Editing sshd_config file
Solution 1
The 1st thing I notice is that you weren't ssh'ing with the public key. When you created the AWS instance, you should have been prompted to download the keys. Assuming you did that, then your ssh should look like (from any terminal program like puTTY or iTerm)
ssh -i keyname.pem ubuntu@remotehost
Once you're logged in as the ubuntu user, you need root privileges to edit the sshd_config
file. Do you know how to use vi or nano file editors in Ubuntu?
# sudo vi /etc/ssh/sshd_config
or
# sudo nano /etc/ssh/sshd_config
make your changes, carefully, or you will lose all access to your instance. You CAN'T ssh as root already... you can only ssh as the ubuntu user by default.
Solution 2
All of your permission denied-like error messages are showing, that you are doing your deeds as a simple user. They are not allowed to change such important system files, as sshd_config
.
You had to log in as root, or elevate privileges to root with the
sudo bash
command.
Related videos on Youtube
Lucy
Updated on September 18, 2022Comments
-
Lucy almost 2 years
I'm trying to edit the sshd_config file that's in the etc/ssh (of an Ubuntu AWS EC2 server) folder. I'm using FileZilla to change the ports but no matter what I do it won't except the changes.
I get an error saying:
Error: /etc/ssh/sshd_config: open for write: permission denied
I've tried changing the permission to 600 (currently it's 644) but that doesn't work either, the error for that says:
set attrs for /etc/ssh/sshd_config: permission denied
I've also tried saving the filet my desktop but then nothing happens - it just says upload failed.
If I try using terminal (on a Mac) to access the server I get this:
ssh ubuntu@remote_host Permission denied (publickey).
I'm very new to ssh and am trying to learn it as I go along so I apologise if I've not been very clear.
All I want to do is change the server ports and set the
PermitRootLogin
tono
. -
Lucy almost 10 yearsThanks, I tried that then tried to go into the site but got this: bash-3.2# ssh ubuntu@remote_host The authenticity of host 'remote_host (remote_host)' can't be established. RSA key fingerprint is 7b:c9:5b:91:f5:0f:40:5b:06:fd:71:fd:85:cd:bc:77. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'remote_host' (RSA) to the list of known hosts. Permission denied (publickey). bash-3.2# I think I did something wrong, I only want to change the ports so that they're no longer 22
-
peterh almost 10 yearsOn a new port, potentially a new server is running - there are different rsa keys for every ip/port pairs. This is because your sshd on the new port wasn't yet known for your ssh client, and this is because he warned. In 99% of the cases, you can ignore that (and press a 'y').
-
Lucy almost 10 yearsI'm sorry I don't understand what you mean? I typed yes then tried using /etc/ssh/sshd_config but got the error /etc/ssh/sshd_config: No such file or directory
-
LHWizard almost 10 yearsthe .swp is a temporary swap-file usually created by vi (in my experience) If you see the file in your folder, then you probably didn't exit vi correctly. (the swp file should be deleted upon exit). Next time you "sudo vi /etc/ssh/sshd_config" you'll probably be prompted to take an action based on that .swp file. For example, recover the file. Also, you might have to restart ssh to make your changes effective. "sudo service ssh restart" which will terminate your ssh session if you have changed the port.
-
Lucy almost 10 yearsI've just restarted it but now I don't seem to be able to connect at all. I've checked that I'm trying to connect the right ports but I still can't connect. This is what I've tried: Status: Connecting to internal.livesite.com:1993... Response: fzSftp started Command: keyfile "/Users/macuser/Desktop/livesite_key" Command: open "[email protected]" 1993 Error: Connection timed out Error: Could not connect to server
-
LHWizard almost 10 yearsI take it that you wish to change the port to 1993? You will have to modify the security group for your AWS instance to permit inbound port 1993. You don't have to change the outbound rules at all. The security groups act as firewalls for your instances.
-
Lucy almost 10 yearsI added this to the security group Type: Custom TCP Rule Protocol: TCP Port Range: 1993 Source: 86.138.112.228/32 but still can't connect. I couldn't see where to download the updated key from though
-
LHWizard almost 10 yearsThe key didn't change you still have to connect using ssh -i keyname.pem ubuntu@remote -p 1993. Are you sure that IP is your external IP? (I assume so, just asking the question.)
-
Lucy almost 10 yearsDon't worry it's always best to check. Yes the IP is definitely right - I can view the website in the browser if I use that IP address. It doesn't appear to get to the stage where it asks for the key - it just times out
-
LHWizard almost 10 yearsthe timeout means the instance isn't listening on that port most likely. have you tried the default again?
-
Lucy almost 10 yearsThe default 22 port says connection refused
-
LHWizard almost 10 yearssorry, let me clear up some confusion on my part. 86.138.112.228 is your workstation's IP address, right? You need to allow inbound traffic on port 1993 from your workstation. I got confused right after you said you could view the website in the browser.
-
Lucy almost 10 yearsI think that is my IP address (although it's not static so does change) as when I set the source to My IP that's what I get. And yes that's exactly what I need to do. I need to be able to connect either via SSH or FileZilla (I'd prefer FileZilla)
-
LHWizard almost 10 yearsYou can check your IP address by going to whatismyip.com in a browser on your workstation to be certain. For testing, you can also allow inbound from 0.0.0.0/0 in the security group. that's the whole internet.
-
Lucy almost 10 yearsAm I doing something wrong? I went to the control pale for AWS EC2 and set it to allow inbound traffic with these settings: Type: Custom TCP Rule, Protocol: TCP, Port Range: 1993 and Source: 0.0.0.0/0. I also tried Type: All Traffic, Protocol: All, Port Range: All and Source: 0.0.0.0/0 but I still can't connect on any ports at all.
-
Lucy almost 10 yearsI've now managed to connect using FileZilla, but if I type ./deploy.sh livesite into the terminal I get this error: ./deploy.sh livesite ssh: connect to host 12.34.5.678 port 22: Connection refused rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: unexplained error (code 255) at /SourceCache/rsync/rsync-42/rsync/io.c(452) [sender=2.6.9] How do I use ./deploy.sh livesite to connect via SSH?
-
LHWizard almost 10 yearsI know your goal is to use FZ, but can you use a terminal to test rsync? Identify or create a small file for test purposes. Then try this from a terminal: > rsync -e "ssh -i keyname" testfile.txt ubuntu@remotehost:/home/ubuntu/ and see what happens.
-
LHWizard almost 10 yearsLet us continue this discussion in chat.