Permission denied on Amazon LightSail
Solution 1
I was able to get this to work as follows:
Generated the SSH keypair as you described above (ssh-keygen -t rsa -b 4096 -C "[email protected]" -f ~/certs/test.pem)
changed permissions on the private key file (chmod 600 test.pem)
ssh'd into the instance using the lightsail integrated console and added the public key to the ~/.ssh/authorized_keys file
I was able to access the instance using ssh -i ~/certs/lightsail.pem ubuntu@
Let me know if this works, or if I'm missing something.
Solution 2
I had same issue for hours, and finally solved it. Here is what I did:
Download the pem
file into a folder.
Then run this:
$chmod 600 KEYFILE.pem
And this:
$ssh -i "KEYFILE.pem" bitnami@your_static_ip
As I remember, I've tried the same thing as you, but it didn't work.
Solution 3
I followed all of the steps listed in Add new user accounts with SSH access using an AWS key and a 3rd-party generated key and still got the <USER>@<HOSTNAME>: Permission denied (publickey)
error. It turned out that I needed to fix the directory permissions for my custom home directory location and had nothing to do with how I generated the key or uploaded it to the instance.
The required directory permissions detailed in the Troubleshoot "Permission denied (publickey)" knowledge-base article state that the following permissions should be used:
- The parent directory of the user's home directory (e.g.
/home
): 755 - The user's home directory (e.g.
/home/ec2-user
): 700 - The user's
.ssh/
directory (e.g./home/ec2-user/.ssh
): 0700 - The user's
authorized_keys
file (e.g./home/ec2-user/.ssh/authorized_keys
): 600
Once my directory permissions were correct, my configured key started working.
Related videos on Youtube
Mike Mitterer
Updated on June 04, 2022Comments
-
Mike Mitterer almost 2 years
Login works with LightsailDefaultPrivateKey-eu-west-1.pem but not with my own key-pair.
I tried to generate the keys with 'ssh-keygen -t rsa -b 4096 -C "[email protected]" -f ~/.ssh/lsail-mikemittererat-eu-west-1.pem'
I also tried to generate a key on AWS/S2, dowloaded it, generated a public key out of the private key and uploaded it to LightSail - the same result. It doesn't work.
Error-Message: ssh -i ~/.ssh/ssh_my-website ubuntu@ Permission denied (publickey).
This is what I get if I use the -v option:
ssh -v -i ~/.ssh/lsail-mikemittererat-eu-west-1.pem ubuntu@<public ip> OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to <public ip> [<public ip>] port 22. debug1: Connection established. debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000 debug1: Authenticating to <public ip>:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client [email protected] <implicit> none debug1: kex: client->server [email protected] <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6u6vqWOSbOSNiPYAOqa5q/epSntR7GG5dvFzKuUAJOQ debug1: Host '<public ip>' is known and matches the ECDSA host key. debug1: Found key in /Users/mikemitterer/.ssh/known_hosts:38 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
permission of .pem is set to 600, .ssh ist set to 700
-
Mike Mitterer over 5 yearsThanks this works perfectly! Here is an alternative way: Under account create a new private key and download it. E.g. CamSync.pem - this is the private key. chmod 600 CamSync.pem. ssh-keygen -f CamSync.pem -y - this prints out the public key. Continue with your step 3
-
Malloc over 3 years@MikeMitterer Your comment should be added to the Lightsail docs. Thank you for taking the time to point this out :)