Reputation: 1761
Allowing users to SSH into EC2 Linux Instance with key pairs
I created a new EC2 Amazon Linux instance. I want to allow a developer to SSH into the EC2 instance. To test this, I'm trying it from my windows computer. I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating.
I'm following the instructions here as reference and here
After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions.
[ec2-user ~]$ sudo adduser newuser
[ec2-user ~]$ sudo su - newuser
[newuser ~]$ mkdir .ssh
[newuser ~]$ touch .ssh/authorized_keys
[newuser ~]$ chmod 600 .ssh/authorized_keys
[newuser ~]$ vim .ssh/authorized_keys
Then I paste a public key into authorized_keys using vim. I will explain where I get the public key in the next step.
ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....
To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key"
I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". Then I pasted that into the .ssh/authorized_keys file on my EC2 instance in the newuser directory.
I log out of the SSH client on EC2. Then I try to login with Putty using the newly created private key on my windows machine. I use the newuser login name. I get this error in Putty: server refused our key. There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey)
What am I doing wrong in these steps?
Upvotes: 1
Views: 1605
Answers (2)
Reputation: 13166
Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. It the import works, then it is good, otherwise, regen a compliance keypair. If you simply copy a keypair that is not compliance , you will run into trouble.
Here is the document for import key pair
- OpenSSH public key format (the format in ~/.ssh/authorized_keys)
- Base64 encoded DER format SSH public key file format as specified in
RFC4716 DSA keys are not supported. Make sure your key generator is set up to create RSA keys.
Supported lengths: 1024, 2048, and 4096.
Upvotes: 0
Reputation: 1761
I did two things different and it works now. It's probably the number of bits that made it work.
I generated a new key pair using PuttyGen but I specified SSH-2 RSA with 1024 bits instead of the default that PuttyGen was putting in which was like 2048.
When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim.
Upvotes: 1
Related Questions
- Connect to EC2 instance with PuTTY, server refuses key
- AWS SSH access key generation procedure and putting on EC2
- Amazon Linux 2 User Creation with SSH Keys
- AWS EC2 ssh connection with key pair
- SSH Key Management with AWS
- SSH Key authorization for user
- Allowing users to ssh to an EC2 Ubuntu instance?
- Creating EC2 Access w/ PEM Keys For Other Users
- Copying Public Key from AWS EC2 Ubuntu Instance - set up sftp only user
- AWS EC2 Key Pair setup