EC2 ssh Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Solution 1
I resolved this issue in my centos machine by using command:
ssh -i <Your.pem> ec2-user@<YourServerIP>
It was about userName which was ec2-user
in my case.
Referenced From: AMAZONTroubleshooting
Solution 2
Solved by connecting with the user centos
instead of ec2-user
.
Solution 3
I noticed each Linux instance launches with a default Linux system user account. This might be different from ec2-user
, depending on your instance. You log in using following command where DefaultUserName
stands for a username from the quote below.
ssh -i <Your.pem> <DefaultUserName>@<YourPublicServerIP>
Each Linux instance launches with a default Linux system user account. The default user name is determined by the AMI that was specified when you launched the instance.
- For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
- For a CentOS AMI, the user name is centos.
- For a Debian AMI, the user name is admin.
- For a Fedora AMI, the user name is ec2-user or fedora.
- For a RHEL AMI, the user name is ec2-user or root.
- For a SUSE AMI, the user name is ec2-user or root.
- For an Ubuntu AMI, the user name is ubuntu.
- Otherwise, if ec2-user and root don't work, check with the AMI provider.
Solution 4
You can find default usernames of ec2 instances here: https://alestic.com/2014/01/ec2-ssh-username/
But in case you want to find the username of your instance: click on the Connect button to see the default username.
After finding the username, run this command, to ensure your key is not publicly viewable.
chmod 400 <private-key-file.pem>
Then Connect to your instance using its Public DNS or IP:
ssh -i <private-key-file.pem> ec2-user@<public ip>
Solution 5
Recently I went through this issue,
Accidently I have changed Home permission using, chmod -R g+rw .
it changed .ssh
folder permission.
- If nothing work out, Create Temp Instance on Amazon-EC2
- Detach Your Server storage (Before that Down your source Machine)
- Mount it as secondary storage in Temp Instance
-
Do below permission changes,
[ec2-user ~]$ chmod 600 mount_point/home/ec2-user/.ssh/authorized_keys
[ec2-user ~]$ chmod 700 mount_point/home/ec2-user/.ssh
[ec2-user ~]$ chmod 700 mount_point/home/ec2-user
Unmount your Source Disk from Temp Instance
Attach it back to source Machine
-
Now Use same command to login,
ssh -i FileName.pem username@MachineIP
For More Details see this AWS Trouble Shooting Docs
lawzlo
Updated on February 17, 2022Comments
-
lawzlo about 2 years
I got this permission denied problem when I want to
ssh
to myec2
host. I tried existing solutionchmod 600 "My.pem"
but still didn't work. Here is my debug information:debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to 54.223.47.74 [54.223.47.74] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file My.pem type -1 debug1: key_load_public: No such file or directory debug1: identity file My.pem-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 debug1: Authenticating to 54.223.47.74:22 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client [email protected] <implicit> none debug1: kex: client->server [email protected] <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:tfjxcE5kePSv1cJK7SWBp/56kgm2DQkyPLSLZ4d73Io debug1: Host '54.223.47.74' is known and matches the ECDSA host key. debug1: Found key in /Users/tan/.ssh/known_hosts:24 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: publickey debug1: Trying private key: My.pem debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
-
James Moore about 4 yearsThe -i option takes a path. Your path needs to be correct, but you definitely don't need to be in the same directory.
-
James Moore about 4 yearsMore generally, it's solved by using the correct user for the AMI. You happened to be using an AMI that enables centos, but not ec2-user. You just have to look at the AMI documentation to know what's correct. (And if there is no documentation, don't use that AMI.)
-
RoyalTiger almost 4 yearsec2-user is added, but still getting the same
-
frmbelz over 3 yearsInteresting, when closing connection, AWS itself returned
Please login as the user "ec2-user" rather than the user "root".
which works. -
Harneet Singh over 3 yearsoh nice. Now they have implemented that error log then. Earlier it was not there...
-
senpai almost 3 yearsThis helped me. It was the AWS suggested user id is centos, that was causing the issue. ec2-user is the right one. I did not get the message that @frmbelz did, BTW.
-
Nathan B almost 2 yearsmkstemp: No such file or directory