23-22-245-160.compute-1.amazonaws.com [23.22.245.160] port 22.
debug1: Connection established.
debug1: identity file primary_key.pem type -1
debug1: identity file primary_key.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-23-22-245-160.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/caveman/.ssh/known_hosts:31
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: primary_key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
What is wrong?Any point that I am missing?
Solution 1:
The line
debug1: Authentications that can continue: publickey
Indicates that you disabled password authentication. You can only authenticate using a public key (while having the corresponding private key).
The two consecutive lines
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
indicates that you are using an RSA private key that could be read fine, but that its public counterpart could not be authenticated by the server.
Some options to try:
-
Double check that you are using the correct key.
-
Double check the username. Maybe you made a typo when creating the account or did you connect using your own username earlier when copying over the key (
ssh-copy-id
). -
In case you have access to the server in another way, check the permissions (and ownership!) on the complete
~ubuntu/.ssh
directory recursively to be strict enough (OpenSSH will refuse access if too permissive).-
~ubuntu/.ssh/
directory should be owned by the user and have mode 0700 (drwx------
) -
~ubuntu/.ssh/authorized_keys
file should be owned by the user and have mode 0600 (-rw-------
)
-
-
If you did not disable
PasswordAuthentication
in your SSH daemon, this may indicate that the password has been reset to be empty or that the user account is disabled (usermod -L
) for login or expired. Try logging in with a different user (mayberoot
a regular user account). -
If you did disable
PasswordAuthentication
in the configuration file of your SSH daemon but didn't restart it right after that, then the change may only become active after a reboot. See the option below for how to fix this. -
Do you have direct access to the text console using a control panel in EC2? I'm not familiar with Amazon AWS, but I think you should have this option. Then you should be able to login using the console to reset your password and gain access via SSH.
-
Try to shut down your EC2 instance and attach the storage device to another instance. Mount it and do a manual password recovery. Re-attach it back to the original instance and it should be fixed.
-
After you gain access again, check that your server hasn't compromised. Changes in configuration triggered only after a reboot may indicate that it has. I have seen this happening on several servers.