Search code examples
amazon-web-servicessshpermissionspermission-deniedamazon-ecs

Can't connect to aws EC2 using SSH

I have an Aws EC2 instance that have been running for some months without any problems.

Today, when i wanted to access it using ssh:

ssh -i "DRUID_PROD_NEW.pem" ec2-user@eX.X.X.x.compute-1.amazonaws.com

i receive a

Permission denied (publickey).

It worked well yesterday but now I can't connect. I have not made any changes on the server for the past months.

I had exactly the same problem back in february. I had to make a new instace, and copy everything over. It was one hell of a job and i will quit Amazon completely if this is the norm.

I appreciate any help.

OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: Reading configuration data /home/kim/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-XX-XX-XX-XX.compute-1.amazonaws.com   [XX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file DRUID_PROD_NEW.pem type -1
debug1: identity file DRUID_PROD_NEW.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA XX:XX:XX:XX:2e:3c:c7:56:94:6f:97:56:68:9d:e0:06 [MD5]
debug1: Host 'ec2-XX-XX-XX-XX.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/kim/.ssh/known_hosts:45
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: DRUID_PROD_NEW.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Thanks Kim

Solution

  • I found out what was wrong.

    Some weeks ago I changed the ec2-user directory to group readable. It obviously leaves the machine inaccessible. I completely forgot about that and today when i needed to access the machine i received the infamous error.

    So, changing the permission back to 755 for the ec2-user home directory solved the problem.

    Thanks for taking your time to try to help me out of this situation.

    Kim