Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS EC2 unable to SSH with Key Pair

Tags:

amazon-web-services

amazon-ec2

I'm having some problems using SSH to get into my running AWS EC2 instance. According to the instructions, I need to create a Key Pair, which downloads a .pem private key file, which I have named QARTH.pem. From the directory where this file has been saved, I'm supposed to execute command:

ssh -i "QARTH.pem" [email protected]

However, I get the error:

Permission denied (publickey).

I'm using the auto-generated launch-wizard security group, which allows port 22 incoming access to all IPs.

I've also used the example procedure to convert the .pem file to a PuTTy private key .ppk file, and used the PuTTy client. I get the same error.

This seems like a pretty straightforward procedure, so I don't know what I could be doing wrong. If you have any ideas, I'd love to hear them. However, I'm not strong in network security, so please make responses lay-person friendly.

like image 376
Don Subert Avatar asked Nov 05 '25 00:11

Don Subert

2 Answers

You are either using the wrong key pair (QARTH.pem), the wrong username, connecting to the wrong system or QARTH.pem is not set to be read-only.

STEP 1: Add debugging options to ssh to help determine what is wrong:

ssh -v -i QARTH.pem [email protected]

STEP 2: Make sure that the key pair file is read-only.

LINUX: To make the key pair file read-only execute this command: chmod 400 QARTH.pem while in the same directory as the file.

WINDOWS: Commands to run on a Windows system (as administrator) to make a key pair read-only and satisfy ssh:

Note replace %USERNAME% with your user name.

REM Disable inheritance on QARTH.pem
icacls QARTH.pem /inheritance:d

REM Delete "NT AUTHORITY\Authenticated Users" from having any rights
icacls QARTH.pem /remove "NT AUTHORITY\Authenticated Users"

REM Delete "BUILTIN\Users" from having any rights
icacls QARTH.pem /remove "BUILTIN\Users"

REM Grant Read-Only rights to me
icacls QARTH.pem /GRANT:R "%USERNAME%:(R)"

STEP 3: Make sure that you are using the correct username for the EC2 AMI:

Usernames for popular EC2 AMIs:

  • For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
  • For a Centos AMI, the user name is centos.
  • For a Debian AMI, the user name is admin or root.
  • For a Fedora AMI, the user name is ec2-user or fedora.
  • For a RHEL AMI, the user name is ec2-user or root.
  • For a SUSE AMI, the user name is ec2-user or root.
  • For an Ubuntu AMI, the user name is ubuntu.
  • Otherwise, if ec2-user and root don't work, check with the AMI provider.
like image 143
John Hanley Avatar answered Nov 07 '25 04:11

John Hanley

Try changing the permission of key file

sudo chmod 400 rsa_key_file_name.pem

put you key file name and enter and you are done

like image 44
Tanmay Shrivastava Avatar answered Nov 07 '25 04:11

Tanmay Shrivastava

Sign in to Comment

Related questions

Is there no AWS equivalent to GCP cloud run (cloud run costs blew AWS away in this example)?
Iterate a list inside an object with Terraform
AWS Amplify Auth is not configured correctly
Google Apps Script: Getting Orders from Amazon Selling Partner API (Signing Requests)
How to call REST endpoint running in EC2 from a Lambda function?
AWS STS token refresh with existing token received from AssumeRoleWithSAML
SSH to Amazon EC2 using instance ID only

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!