I am trying to set up my production Rails server using Ubuntu Server 14.04 that I launched from Amazon EC2. This is not the first time I have ever done this, and many times in the past have been successful. The problem is that almost every single time I try to use ssh-copy-id to copy my .pub file when I am setting up the instance, it fails about 95% of the time with Permission denied (publickey). . I really don't know why this always happens. I have attempted various solutions that I've read in countless other SO questions and answers, and those never work either. Most SO answers suggest that ssh-copy-id is the solution to the problem, but for me it always ends up being the other way around. Here are some of the solutions I've tried: Setting PasswordAuthentication yes in /etc/ssh/sshd_config Setting RSAAuthenication yes in /etc/ssh/sshd_config Setting PubkeyAuthentication yes in /etc/ssh/sshd_config Uncommenting AuthorizedKeysFile %h/.ssh/authorized_keys in /etc/ssh/sshd_config Pubbing out the .pem I downloaded from EC2 to a .pub using openssl and then trying to ssh-copy-id it to the server e.g. openssl rsa -in ~/.ssh/mykey.pem -pubout > ~/.ssh/mykey.pub followed by: `ssh-copy-id -i ~/.ssh/mykey.pub ubuntu@[IPADDRESS] Generating my own key with ssh-keygen and trying ssh-copy-id . I should note that I have forgotten how I've gotten past the same hurdles with my last setups, because I remember that each time I fixed it in the past, the solutions were wildly different from each other, like doing a bundle update for net-ssh gem one time around and then pubbing out the pem another time for another but had to do it for the root user instead of the originally intended user, blah blah blah. I think the problem here, too, is that I am not fully understanding how ssh keys work. I know I download the mykey.pem . And then I restrict access to the .pem using sudo chmod 400 /path/to/mykey.pem because it needs to be protected. And then I can use ssh -i /path/to/mykey.pem ubuntu@[ipaddress] to ssh in. From there, everything else seems to be unclear. What is the simplest process to connecting my local machine to my production server with ssh keys? How can I use ssh-copy-id to get allow my local machine to do so?

Reputation: 1540

How to understand why I keep getting: ssh-copy-id Permission denied (publickey)?

I am trying to set up my production Rails server using Ubuntu Server 14.04 that I launched from Amazon EC2. This is not the first time I have ever done this, and many times in the past have been successful.

The problem is that almost every single time I try to use ssh-copy-id to copy my .pub file when I am setting up the instance, it fails about 95% of the time with Permission denied (publickey)..

I really don't know why this always happens. I have attempted various solutions that I've read in countless other SO questions and answers, and those never work either. Most SO answers suggest that ssh-copy-id is the solution to the problem, but for me it always ends up being the other way around.

Here are some of the solutions I've tried:

Setting PasswordAuthentication yes in /etc/ssh/sshd_config
Setting RSAAuthenication yes in /etc/ssh/sshd_config
Setting PubkeyAuthentication yes in /etc/ssh/sshd_config
Uncommenting AuthorizedKeysFile %h/.ssh/authorized_keys in /etc/ssh/sshd_config
Pubbing out the .pem I downloaded from EC2 to a .pub using openssl and then trying to ssh-copy-id it to the server
- e.g. openssl rsa -in ~/.ssh/mykey.pem -pubout > ~/.ssh/mykey.pub
- followed by: `ssh-copy-id -i ~/.ssh/mykey.pub ubuntu@[IPADDRESS]
Generating my own key with ssh-keygen and trying ssh-copy-id.

I should note that I have forgotten how I've gotten past the same hurdles with my last setups, because I remember that each time I fixed it in the past, the solutions were wildly different from each other, like doing a bundle update for net-ssh gem one time around and then pubbing out the pem another time for another but had to do it for the root user instead of the originally intended user, blah blah blah.

I think the problem here, too, is that I am not fully understanding how ssh keys work. I know I download the mykey.pem. And then I restrict access to the .pem using sudo chmod 400 /path/to/mykey.pem because it needs to be protected. And then I can use ssh -i /path/to/mykey.pem ubuntu@[ipaddress] to ssh in. From there, everything else seems to be unclear.

What is the simplest process to connecting my local machine to my production server with ssh keys? How can I use ssh-copy-id to get allow my local machine to do so?

Upvotes: 1

Answers (2)

Jose Luis Choque Chavez

Reputation: 71

Also you can have the denied issue, when the ~/.ssh/ folder in the remote computer does not have the right permissions for your user. For example you can execute the following command to give the .ssh folder the right permissions.

chmod 0700 ~/.ssh

Upvotes: 0

Jakuje

Reputation: 25956

followed by: ssh-copy-id -i ~/.ssh/mykey.pub ubuntu@[IPADDRESS]

This is nonsense. -i accepts private key part.

If you downloaded PEM key from EC2, and the public part is on the server, you should be able to connect to the instance using

ssh -i ~/.ssh/mykey.pem ubuntu@[IPADDRESS]

If it does not work, check the server log /var/log/auth.log for errors. ssh-copy-id requires from you to have also password-based access to the server, which is not allowed in EC instances, if I am right (for that the errors).

If the above does not work, create new key using ssh-keygen -f new_key, and copy the public part from new_key.pub to server file /home/ubuntu/.ssh/authorized_keys as a text and then connect like ssh -i new_key ubuntu@[IPADDRESS].

If you want to connect with ssh alias, provide the ssh_config in ~/.ssh/config such as:

Host alias
  Hostname [IPADDRESS]
  User ubuntu
  IdentityFile your_key

Upvotes: 1

How to understand why I keep getting: ssh-copy-id Permission denied (publickey)?

Answers (2)

Related Questions