EC2 instance always ask me to enter passphrase for the pem during connection
Solution 1
If sharing a private key between 2 or more ec2 instances and if you try to establish a ssh connection from a ssh connection on ec2, use notepad to open .pem file on your local machine and copy the contents to the new .pem file you're creating in the ssh terminal. It will work 100% and won't ask you for any passphrase.
If you open your local .pem file with other text editors i.e. VSCode you will be asked for the passphrase when trying to use your new .pem file.
Solution 2
Most likely your test.pem
is corrupt.
To check if it is fine run openssl rsa -check -in test.pem -noout
It should say "RSA key ok"
Solution 3
I have also faced this problem a few times and found a solution that works for me and hope will work for you too. Most of the time when we ssh into an ec2 instance(say instance 1) from another ec2 instance(say instance 2) that is connect via ssh from our local machine we need a private key file i.e a ".pem" file to authenticate the identity of instance-2 to connect to instance-1. When we copy the content of the .pem file from our local machine to instance-2, sometimes what happens is, we open the .pem file in a text editor and copy the content and when we paste the file content in the file created in instance-2, we copy it using some other text editor. Here the problem arises.
The solution is -> Always use the same text editor in both the machines to copy and paste the content of .pem files otherwise the format will be changed and you find yourself in trouble.
Solution 4
I had the same issue, I was trying to ssh to a private ec2 instance from a public ec2 instance, and I kept getting the "Enter passphrase for key <>" "Permission denied (publickey)." error.
What I did was create a .ppk from the .pem file with PuttyGen, then copy-pasted the contents of that .ppk file into a new file created with vi editor. And then I was trying to ssh with this file. I realized the error from the contents of the file when I re-opened it again in vi editor, it was not the same as the .pem file originally downloaded. So, I removed the erroneous file, copy-pasted the contents from the .pem file to a new file created with vi editor, then was successful to ssh to my private instance from my public instance.
Solution 5
I had this issue when I was trying to login from a NAT instance that I set up. The NAT instance is not something I can specify (to the best of knowledge) what OS to use, and I presume that it is using AWS CentOS. Anyways, I was always being asked for a passphrase when trying to connect to an instance on my private network. Here was how i resolved it, although it wasn't entirely apparent to me at the time.
[ec2-user@ip-10-2-3-192 ~]$ sudo bash
[root@ip-10-2-3-192 ~]$ ssh -i /home/test.pem [email protected]
Hope this helps
Howard
Updated on September 18, 2022Comments
-
Howard over 1 year
- The pem file is generated by AWS console
- I was able to connect using the EC2 remote web interface, using the same pem file
- The permission of pem is 600 already
Error..
ssh -i ~/test.pem -v [email protected] debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/john/test.pem debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/john/test.pem':
Anyone can help?
-
cyberx86 about 12 yearsPresuming that you know the passphrase, you can remove it with:
openssl rsa -in test.pem -out test-nopass.pem
(which will prompt you for the passphrase and save the unencrypted key for you). If this is not the case, your key may have been inadvertently modified at some point, in which case, you will need a backup of the original key to get back into those instances using that key. -
Howard about 12 yearsThere is no passphrease. I can use the same pem file in AWS web interface for remote login without any passphrase.
-
cyberx86 about 12 yearsDepending on how you saved your key, the problem could be line-endings (the Java client is likely more lax than openSSH on this front). This is more likely if you copied and pasted the output (as opposed to redirecting the output). Check the key with
openssl rsa -in test.pem -check
and (even though you don't have a passphrase) try the command suggested earlier (and then change your ssh command to use the new key file) as it will write the key to a new file (possibly fixing the problem if it is just a line-ending issue, if it can read the file). -
user73360 about 7 yearsin my case, I miss one dash "-" at the end of pem file. After I add it back. it won't ask passphrase anymore. Ming
-
burtsevyg about 5 yearsI had the same issue when trying to connect to ec2 instance with public key insteed of private key.
-
voretaq7 almost 11 yearsThis answer makes no sense. What specific course of action are you trying to suggest?
-
Michael Hampton about 6 yearsYou don't upload the private key anywhere! Then it is no longer private.
-
burtsevyg about 5 yearsI had the same issue when trying to connect to ec2 instance with public key insteed of private key.
-
TZubiri about 5 yearsI disagree, the private key might be shared by a team that needs to access a server. If the key is uploaded to a repository whose access is restricted to specific users, then that's fine. Public and private when referring to keys refer to their capacity to be shared between unsecured networks, such as the internet. If the repository is secured, it's still private.
-
TZubiri about 5 yearsWhat you are essentially doing is delegating the security aspect to the access control of the s3 bucket. The total security will be as strong as the weakest link, so unless you secure the s3 bucket with another private key, you are weakening the security of the system.
-
RalfFriedl over 4 yearsIt is unlikely that was the OP's problem.
-
Larney almost 4 yearsI used 'cat' to copy the key of the .pem file and then pasted it using 'nano'. I was able to connect when I copied and pasted using 'nano' for both.
-
MattBH over 2 yearsif you're copying the content of a shared private key - open it with notepad and copy the contents - using other text editors such as VSCode will somehow require a passphrase.