.ppk derived from .pem key works but .pem don't in MobaXterm or file transfer programs

Question

I have an ec2 instance and it .pem key file, which I want to use for transfer files from my local machine to the server

I tried to connect the instance by using:

• mobaXterm with .pem file (before chmod 400 abc.pem) -- Error: Server refused our key / No supported authentication methods available (server sent: publickey)
• Putty with .ppk derived from the .pem file -- success
• winSCP with both keys -- Error
• ssh -l user -i abc.pem user@ip -- sometimes works*

Apparently I messed up the ~/.ssh/authorized_keys file, and the .PEM key is not allowed to connect the instance.

At this point the authorized_keys file have one row like this: ssh-rsa AAAAB3Nza....

Then I did chmod 400 abc.pem and tried the followings:

I tried:

• from local machine ssh -l ubuntu -i abc.pem ubuntu@ip
• Mobaxterm with chmod-ed pem key
• winscp with chmod-ed pem and ppk key
• Copy the pem key at the .ssh/ folder in the server and then ssh-add ~/keyfile.pem
  • First answer: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for 'cola-aws-ohio-key.pem' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored.
  • Second try after chmod 400: Identity added: cola-aws-ohio-key.pem (cola-aws-ohio-key.pem)
  • ~/.ssh/authorized_keys looks same as before
  • Reboot instance
  • Try reconnecting again from mobaXterm: Fail
• Launch a new instance and use the chmod-ed pem key: fail

Any ideas on how to solve this? It is weird that ppk key (derived from pem file) works but the original pem key doesn't.

Answer 1

amazon linux 2023 and ubuntu 22 user updated version of openssl, you need to get a updated key ssh-keygen -o -a 100 -t ed25519

Answer 2

Here is how I solved the problem after many workarounds:

1. Updated MobaXterm -- I know

2. Be sure about a.pem permissions. I'm on Windows with WSL too. The file's permission is -rwxrwxrwx but should be -r-------- (-r--r--r-- also works for me)

I tried chmod 400 a.pem, and it only works if the file is located on Ubuntu/Linux internal folder (~), not on the Windows shared folder (/mnt/c/...). However, when I tried copy the file from Ubuntu/Linux internal folder to Windows (where MobaXterm can use it), the permission changed back to -rwxrwxrwx

I also tried :

• zip and tar the key on Ubuntu, and uncompress on Windows: Fail
• Upload to Github from Ubuntu and download in Windows: Fail
• Cheange manually the permission on Windows: Fail

So I changed the permissions in Windows using PowerShell as admin, with the following code:

cd C:\mydir
icacls.exe a.pem /reset
icacls.exe a.pem /grant:r "$($env:username):(r)"
icacls.exe a.pem /inheritance:r

Apparently the combination of updating MobaXterm and being sure about file permissions were the way this works